Privacy Policy
Table of Contents
- Privacy Policy
- Cookies
- Storage of Personal Data
- Rights in accordance with the General Data Protection Regulation
- TLS encryption with https
- Google Fonts Privacy Policy
- Embedded Social Media elements Privacy Policy
- Facebook Data Policy
- YouTube Privacy Policy
- Google reCAPTCHA Privacy Policy
Privacy Policy
We created this Privacy Policy (version 05.05.2020-111281414), to declare which information we collect, how we use data and which options the users of our website have, according to the guidelines of the General Data Protection Regulation (EU) 2016/679 .
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Cookies
Our website uses HTTP-cookies to store user-specific data.
For your better understanding of the following Privacy Policy statement, we will explain to you below what cookies are and why they are in use.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which our website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
name: _ga
value: GA1.2.1326744211.152111275368-9
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
What exact cookies we use, depends on the used services. We will explain this in the following sections of the Privacy Policy statement. Firstly, we will briefly focus on the different types of HTTP-cookies.
There are 4 different types of cookies:
Essential Cookies
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
Purposive Cookies
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
Target-orientated Cookies
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
Advertising Cookies
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
You yourself take the decision if and how you want to use cookies. Thus, no matter what service or website cookies are from, you always have the option to delete, deactivate or only partially allow them. Therefore, you can for example block cookies of third parties but allow any other cookies.
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
There is a “cookie policy” that has been in place since 2009. It states that the storage of cookies requires the user’s consent. However, among the countries of the EU, these guidelines are often met with mixed reactions. In Austria the guidelines have been implemented in § 96 section 3 of the Telecommunications Act (TKG).
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of Personal Data
Any personal data you electronically submit to us on this website, such as your name, email address, home address or other personal information you provide via the transmission of a form or via any comments to the blog, are solely used for the specified purpose and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.
Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.
If you send us personal data via email – and thus not via this website – we cannot guarantee any safe transmission or protection of your data. We recommend you, to never send confidential data via email.
Rights in accordance with the General Data Protection Regulation
You are granted the following rights in accordance with the provisions of the GDPR (General Data Protection Regulation) and the Austrian Data Protection Act (DSG) .
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.dsb.gv.at/ .
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
Google Fonts Privacy Policy
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
To use Google Fonts, you must log in and set up a password. Furthermore, no cookies will be saved in your browser. The data (CSS, Fonts) will be requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, all requests for CSS and fonts are fully separated from any other Google services. If you have a Google account, you do not need to worry that your Google account details are transmitted to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) as well as the utilised fonts and stores these data securely. We will have a detailed look at how exactly the data storage works.
What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which Google provides its users for free.
Many of these fonts have been published under the SIL Open Font License license, while others have been published under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use different fonts on our website and do not have to upload them to our own server. Google Fonts is an important element which helps to keep the quality of our website high. All Google fonts are automatically optimised for the web, which saves data volume and is an advantage especially for the use of mobile terminal devices. When you use our website, the low data size provides fast loading times. Moreover, Google Fonts are secure Web Fonts. Various image synthesis systems (rendering) can lead to errors in different browsers, operating systems and mobile terminal devices. These errors could optically distort parts of texts or entire websites. Due to the fast Content Delivery Network (CDN) there are no cross-platform issues with Google Fonts. All common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) are supported by Google Fonts, and it reliably operates on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for presenting our entire online service as pleasantly and as uniformly as possible.
Which data is saved by Google?
Whenever you visit our website, the fonts are reloaded by a Google server. Through this external cue, data gets transferred to Google’s servers. Therefore, this makes Google recognise that you (or your IP-address) is visiting our website. The Google Fonts API was developed to reduce the usage, storage and gathering of end user data to the minimum needed for the proper depiction of fonts. What is more, API stands for „Application Programming Interface“ and works as a software data intermediary.
Google Fonts stores CSS and font requests safely with Google, and therefore it is protected. Using its collected usage figures, Google can determine how popular the individual fonts are. Google publishes the results on internal analysis pages, such as Google Analytics. Moreover, Google also utilises data of ist own web crawler, in order to determine which websites are using Google fonts. This data is published in Google Fonts’ BigQuery database. Enterpreneurs and developers use Google’s webservice BigQuery to be able to inspect and move big volumes of data.
One more thing that should be considered, is that every request for Google Fonts automatically transmits information such as language preferences, IP address, browser version, as well as the browser’s screen resolution and name to Google’s servers. It cannot be clearly identified if this data is saved, as Google has not directly declared it.
How long and where is the data stored?
Google saves requests for CSS assets for one day in a tag on their servers, which are primarily located outside of the EU. This makes it possible for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a website can get changed swiftly and easily.
Any font related data is stored with Google for one year. This is because Google’s aim is to fundamentally boost websites’ loading times. With millions of websites referring to the same fonts, they are buffered after the first visit and instantly reappear on any other websites that are visited thereafter. Sometimes Google updates font files to either reduce the data sizes, increase the language coverage or to improve the design.
How can I delete my data or prevent it being stored?
The data Google stores for either a day or a year cannot be deleted easily. Upon opening the page this data is automatically transmitted to Google. In order to clear the data ahead of time, you have to contact Google’s support at https://support.google.com/?hl=de&tid=111275368 . The only way for you to prevent the retention of your data is by not visiting our website.
Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at https://developers.google.com/fonts/faq?tid=111275368. While Google does address relevant elements on data protection at this link, it does not contain any detailed information on data retention. It proofs rather difficult to receive any precise information on stored data by Google.
On https://www.google.com/intl/de/policies/privacy/ you can read more about what data is generally collected by Google and what this data is used for.
Embedded Social Media elements Privacy Policy
We have embedded elements from social media services on our website, to display pictures, videos and texts.
By visiting pages that present such elements, data is transferred from your browser to the respective social media service, where it is stored. We do not have access to this data.
The following links lead to the respective social media services’ sites, where you can find a declaration on how they handle your data:
- Instagram Data Policy: https://help.instagram.com/519522125107875
- For YouTube, the Google Privacy Policy applies: https://policies.google.com/privacy?hl=de
- Facebook Data Policy: https://www.facebook.com/about/privacy
- Twitter Privacy Policy: https://twitter.com/de/privacy
Facebook Data Policy
We use selected Facebook tools on our website. Facebook is a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. With the aid of this tool we can provide the best possible offers to you and anyone interested in our products and services. In the following we will give you an overview on the different Facebook tools, as well as on what data is sent to Facebook and how you can delete these data.
What are Facebook tools?
Along with many other products, Facebook also offers so called “Facebook Business Tools”. This is Facebook’s official name for the tools, but it is not very common. Therefore, we decided to merely call them “Facebook tools”. They include the following:
- Facebook-Pixel
- social plugins (e.g. the “Like” or “Share“ button)
- Facebook Login
- Account Kit
- APIs (application programming interface)
- SDKs (Softwart developmept kits)
- Plattform-integrations
- Plugins
- Codes
- Specifications
- Documentations
- Technologies and Services
With these tools Facebook can extend its services and is able to receive information on user activities outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are genuinely interested in them. With the help of advertisements (Facebook Ads) we can reach exactly these people. However, to be able to show suitable adverts to users, Facebook requires additional information on people’s needs and wishes. Therefore, information on the user behaviour (and contact details) on our website, are provided to Facebook. Consequently, Facebook can collect better user data and is able to display suitable adverts for our products or services. Thanks to the tools it is possible to create targeted, customised ad campaigns of Facebook.
Facebook calls data about your behaviour on our website “event data” and uses them for analytics services. That way, Facebook can create “campaign reports” about our ad campaigns’ effectiveness on our behalf. Moreover, by analyses we can get a better insight in how you use our services, our website or our products. Therefore, some of these tools help us optimise your user experience on our website. With the social plugins for instance, you can share our site’s contents directly on Facebook.
What data is saved by the Facebook tools?
With the use of the Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be transmitted.
Facebook uses this information to match the data with the data it has on you (if you are a Facebook member). However, before the customer data is transferred to Facebook, a so called “Hashing” takes place. This means, that a data record of any size is transformed into a string of characters, which also has the purpose of encrypting data.
Moreover, not only contact data, but also “event data“ is transferred. These data are the information we receive about you on our website. To give an example, it allows us to see what subpages you visit or what products you buy from us. Facebook does not disclose the obtained information to third parties (such as advertisers), unless the company has an explicit permission or is legally obliged to do so. Also, “event data“ can be linked to contact information, which helps Facebook to offer improved, customised adverts. Finally, after the previously mentioned matching process, Facebook deletes the contact data.
To deliver optimised advertisements, Facebook only uses event data, if they have been combined with other data (that have been collected by Facebook in other ways). Facebook also uses event data for the purposes of security, protection, development and research. Many of these data are transmitted to Facebook via cookies. Cookies are little text files, that are used for storing data or information in browsers. Depending on the tools used, and on whether you are a Facebook member, a different number of cookies are placed in your browser. In the descriptions of the individual Facebook tools we will go into more detail on Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.
How long and where is the data stored?
Facebook fundamentally stores data, until they are no longer of use for their own services and products. Facebook has servers for storing their data all around the world. However, customer data is cleared within 48 hours after they have been matched with their own user data.
How can I delete my data or prevent it being stored?
In accordance with the General Data Protection Regulation (GDPR) you have the right of information, rectification, transfer and deletion of your data.
The collected data is only fully deleted, when you delete your entire Facebook account. Deleting your Facebook account works as follows:
1) Click on settings in the top right side in Facebook.
2) Then, click “Your Facebook information“ in the left column.
3) Now click on “Deactivation and deletion”.
4) Choose “Permanently delete account“ and then click on “Continue to account deletion“.
5) Enter your password, click on “continue“ and then on “Delete account“.
The retention of data Facebook receives via our site is done via cookies (e.g. with social plugins), among others. You can deactivate, clear or manage both all and individual cookies in your browser. How this can be done differs depending on the browser you use. The following instructions show, how to manage cookies in your browser:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies at all, you can set up your browser to notify you whenever a cookie is about to be set. This gives you the opportunity to decide upon the permission or deletion of every single cookie.
Facebook is an active participant in the EU-U.S. Privacy Shield Framework, which regulates correct and secure transfer of personal data. You can find more information at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. We hope we could give you an understanding of the most important information about the use of Facebook tools and data processing. If you want to find out more on how Facebook use your data, we recommend reading the data policies at https://www.facebook.com/about/privacy/update.
YouTube Privacy Policy
We have integrated YouTube videos to our website. Therefore, we can show you interesting videos directly on our site. YouTube is a video portal, which has been a subsidiary company of Google LLC since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Thereby, certain data are transferred (depending on the settings). Google is responsible for YouTube’s data processing and therefore Google’s data protection applies.
In the following we will explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or clear your data.
What is YouTube?
On YouTube, users can watch, rate, comment or upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. For us to be able to display videos on our website, YouTube provides a code snippet that we have integrated to our website.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and best content. We strive to offer you the best possible user experience on our website, which of course includes interesting videos. With the help of our embedded videos, we can provide you other helpful content in addition to our texts and images. Additionally, embedded videos make it easier for our website to be found on the Google search engine. Moreover, if we place ads via Google Ads, Google only shows these ads to people who are interested in our offers, thanks to the collected data.
What data is stored by YouTube?
As soon as you visit one of our pages with an integrated YouTube, YouTube places at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, by using cookies YouTube can usually associate your interactions on our website with your profile. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your Internet provider. Additional data can include contact details, potential ratings, shared content via social media or YouTube videos you added to your favourites.
If you are not logged in to a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser or app. Thereby, e.g. your preferred language setting is maintained. However, many interaction data cannot be saved since less cookies are set.
In the following list we show you cookies that were placed in the browser during a test. On the one hand, we show cookies that were set without being logged into a YouTube account. On the other hand, we show you what cookies were placed while being logged in. We do not claim for this list to be exhaustive, as user data always depend on how you interact with YouTube.
name: YSC
value: b9-CV6ojI5Y111275368-1
purpose: This cookie registers a unique ID to store statistics of the video that was viewed.
expiration date: after end of session
name: PREF
value: f1=50000000
purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
expiration date: after 8 months
name: GPS
value: 1
purpose: This cookie registers your unique ID on mobile devices to track GPS locations.
expiration date: after 30 minutes
name: VISITOR_INFO1_LIVE
value: 95Chz8bagyU
purpose: This cookie tries to estimate the user’s internet bandwith on our sites (that have built-in YouTube videos).
