a) General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Any data that can be used to identify you personally is personal data. You can find comprehensive information on the topic of data protection in our data protection statement below this text.
b) Data collection on our website
Who is responsible for data collection on this website?
The website operator handles data processing on this website. You can find the operator's contact information in the site notice of this website.
How do we gather your data?
Your data is gathered when you provide it to us. This may involve data you enter in a contact form, for example.
Other data is gathered automatically by our IT systems when you visit the website. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This data is gathered automatically as soon as you access our website.
What do we use your data for?
A portion of the data is gathered in order to ensure that the website is presented without errors. Other data may be used to analyze your user behavior.
What are your rights concerning your data?
You have the right to receive information at any time at no charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction, blocking, or deletion of this data. You can contact us at any time at the address provided in the site notice concerning this or other questions on the topic of data protection. You also have a right to lodge a complaint with the competent supervisory authority.
Under certain circumstances, you also have the right to request that the processing of your personal data be restricted. More information on this can be found in the "Right to restriction of processing" section of the Data Protection Statement.
c) Analytic and third-party tools
When you visit our website, your browsing behavior may be analyzed statistically. This is primarily done through cookies and so-called analysis programs. Your browsing behavior is usually analyzed anonymously; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection statement. You can object to this analysis. We will inform you about the objection options in this data protection statement.
a) Data protection
The operators of these pages take the privacy of your personal data very seriously. We treat your personal data as confidential in accordance with the data protection legislation and this data protection statement.
When you use this website, various forms of personal data are gathered. Personal data is data that can be used to identify you personally. This data protection statement explains what data we gather and what we use it for. It also explains how this is done and for what purpose.
We would like to point out that data transfer over the Internet (e.g., in communication per email) can involve gaps in security. End-to-end protection of data against access by third parties is not possible.
b) Information about the responsible authority
The responsible authority for data processing on this website is:
Christian Winkler GmbH & Co. KG
Leitzstraße 47
70469 Stuttgart
Deutschland
Telephone: +49 711 85999-0
Fax: +49 711 85999-109
Email: info@winkler.de
The responsible authority is the natural or legal person who, alone or together with others, makes decisions about the purposes and means of processing personal data (e.g. names, email addresses, etc.).
c) Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. If you have already given consent, you can revoke it at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing that occurred before the revocation remains unaffected by the revocation.
d) Right to object to data collection in special cases and to direct mail (Art. 21 GDPR)
If data processing is carried out based on Art. 6, Para. 1 (e) or (f) of the GDPR, you are entitled at any time to object to processing of your personal data for reasons pertaining to your particular situation; this also applies to profiling based on these provisions. The legal framework on which data processing is based can be found in this Data Protection Statement. If you file an objection, we will no longer process your data unless we can prove the existence of binding reasons for processing that supersede your interests, rights and freedoms or that the processing serves the purpose of asserting, exercising or defending against legal claims (objection pursuant to Art. 21, Para. 1 of the GDPR).
If your personal data is processed for direct advertising, you are entitled to object at any time to processing of your personal data for such purposes; this also applies to profiling, in so far as it is associated with direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21, Para. 2 of the GDPR).
e) Right to lodge a complaint with the competent supervisory authority
In the event of an infringement of the GDPR, the individuals concerned have the right to appeal to a supervisory authority, particularly in the member state of their residence, place of work or place, of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
f) Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract surrendered to yourself or a third party in a standard machine-readable format. If you request direct transfer of the data to another responsible party, this will only be done to the extent that is technically feasible.
g) SSL or TLS encryption
For security reasons and to secure the transfer of confidential content such as orders or queries you send us as the operator of the site, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://", and by the lock icon in your browser bar.
When SSL or TLS encryption is enabled, the data you transfer to us cannot be seen by third parties.
h) Encrypted payments on this website
If you are required to provide your payment information (e.g., account number for direct debit authorization) after a contract for payment is concluded, this data is needed to process the payment.
Payment transactions through standard means of payment (Visa/MasterCard or direct debit) are processed exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://", and by the lock icon in your browser bar.
