Hi, we're rockit!We build successful websites using TYPO3 that are accessible and search engine optimized.We provide consulting on custom software solutions, automation, and the use of AI.

TYPO3 websites that comply with data protection regulations

Google Analytics / Matomo / Tracking & Cookies

The General Data Protection Regulation stipulates that website visitors must give their consent if the website operator collects data or even forwards it to third parties. And it must be possible to completely delete this data.

If a website integrates Google Fonts or Google Analytics, data from the website visitor’s browser is transmitted to Google. As of 2022, a data processing agreement with Google is not sufficient to adequately protect the data. The use of Google Analytics is not recommended.

Matomo (formerly Piwik), which is hosted by rockit on the same Austrian server as the website itself (if you host with our hosting partner), offers a 100% secure way to conveniently analyze visitor traffic.

At the start of the site visit, a cookie consent popup opens, allowing the user to opt out of Matomo tracking and other cookies. This popup also carefully describes all cookies in compliance with the GDPR.

It is important that the tracking tool is not actually integrated if consent is denied. This is even more important when using Google Analytics. rockit resolves this by only loading the tracking software after the user has confirmed consent.

Matomo also anonymizes the data further: the last two digits of the IP address are deleted, and any user IDs are replaced with a pseudonym. Unlike Matomo, IP anonymization in Google Analytics only occurs with special configuration and only on U.S. servers—which is not sufficient for the EU.

Third-party videos and media (Vimeo, YouTube, SoundCloud, etc.)

When embedding videos, communication with the third-party server may only take place after the user has given their explicit consent. This is the only way to prevent data such as the IP address and the URL of the visited website from being sent to the third-party provider (which could then use it to build a shadow profile of the user).

rockit solves this with GDPR-compliant 2-click solutions.

The embedded YouTube or Vimeo videos are automatically replaced with preview images duplicated on the web server. This eliminates the need for any communication between the user’s browser and the third-party provider.

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
fe_typo_user	Assigns your browser to a session on the server.	session	HTTP	Website

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo