Tracking and Analytics for CASABLANCA Booking Engine
The CASABLANCA Booking Engine is a highly secure SaaS solution for hotel distribution through which personal data and payment information are processed. As the operator of the platform, we ensure that data security, system integrity, and compliance with international security and data protection standards are technically guaranteed at all times.
The option to use your own custom domain with the CASABLANCA Booking Engine will be available starting with the ’26 Spring Release (April 2026). If you are reading this documentation before the Spring release, please note that the feature will become active automatically once the update is deployed.
Architectural and Legal Framework
Our booking flow is subject to the Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, the European General Data Protection Regulation (GDPR), and the Austrian Telecommunications Act (TKG). Under these requirements, the guidelines expressly prohibit the use of dynamically loaded scripts on payment pages as of March 2025, in order to prevent so called e skimming (Magecart) attacks.
For this reason, the use of the Google Tag Manager (GTM) or other external script containers is technically excluded on the CASABLANCA Booking Engine. Such tools inject code at runtime (DOM injection) and thereby directly endanger PCI certification and data security.
The use of the Meta Pixel or similar tracking solutions, which transfer personal data to jurisdictions outside the European Union or operate without explicit and legally valid consent, is likewise excluded. The current decision of the Austrian Supreme Court (OGH) from December 2025 confirms that Meta’s personalised advertising model is permissible only under extremely specific opt in conditions.
Native Google Analytics 4 (GA4) Integration
To meet the highest security and data protection requirements, we exclusively offer a native, fully integrated GA4 connection.
This integration is:
- fully compliant with GDPR and TKG,
- compatible with Consent Mode V2 (Strict Mode),
- implemented without third party code or dynamically loaded scripts. The system blocks all tracking libraries until the user has given explicit consent, and only then loads the gtag.js library, taking into account all consent signals.
Through the automatic GA4 integration, all relevant e commerce and booking events (e.g. view_item_list, add_to_cart, purchase) are transmitted securely and in a structured manner. In addition, all common UTM parameters are supported, allowing campaigns (for example, from Google Ads or Meta Ads) to be fully tracked even without GTM or external scripts.
Our Commitment
As a technology provider, it is our foremost goal and responsibility to reliably protect hoteliers and their guests from data protection breaches, penalties, and data leaks.
We understand the desire for maximum marketing flexibility, but our highest priority is the legal compliance and trustworthiness of the booking flow.
The detailed technical specification of the GA4 integration can be found in the document ‘Tracking Factsheet – Technical Specification: Google Analytics 4 (GA4) Integration’