expiration date: after 8 months
Further cookies that are placed when you are logged into your YouTube account:
name: APISID
value: zILlvClZSkqGsSwI/AU1aZI6HY7111275368-
purpose: This cookie is used to create a profile on your interests. This data is then used for personalised advertisements.
expiration date: after 2 years
name: CONSENT
value: YES+AT.de+20150628-20-0
purpose: The cookie stores the status of a user’s consent to the use of various Google services. CONSENT also provides safety measures to protect users from unauthorised attacks.
expiration date: after 19 years
name: HSID
value: AcRwpgUik9Dveht0I
purpose: This cookie is used to create a profile on your interests. This data helps to display customised ads.
expiration date: after 2 years
name: LOGIN_INFO
value: AFmmF2swRQIhALl6aL…
purpose: This cookie stores information on your login data.
expiration date: after 2 years
name: SAPISID
value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
purpose: This cookie identifies your browser and device. It is used to create a profile on your interests.
expiration date: after 2 years
name: SID
value: oQfNKjAsI111275368-
purpose: This cookie stores your Google Account ID and your last login time, in a digitally signed and encrypted form.
expiration date: after 2 years
name: SIDCC
value: AN0-TYuqub2JOcDTyL
purpose: This cookie stores information on how you use the website and on what advertisements you may have seen before visiting our website.
expiration date: nach 3 Monaten
How long and where is the data stored?
The data YouTube receive and process on you are stored on Google’s servers. Most of these servers are in America. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can see where Google’s data centres are located. Your data is distributed across the servers. Therefore, the data can be retrieved quicker and is better protected against manipulation.
Google stores collected data for different periods of time. You can delete some data anytime, while other data are automatically deleted after a certain time, and still other data are stored by Google for a long time. Some data (such as elements on “My activity”, photos, documents or products) that are saved in your Google account are stored until you delete them. Moreover, you can delete some data associated with your device, browser, or app, even if you are not signed into a Google Account.
How can I delete my data or prevent it being stored?
Generally, you can delete data manually in your Google account. Furthermore, in 2019 an automatic deletion of location and activity data was introduced. Depending on what you decide on, it deletes stored information either after 3 or 18 months.
Regardless of whether you have a Google account or not, you can set your browser to delete or deactivate cookies placed by Google. These settings vary depending on the browser you use. The following instructions will show how to manage cookies in your browser:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies, you can set your browser to always notify you when a cookie is about to be set. This will enable you to decide to either allow or permit each individual cookie. Since YouTube is a subsidiary company of Google, Google’s privacy statement applies to both. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.
Google reCAPTCHA Privacy Policy
Our primary goal is to provide you an experience on our website that is as secure and protected as possible. To do this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine whether you are a real person from flesh and bones, and not a robot or a spam software. By spam we mean any electronically undesirable information we receive involuntarily. Classic CAPTCHAS usually needed you to solve text or picture puzzles to check. But thanks to Google’s reCAPTCHA you usually do have to do such puzzles. Most of the times it is enough to simply tick a box and confirm you are not a bot. With the new Invisible reCAPTCHA version you don’t even have to tick a box. In this privacy policy you will find out how exactly this works, and what data is used for it.
What is reCAPTCHA?
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used the most when you fill out forms on the Internet. A captcha service is a type of automatic Turing-test that is designed to ensure specific actions on the Internet are done by human beings and not bots. During the classic Turing-test (named after computer scientist Alan Turing), a person differentiates between bot and human. With Captchas, a computer or software program does the same. Classic captchas function with small tasks that are easy to solve for humans but provide considerable difficulties to machines. With reCAPTCHA, you no longer must actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing you must do there, is to tick the text field “I am not a robot”. However, with Invisible reCAPTCHA even that is no longer necessary. reCAPTCHA, integrates a JavaScript element into the source text, after which the tool then runs in the background and analyses your user behaviour. The software calculates a so-called captcha score from your user actions. Google uses this score to calculate the likelihood of you being a human, before entering the captcha. reCAPTCHA and Captchas in general are used every time bots could manipulate or misuse certain actions (such as registrations, surveys, etc.).
Why do we use reCAPTCHA on our website?
