SSL or TLS encryption
We use SSL or TLS encryption on our website. By activating SSL or TLS encryption, a secure transmission of your data is ensured, preventing third parties from reading it. In addition, during payment, your payment data that you transmit to us is protected from being read by third parties through secure and encrypted communication.
Your data can be collected in two ways:
1. By filling out a contact form or contacting us through other means (email, phone, social media, etc.).
2. Automatically or with your consent when visiting our website.
1 Scope and legal basis for processing
We only collect and use personal data of our users to the extent necessary for providing a functional website, as well as our content and services. The collection and use of personal data is generally based on the user's consent. However, there may be exceptional cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations. We do not store personal data longer than necessary. During storage, we protect this data against loss, theft, unauthorized access, unauthorized disclosure, duplication, use, or alteration through appropriate measures.
- Art. 6 para. 1 lit. a GDPR serves as the legal basis if you have given your consent for the processing of personal data.
- Art. 6 para. 1 lit. b GDPR applies as the legal basis if the processing of personal data is necessary for the performance of a contract in which you are a party. This also includes the processing of personal data for pre-contractual measures.
- Art. 6 para. 1 lit. c GDPR serves as the legal basis if the processing of personal data is necessary for compliance with a legal obligation to which we are subject.
- Art. 6 para. 1 lit. f GDPR applies as the legal basis if the processing of personal data is necessary for the legitimate interests pursued by our company or a third party. In this case, the interest is balanced against your interests, fundamental rights, and freedoms.
You have the right to withdraw your consent to the use of your data for a specific purpose at any time. However, please note that such a change will not affect data processing that has already been carried out.
2 Collected information
• Log data and device data
When you visit our website, information from your web browser is automatically stored in our log files.
Log data refers to information that is automatically captured as a result of using Zencaptcha. During this storage of data and log files, no analysis of the data for marketing purposes takes place.
- IP address. [We anonymise the IP address and store this anonymised hash in our EU-hosted database to prevent abuse.]
- Browser type
- Language and version of the browser software
- Platform type
- Device type
- Operating system
- Referrer URL
- Date and time stamp of access
- Additionally, a country code from which you access our website is sent to us by your browser. This is used for localization to display the website in an appropriate language. According to Art. 6(1)(f) of the GDPR, the temporary storage of data and log files serves as the legal basis.
• Personal data
In order to fully utilize our services (website/application), we require the following personal information from you during your registration:
- Email address (Data will not be disclosed to third parties.)
In addition, the following information may be requested during a business relationship:
- Name
- Phone number
- Payment information
3 Storage and Disclosure of Data
We store your personal data with appropriate security measures on our own servers with our external hosting provider in the EU and only as long as necessary for the provision of our services.
Personal data may be accessed by our hosting and server providers, IT service providers, payment service providers, courts, tribunals, supervisory authorities, and our employees. We only engage companies based in the EU as partners for our services, ensuring that your data never leaves the EU.
We would like to point out that data transmission over the internet, such as communication via email, may have security vulnerabilities. Complete protection of data from access by third parties is not possible.
4 Hosting
We host the content of our website with the following provider (subcontractor):
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
The data collected on this website is entrusted to external hosting providers. Personal data is stored on the hosting provider's servers, which are powered by renewable energy. The collected information may include, among other things, IP addresses, contact requests, metadata, communication data, contract data, contact details, names, website access, and other data generated through the use of the website. The hosting provider implements technical and organizational measures for data security in accordance with Art. 32 of the GDPR at its premises.
For the use of the aforementioned service, we have concluded a data processing agreement (DPA). This agreement complies with data protection regulations and ensures that the service provider processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
5 Retention Period
The processing and storage of personal data are carried out for the necessary duration of the original purpose for which they were collected. In the case of personal data collected within the scope of a contract between us and you, this data will be stored until the contract is fully fulfilled. Personal data collected to protect our legitimate interests will be retained for as long as necessary to fulfill these interests. Information about our specific legitimate interests can be found in the relevant sections of this document or can be requested by contacting us. If you have given consent for the processing of personal data, we may be entitled to store the data for a longer period, unless the consent is revoked. It may also occur that we are legally obliged to retain personal data for a longer period or on the order of an authority. After the prescribed retention period has expired, the personal data will be deleted. After the retention period has expired, the rights to access, delete, rectify, and transfer data can no longer be exercised.
