Many captchas do not properly implement data protection regulations according to current European and German laws (GDPR / DSGVO). For example, if they process personal data or store it on servers outside the E.U. without the explicit consent of the users. Thus, these captchas are not GDPR / GDPR compliant and a problem for website operators, as they are responsible for the compliance of their websites with the legal data protection requirements. For the use of captchas with data storage outside the EU or storage of personal data, according to the GDPR, the consent for use by the user must be granted in advance (cookie banners). This also applies, for example, to the use of Google reCAPTCHA and becomes a problem if users do not give their consent. Then the protection function of the captcha cannot be used legally. Therefore, you should use a captcha solution on your website that does not require user consent or the use of cookies.
POWER CAPTCHA stores personal data only encrypted, for a short period of time, and on servers in Germany. POWER CAPTCHA is GDPR / DSGVO compliant and you do not need the consent of users. Learn more about the problems of using Google reCAPTCHA as well as about data storage and server security with POWER CAPTCHA!
Privacy issues with Google reCaptcha
The currently most widely used captcha is reCAPTCHA by Google. Google’s general privacy policy contains references to the use of various personal data, but currently not to the data use of reCAPTCHA. It therefore remains unclear whether further personal data is processed specifically by Google reCAPTCHA, e.g. to analyze user behavior.
This is a problem for you as a website operator:in because you have to specify the categories of processed data in your privacy policy (see also Art. 14 (1) GDPR/DSGVO). Therefore, according to the Bavarian data protection authority, among others, the use of Google reCAPTCHA is problematic:
“Website operators should definitely check alternatives. If Google reCAPTCHA is nevertheless integrated, the responsible party must be aware that it must be able to prove its lawful use pursuant to Art. 5 (1), (2) DS-GVO. Anyone who cannot demonstrate how Google processes user data cannot transparently inform the user and cannot prove lawful use.” (original quotation: „Website-Betreiber sollten unbedingt Alternativen prüfen. Wird dennoch Google reCAPTCHA eingebunden, muss sich der Verantwortliche im Klaren sein, dass er den rechtmäßigen Einsatz gem. Art. 5 Abs. 1, 2 DS-GVO nachweisen können muss. Wer nicht darlegen kann, wie Google die Nutzerdaten verarbeitet, kann den Nutzer nicht transparent informieren und den rechtmäßigen Einsatz nicht nachweisen.“) (FAQ, as of 08/14/2023)
For you, this means that you cannot legally use reCAPTCHA within the scope of the GDPR and may even have to face fines or warnings. In addition, website operators with a high level of service and customer orientation want to create as few barriers as possible and reduce the use of data requiring consent.
When using POWER CAPTCHA, no unencrypted personalized data is stored. We generally store personal data only temporarily, encrypted and on servers in Germany. We do not use cookies and do not store any data on the user’s device. Therefore, your visitors do not have to agree to the use and the use is GDPR/ DSGVO compliant.
How we transfer and store data
When you submit a form that is protected with POWER CAPTCHA or log into a protected area, the POWER CAPTCHA server is informed that a captcha should be checked (security query). The IP address of the user (for the Enterprise edition optionally an additional value like username or email address) is transmitted encrypted and stored hashed (not as plain text). We keep this data in volatile memory (cache or RAM memory) and do not write it to hard disks at any time.
The data is necessary for POWER CAPTCHA to function. We therefore store the data only until the security check and the current processing period is completed. The maximum duration of storage is based on the blocking periods defined in the POWER CAPTCHA plans. Under the Enterprise plan, we can store the data for a maximum of 3 days (customer setting).
Certified data centers in Germany
POWER CAPTCHA runs on secured servers in certified data centers in Germany.
We follow the following standards when selecting our server providers: All providers are ISO 27001:2013 certified, minimum TIER 3 colocation operators who operate their sites 100% in Germany. In addition, our providers use 100% green electricity.
Test now!
You want to test POWER CAPTCHA live? Start our demo and simulate the application on your website / app.
POWER CAPTCHA
About Us
Contact
© 2024 POWER CAPTCHA by Uniique AG – Alle Rechte vorbehalten | All Rights Reserved
