GDPR Webhook

[{"value":"One. background","id":"one-background","hLevel":2,"level":1},{"value":"Two. platform requirement","id":"two-platform-requirement","hLevel":2,"level":1},{"value":"Three. How to integrate compulsory Webhook","id":"three-how-to-integrate-compulsory-webhook","hLevel":2,"level":1,"children":[{"value":"1. compulsory webhook","id":"1-compulsory-webhook","hLevel":3,"level":2},{"value":"2. how to integrate webhook**","id":"2-how-to-integrate-webhook","hLevel":3,"level":2},{"value":"3.configuration","id":"3configuration","hLevel":3,"level":2}]}]

One. background

Any company which collects, stores or processes personal data in Europe shall comply to requirements of General Data Protection Regulation(GDPR) as below:

【User data rights】:

In multiple jurisdictions, a person shall have certain rights of collecting, storing and using the data. To make sure that your Apps satisfy moral and legal requirements, it is essential for you to take below matters into consideration:
According to GDPR, EU residents have the right to access, correct, delete and restrict the processing of their personal data. So it is quite important to create procedures of receiving and responding to these requests.
Except in special circumstances, GDPR also imposes restrictions on transferring data of EU residents from a place out side of EU. For example, GDPR acknowledges that privacy laws of some countries/regions might fully protect the information to allow its transmission, and the company may require data receivers to protect the information through contract, or making public commitments, according to certain codes of conduct or consultative approaches, to protect information agreement, e.g. EU-U.S. Privacy Shield.
If you transfer the data of EU residents outside the Europe, then you must comply with GDPR.
If you are processing personal data on a large scale, a Data Protection Officer(“DPO”) is required by GDPR to provide suggestions on GDPR compliance.

Two. platform requirement

SHOPLINE enforces GDPR for the data of all users both inside and outside of Europe, so you need to ensure that all the Apps distributed through SHOPLINE App Store met GDPR’s requirements, no matter whether your Apps collect personal data or not.
SHOPLINE provides compulsory webhook to help you manage user data collected by the App, if you don’t provide the URL of compulsory webhook, or your App doesn’t respond to these webhooks as required, the App will be refused to be activated. You need to solve identified problems first then submit your App for another review.
response requirements shown as below:
when you received one of the compulsory webhooks, you need to perform below:
- luse response status code(200) to confirm received request.
- lcomplete the operation within 30 days after you received the request. If you are required by law to reserve the data, which makes you unable to comply with the amendment request, you can ignore the operation.

Three. How to integrate compulsory Webhook

1. compulsory webhook

All the Apps distributed through SHOPLINE App Store must subscribe below webhook events(HTTPS) to help you manage user data collected by your Apps

Event name	Event flag
customer data deletion	customers/redact
store data deletion	merchants/redact

2. how to integrate webhook**

2.1 endpoints of customer data deletion

Store owner can make a delete request for customers. In this case, if your App has been granted permissions to access “Customer” data of store, it will receive a deletion request webhook with resource ID(image shown as below). View more about integration

2.2 endpoints of store data deletion

If your App has been uninstalled by store owner for 48 hours, SHOPLINE will send a delete request webhook (image shown as below) about the action. As webhook merchants/redact provides store_id、store_domain of store data, you can delete the store data from data base. View more about integration