The legal basis for the use is article 6 (1) f (legality of processing), because there is a legitimate interest to protect this website from bots and spam software.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our site. Bots or spam software of different kinds can stay at home. That is why we do everything we can to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from the company Google. So we can be pretty sure that we remain a “bot-free” website. Through the use of reCAPTCHA, data is transmitted to Google, which Google uses to determine whether you are really a human being. reCAPTCHA therefore serves the security of our website and, as a consequence, your security. For example, without reCAPTCHA it could happen that a bot registers as many e-mail addresses as possible during registration in order to “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
Which data is stored by reCAPTCHA?
ReCAPTCHA collects personal information from users to determine whether the actions on our website are actually human. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses are almost always truncated within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with any other data held by Google unless you are signed in to your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data which, to our knowledge, are processed by Google.
- Referrer URL (the address of the page the visitor comes from)
- IP address (e.g. 2188.8.131.52)
- Information about the operating system (the software that enables your computer to operate.
- Known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that store data in your browser)
- Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or date you have preset on your PC is stored)
- Screen resolution (shows how many pixels the image consists of)
It is indisputable that Google uses and analyses this data even before you click on the “I am not a robot” checkbox. With the Invisible reCAPTCHA version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, you will not learn from Google in detail.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version of Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Expiry period: after one year
use: This cookie is set by DoubleClick (also owns Google) to register and report a user’s actions on the website in handling advertisements. In this way the advertising effectiveness can be measured and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311167679
Expiry time: after one month
use: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Example value: 2019-5-14-12
Expiry time: after 9 months
Example value: U7j1v3dZa3111676790xgZFmiqWppRWKOr
Expiry date: after 19 years
use: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes, to verify users, to prevent fraudulent use of login information and to protect user data from unauthorized attacks.
Example value: YES+AT.de+20150628-20-0
Expiry time: after 6 months
use: NID is used by Google to match ads to your Google search. Google uses the cookie to “remember” your most commonly entered search queries or your previous interaction with ads. So you can always get customized ads. The cookie contains a unique ID that Google uses to collect user preferences for advertising purposes.
Example value: 0WmuWqy311167679zILzqV_nmt3sDXwPeM5Q
Expiration time: after 10 minutes
Usage: Once you have checked the “I am not a robot” checkbox, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is also used to make user decisions.
Example value: gEAABBCjJJMXcI0dSAAAANbqc311167679
Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies repeatedly.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google’s European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. Google’s differing privacy policies apply.
If you do not want Google to receive information about you and your behavior, you must completely log out of Google and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. To delete this data again, you must contact Google support at https://support.google.com/?hl=en-GB&tid=311167679.
So when you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.
Source: Rob van Linda