Use CleverReach with Google reCAPTCHA (GDPR)

cleverreach google recaptcha gdpr

You want to connect CleverReach with Google reCAPTCHA to protect forms on your WordPress website from spam bots? Then you should definitely think about compliance with data protection requirements. Because data protection violations can have costly consequences.

In this article, we’ll show you exactly what you need to consider and how you can implement the GDPR requirements quickly and easily!

We must point out that the following statements do not constitute legal advice. Therefore, we can only give you evaluations from our intensive experience with the EU legal regulations in practice and a technical assessment of the situation.

What is CleverReach?

Besides Sendinblue and MailChimp, CleverReach is another solution in the field of email marketing tools. With the help of CleverReach, marketers should be able to make their email marketing more efficient. Newsletters can be created and sent easily and quickly with the help of the software.

In addition to creating and sending newsletters, other functions are available to you. This includes:

  • Manage recipient lists
  • Tracking
  • Reporting
  • Spam testing
  • A/B testing
  • Blacklists
  • Newsletter templates

CleverReach and the privacy

The fact that CleverReach GmbH & Co. KG is based in Germany is already a big plus when it comes to data protection. This is because it is particularly problematic with US companies. This is because, from the ECJ’s point of view, since the end of the Privacy Shield – a data protection agreement between the US and the EU – the US has been considered an unsafe third country in the EU with a poor level of data protection.

For the transfer of personal data (to the USA), you usually need opt-in consent from your visitor. This means that the visitor must actively agree to the consent.

What is Google reCAPTCHA?

Google reCAPTCHA was created to put an end to annoying spam bots. For example, with online registration forms or logins.

In general, captchas come in many different forms. The most common ones – which you are probably familiar with – include distorted numbers and letters as well as upside-down objects or the object search.

However, nowadays many bots are able to solve these captchas. This is where Google’s in-house reCAPTCHA tool comes into play. Google reCAPTCHA works in the background, analyzing the user’s behavior on the website to determine whether it is a machine or a human based on.

Google reCAPTCHA and privacy

Even though Google reCAPTCHA seems to be a terrific solution at first glance, the use of the tool is critical in the eyes of data protectionists. This is because Google reCAPTCHA is a Google service. As you probably know, Google is a company based in the USA.

Data transfer to the USA was problematic in the past. This is because the Land of Opportunity has been considered an insecure third country with an inadequate level of data protection since the Privacy Shield – a data protection agreement between the USA and the EU – was overturned. Since the 10th of July 2023 there is a new adequacy decision with the USA based on the Transatlantic Data Privacy Framework.

In conclusion, you usually have to get opt-in consent to transfer data to other companies. The easiest way to do this – and without any programming knowledge – is to use a consent management tool like Real Cookie Banner. We’ll show you exactly how to do it in the rest of this article.

In addition, reCAPTCHA sets cookies that are used to identify the user within the data known to Google about the user and to classify the maliciousness of the user. This collected data can be linked to data from users who have logged into their Google accounts on or a localized version of Google.

Requirements for GDPR-compliant integration of CleverReach in WordPress

Before we explain to you how exactly you can use Google reCAPTCHA in interaction with CleverReach in a GDPR-compliant way on your WordPress website, you should know in advance what there is to consider just for the use of CleverReach.

✅ Double opt-in consent

In order to be able to prove that the recipient of the newsletter has actually agreed to receive it in case of the worst case scenario (which hopefully will never happen 😉 ), it is highly recommended to obtain your newsletter subscriptions using the double opt-in procedure.

Example: An interested newsletter subscriber sends the registration and consequently receives an email with a confirmation link, which he must click to complete the registration. Thus, you make sure that the owner of the email address has really requested the registration.

According to CleverReach, the double opt-in process is already preset in all forms you create. (“The double opt-in (short: DOI) is automatically preset on all forms that you create via CleverReach®. Thus, you are always on the safe side.“)

🤝 Data processing agreement

An order…what? A data processing agreement (DPA) is always required if you commission an external company to process personal data of your customers/visitors/users. This contract regulates the correct handling of this data in accordance with data protection regulations. In other words, you ensure that the company does not get into mischief with the data.

The basis for an DPA contract is Article 28 GDPR.

Since CleverReach takes the role of a processor, you need to sign an AV contract with the company. The good thing here is that CleverReach already provides you with a pre-filled AV contract. You can find it in your account under My Account > Settings > Privacy.

📝 Privacy Policy

Of course, you must also list CleverReach in your privacy policy, so that your website visitor has the opportunity to learn about the purpose of use and the collection and processing of data, among other things.

It is advisable to add an additional checkbox when subscribing to the newsletter, by means of which the sender confirms that he/she has read your privacy policy and agrees to it.

Use CleverReach with Google reCAPTCHA on your WordPress website in compliance with the GDPR

Last but not least, we’ll now explain to you how exactly to obtain opt-in consent à la GDPR for the use of Google reCAPTCHA.

We’ll assume that you’ve already connected your CleverReach account to WordPress.

  1. Open your WordPress backend.
  2. Navigate to Cookies > Services (Cookies) > Add Service in the left menu.
  3. Search for “Google reCAPTCHA” in the templates. The template is already included in the free version of Real Cookie Banner 😉
reCAPTCHA gdpr cookie service
    1. Click on the template. You will now automatically land in the service configuration. Real Cookie Banner has already done the research work for you at this point, so you can adopt the template as is
    2. Scroll down to the Create a Content Blocker for this Service section

What is a content blocker? Imagine that a user of your website does not accept all services. At the same time, you have embedded, for example, a YouTube video that would set cookies that the visitor has not agreed to. According to the ePrivacy policy, this is not allowed. Content blockers automatically replace iframes, script and link tags like YouTube videos for such users and offer the user to watch the video as soon as the user consents to YouTube video loading.

    1. Select the template for CleverReach (with Google reCAPTCHA).
    2. In the box below, confirm that you have checked all the data and click Save.
    3. You will now be automatically redirected to the corresponding Content Blocker template. Again, everything has already been pre-filled for you.
    4. Scroll down and click on Save.
    5. Done! Now Google reCAPTCHA will be played in your CleverReach forms only after your user’s opt-in consent in the cookie banner.