After getting some legal consulting on the best practices for GDPR compliance while developing a Hubspot API integration, I was told that Hubspot User names and emails are considered private personal data.
This happens when a Hubspot User connects an integration to their HS Portal and the list of owners is fetched (GET /owners/v2/owners/). This endpoint returns names and emails of people that might not know about the integration.
How is this supposed to be handled?
Who is responsable for giving my integration this data? The user who made the connection?