Data Privacy Information for Friendly Captcha (Bot and Spam Protection)

This data privacy information is provided by us as the website operator, and it relates to the “Friendly Captcha” service which we use. 

Our website uses the “Friendly Captcha” service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany (www.friendlycaptcha.com). Friendly Captcha GmbH acts as our processor.

Friendly Captcha is an innovative, privacy-friendly protection solution designed to make it more difficult for automated programs and scripts (“bots”) to use our website. Friendly Captcha thus protects our website from abuse. 


How does Friendly Captcha work?

We have integrated program code from Friendly Captcha (“Protection Software”) into certain areas of our website (e.g., in a contact form). This means that, as the visitor, your end device connects to Friendly Captcha’s servers in the context of the protected area (e.g., when sending a contact form).

Your browser is sent a puzzle from Friendly Captcha. The complexity of the puzzle depends on various risk factors. Your end device solves the puzzle, using certain system resources, and sends the solution to our web server. Our server contacts the Friendly Captcha server via an interface and receives a response stating whether the puzzle has been solved correctly by the end device (i.e., your device). 

Your browser transmits the connection data, environment data, interaction data, and functional data described in more detail below to Friendly Captcha (see the section titled "What data is processed using Friendly Captcha?" for information about the data). Friendly Captcha analyzes this data and determines how probable it is that the visitor is a human user or a bot; it then transmits the result to us.  

Depending on this outcome, we can deal with the access to our website or to individual functions as human or potentially non-human.  


What is the purpose of Friendly Captcha?

All of the above data will only be used to identify and deal with potential bots and risks as described above. The purpose of the processing is therefore to ensure the security and functionality of our website. 

We do not use the data to identify a natural person or for marketing purposes.


How long is your personal data stored when using Friendly Captcha?

If personal data is stored, this data will be erased within 30 days.


What kind of personal data is processed using Friendly Captcha?

The following data (which includes personal data) will be processed solely for the security purposes stated above:

Connection data 

  • HTTP request data, i.e., data that is generated every time a website is visited (e.g., user agent, browser type, operating system) and the referencing website, protocols, and ports used 
  • IP address: IP addresses are only stored by Friendly Captcha in hashed form (one-way encryption), and they do not enable us or Friendly Captcha to draw any conclusions about individual persons
  • Connection exchange data: technical information on how a connection was established between the browser and the Friendly Captcha server
  • Network statistics, such as bandwidth

Environment data

  • Browser properties and settings (e.g., preferred language, installed fonts, local time)
  • Device data (e.g., available memory, screen resolution, operating system)
  • Technical data related to program code execution (e.g., error codes, browser events)

Interaction data

  • Times, frequencies, and statistics of key presses, however, without this enabling conclusions to be drawn about specific text entries, e.g., by only taking function keys such as Enter or Delete into account 
  • Scrolling and mouse movements
  • Adjustments to windows, e.g., resizing

Functional data, e.g., 

  • Version, status, and configuration data of the protection software
  • Software components used
  • Random metrics (e.g., session ID)
  • Technical counters (e.g., number of repeated connection attempts)
  • Data on the execution of program code
  • Puzzle solutions

The following data is only stored in your browser’s session storage for the duration of your browser session and is essential for ensuring the security of the website: 

A random session ID (frc_sid), the number of loads of the protection software modules (frc_sc), the number of requests and repeated connection attempts (frc_rc), and the solutions to the puzzles and their solution context (frc_sol). 

We do not place HTTP cookies and we do not store any data in your browser’s persistent storage.


What legal basis do we rely upon?

Insofar as data can be attributed to a person, the legal basis for its processing is our legitimate interests in protecting our website from improper access by bots, thus protecting against spam and against attacks (e.g., mass requests) under Article 6 (1)(f) of the UK GDPR. It is in our interests and your interests for us to prevent and take measures against fraud, unauthorized use of our systems and other illegal or harmful activity, to protect ourselves, you, and others, and to ensure data security.


Who do we share your personal data with?

Friendly Captcha acts as our processor, subject to instructions and for specified purposes. 

Friendly Captcha uses hosting services provided by Hetzner Online GmbH, based in Germany, and SCALEWAY S.A.S, based in France, for hosting and delivery of the content.


Additional information

Additional information, in particular our contact details as the controller as per data privacy legislation and the contact details of our data protection officer as well as information concerning your rights under the UK GDPR, is available in the data privacy information on our website that we have integrated Friendly Captcha into.