6 Rights of End Users (according to GDPR)
End users can exercise certain rights regarding their data processed by us. In particular, to the extent legally permissible, end users have the right to do the following:
- Access their data. The end user has the right to know whether data is being processed by us, to obtain information about certain aspects of the processing, and to receive a copy of the processed data.
- Verify and rectify. The end user has the right to verify the accuracy of their data and to request its updating or correction.
- Restrict the processing of their data. The end user has the right to restrict the processing of their data. In this case, we will not process the data for purposes other than storage.
- Delete or remove their personal data. The end user has the right to request the deletion of their data from us.
- Transfer their data to another controller. The end user has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, transmit that data to another controller without hindrance.
- Lodge a complaint. The end user has the right to lodge a complaint with the competent data protection authority.
- Withdraw their consent at any time. The end user has the right to withdraw their consent if they have previously given consent to the processing of their personal data.
- Object to the processing of their data. The end user has the right to object to the processing of their data if the processing is based on a legal basis other than their consent.
A cookie is a small data record that is stored on a user's device by a visited website in the context of computers and the internet. It serves various purposes, primarily to improve the browsing experience and provide personalized features. Cookies contain information such as user settings, login data, and browsing activities. They help websites remember certain user settings, track user behavior for analysis purposes, and enable features like personalized recommendations or targeted advertising. You always have the option to delete cookies already stored. This may vary depending on the browser settings and versions used. In most cases, you will find the option to delete cookies in the privacy or browser settings.
The use of our functional cookies is essential for the proper use of our website. Without cookies, we cannot guarantee that our website functions correctly and that you can use all features and services to their full extent.
We store cookies to enable you to log in (a session). This way, our server recognizes your web browser after you have entered your login information and are already logged in.
• Functional Cookies
Functional cookies are cookies that are essential for the basic functioning of a website. They enable functions such as storing user settings, maintaining user sessions, and providing interactive features. These cookies are usually set by the website itself and are necessary for it to function properly.
Name: zen_lan | Function: Used for strictly necessary technical purposes. Allows the user to use the website in the set language without restrictions. | Cookie Type: First-party cookie | Duration: 30 days
Name: zencaptokenid | Function: Used for strictly necessary technical purposes. This cookie keeps a user session alive and helps keep users logged in so they do not have to log in again on their next visit to our site. | Cookie Type: First-party cookie | Duration: 20 days
Name: zenxsrfToken | Function: Used for strictly necessary technical purposes. This cookie helps us prevent cross-site attacks. | Cookie Type: First-party cookie | Duration: 1 hour
Name: cookie_consent_user_accepted | Function: This indicates that a user has already accepted our cookie policy to avoid displaying the banner again. | Cookie Type: First-party cookie | Duration: 2 months
Name: cookie_consent_user_consent_token | Function: The token for identifying cookie consent. | Cookie Type: First-party cookie | Duration: 10 years
• Performance Cookies
Performance cookies are used to collect information about how visitors use a website, such as which pages they visit most often or if they encounter errors. These cookies help website owners analyze and improve the performance and user-friendliness of their websites. The collected data is usually aggregated and anonymized, preserving the privacy of individual users.
Our website does not use performance cookies.
• Advertising Cookie
Advertising cookies, also known as targeting cookies, are used to deliver targeted advertising to website visitors. These cookies track users' browsing behavior and interests across different websites and allow advertisers to display relevant ads based on their preferences. Advertising cookies are often provided by advertising networks or companies and are subject to the privacy policies and practices of these companies.
Our website does not use advertising cookies.
• Third-Party Cookies
Third-party cookies are cookies that are set by domains other than the website the user is currently visiting. They are usually used by advertisers, social media platforms, or analytics services to collect data about users' online behavior across multiple websites. Third-party cookies can track users across different websites to create profiles, deliver personalized advertising, or provide aggregated data to website owners.
Our website does not use third-party cookies.
