Data Privacy Information for Friendly Captcha (Bot and Spam Protection)

This data privacy information is provided by us as the website operator, and it relates to the “Friendly Captcha” service which we use.

Our website uses the “Friendly Captcha” service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany (www.friendlycaptcha.com). Friendly Captcha GmbH acts as our processor.

Friendly Captcha is an innovative, privacy-friendly protection solution designed to make it more difficult for automated programs and scripts (“bots”) to use our website. Friendly Captcha thus protects our website from abuse.

1) How it works

We have integrated program code from Friendly Captcha (“Protection Software”) into certain areas of our website (e.g., in a contact form). This means that the visitor’s end device connects to Friendly Captcha’s servers in the context of the protected area (e.g., when sending a contact form).

The visitor’s browser is sent a puzzle from Friendly Captcha. The complexity of the puzzle depends on various risk factors. The visitor’s end device solves the puzzle, using certain system resources, and sends the solution to our web server. Our server contacts the Friendly Captcha server via an interface and receives a response stating whether the puzzle has been solved correctly by the end device.

The visitor’s browser transmits the connection data, environment data, interaction data, and functional data described in more detail below to Friendly Captcha (see Point 4 for information about the data). Friendly Captcha analyzes this data and determines how probable it is that the visitor is a human user or a bot; it then transmits the result to us.

Depending on this outcome, we can deal with the access to our website or to individual functions as human or potentially non-human.

2) Purpose

All of the above data will only be used to identify and deal with potential bots and risks as described above. The purpose of the processing is therefore to ensure the security and functionality of our website.

We do not use the data to identify a natural person or for marketing purposes.

3) Storage period

If personal data is stored, this data will be erased within 30 days.

4) Processed data

The following data will be processed solely for the security purposes stated above:

Connection data

• HTTP request data, i.e., data that is generated every time a website is visited (e.g., user agent, browser type, operating system) and the referencing website, protocols, and ports used
• IP address: IP addresses are only stored by Friendly Captcha in hashed form (one-way encryption), and they do not enable us or Friendly Captcha to draw any conclusions about individual persons
• Connection exchange data: technical information on how a connection was established between the browser and the Friendly Captcha server
• Network statistics, such as bandwidth

Environment data

• Browser properties and settings (e.g., preferred language, installed fonts, local time)
• Device data (e.g., available memory, screen resolution, operating system)
• Technical data related to program code execution (e.g., error codes, browser events)

Interaction data

• Times, frequencies, and statistics of key presses, however, without this enabling conclusions to be drawn about specific text entries, e.g., by only taking function keys such as Enter or Delete into account
• Scrolling and mouse movements
• Adjustments to windows, e.g., resizing

Functional data, e.g.,

• Version, status, and configuration data of the protection software
• Software components used
• Random metrics (e.g., session ID)
• Technical counters (e.g., number of repeated connection attempts)
• Data on the execution of program code
• Puzzle solutions

The following data is only stored in the browser’s session storage for the duration of the browser session and is essential for ensuring the security of the website:

A random session ID (frc_sid), the number of loads of the protection software modules (frc_sc), the number of requests and repeated connection attempts (frc_rc), and the solutions to the puzzles and their solution context (frc_sol).

We do not place HTTP cookies and we do not store any data in the browser’s persistent storage.

5) Legal basis

Insofar as data can be attributed to a person, the legal basis for its processing is our legitimate interests in protecting our website from improper access by bots, thus protecting against spam and against attacks (e.g., mass requests), Art. 6 (1) (f) GDPR.

6) Data recipient

Friendly Captcha acts as our processor, subject to instructions and for specified purposes. Except for the outcome of the classification into bot or human user, the above-mentioned data is processed by Friendly Captcha only and is not passed on to us.

Friendly Captcha uses hosting services provided by Hetzner Online GmbH (Germany) and SCALEWAY S.A.S (France) for hosting and delivery of the content.

7) Additional information

Additional information, in particular our contact details as the controller as per data privacy legislation and the contact details of our data protection officer as well as information concerning your rights under the GDPR, is available in the data privacy information on our website that we have integrated Friendly Captcha into.