Google Authentication (EU)

Information on data protection and fulfillment of the duty to inform according to Art. 13 GDPR for the use of Google OAuth.

Google OAuth is a login and authentication service provided by Google Inc. that connects to the Google network. As part of our service, we give you the ability to retrieve data from your Google account, for example, to retrieve aggregated data provided by Google. We use Google OAuth so that you do not have to enter your Google credentials for each individual retrieval of data. Once you enter your login data, they are sent to the OAuth server, which validates the password and, if successful, authenticates you as an authorized user. In the next step, Google creates and stores a so-called token, which is also sent to BrandMaker and stored within your user account. The token contains the corresponding authorization information. Each of these tokens is provided with a date, after which it loses its validity. When it expires, you will be prompted again to authenticate with the Google service.

This procedure ensures that BrandMaker never comes into contact with the login data of your Google account and that you can still transfer content from your Google account to your user account at BrandMaker in a secure way.

Data collected for the use of the service at BrandMaker:

  • Google API Authorization Code
  • Access/Refresh Token
  • Expiration date of the respective token

For BrandMaker as the responsible party, no reference to natural persons can be established with the help of this data. All user data entered, such as login name and password, are processed in this context exclusively by Google for the purpose of authenticating the user and generating the tokens.

More information on data protection at Google can be found at

Name and contact details of the responsible party (Art. 13 para. 1 a GDPR)

BrandMaker GmbH
Rüppurrer Street 1
76137 Karlsruhe

Name and contact details of the data protection officer (Art. 13 para. 1 b GDPR)

Sophienstraße 25
70178 Stuttgart
Personally responsible: Mr. Julian Häcker

Use of the login and authentication service provided by Google Inc. connecting to the Google network (Art. 6 para. 1 b/f GDPR*).

Interests of the controller in balancing interests (Art. 13 para. 1 d GDPR)

Ensuring a positive user experience (avoiding repeated password entries) for authenticating the user to their Google account to retrieve aggregated data from Google while ensuring the correct user identity.

Recipients or categories of recipients of the personal data (Art. 13 para. 1 e GDPR)

Google Inc.

Transfer to other countries (Art. 13 para. 1 f GDPR)

There is a transfer of the data mentioned in the description to the USA.

Deletion of personal data usually takes place within the legal retention obligations after termination of the contractual relationship.

Right to information, correction, deletion, restriction, data portability and objection (Art. 13 para. 2 b GDPR)

As a data subject, you have the right to information, correction and deletion of your data and to restriction of processing, as well as a right to data portability at any time. For this purpose, please contact the data controller using the contact details provided.

Right of objection (Art. 21 para. 1 GDPR)

Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time by contacting us using the contact details provided, if reasons arise from your particular situation that conflict with this data processing. We will then stop this processing unless it serves overriding interests worthy of protection on our part.

Right of complaint (Art. 13 para. 2 d GDPR)

As a data subject, you may contact a competent supervisory authority at any time in the event of a complaint.

Existence of a necessity to provide personal data (Art. 13 para. 2 e GDPR)

The data collected is necessary for the use of the login and authentication service provided by Google Inc. in connection with the use of our services.