We only want to welcome people from flesh and bones on our side and want bots or spam software of all kinds to stay away. Therefore, we are doing everything we can to stay protected and to offer you the highest possible user friendliness. For this reason, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a “bot-free” website. Using reCAPTCHA, data is transmitted to Google to determine whether you genuinely are human. reCAPTCHA thus ensures our website’s and subsequently your security. Without reCAPTCHA it could e.g. happen that a bot would register as many email addresses as possible when registering, in order to subsequently “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal user data to determine whether the actions on our website are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA service, may be sent to Google. Within member states of the European Economic Area, IP addresses are almost always compressed before the data makes its way to a server in the USA. Moreover, your IP address will not be combined with any other of Google’s data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data is not exhaustive. Rather, it provides examples of data, which to our knowledge, is processed by Google.
- Referrer URL (the address of the page the visitor has come from)
- IP-address (e.g. 256.123.123.1)
- Information on the operating system (the software that enables the operation of your computers. Popular operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that save data in your browser)
- Mouse and keyboard behaviour (every action you take with your mouse or keyboard is stored)
- Date and language settings (the language and date you have set on your PC is saved)
- All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
- Screen resolution (shows how many pixels the image display consists of)
Google may use and analyse this data even before you click on the “I am not a robot” checkmark. In the Invisible reCAPTCHA version, there is no need to even tick at all, as the entire recognition process runs in the background. Moreover, Google have not given details on what information and how much data they retain.
The following cookies are used by reCAPTCHA: With the following list we are referring to Google’s reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo. For tracking purposes, all these cookies require a unique identifier. Here is a list of cookies that Google reCAPTCHA has set in the demo version:
name: IDE
value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111275368-8
purpose: This cookie is set by DoubleClick (which is owned by Google) to register and report a user’s interactions with advertisements. With it, ad effectiveness can be measured, and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
expiration date: after one year
name: 1P_JAR
value: 2019-5-14-12
purpose: This cookie collects website usage statistics and measures conversions. A conversion e.g. takes place, when a user becomes a buyer. The cookie is also used to display relevant adverts to users. Furthermore, the cookie can prevent a user from seeing the same ad more than once.
expiration date: after one month
name: ANID
value: U7j1v3dZa1112753680xgZFmiqWppRWKOr
purpose: We could not find out much about this cookie. In Google’s privacy statement, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID” and “TAID”. ANID is stored under the domain google.com.
expiration date: after 9 months
name: CONSENT
value: YES+AT.de+20150628-20-0
purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves to prevent fraudulent logins and to protect user data from unauthorised attacks.
expiration date: after 19 years
name: NID
value: 0WmuWqy111275368zILzqV_nmt3sDXwPeM5Q
purpose: Google uses NID to customise advertisements to your Google searches. With the help of cookies, Google “remembers” your most frequently entered search queries or your previous ad interactions. Thus, you always receive advertisements tailored to you. The cookie contains a unique ID to collect users’ personal settings for advertising purposes.
expiration date: after 6 months
name: DV
value: gEAABBCjJMXcI0dSAAAANbqc111275368-4
purpose: This cookie is set when you tick the “I am not a robot” checkmark. Google Analytics uses the cookie personalised advertising. DV collects anonymous information and is also used to distinct between users.
expiration date: after 10 minutes
Note: We do not claim for this list to be extensive, as Google often change the choice of their cookies.
How long and where is the data stored?
Due to the integration of reCAPTCHA, your data will be transferred to the Google server. Google have not disclosed where exactly this data is stored, despite repeated inquiries. But even without confirmation from Google, it can be assumed that data such as mouse interaction, length of stay on a website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google does generally not get merged with other Google data from the company’s other services. However, the data will be merged if you are logged in to your Google account while using the reCAPTCHA plug-in. Google’s diverging privacy policy applies for this.
How can I delete my data or prevent it being stored?
If you want to prevent any data about you and your behaviour to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting our website or use the reCAPTCHA software. Generally, the data is automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=de&tid=111275368 .
If you use our website, you agree that Google LLC and its representatives automatically collect, edit and use data.
You can find out more about reCAPTCHA on Google’s Developers page at https://developers.google.com/recaptcha/. While Google do give more detail on the technical development of reCAPTCHA there, they have not disclosed precise information about data retention and data protection. A good, basic overview of the use of data however, can be found in the company’s internal privacy policy at https://www.google.com/intl/de/policies/privacy/.
Source: Created with the Datenschutz Generator by AdSimple® Linkbuilding in cooperation with schoenheitsmagazin.at