Hi,
My app is registered for the read_orders scope, but NOT for the read_customer scope. Shopify sends requests to our app for customers/data_request and customer/redact(2 of the GDPR mandatory hooks). Since our app reads orders but does not read customer information in the orders, we cannot respond to the GDPR requests with order information.
So, in other words, what we must do in order to comply correctly with these 2 GDPR mandatory requests?
Regards