Google reCAPTCHA Privacy Policy
Our primary goal is to make our website as safe and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are really a flesh and blood person and not a robot or other spam software. By spam we mean any unsolicited information sent to us by electronic means. With the classic CAPTCHAS, you usually had to solve text or image puzzles for verification. reCAPTCHA from Google mostly spares you the trouble of solving such puzzles. In most cases, all you need to do here is simply check the box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you do not even have to check the box. How exactly this works and, above all, what data is used for this purpose is explained in this privacy policy.
What is reCAPTCHA?
reCAPTCHA is a free Captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most often used when you fill out forms on the Internet. A Captcha service is a kind of automatic Turing test, which is supposed to ensure that an action on the Internet is done by a human and not by a bot. In the classical Turing test (named after the computer scientist Alan Turing), a human being determines the difference between bot and human. With Captchas, this is also done by the computer or a software program. Classical Captchas work with small tasks that are easy for humans to solve but present considerable difficulties for machines. With reCAPTCHA, you do not have to actively solve puzzles anymore. The tool uses modern risk techniques to distinguish people from bots. Here, you only have to check the text box "I am not a robot"; while Invisible reCAPTCHA renders this unnecessary. With reCAPTCHA, a JavaScript element is embedded in the source code and then the tool runs in the background and analyses your user behaviour. From these user actions the software calculates a so-called Captcha score. Google uses this score to calculate the probability that you are a human being even before you enter the Captcha. reCAPTCHA or Captchas are generally used whenever bots could manipulate or abuse certain actions (such as registrations, polls, etc.).
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood to our site. Bots or spam software of various kinds are not welcome. That is why we pull out all the stops to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from Google. This is how we can be pretty sure that we remain a "bot-free" website. Through the use of reCAPTCHA, data is transmitted to Google in order to determine whether you are really a human being. In this way, reCAPTCHA serves the security of our website and consequently also yours. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during sign-up in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.
What data is saved by reCAPTCHA?
reCAPTCHA collects personal data from users in order to determine whether humans are really behind the actions on our website. In the process, the IP address and other data required by Google for the reCAPTCHA service can be sent to Google. IP addresses are almost always truncated within the Member States of the EU or other signatory states of the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address will not be concatenated with other data from Google, unless you are signed in to your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are placed. Then, reCAPTCHA places an additional cookie in your browser and takes a snapshot of your browser window. The following list of collected browser and user data is not exhaustive. They are rather examples of such data which, to our knowledge, are processed by Google.
- Referrer URL (the address of the site from which the visitor comes)
- IP address (e.g. 256.123.123.1)
- Information about the operating system (software that allows your computer to run. Known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that store data in your browser)
- Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or date you have preset on your PC is saved)
- All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all possible data under one name)
- Screen resolution (shows how many pixels the image consists of)
It is undisputed that Google uses and analyses this data even before you click on the checkbox "I am not a robot". With the Invisible reCAPTCHA version, even the ticking is omitted and the whole recognition process runs in the background. Google does not disclose in detail the quantity and type of data it stores. The following cookies are used by reCAPTCHA: Here, we refer to the reCAPTCHA demo version from Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-231600428874-8
Purpose: This cookie is set by DoubleClick (a company also owned by Google) to record and report the actions of a user on the website in handling advertisements. In this way, the advertising effectiveness can be measured and appropriate optimisation measures taken. IDE is stored in browsers under the domain doubleclick.net.
Date of expiry: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects website usage statistics and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Date of expiry: after one month
Name: ANID
Value: U7j1v3dZa2316004288740xgZFmiqWppRWKOr
Purpose: We could not get much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID" and "TAID". ANID is stored under the domain google.com.
Date of expiry: after 9 months
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT also serves security purposes to verify users, prevent credential fraud and protect user data from unauthorised attacks.
Date of expiry: after 19 years
Name: NID
Value: 0WmuWqy231600428874zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your most frequently entered search queries or your previous interaction with ads. This is how you always get customised advertisements. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Date of expiry: after 6 months
Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc231600428874-4
Purpose: Once you check the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymous form and is also used to make user distinctions.
Date of expiry: after 10 minutes
Note: This list cannot claim to be exhaustive as experience has shown that Google always changes the choice of its cookies.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not concatenated with other Google data from other Google services. However, if you are signed in to your Google Account while using the reCAPTCHA plug-in, the data will be concatenated. Google’s deviating data protection regulations apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you or your behaviour to be transmitted to Google, you must log off completely from Google and delete all Google cookies before you visit our website or use reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you access our site. To delete this data again, you must contact Google support at https://support.google.com. By using our website, you agree that Google LLC and its agents automatically collect, process and use data. You can learn more about reCAPTCHA on Google's web developer page at developers.google.com/recaptcha/. Google goes into more detail about the technical development of the reCAPTCHA here, but exact information about data storage and data protection-relevant topics are not found. A good overview of the basic use of data at Google can be found in the company's own privacy policy at www.google.com/intl/de/policies/privacy/.