Anti-bot protection in line with GDPR

What is the GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive European Union (EU) data protection law designed to protect the privacy and personal data of individuals in the EU. These strict rules for the collection, processing and storage of personal data apply to all EU member states as well as any organization that processes personal data of EU citizens, regardless of where the organization is located.

Why is compliance with the GDPR becoming increasingly important for companies

Failure to comply with the GDPR can result in painful fines of up to 4% of a company's annual global turnover or €20 million (whichever is higher). Many organizations also see compliance as an opportunity to prove themselves as a trustworthy, responsible partner for their customers, suppliers and stakeholders in the area of data protection in several respects.

Why is ALAN Captcha GDPR compliant?

ALAN Captcha is provided by a company based in the EU. It is completely transparent which user data is used to provide our service. Non-user data is stored outside the EU. The endpoint of ALAN Captcha is located within the EU. ALAN Captcha does not use cookies to track users. By informing users about ALAN Captcha's data policy and service, it is possible to use AlanCaptcha in a GDPR-compliant manner. Our anti-bot defense is an investment in digital freedom. Our service is GDPR-compliant and data protection-conscious. Data protection is our focus and the foundation of our business model. Our anti-bot solution complies with the highest European data protection standards and other global data laws such as CCPA (California Consumer Privacy Act), LGPD (General Personal Data Protection Law), PIPL (Personal Information Protection Law - China).

• Privacy-sensitive - Our privacy-friendly design ensures that no personal data is collected, tracked and stored
• GDPR compliant - Data never leaves the EU, no cookies or tracking.
• No cookies - We do not use cookie files and do not cross-track from website to website.
• No storage of personal data - Our end user solution does not store personal data or log the connection to end users.

Do you need to update your privacy policy to use ALAN Captcha?

From our point of view it is not necessary to adapt your rules and guidelines regarding privacy or data protection on your website. According to the Privacy by Design approach, our ALAN Captcha plugin already takes into account all important points in this context. The ALAN Captcha plugin is GDPR compliant and the related information is directly accessible via clearly visible links in the ALAN Captcha plugin. It is also part of the DNA of our ALAN Captcha service that no personal data of end users is stored. Also, no cookies are used that require the explicit consent of the end user. Against this background, we do not believe it is necessary to update your privacy policy. At the same time, we recommend that you coordinate the use of the ALAN Captcha plugin with your data protection officer in order to have information available in case of any queries.

If necessary, you can use the following text for your privacy policy:

We use the "ALAN Captcha" service on our website. The provider is scrinus web&co GmbH (Marxergasse 5/24, 1030 Vienna, Austria) - hereinafter referred to as "web&co". Hosting is provided by one of the largest web hosts and data center operators in Europe. Data processing takes place within the EU.

The service is intended to prevent automated and abusive requests by so-called "bots". As part of this process, your IP address is recorded by ALAN Captcha in order to send a cryptographic task to your end device. This task is solved in the background and as soon as it is solved, a confirmation is sent by ALAN Captcha to the server that the proof-of-work has been provided and that the form request has environmental parameters as known from a normal visit to a website by natural persons and not from automated scripts.

ALAN Captcha processes and stores the following data in the above-mentioned process

• Anonymized IP address of the requesting computer
• Information about the browser and operating system used
• Anonymized counter per IP address to control the cryptographic tasks
• Website from which the access took place (so-called referrer URL)
• The data is used exclusively to protect against bots.

The legal basis for the processing is the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to prevent abusive access or spam attacks by bots.

If personal or personal-related data is processed when using ALAN Captcha, it will be deleted after 30 days at the latest.

Further information about ALAN Captcha and web&co is available at  https://alancaptcha.com/ and https://webundco.com/ueber-uns/datenschutz.