Google reCaptcha Disclaimer

Our primary goal is to ensure that our website is as safe and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam, we mean any unsolicited information sent to us electronically. With the classic CAPTCHAS, you usually had to solve text or image puzzles to check it. With Google’s reCAPTCHA we usually do not have to bother you with such puzzles. In most cases it is sufficient to simply check the box to confirm that you are not a bot. With the new Invisible reCAPTCHA version you don’t even have to check the box. How exactly this works and especially which data is used for this purpose, you will learn in the course of this privacy policy.

The legal basis for the use is article 6 (1) f (legality of processing), because there is a legitimate interest to protect this website from bots and spam software.

What is reCAPTCHA?

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most often used when you fill out forms on the Internet. A captcha service is an automatic turing test that is designed to ensure that an action on the Internet is performed by a human and not a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human makes the distinction between bot and human. With Captchas this is also done by the computer or a software program. Classical captchas work with small tasks, which are easy to solve for humans, but have considerable difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here you only have to tick the text field “I am not a robot” or with Invisible reCAPTCHA even this is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate the probability that you are a human being even before you enter the captcha. ReCAPTCHA or Captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome people of flesh and blood on our site. Bots or spam software of different kinds can stay at home. That is why we do everything we can to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from the company Google. So we can be pretty sure that we remain a “bot-free” website. Through the use of reCAPTCHA, data is transmitted to Google, which Google uses to determine whether you are really a human being. reCAPTCHA therefore serves the security of our website and, as a consequence, your security. For example, without reCAPTCHA it could happen that a bot registers as many e-mail addresses as possible during registration in order to “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.

Which data is stored by reCAPTCHA?

ReCAPTCHA collects personal information from users to determine whether the actions on our website are actually human. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses are almost always truncated within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with any other data held by Google unless you are signed in to your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.

The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data which, to our knowledge, are processed by Google.

  • Referrer URL (the address of the page the visitor comes from)
  • IP address (e.g. 256.123.123.1)
  • Information about the operating system (the software that enables your computer to operate.
  • Known operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files that store data in your browser)
  • Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
  • Date and language settings (which language or date you have preset on your PC is stored)
  • All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image consists of)

It is indisputable that Google uses and analyses this data even before you click on the “I am not a robot” checkbox. With the Invisible reCAPTCHA version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, you will not learn from Google in detail.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version of Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE
Expiry period: after one year
use: This cookie is set by DoubleClick (also owns Google) to register and report a user’s actions on the website in handling advertisements. In this way the advertising effectiveness can be measured and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311167679

Name: 1P_JAR
Expiry time: after one month
use: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Example value: 2019-5-14-12

Name: ANID
Expiry time: after 9 months
Usage: We could not find out much information about this cookie. Google’s privacy policy mentions the cookie in connection with “advertising cookies” such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored at domain google.com.
Example value: U7j1v3dZa3111676790xgZFmiqWppRWKOr

Name: CONSENT
Expiry date: after 19 years
use: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes, to verify users, to prevent fraudulent use of login information and to protect user data from unauthorized attacks.
Example value: YES+AT.de+20150628-20-0

Name: NID
Expiry time: after 6 months
use: NID is used by Google to match ads to your Google search. Google uses the cookie to “remember” your most commonly entered search queries or your previous interaction with ads. So you can always get customized ads. The cookie contains a unique ID that Google uses to collect user preferences for advertising purposes.
Example value: 0WmuWqy311167679zILzqV_nmt3sDXwPeM5Q

Name: DV
Expiration time: after 10 minutes
Usage: Once you have checked the “I am not a robot” checkbox, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is also used to make user decisions.
Example value: gEAABBCjJJMXcI0dSAAAANbqc311167679

Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies repeatedly.

How long and where is the data stored?

By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google’s European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. Google’s differing privacy policies apply.

If you do not want Google to receive information about you and your behavior, you must completely log out of Google and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. To delete this data again, you must contact Google support at https://support.google.com/?hl=en-GB&tid=311167679.

So when you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.

You can learn more about reCAPTCHA on Google’s web development page at https://developers.google.com/recaptcha/. Google will go into more detail about the technical development of reCAPTCHA, but you will not find detailed information about data storage and data protection issues there. A good overview of the basic use of data at Google can be found in the company’s own privacy policy at https://policies.google.com/privacy?hl=en-GB.

Source: Rob van Linda