Privacy policy for Service users

Trustcaptcha is a CAPTCHA service that protects websites, applications and services from spam and unwanted automated access, commonly referred to as bots. We value the protection of your data and treat your personal data in accordance with the GDPR.

Definition

Service user

A company or organisation that has implemented Trustcaptcha on its website or application.

End user

A person who visits or uses a website or service that has implemented Trustcaptcha as part of its security measures.

This privacy policy applies exclusively to Service users, as well as visitors and users of our online-platform and websites (in particular those that can be reached at trustcaptcha.com). It does not apply to end users who interact with Trustcaptcha as a CAPTCHA service on other websites. For end users who use the CAPTCHA service on third-party websites, the respective privacy policy of the corresponding website applies.

1. Data protection overview

1.1 Responsible body

The controller responsible for data processing is

Trustcaptcha GmbH
Hans-Böckler-Straße 32
80995 München
Germany

E-Mail: mail@trustcaptcha.com

1.2 Legal basis

We only collect and process data if we have a legal basis for doing so. The legal basis depends on the services you use and their nature. The various cases are set out below.

  • Insofar as you give us your consent to process personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR serves as the legal basis.
  • If the processing is necessary for the fulfilment of a contract to which you are a party or for the implementation of pre-contractual measures, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis.
  • In cases where processing is based on legitimate interests and these interests are not overridden by your fundamental rights and freedoms, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. This includes improving security, developing and improving our services, marketing and sales as well as safeguarding our legal interests.
  • Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c) GDPR serves as the legal basis.

1.3 Storage and storage period

The storage period of your personal data depends on the purpose of the data collection. We only store your personal data for as long as is necessary to fulfil the purpose of processing or for as long as is necessary to settle disputes and enforce legal agreements and guidelines or as required by the applicable laws. Personal data is deleted or anonymised after the respective retention period has expired.

We take appropriate technical and organisational measures to ensure the security of your data and to prevent unauthorised access, loss, misuse or manipulation. Despite all precautions, we would like to point out that no data transmission over the Internet is completely secure and we therefore cannot guarantee the absolute security of your data.

1.4 Data collected

1.4.1 Personal data

When you visit and use our pages and services, we may collect and process certain personal data. This may include, but is not limited to, the following

  • Name
  • E-mail address
  • Your address
  • Telephone number
  • User login information
  • Web address
  • Preferences and settings
  • Payment information

1.4.2 Log data, device data and usage data

When you access our pages or use our services, log data, device data and usage data may be collected and processed. Log data may include, for example, IP address, browser type and version, time spent on pages, referrer URLs, time and date. Device data may include, for example, device type, device model, operating system, unique device identifiers, location information and settings. Usage data provides us with information about the use of our websites, such as the duration of visits and certain actions performed on our pages.

The exact data that is collected varies depending on your settings and consents. It is advisable to consult the privacy guidelines and settings of the respective device or application to obtain precise information about what data your device makes available to us.

1.5 Third party data

If you provide us with personal data on behalf of or when representing another person or entity, you must make sure that you are fully authorised to do so by that party. By providing this information, you warrant that you have obtained all necessary permissions and comply with all applicable legal requirements.

If we receive your personal data from a third party, we will handle your personal data according to this Privacy Policy.

1.6 Safety guidelines for children

If you are under the age of 16, you may only use our website and submit personal data with the consent of a parent or legal guardian. By using our website or submitting personal data, you confirm that you are at least 16 years old or that you have obtained the necessary consent from your parent or legal guardian. In cases where we become aware that personal data of persons under the age of 16 has been submitted without the required consent, we will delete this data in accordance with this privacy policy.

1.7 Purpose of data processing

The personal data collected may be used for

  • Account creation and administration
  • Enabling the use of our services
  • Provision of optional additional functions
  • Transaction and payment processing
  • Customer support and contact options
  • Notifications about changes to our services
  • Fulfilment of individual requests
  • Analysing and improving the services
  • Marketing
  • System integrity and logging
  • Defence against abuse and fraud
  • Compliance with legal obligations

1.8 Cookies

Our Internet pages may use so-called ‘cookies’. Cookies are small text files that are stored on your end device. Cookies have various functions and are sometimes technically necessary, as certain website functions cannot work or cannot work properly without them.

Our website only uses first-party cookies that are set directly by us. We do not use third-party cookies that are set by external providers. Session cookies are temporary cookies that expire as soon as you close your browser. Persistent cookies remain on your device after your session has ended. Persistent cookies have a specific duration and are automatically deleted after a certain time or you can remove them manually in your browser settings.

We use the following cookies:

SESSION is an authentication cookie that manages active login sessions and expires when the browser is closed (session cookie). If you select this option, remember-me allows returning users to stay logged in without having to re-enter their login details. The storage period is one month. settings manages the temporary settings for language and display mode and expires when the browser is closed (session cookie). BROWSER_ID is essential for a number of security functions, including logging and recognising unusual activity by recording access by the browser or device, location information and relevant actions performed. The storage period is up to 10 years.

You can configure most browsers so that you are informed when cookies are set and only allow cookies in individual cases, deactivate the acceptance of cookies and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of the websites may be restricted. Further information on managing and deleting cookies can be found at https://www.aboutcookies.org.

2 External service providers and data recipients

We may work with various external service providers to ensure the smooth operation of our captcha services so that our captcha services can be operated efficiently and securely. These service providers may have access to certain data required for their respective tasks. These include hosting providers, error logging, accounting service providers, IT service providers, analytics, data storage providers, debt collection companies, maintenance, consultants, payment processors, advertising networks and marketing service providers. These service providers only receive the information that is necessary for their specific tasks. In certain cases, we may be required by law to disclose data to government bodies, regulatory authorities or other institutions. Disclosure is also possible to protect or enforce our legal rights and, if necessary, to defend our rights and property.

By transferring your data, you consent to it being stored and processed at the locations of our company and external partners. The transfer of personal data to third countries outside the EEA takes place on the basis of an adequacy decision by the European Commission. If there is no adequacy decision of the European Commission for the respective third country, the transfer to a third country is based on appropriate safeguards within the meaning of Art. 46 para. 2 GDPR.

Stripe: You have the option of using the service provider Stripe for the purpose of payment processing. The provider is Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland. If you choose to pay via Stripe, Stripe Payments Europe Limited will process your data and you will be redirected to Stripe's payment page. If you choose to make your payment through Stripe, please be aware that Stripe may use cookies. You can object to the processing of your data by Stripe at any time. For more information on Stripe’s data practices and Stripe's privacy policy, please visit their website: https://stripe.com/privacy.

We recommend that you check their policy carefully before using their payment service. Using Stripe is entirely optional and an alternative payment option is available.

Lexoffice: Invoice management and order management is carried out by the service provider ‘lexoffice’ (Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany). We will pass on your name, address and other personal data to lexoffice exclusively for the purpose of processing your order and only to the extent necessary. Further information on data protection and the lexoffice privacy policy can be found on the lexoffice website: https://www.lexoffice.de/datenschutz/

For further information on general or specific external service providers or data recipients, please contact us.

3. Your rights

You are entitled to data subject rights in relation to the data processing listed. These are regulated in the GDPR.

Right to withdraw consent (Art. 7 GDPR)

If the data processing by us is based on your consent, you have the right to withdraw your consent at any time. The lawfulness of the processing prior to the withdrawal remains unaffected. If you withdraw your consent, we may no longer be able to offer the service or certain functions.

Right to information (Art. 15 GDPR)

You have the right to obtain information from us about your personal data, especially which of your personal data we process and for what purpose.

Right to rectification (Art. 16 GDPR)

If your data is incorrect or incomplete, you have the right to rectification or completion.

Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data. Among other things, we are obliged to erase your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent or if the data has been processed unlawfully.

Right to restriction (Art. 18 GDPR)

In certain cases, you may request the restriction of the processing of your personal data. It is important to note that when exercising this right, some functions and services may only be partially usable or no longer usable.

Right to data portability (Art. 20 GDPR)

You can request that we transfer your personal data to you in a structured, commonly used and machine-readable format or transfer it directly to another third party.

Right to object (Art. 21 GDPR)

If we process your personal data on the basis of our legitimate interest, you can object to the processing of your personal data by us for this reason, taking into account your individual situation. Restriction may not be possible if we can demonstrate compelling legitimate grounds for the processing which override your interests in stopping the processing. We will always take your request seriously and are committed to finding a satisfactory solution together with you. Please note that certain services may no longer be available or may not be fully usable if you exercise your right to object.

Direct marketing: You have the right to object to the processing of your personal data for direct marketing purposes. Depending on the application, you can object to the processing for the purpose of direct marketing by clicking on the unsubscribe link at the end of our communications or in any case by sending a message to the e-mail address given above. The lawfulness of the data processing carried out until the cancellation remains unaffected by the cancellation. After your cancellation, your e-mail address may be stored by us or the contact service in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose.

Right to lodge a complaint (Art. 77 GDPR)

In the event of issues or concerns, we offer ourselves as a primary point of contact. We take a suspected violation very seriously and will investigate it, clarify any issues and provide appropriate feedback, including any measures taken. Should you nevertheless wish to lodge an official complaint, you have the right to contact the data protection supervisory authority responsible. However, we encourage you to contact us directly first to ensure direct and effective communication.

4. Further details

4.1 Limitation of the privacy policy

The validity of this privacy policy relates to the services and websites of Trustcaptcha GmbH. Our pages may contain links to external sites. We cannot accept any responsibility for the data protection practices or content of these sites, as we have no influence over them. It is the responsibility of users to ensure that the data protection practices of the linked sites meet their standards.

4.2 Company transfers

In the event of a merger, acquisition or sale of Trustcaptcha or any part of our business, personal data may be transferred to the new owner. The new owner may continue to process your data in accordance with this Privacy Policy. If such a transfer takes place, we will notify you accordingly.

4.3 Changes to this privacy policy

We may update the Privacy Policy, for example to reflect changes to our services or privacy practices. We will inform users on our website about changes that affect the processing of their personal data. We assume that you agree to the amended provisions if you continue to use the software after the changes come into effect. In the event of significant changes to the privacy policy, we will ask you to consent to the updated privacy policy again.


Version: 2411.1