Tracking Software and Cart Ditching: How to Remarket Legally

Remarketing is a valuable and common method for enticing customers back to your store; if they were interested once, and then you reinvigorate their interest after they leave, they’ll likely come back! According to SaleCycle upwards of 70% of people are ditching their carts, which means that being able to remarket legally is an extremely important tool for gaining back some of those potentially lost customers.

However, to remarket to people you need to know who they are, what was in their cart, and where they are browsing on the internet, so that you can display ads to them. The major issue in this process is that without notifying them of what you’re doing, you could be infringing their privacy.
Let’s take a look in a little more detail about what remarketing is, Google AdWords Remarketing in particular, and how to remarket legally.

What is remarketing?

Remarketing is a process by which you can reconnect with your customers who may have left your website without buying something. Remarketing products allow you to position targeted ads, or send targeted emails, with the aim of improving sales conversions and enticing people back to your website.

There are different types of remarketing, including Facebook remarketing, Adwords remarketing, and email forms of remarketing such as PinnacleCart’s Drift Marketing. Here’s an image from Stramark showing the process of AdWords remarketing:

remarket legally

PinnacleCart’s Drift Marketing works in a similar way, except that instead of the customer seeing an ad on another page, they receive an email with a link back to their cart and its contents. But to do it, you need to be tracking your customer.

Why is this a problem?

Because tracking the customer requires collecting and using some of their private information, and most countries around the world have laws in place that mean you can’t just collect and use private customer information without telling them.

For example, in the US, the California Online Privacy Protection Act 2003 (CalOPPA) is the main law on data privacy. CalOPPA requires you to have an easily-found and distinctive link to your Privacy Policy, which must outline:

  • The kinds of information gathered by the website
  • How the information may be shared with other parties
  • The policy’s effective date and a description of any changes since then
  • How you deal with “do not track” requests
  • The process the user can use to review and make changes to their stored information

In the EU, the law is more strict, with the EU Data Protection Directive currently in force, and the EU Data Protection Regulation coming into law soon. Under the Directive, when your website or software is collecting or processing “personal information” you need to comply.  By using remarketing products, you’ll be collecting and processing “personal information” in the form of browsing history, identity, IP address, and possibly their location, among other things.

The Directive requires that if you are collecting this information and you are an EU-based company, then there are a number of principles and criteria that you need to comply with. For instance, you should:

  • Identify who is collecting the data
  • Notify your users of what information you are collecting, and why
  • Ensure that all data collection is collected only for specified, explicit and legitimate purposes
  • Ensure that any data collected is adequate, relevant and not excessive
  • Ensure that data collected is accurate
  • Allow users to view what data you hold on them and allow them to change or update it
  • Notify your users of who else can view the data you hold on them
  • Keep the data safe and secure

Under the new Regulation, it will no longer just apply to EU-based companies, but will instead apply to anyone dealing with the data of EU citizens.

If you are running an ecommerce store in the US, it’s likely that you will have customers from California, which means you need to comply with CalOPPA. If your ecommerce store is more international, EU law is one of the strictest laws around; if you comply with EU law, you’ll likely be meeting the standards of many of the other laws around the world as well.

The best way to notify your customers is by way of a Privacy Policy. Let’s take a look at what you need to include.

What you need to cover in your Privacy Policy

Setting up your Privacy Policy is an important step in notifying your customers that you are using a remarketing tool.

If you’re using Google AdWords remarketing, Google requires you to include certain information in your Privacy Policy. These things are:

  • How you’re using remarketing
  • A message about how third-party vendors, including Google, show your ads on sites
  • A message about how third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to your website
  • Information about how your visitors can opt out of third-party or Google use of cookies.

Even if you aren’t using Google AdWords remarketing, and you’re using another tool such as the PinnacleCart Drift Marketing, the Google requirements above are a good starting point for what types of things you need to tell your customers.

To comply with CalOPPA and EU laws you should also include other things in your Privacy Policy. These are:

  • What information you collect
  • Who you are
  • For what purpose you are collecting information
  • How your users can view what information you hold on them
  • How your users can change their data that you hold
  • How you keep the data secure
  • How you deal with “do not track” requests
  • What third parties may view the data, and how you share data
  • Your policy’s effective date and any changes since then

By covering the above clauses in your Privacy Policy you’ll be well on your way to remarketing without infringing on the privacy rights of your customers.


Remarketing is an invaluable tool that you can use to encourage customers to come back to your store. However, before you remarket, be sure to comply with Privacy laws around the world by setting up a privacy policy that your customers can agree to.

Remarket LegallyGuest blogger Leah Hamilton is a qualified solicitor and writer working at TermsFeed (, where businesses can create legal agreements in minutes using the Generator.

Back to the Pinnacle Cart Homepage