During encrypted communication, the payment data you send to us cannot be seen by third parties.
i) Information, blocking, deletion and correction
Within the scope of the applicable legal provisions, you have the right at any time to receive information at no cost about your stored personal data, its origin and recipient, and the purpose of the data processing, and, if applicable, a right to correction, locking, or deletion of this data. You can contact us at any time at the address provided in the site notice concerning this or other questions on the topic of personal data.
j) Right to restriction of processing
You have the right to request that processing of your personal data be restricted. To this end, you can contact us at any time at the address provided in the legal notice. The right to restrict processing exists in the following cases:
Should you dispute the accuracy of the personal data we have saved about you, we typically need a short amount of time to verify that this is, in fact, the case. During this time, you have the right to request that processing of your personal data be restricted.
- If processing of your personal data has occurred in an unlawful manner, you can demand restriction of data processing instead of deletion.
- If we no longer require your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that processing of your personal data be restricted instead of the data being deleted.
- - If you have filed an objection pursuant to Art. 21(1) GDPR, a consideration must be made regarding your interests and ours. As long as it is not yet apparent whose interests predominate, you have the right to request that processing of your personal data be restricted.
If you have restricted processing of your personal data, this data may not be processed ─ apart from saving it ─ without your consent, or for the purpose of asserting, exercising or defending legal rights, protecting the rights of another natural or legal person, or for reasons pertaining to an important public interest of the European Union or a member state.
k) Objection to advertising e-mails
We hereby disallow the use of the contact data published within the scope of the site notice requirement for the sending of advertising and informational material that has not been expressly requested. The operators of the sites expressly reserve the right to take legal steps in the event that unsolicited advertising is sent, for example through spam emails.
We have appointed a data protection officer for our company.
Erich Zimmermann
c/0 ZiDa-Datenschutz GmbH
Waldhofer Str. 102
D-69123 Heidelberg
www.zida-datenschutz.de
Telephone: +49 621 3069 6731
Email: e.zimmermann@zida-datenschutz.de
a) Cookies
Our website sometimes uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our content more user-friendly, effective, and secure. Cookies are small text files that are saved on your computer and that your browser stores.
Most of the cookies we use are so-called "session cookies". They are deleted automatically after the end of your visit. Other cookies remain on your terminal device until you delete them. These cookies allow us to recognize your browser during your next visit.
You can set your browser in such a way that you are informed about the setting of cookies and only allow cookies in each individual case, disallow the acceptance of cookies for particular cases or in general, and enable automatic deletion of the cookies when the browser closes. If cookies are disabled, the functionality of this website may be restricted.
Cookies that are necessary in order to carry out the electronic communication process or provide particular functions you want (e.g., shopping cart function), are stored on the basis of Art. 6(1) point (f) of the GDPR. The website operator has a legitimate interest in the storage of cookies in order to provide its services in a manner that is free of errors and optimized. Insofar as other cookies (e.g., cookies for analysis of your browsing behavior) are stored, they are treated separately in this data protection statement.
Cookie consent with Consent Manager Provider
Our website uses cookie consent technology from Consent Manager Provider to obtain your consent for us to save certain cookies on your end device and to document this consent in accordance with data protection requirements. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter referred to as “Consent Manager Provider”).
When you access our website, a connection is established with the servers of Consent Manager Provider for the purpose of obtaining your consent and providing you with further information about cookie usage. Next Consent Manager Provider saves a cookie in your browser so that it can allocate the consent or rejection of cookies issued by you. The data obtained in this way will be saved until you request that we delete it, until the Consent Manager Provider cookie deletes itself, or until its purpose for data storage is no longer required. Mandatory legal retention obligations remain unaffected.
Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) of the GDPR.
b) Server log files
The provider of the pages automatically gathers and stores information in so-called server log files that your browser sends us automatically. This information includes:
- browser type and browser version
- operating system used
- referrer URL
- host name of the computer used to access the site
- time of server request
- IP-address
This data will not be combined with other data sources.
This data is collected pursuant to Art. 6, Para. 1 (f) of the GDPR. The website operator has a legitimate interest in saving cookies in order to provide its services in a manner that is free of errors and optimized; for this purpose, server log files must be created.
c) Contact form
If you send us queries via the contact form, we store your information from the query form, including the contact data you provide, for the purpose of processing the query and in case of follow-up questions. We do not share this data without your consent.
Therefore, the data provided on the contact form is processed exclusively on the basis of your consent (Art. 6 (1) point (a) GDPR). You can revoke this consent at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing operations that occurred before the revocation remains unaffected by the revocation.
