Solved

GDPR public app Webhooks

ClausWeibrecht
Visitor
1 0 0

Hi

I'm already adding a public non-published app in a Shopify partners account and for that I provided all needed informations and details of the app... besides that I have to implement GDPR Webhooks in my app in order to get aligned with privacy rules requirements.

As you already know these Webhooks contains basically 3 endpoints that give us the ability to:
- View stored customer data for a specific order.
- Delete stored customer data for a specific order.
- Delete stored shop owner data.

In this context comes to me a question when the shop owner request for example the delete of customer data for a specific order while this order is not shipped or not fulfilled yet.

In such cases is the target webhook executed, anyway?

How should we get informed and how will that reflect to the order itself if we delete the data related?


Regards

Accepted Solution (1)

Luke_K
Shopify Staff
402 66 100

This is an accepted solution.

Hey @ClausWeibrecht 

To confirm, the customers/redact webhook payload would include all order ID's with any fulfillment status if your app has access to the store's customers or orders. You'd then need to redact or delete those customers on the side of your app only.

I can confirm additionally that once the customer is redacted on Shopify, the anonymized customer's order data is held intact(some further GDPR documentation is here).

Hope that helps!

- API Support

| Shopify |
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!

View solution in original post

Reply 1 (1)

Luke_K
Shopify Staff
402 66 100

This is an accepted solution.

Hey @ClausWeibrecht 

To confirm, the customers/redact webhook payload would include all order ID's with any fulfillment status if your app has access to the store's customers or orders. You'd then need to redact or delete those customers on the side of your app only.

I can confirm additionally that once the customer is redacted on Shopify, the anonymized customer's order data is held intact(some further GDPR documentation is here).

Hope that helps!

- API Support

| Shopify |
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!