Optimizely Configuration
How to configure Optimizely and properly map these configurations within the customer panel to ensure users are clearly informed about the use of this Third Party Provider (TPP). The tables below outline how different configurations of Optimizely affect the privacy risks for users.
Privacy Risk Level: Optimizely's privacy risk varies significantly based on configuration.
Consent Requirement: Always obtain explicit opt-in consent before loading Optimizely.
CRM Integration Risk: Integrating Optimizely with CRM systems (Salesforce, HubSpot) significantly increases privacy risk by linking anonymous behavioral data to identified users.
Cross-Platform Tracking: High-risk configurations enable tracking users across multiple properties and devices through user ID matching.
EU vs US Hosting: Optimizely offers EU data residency options, but the company is US-based and subject to US data access laws.
Third-Party Integrations: Each integration (Google Analytics, Facebook Pixel, etc.) adds additional privacy considerations and may require separate consent.
Data Minimization: Configure Optimizely to collect only the minimum data necessary for your specific use cases.
Privacy relevant configurations (Parameters)
This table shows features which can be enabled or disabled within Optimizely. Use this overview to ensure your Optimizely setup and Consenter Manager settings stay consistent.
Each row represents a feature that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the feature, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Parameters | ➡️ Optimizely Config Low Risk (Consent) | ➡️ Optimizely Config Mid Risk (Consent) | ➡️ Optimizely Config High Risk (Consent) | ➡️ Consenter Manager Config How to map your Optimizely configurations in Consenter Manager |
|---|---|---|---|---|
| Consent | Yes (Opt-In) | Yes (Opt-In) | Yes (Opt-In) | Select Optimizely as data recipient. |
| Data sharing | No | No | Enabled - Data sharing with Third parties | Attention: If personal data is disclosed to other parties, these must be specified in the data recipients section. If the data transfer is for additional purposes (e.g., marketing), the corresponding purposes must also be selected accordingly. |
| Data processing agreement | Yes - Optimizely acts as Data Processor (Data processing agreement) | Yes - Optimizely acts as Data Processor (Data processing agreement) | Yes - Optimizely acts as Data Processor (Data processing agreement) | Select legal role: Processor |
| Tracking method | First party, cross session on single domain | First party, cross session, cross device | Third party, cross session, cross device with user ID | Select respective tracking method. |
| Identifier | Device identifier (cookies) | Device identifier (cookies) | Direct Identifiers, User ID, CRM data integration, authenticated user tracking | Select respective data categories: - Device identifiers - Direct identifiers - User-provided data |
| Personalization Features | Group based audience segmentation based on user properties, basic A/B testing and content variations. | Group based audience segmentation with behavioral targeting. | Profile based personalization with behavioral targeting, audience segmentation, predictive analytics | 1. Select data categories: - Authentication-derived identifiers (if user login) - Users' profiles 2. Select personalization model Low risk: Group based (properties) Mid risk: Group based (behavior) High risk: Profile based |
| Retention Period | < 6 months | < 24 months | > 24 months | Indicate maximum storage duration based on configuration |
| Processing location | EU (hosting); USA | EU (hosting); USA | USA/EU/other | ❗Attention: If using US-hosted Optimizely instance, always indicate USA as data processing location. Optimizely is a US-based company subject to US legislation including CLOUD Act. |
| Advertising Features | Disabled | Disabled | Enabled - Integration with advertising platforms (Google Ads, Facebook Ads) | If ad integrations are enabled, select additional marketing purposes and the respective TPP used. |
| User Profile Building | Limited - Session-based behavioral data | Cross session group-based behavioral data | Extensive - Cross-session user profiles with demographic and behavioral data | 1. High risk: Select data category: Users' profiles 2. Select respective personalization model |
Data categories
This table details the categories of data collected by Optimizely. Use this overview to ensure your Optimizely setup and Consenter Manager settings stay consistent.
Each row represents a data category that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the data category, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Collected Data Categories | ➡️ Optimizely Config Low Risk (Consent) | ➡️ Optimizely Config Mid Risk (Consent) | ➡️ Optimizely Config High Risk (Consent) | ➡️ Consenter Manager Config How to map your Optimizely configurations in Consenter Manager |
|---|---|---|---|---|
| IP Address | Yes (Anonymized) | Yes (plain) | Yes (plain) | Select respective data category. |
| Technical data - Device characteristics - Browser/OS data | Yes | Yes | Yes | Select data category: Device characteristics |
| Aggregated site statistics | Yes | Yes | Yes | Select data category: Aggregated site statistics |
| Behavioral data | Basic, e.g. page views, clicks, basic interactions | Behavioral cohorts and segments based on frequency, recency, and combination of events over time. | Comprehensive behavioral tracking including scroll depth, time on page, interaction patterns | Select respective data category: - Browsing and interaction data - If applicable: eCommerce activity - High risk: Users' profiles |
| Geo-location info | Country / state level only | Country / state level only | City-level or precise location (if enabled in browser by user) | Select data category: - Non-precise location data - Precise location data (high risk) |
| User Authentication Data | No | No | Yes - Email, user ID, CRM identifiers | Select data category: - Authentication-derived identifiers - Direct identifiers |
| Device identifiers | Yes | Yes | Yes | Select data category: Device identifiers |
| Advertising identifiers | No | No | Yes - If integrated with advertising platforms | Select additional advertising purpose: Personalized advertising |
| Probabilistic identifiers | No | No | No | - |
| Direct identifiers | No | No | Yes | Select respective data category. |
| Special categories of personal data | No | No | No | Assess content risk and select if applicable |
| Privacy choices | No | No | No | - |
For technical integration guides (code implementation), see Optimizely Integration Guide →
Last updated on