We retain the data you entered in the contract form until you request deletion or revoke your consent to storage, or the purpose of the data storage ceases to obtain (e.g., after the processing of your query has concluded). Mandatory legal provisions – especially retention periods – remain unaffected.
d) Registration for the online shop
You can register on our website in order to use additional functions of the site. We use the data entered in this way only for purposes of use of the respective content or service for which you have registered. The required information requested during registration must be provided in full. Otherwise, we will reject the registration.
We use the email address provided during registration in order to inform you of important changes, for example in the scope of the offerings, or in the event of technically necessary changes.
The data provided during registration is processed on the basis of your consent (Art. 6 (1) point (a) GDPR). If you have already given consent, you can revoke it at any time. Informal notification by email suffices for this purpose. The lawfulness of the data processing that has already occurred remains unaffected by the revocation.
We store the data gathered during registration as long as you are registered on our website; it is then deleted. Legal retention periods remain unaffected.
e) winkler NOW chat
You have the option of using our chat function (“winkler NOW Chat”) via our online shop, which you can use to get in touch with our customer advisors.
Registration, chat history
The winkler NOW Chat is generally available to both registered users (“Regis-tered Customers”) and non-registered users (“Anonymous Users”) for the onlineshop. However, certain inquiries can only be answered to registered users, especially if they are customer-specific inquiries or inquiries concerning confidential information.
If you already have login details for our online shop, you can use this to log in to the winkler NOW Chat using the single sign-on procedure. We then use your login information to link your chat request to your customer account and assign you to the appropriate regional customer advisor for the respective request. As a registered customer, you can then view the current chat history and your completed requests at any time via your user account. All stored chat histories will be permanently deleted at the latest when your user account for the online shop is deleted, provided that no statutory retention periods require any further storage.
All stored chat histories will be permanently deleted at the latest when your user account for the online shop is deleted, provided that no statutory retention periods require any further storage. The chat history of anonymous users is not saved by us, but deleted immediately after completion. Legal retention periods remain unaffected.
The processing of your login information and all messages communicated via the chat takes place independently of a registration exclusively for the processing of your request on the basis of Art. 6 Abs. 1 S. 1 lit. b DSGVO
Automated collection of log data
When you start the chat, we also automatically collect the following log data, which is necessary for us to process your request and ensure the stability and security of the chat function:
- Referrer URL in the winkler Online Shop
- Event type (e.g. successful login)
- Type of message (text, image)
- Date and time of the request
- Platform (online shop, Android, iOS)
The processing of your log data takes place independently of a registration exclusively for the processing of your request on the basis of Art. 6 para. 1 s. 1 lit. b GDPR and in order to present the chat to you as technically error-free as possible with the legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR). We delete your log data as soon as it is no longer required for the purposes of processing the request or displaying the chat history in your user account.
Aggregated evaluation
In addition, we also record the number of messages sent via the chat according to certain criteria (e.g. registered customer or anonymous user, responsible sales group, status of the chat). The purpose of this handling is to evaluate and impro-ve how the chat works and communicates with you. All data is pseudonymized for the evaluation. The evaluation only takes place in aggregated form on the basis of an assignment to a user group (customer or winkler employee), without any reference being made to you as an individual customer. The legal basis for these evaluations is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest lies in offering you the functions of our winkler NOW chat, improving them and ensuring the stability and security of communication with you. This requires collecting the above-mentioned data. You can object to the processing at any time with effect for the future by sending an e-mail to Datenschutz-shop@winkler.de.
f) Data processing (customer and contract data)
We only collect, process, and use personal data to the extent that it is necessary to establish, determine the content of, or modify the legal relationship (inventory data). This is done on the basis of is Art. 6(1) point (b) GDPR, which permits the processing of data for performance of a contract or to take pre-contractual steps. We only gather, process, and use personal data about the use of our Internet pages (usage data) to the extent necessary to allow the user to use the service or bill for it.
The customer data gathered is deleted after conclusion of the contract or termination of the business relationship. Legal retention periods remain unaffected.
g) Data transfer at the conclusion of a contract for online shops, retailers, and shipping
We transmit personal data to third parties only if this is necessary in the context of fulfilling the contract: for example, to the companies entrusted with delivering the goods or to the credit institution appointed to handle the payments. Further transfer of the data does not occur, or only occurs if you have expressly consented to the transfer. Our company regularly checks your credit standing when concluding contracts and in certain cases where there is a legitimate interest. In addition, we participate in the payment experience pool of the German Debtors' Register (DRD) operated by Creditreform. For this purpose, we transmit personal data such as address data as well as information on payment history to Creditreform Stuttgart Strahler KG, Theodor-Heuss-Str. 2, 70174 Stuttgart, Germany. The data is stored as long as its knowledge is necessary for fulfilling the stated purpose of the storage.
In the database of Creditreform, information is stored in particular on the name, company name, address, marital status, professional activity and financial circumstances, any liabilities as well as information on payment history. For further information on data processing at Creditreform, see the following link:
https://www.creditreform.de/stuttgart/datenschutz
In addition, we access information from Dun & Bradstreet Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt, Germany. Among other services, Dun & Bradstreet Deutschland GmbH provides services for assessing the probability of creditworthiness. For this purpose, we use encryption procedures to provide Dun & Bradstreet Deutschland GmbH with data on the payment history of business partners. Dun & Bradstreet Deutschland GmbH receives the right to use this data, unlimited in time and space, and is obligated to observe the protective regulations on the use of personal payment history data in accordance with § 31 (1) of the German Federal Data Protection Act (BDSG). For further information on data processing at Dun & Bradstreet Deutschland GmbH, see the following link: https://www.dnb.com/de-de/daten-und-sicherheit/
Your data is not shared with third parties, for example, for advertising purposes, without your express consent. The basis of this data processing is Art. 6(1) point (b) GDPR, which permits the processing of data for performance of a contract or to take pre-contractual steps. Possible information that Dun & Bradstreet Deutschland GmbH may have stored about you: basic information such as your name, contact points such as your mailing address, detailed information such as your payment history.
h) Data transmission upon conclusion of the contract for services and digital content
We only transfer personal data to third parties if this is necessary as part of contract processing, for example to the credit institution used for payment processing.
Further transfer of the data does not occur, or only occurs if you have expressly consented to the transfer. Your data is not shared with third parties, for example, for advertising purposes, without your express consent.
The basis of this data processing is Art. 6(1) point (b) GDPR, which permits the processing of data for performance of a contract or to take pre-contractual steps.
a) Google Analytics
This website uses functions of the Google Analytics web analysis service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files which are stored on your computer and allow your use of the website to be analyzed. The information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there.
The Google Analytics cookies are stored on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in the analysis of the usage behavior in order to optimize both its web content and its advertising.
IP Anonymization
We have enabled the IP anonymization function on this website. This causes your IP address to be truncated by Google within member states of the European Union or in other contracting parties to the Agreement on the European Economic Area before it is sent to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, to compile reports about website activities, and to provide further services associated with website and Internet use. The IP address sent by your browser as part of Google Analytics is not combined with other data by Google.
Browser plugin
You can prevent cookies being stored by making the appropriate setting in your browser software; however, we would draw your attention to the fact that you will not have access to the full functionality of this website if you do so. Furthermore, you can prevent the gathering of the data for Google (including your IP address) concerning your use of the website generated through the cookie, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent Google Analytics from gathering your data by clicking the following link. An Opt-Out Cookie will be stored on your computer that will prevent Google from collecting your data when you visit this website in the future: Deactivate Google Analytics
You can find more information on the handling of user data at Google Analytics in Google's data protection statement: https://support.google.com/analytics/answer/6004245?hl=de.
Order processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities for use of Google Analytics.
Demographic features function of Google Analytics.
This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender, and interests of the site visitor. This data comes from interest-based advertising of Google and visitor data from third-party providers. This data cannot be associated with a particular person. You can disable this function at any time through the ad settings in your Google account or forbid the gathering of your data by Google Analytics in general as described in the section "Objecting to data gathering".
a) Newsletter data
If you would like to get the newsletter offered on the website, we need an email address for you, as well as information that allows us to verify that you are the owner of the email address provided and consent to receive the newsletter. Further data is not gathered, or only gathered on a voluntary basis. We use this data exclusively in order to send the requested information and do not share it with third parties.
The data provided on the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) point (a) GDPR). If you have granted consent to store the data and email address and use them to send the newsletter, you can revoke it at any time, for example with the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations that have already taken place remain unaffected by the revocation.
We store the data you save with us for the purposes of receiving the newsletter until you unsubscribe from the newsletter and delete it after you unsubscribe from the newsletter. Data that was stored with us for other purposes remains unaffected by this.
b) SC-Networks GmbH
This website uses Evalanche, an email marketing automation solution for sending newsletters. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg. Evalanche is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on the servers of SC-Networks.
