What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood to our site. Bots or spam software of various kinds are not welcome. That is why we pull out all the stops to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from Google. This is how we can be pretty sure that we remain a "bot-free" website. Through the use of reCAPTCHA, data is transmitted to Google in order to determine whether you are really a human being. In this way, reCAPTCHA serves the security of our website and consequently also yours. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during sign-up in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.
What data is saved by reCAPTCHA?
reCAPTCHA collects personal data from users in order to determine whether humans are really behind the actions on our website. In the process, the IP address and other data required by Google for the reCAPTCHA service can be sent to Google. IP addresses are almost always truncated within the Member States of the EU or other signatory states of the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address will not be concatenated with other data from Google, unless you are signed in to your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are placed. Then, reCAPTCHA places an additional cookie in your browser and takes a snapshot of your browser window. The following list of collected browser and user data is not exhaustive. They are rather examples of such data which, to our knowledge, are processed by Google.
- Referrer URL (the address of the site from which the visitor comes)
- IP address (e.g. 218.104.22.168)
- Information about the operating system (software that allows your computer to run. Known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that store data in your browser)
- Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or date you have preset on your PC is saved)
- Screen resolution (shows how many pixels the image consists of)
It is undisputed that Google uses and analyses this data even before you click on the checkbox "I am not a robot". With the Invisible reCAPTCHA version, even the ticking is omitted and the whole recognition process runs in the background. Google does not disclose in detail the quantity and type of data it stores. The following cookies are used by reCAPTCHA: Here, we refer to the reCAPTCHA demo version from Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Purpose: This cookie is set by DoubleClick (a company also owned by Google) to record and report the actions of a user on the website in handling advertisements. In this way, the advertising effectiveness can be measured and appropriate optimisation measures taken. IDE is stored in browsers under the domain doubleclick.net.
Date of expiry: after one year
Purpose: This cookie collects website usage statistics and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Date of expiry: after one month
Date of expiry: after 9 months
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT also serves security purposes to verify users, prevent credential fraud and protect user data from unauthorised attacks.
Date of expiry: after 19 years
Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your most frequently entered search queries or your previous interaction with ads. This is how you always get customised advertisements. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Date of expiry: after 6 months
Purpose: Once you check the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymous form and is also used to make user distinctions.
Date of expiry: after 10 minutes
Note: This list cannot claim to be exhaustive as experience has shown that Google always changes the choice of its cookies.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not concatenated with other Google data from other Google services. However, if you are signed in to your Google Account while using the reCAPTCHA plug-in, the data will be concatenated. Google’s deviating data protection regulations apply to this.
How can I delete my data or prevent data storage?