Privacy policy for service users

1. Processing activity

Distribution of a GDPR-compliant captcha solution to companies

2. Controller

Captcha GmbH

Muthgasse 2

1190 Wien

3. Contact details of the person responsible for data protection

Captcha GmbH

Muthgasse 2

1190 Vienna


4. Purposes of data processing

a) On the legal basis of the initiation or performance of a contract

    • i) Provision of the website
    • ii) Processing of existing customer inquiries via the web form
    • iii) Provision of challenge response authentication (Captcha)
    • iv) Commercial processing of the provision of challenge-response

b) On the legal basis of legitimate interest

  • i) Collection of page views on the website for the improvement of the
    service without processing personal data.
  • ii) Processing of general enquiries via the web form
  • iii) Processing of data in affiliated companies in the course of the
    technical and commercial processing of the challenge-response

c) On the legal basis of consent (revocable at any time with effect for
the future)

  • i) Transmission of electronic identification data of the customer for
    the purpose of web analysis to improve the content of the offer, this
    using tracking methods and setting/reading cookies and other identifying
    other identifiers.
  • ii) Transmission of electronic identification data of the customer to measure the success of advertising measures on external sites, using tracking methods and setting/reading cookies.
    using tracking methods and by setting/reading cookies and other identifiers.
    other identification features

5. Types of processed data

a) Provided by the client

      • i) Name
      • ii) Address(es)
      • iii) Telephone and fax number(s)
      • iv) E-mail address(es)
      • v) Bank data
      • vi) Contents of messages from the user
      • vii) Sweepstakes entries / submissions
      • viii) Email content for contact requests
      • ix) Privacy consent

b) Additionally inquired by Captcha GmbH

    • i) IP addresses (log files)
    • ii) End device data
    • iii) Used browser
    • iv) User Identity (ID)
    • v) Account activation status
    • vi) Account creation time
    • vii) Account modification time
    • viii) last login time
    • ix) Session ID
    • x) Web analytics identifier
    • xi) GoogleEmail
    • xii) Google User-Name
    • xiii) Number/time intervals of mouse(Pointer device) clicks,
      mouse(Pointer device) movements (during the validation process).
    • xiv) Time intervals for keystrokes (during the validation process)
    • xv) Google Ads Identifier

6. Data sources

  • a) Google Login: email address, username

  • b) Facebook Login: email address, username

  • c) Github Login: email address, username

7. External data recipients

  • a) Transmission to responsible parties

    • (1) Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand
      Canal Dock, Dublin, Irland,
      Privacy information
  • b) Transfer to commissioned data processors

    •  i)  Captcha GmbH is part of a group of companies. For the fulfillment of
      its obligations, Captcha GmbH also makes use of the Group’s affiliated
      companies in a of its extensive obligations, Captcha GmbH also makes use
      of the group’s affiliated companies. Captcha GmbH has an legitimate
      interest (recital 48 of the GDPR).
      • (1) Technical development, support/service, marketing, Distribution:
        Krone Multimedia GesmbH & Co KG, Muthgasse 2, 1190 Vienna,
        Privacy information
      • (2) Accounting, downstream commercial or financial related processing:
        Mediaprint Zeitungs- und Zeitschriftenverlag Gesellschaft m.b.H. & Co
        Kommanditgesellschaft, Richard Strauß Strasse 16, 1230 Vienna,
        Privacy information
    • ii) Web analytics & advertising performance measurement: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Irland
      Privacy information
    • iii) Consent Management Platform: Didomi SAS, 32 Avenue de l’Opera,
      75002 Paris, France,
      Privacy information

Captcha GmbH expressly reserves the right to use further commissioned data
processors and data processors and data controllers. These will then be
listed in the the update of the data protection information following the
following the start of use. All data processors can be contacted in relation
to data protection issues can be contacted via Krone Multimedia (KMM) in a
uniform manner. reached via Krone Multimedia (KMM).

8. Retention period

  • a) Non-registered customers:

    The personal data (esp. IP address) of (non-registered) website visitors
    are stored for a maximum of stored for a maximum of 24 hours for IT
    security purposes and then deleted.

  • b) Legal basis contractual relationship:

    The data will be processed by the responsible on the basis of the
    above-mentioned legal basis in principle until 40 months after
    termination of the contract (= 36 months possible contractual claims for
    damages + max. 4 months of a lawsuit) and then deleted (in any case the
    personal reference). deleted (in any case the personal reference).
    Insofar as a legal legal obligation to retain data, in particular in
    accordance with § 132 para. 1 BAO, personal data processing of
    accounting-relevant data shall continue until data relevant to
    accounting will be processed until the end of the statutory retention
    obligation (currently in principle 7 years after the end of the fiscal
    year of the occurrence).

10. Rights of the person concerned

Basis Content
Art 15 GDPR “Information” The customer has the right to request information as to whether
personal data is being processed.
Art 16 GDPR “rectification” The customer has the right to demand the immediate correction of
inaccurate personal data or their completion.
Art 17 GDPR “Deletion” The customer has the right to demand that the personal data be deleted
without undue delay, provided that the reasons specified in Art. 17
para. 1 GDPR are fulfilled. reasons are fulfilled.
Art 18 GDPR “Restriction” The customer has the right to demand that the processing of the
personal data be restricted, provided that the grounds referred to in
Art. 18 para. 1 GDPR are fulfilled.
Art 21 GDPR “Objection” The customer has the right to object at any time to the processing of
his personal data on the legal basis of the (overriding) legitimate
interest of Krone Multimedia (KMM).
Art 20 GDPR “Portability” The customer has the right to receive the personal data provided by
him, personal data in a structured, common and machine-readable

11. Right of appeal

Basis Content
Art 77 GDPR § 24 DSG Every customer has the right to lodge a complaint with the supervisory
authority if he or she is of the opinion that the processing of
personal data concerning him or her personal data violates this

12. Supervisory authority

Austrian Data Protection Authority

Barichgasse 40-42 , 1030 Vienna

Phone number:+43 1 52 152-0

E-Mail: mail…@….at