Data analysis by SC-Networks
The newsletters we send with Evalanche allow us to analyze the behavior of the newsletter recipients. This makes it possible to analyze how many recipients have opened the newsletter, which links were clicked in the newsletter, and how often, among other things.
Evalanche also allows us to subdivide ("cluster") newsletter recipients based on various categories. The newsletter recipients can be divided by age or gender, for example. This makes it possible to better adapt the newsletters to the respective target groups.
If you do not want Evalanche to analyze your data, you must revoke your consent to personalized tracking. For this purpose, we provide you with a form that allows you to manage your newsletter preferences. You will find the link to this form in every newsletter message. Alternatively, you can unsubscribe from the newsletter. For this purpose, an unsubscribe link is also provided in each newsletter. You can also unsubscribe from the newsletter directly on the website.
Legal basis
The data processing takes place on the basis of your consent (Art. 6 (1) point (a) of the General Data Protection Regulation [GDPR]). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations that have already taken place remain unaffected by the revocation.
Storage period
The data you stored with us for the purpose of receiving the newsletter is saved until you unsubscribe from the newsletter and is deleted from both our servers and the servers of SC-Networks after you unsubscribe from the newsletter. Data that was stored with us for other purposes remains unaffected by this.
Conclusion of a contract for order processing
We have concluded a contract with SC-Networks for order data processing and fully implement the strict requirements of the German data protection authorities when using SC-Networks' email marketing automation solution.
a) YouTube with expanded data protection
Our website uses plug-ins from YouTube. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in expanded data protection mode. According to YouTube, this mode ensures that YouTube will not save any information on visitors to this website before they view the video. The transfer of data to YouTube partners, however, is not necessarily excluded, or ruled out, by the expanded data protection mode. As such, YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.
When you play a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube may also save cookies on your device after you start a video. YouTube can use these cookies to acquire information on visitors to our website. This information is leveraged to collect video statistics, improve overall usability and prevent fraud among other reasons. The cookies remain on your device until you delete them.
Gegebenenfalls können nach dem Start eines YouTube-Videos weitere Datenverarbeitungsvorgänge ausgelöst werden, auf die wir keinen Einfluss haben.
YouTube is used in the interest of presenting our online content in an attractive way. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR. Additional information about data protection concerning YouTube can be found online in the YouTube privacy policy: https://www.google.de/intl/de/policies/privacy.
b) Google and MyFonts web fonts
For uniform display of fonts, this site uses so-called web fonts, which are provided by Google and MyFonts. When a site is viewed, your browser needs web fonts in its browser cache in order to correctly display texts and fonts.
For this purpose, the browser you use must establish a connection to the Google and MyFonts servers. In the process, the providers learn that our website has been viewed through your IP address. Google web fonts and MyFonts web fonts are used in the interest of an attractive uniform presentation of our online content. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR.
If your browser does not support web fonts, a standard font of your computer is used.
You can find more information about MyFonts web fonts at https://developers.google.com/fonts/faq
and in the Google data privacy statement: https://www.google.com/policies/privacy/
You can find more information about MyFonts web fonts at https://www.myfonts.com/licensing/webfont/.
c) Google Maps
This site uses an API of the Google Maps service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is generally sent to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
Google Maps is used in the interest of presenting our online content in an attractive way and making it easier to find the locations we indicate on the website. This constitutes a legitimate interest in the sense of Art. 6 (1) point (f) GDPR.
You can find more information on the handling of user data in the Google data protection statement: https://www.google.de/intl/de/policies/privacy/.
d) Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). ReCAPTCHA is intended to check whether data is entered on our websites (e.g., in a contact form) by a human or an automatic program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various features. This analysis begins automatically as soon as the website visitor enters the website. ReCAPTCHA analyzes various kinds of information (e.g., IP address, dwell time of the website user on the website, or mouse movements performed by the user). The data gathered during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. The data is processed on the basis of Art. 6(1) point (f) GDPR. The website operator has a legitimate interest in protecting its webpages from abusive automatic spying and spam.
You can find more information on Google reCAPTCHA and Google's data protection statement at the following links:
https://www.google.com/intl/de/policies/privacy/
https://www.google.com/recaptcha/intro/android.html