8 Newsletter
If you subscribe to the newsletter, purchase goods or services, and provide your email address, we may use this address to send newsletters containing only direct advertising for similar own goods or services without disclosing the data to third parties. The data will be used solely for the purpose of sending the newsletter and will be deleted once the purpose of collection is no longer necessary, with the user's email address stored for as long as the newsletter subscription is active. The legal basis for data processing after subscribing to the newsletter by the user is Art. 6(1)(b) GDPR and § 7(3) UWG. You have the opportunity to unsubscribe from the newsletter at any time, which will include a corresponding link in each newsletter.
9 Registration
If registration is necessary for the fulfillment of a contract in which the user is a contracting party or for the performance of pre-contractual measures, Art. 6 (1) lit. b GDPR serves as an additional legal basis for the processing of data. The processing of your data is carried out to provide our software and fulfill the contract between us. This serves as a legal basis according to Art. 6 (1) lit. b GDPR.
10 External Websites
Please note that this privacy policy does not apply to websites, offers, products, or services of third parties, even if they are linked to our website or include our service. We also have no control over the privacy policies of external websites and assume no responsibility or liability for them.
11 Digistore24
Digistore24 provides our products, services, and content as a reseller. Digistore24 GmbH, located at St.-Godehard-Straße 32, 31139 Hildesheim, acts as the provider and contractual partner. Digistore24, as the data controller, explains in detail in its own privacy policy which data is collected and processed when visiting this website. If you access Digistore24 through a link from us, our servers do not transmit data to Digistore24, but information is transmitted from your web browser to Digistore24. For more information, you can familiarize yourself with Digistore24's privacy policy, which is available at the following link: https://www.digistore24.com/dataschutz.
12 Brevo
For sending newsletters and transactional emails, we use the website Brevo, a service provider for organizing and analyzing newsletter delivery. The provider of this service is Sendinblue GmbH, located at Köpenicker Straße 126, 10179 Berlin, Germany. The data you provided during registration or newsletter sign-up will be stored on the servers of Sendinblue GmbH in Germany for sending emails.
The data you have provided to us will be stored by us and/or the newsletter service provider until you unsubscribe from the newsletter or delete your user account. After unsubscribing from the newsletter, your data will be deleted from the newsletter distribution list.
For the use of the service mentioned above, we have concluded a data processing agreement (DPA). This agreement complies with data protection regulations and ensures that the service provider processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.
13 Bunny.net
We use Bunny [bunny.net] (a European-owned provider based in Slovenia, a member state of the European Union) to provide us with a global CDN and protection against DDoS attacks and other threats. This also ensures that any potential visitor data we collect is only processed on servers owned and operated by European companies. This use is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR, as it is in the interest of both our business and our users to enable secure and reliable use of our website/web application.
Provider: BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia
For the use of the service mentioned above, we have concluded a data processing agreement (DPA).
14 Social Media and Online Presences
Visiting our social media presences triggers various data protection-relevant processing operations. It should be noted that social networks offer extensive possibilities for user analysis, which means that personal information about users' behavior and preferences can be collected and processed.
We use social networks and platforms such as Facebook, Twitter, and Instagram to maintain our online presence and communicate and engage with our customers, prospects, and users, as well as to inform them about our products and services. When visiting our profiles on these platforms, the respective terms and conditions and data processing policies of the operators apply, which establish the conditions for the use and processing of personal data.
When users communicate with us within social networks and platforms, for example, by creating posts on our online presences or sending us messages, we process their data in accordance with our privacy policy. This processing is based on our legitimate interests in comprehensive information and communication in accordance with Art. 6(1)(f) of the GDPR.
Further information and options for objection (opt-out) can be found in the linked information provided by the providers below:
- Facebook:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads.
- Twitter:
Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland.
Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
- Instagram:
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland.
Privacy Policy: http://instagram.com/about/legal/privacy/
15 Changes to this Privacy Policy
All information collected by us is subject to our privacy policy in effect at the time of collecting such information. However, we reserve the right to revise the privacy policy from time to time. If a revision is substantial, we will inform you, for example, by email. The current version of the privacy policy will always be published on our website. If you have any questions about this privacy policy, please feel free to contact us.
Owner responsible for the processing of the data:
Email: mail{at}zencaptcha.com
Restoflix Sàrl.-s
Luxemburg
rue de Nospelt 3
Kehlen