You want to connect CleverReach with Google reCAPTCHA to protect forms on your WordPress website from spam bots? Then you should definitely think about compliance with data protection requirements. Because data protection violations can have costly consequences.
In this article, we’ll show you exactly what you need to consider and how you can implement the GDPR requirements quickly and easily!
What is CleverReach?
Besides Sendinblue and MailChimp, CleverReach is another solution in the field of email marketing tools. With the help of CleverReach, marketers should be able to make their email marketing more efficient. Newsletters can be created and sent easily and quickly with the help of the software.
In addition to creating and sending newsletters, other functions are available to you. This includes:
- Manage recipient lists
- Spam testing
- A/B testing
- Newsletter templates
CleverReach and the privacy
The fact that CleverReach GmbH & Co. KG is based in Germany is already a big plus when it comes to data protection. This is because it is particularly problematic with US companies. This is because, from the ECJ’s point of view, since the end of the Privacy Shield – a data protection agreement between the US and the EU – the US has been considered an unsafe third country in the EU with a poor level of data protection.
What is Google reCAPTCHA?
Google reCAPTCHA was created to put an end to annoying spam bots. For example, with online registration forms or logins.
In general, captchas come in many different forms. The most common ones – which you are probably familiar with – include distorted numbers and letters as well as upside-down objects or the object search.
However, nowadays many bots are able to solve these captchas. This is where Google’s in-house reCAPTCHA tool comes into play. Google reCAPTCHA works in the background, analyzing the user’s behavior on the website to determine whether it is a machine or a human based on.
Google reCAPTCHA and privacy
Even though Google reCAPTCHA seems to be a terrific solution at first glance, the use of the tool is critical in the eyes of data protectionists. This is because Google reCAPTCHA is a Google service. As you probably know, Google is a company based in the USA.
Data transfer to the USA is problematic. This is because the Land of Opportunity has been considered an insecure third country with an inadequate level of data protection since the Privacy Shield – a data protection agreement between the USA and the EU – was overturned.
In conclusion, you usually have to get opt-in consent to transfer data to the US. The easiest way to do this – and without any programming knowledge – is to use a consent management tool like Real Cookie Banner. We’ll show you exactly how to do it in the rest of this article.
In addition, reCAPTCHA sets cookies that are used to identify the user within the data known to Google about the user and to classify the maliciousness of the user. This collected data can be linked to data from users who have logged into their Google accounts on google.com or a localized version of Google.
Requirements for DSGVO-compliant integration of CleverReach in WordPress
Before we explain to you how exactly you can use Google reCAPTCHA in interaction with CleverReach in a DSGVO-compliant way on your WordPress website, you should know in advance what there is to consider just for the use of CleverReach.
✅ Double opt-in consent
In order to be able to prove that the recipient of the newsletter has actually agreed to receive it in case of the worst case scenario (which hopefully will never happen 😉 ), it is highly recommended to obtain your newsletter subscriptions using the double opt-in procedure.
Example: An interested newsletter subscriber sends the registration and consequently receives an email with a confirmation link, which he must click to complete the registration. Thus, you make sure that the owner of the email address has really requested the registration.
According to CleverReach, the double opt-in process is already preset in all forms you create. (“The double opt-in (short: DOI) is automatically preset on all forms that you create via CleverReach®. Thus, you are always on the safe side.“)
🤝 Order processing contract
An order…what? An order processing contract (AV contract for short) is always required if you commission an external company to process personal data of your customers/visitors/users. This contract regulates the correct handling of this data in accordance with data protection regulations. In other words, you ensure that the company does not get into mischief with the data.
The basis for an AV contract is Article 28 of the General Data Protection Regulation.
Since CleverReach takes the role of a processor, you need to sign an AV contract with the company. The good thing here is that CleverReach already provides you with a pre-filled AV contract. You can find it in your account under My Account > Settings > Privacy.
Use CleverReach with Google reCAPTCHA on your WordPress website in compliance with the GDPR
Last but not least, we’ll now explain to you how exactly to obtain opt-in consent à la DSGVO for the use of Google reCAPTCHA.
We’ll assume that you’ve already connected your CleverReach account to WordPress.
- Open your WordPress backend.
- Navigate to Cookies > Services (Cookies) > Add Service in the left menu.
- Search for “Google reCAPTCHA” in the templates. The template is already included in the free version of Real Cookie Banner 😉
- Click on the template. You will now automatically land in the service configuration. Real Cookie Banner has already done the research work for you at this point, so you can adopt the template as is
- Scroll down to the Create a Content Blocker for this Service section
- Select the template for CleverReach (with Google reCAPTCHA).
- In the box below, confirm that you have checked all the data and click Save.
- You will now be automatically redirected to the corresponding Content Blocker template. Again, everything has already been pre-filled for you.
- Scroll down and click on Save.
- Done! Now Google reCAPTCHA will be played in your CleverReach forms only after your user’s opt-in consent in the cookie banner.