-1

I plan to use a Google API interface for my web shop (Germany) to optimize transport costs for customers (API request on the google server for every price calculation).

The API interface would then be necessary for the operation of the site and cannot be switched off. Consent or rejection from a data protection perspective is not possible.

questions:

  1. How can I use the API interface in a data protection-compliant manner?
  2. I currently have a simple cookie banner just to notice the user that the onlineshop sets necessary cookies, is that enough?
Improve this question
1
  • This really feels like a question that needs to be handled by either your lawyer or your company's lawyer.
    – Pyrotechnical
    Commented Mar 26 at 15:29

1 Answer 1

Reset to default
1

You need a lawful basis for the processing

Since this is shipping data, it contains addresses which are personal data so the GDPR applies. You need to have a lawful basis, contract is a possibility, so is legitimate interest, or consent. You need to determine if it is necessary (not just convenient) to use the Google API, that is, could you do it some other way that means you don’t have to send data to Google (or any other third party)? If you do have to, or choose to do so, you need to have a data processing agreement with Google.

Improve this answer
1
  • At first the data is just the postal code, not the full shipping adress. But you are right, after that the user needs to provide the full adress in the order.
    – Christian Stegemann
    Commented Feb 26 at 7:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .