Information on data protection and fulfillment of the duty to inform for the use of Google OAuth.
Google OAuth is a login and authentication service provided by Google Inc. that connects to the Google network. As part of our service, we give you the ability to retrieve data from your Google account, for example, to retrieve aggregated data provided by Google. We use Google OAuth so that you do not have to enter your Google credentials for each individual retrieval of data. Once you enter your login data, they are sent to the OAuth server, which validates the password and, if successful, authenticates you as an authorized user. In the next step, Google creates and stores a so-called token, which is also sent to BrandMaker and stored within your user account. The token contains the corresponding authorization information. Each of these tokens is provided with a date, after which it loses its validity. When it expires, you will be prompted again to authenticate with the Google service.
This procedure ensures that BrandMaker never comes into contact with the login data of your Google account and that you can still transfer content from your Google account to your user account at BrandMaker in a secure way.
Data collected for the use of the service at BrandMaker:
- Google API Authorization Code
- Access/Refresh Token
- Expiration date of the respective token
For BrandMaker as the responsible party, no reference to natural persons can be established with the help of this data. All user data entered, such as login name and password, are processed in this context exclusively by Google for the purpose of authenticating the user and generating the tokens.
More information on data protection at Google can be found at https://policies.google.com/privacy.
Name and contact details of the responsible party
BrandMaker GmbH Rüppurrer Street 1 76137 Karlsruhe E-mail: firstname.lastname@example.org
Name and contact details of the data protection officer
ENSECUR GmbH Sophienstraße 25 70178 Stuttgart Personally responsible: Mr. Julian Häcker E-mail: email@example.com
Purpose and legal basis of data processing according to GDPR
Use of the login and authentication service provided by Google Inc. connecting to the Google network (Art. 6 para. 1 b/f GDPR*).
Interests of the controller in balancing interests
Ensuring a positive user experience (avoiding repeated password entries) for authenticating the user to their Google account to retrieve aggregated data from Google while ensuring the correct user identity.
Recipients or categories of recipients of the personal data
Transfer to other countries
There is a transfer of the data mentioned in the description above between the USA and Germany.
Storage period in accordance with legal retention obligations
Deletion of personal data usually takes place within the legal retention obligations after termination of the contractual relationship.
Right to information, correction, deletion, restriction, data portability and objection
As a data subject, you have the right to information, correction and deletion of your data and to restriction of processing, as well as a right to data portability at any time. For this purpose, please contact the data controller using the contact details provided.
Right of objection
Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time by contacting us using the contact details provided, if reasons arise from your particular situation that conflict with this data processing. We will then stop this processing unless it serves overriding interests worthy of protection on our part.
Right of complaint
As a data subject, you may contact a competent supervisory authority at any time in the event of a complaint.
Existence of a necessity to provide personal data
The data collected is necessary for the use of the login and authentication service provided by Google Inc. in connection with the use of our services.
This service is not addressed to consumers, but to B2B customers of BrandMaker. In this context, only data of the responsible contact persons are processed as described above.