I have received an email from Red Letter Days. I used them once, years ago.
They say they are to be taken over, so all the personal data they hold on me (unspecified, but an extensive list of possibles) will be passed on. If I would rather they deleted my data under GDPR, click here.
When you do click here, it offers a typical list of more data they want to identify you (one from column A, one from column B). So driving licence, and council tax or HMRC info or passport and so on. The sort of thing a bank would ask and none of which they already have.
They also want a phone number (which I know they don't already have) and will call in two days to "verify my identity". I never ever give my phone number to anyone, other than NHS type levels of need. Not marketing companies. So am reluctant to do that.
I'm not that bothered or grumpy, just interested, though it would be a minor fiddle to find the right bits somewhere in the house. It feels mad to ask for more pieces of now sensitive data just to delete my existing info, which is probably not more than an expired bank card with no cvc and my email address. I thought if I just asked from my registered email that would have been enough.
Anyone else asked for minor marketing data deletion, and are there always these hoops? If I mailed and said no, not doing that, but please delete what you have, what do we guess would happen?
|
|
Sounds a bit scammish to me, you sure you are dealing with the correct URL? Is it HTTPS?
|
Naively, if not thought of that! However, yes it is https and I guess the link looks ok. I've taken out the huge string of numbers at the end so the below won't take you to the page, but otherwise looks legit?
redletterdays.us19.list-manage.com/track/loadsofnumbershere
|
|
Thats a mail chimp ( a media marketing company and legit) so probably safe. Still asking too much data tho.
|
The whole GDPR thing is still vague and inconsistent between organisations. It's taken my current employer or rather project I'm on (I'm at risk of redundancy since Friday) since May to still not get quite to grips with Special Category Data - sensitive information like Ethnicity, Health, Sexual Orientation etc.
What's being asked for in OP seems well OTT. Have a look at the Information Commissioner's website about right to request deletion of records.
|
I looked at the ICO website. They use the unspecific but entirely understandable words "reasonable" and "proportionate". Which in this instance helps not a jot, as one man's reasonable is another's Clapham omnibus.
In the interests of exploring, I'm going to email them and say I'm not doing their form, but do want data removed. Be interesting to see what happens, not because I want to stir up trouble for them, just to see how it all works. If I get a knock back or ignore, I won't pursue it as I don't care that much.
I'll update.
|
>> as one man's reasonable is
>> another's Clapham omnibus.
>>
Pedant Corner.
They are the same thing, surely?
The reasonable man IS the man on the Clapham omnibus!
Wiki:-
en.wikipedia.org/wiki/The_man_on_the_Clapham_omnibus
|
|
Yes - it was a feeble joke.
|
>> Yes - it was a feeble joke.
We expect nothing less of you
|
|
Glad to be of service I'm sure.
|
>> I looked at the ICO website. They use the unspecific but entirely understandable words "reasonable"
>> and "proportionate". Which in this instance helps not a jot,
Not at all. Most people would surely think their proposal is unreasonable, and that the checks are disproportionate to the risk of deleting the wrong data or accepting a request from someone who is not the data subject? Countless contract clauses rely on the concept of reasonableness.
This might be genuine but it makes no sense. Surely the only way they can confirm that the person requesting the deletion is the person whose data they have is to get confirmation of the data items they already hold?
I'd be writing/emailing/speaking to to whoever is at the top of this particular pyramid pointing out how ridiculous it is to ask for sensitive information that could be, and commonly is, used maliciously before deleting information that is relatively harmless.
|
I meant to imply, by "not a jot", that in terms of me sending an email to their generic contact address saying "I think this is unreasonable" they are likely to say "well, we think it isn't", and at that point you have to, as you say, start to make bigger fusses than it warrants, for me in this instance.
I was also faintly interested to see the link I posted implies - not actually checked it in any way - that it's coming via the States. Mailchimp is Atlanta, anyway.
So my email address I gave to them is on a list outside Europe now, no idea whether the original t&cs allowed that. Again, I'm quite sure it already is via many other sources anyway, never mind via any of the gazillion data breaches of various providers, so it's just a minor thought.
But it could all get a bit rabbit holey.
|
There are a lot of small and medium sized companies out there that, faced with a GDPR SAR from an individual, wouldn't know where to start. We're doing pretty well selling software to them that helps with it, but even that can't do everything.
Many are opting to simply bury their heads in the sand and pretend the whole thing isn't happening. I suspect it will take a company of similar size or sector to be made a high profile example of before they feel any sense of urgency to get to grips with it.
|
Response: If you want to be deleted from our mailing list, reply and we'll do that. if you want to be "forgotten" as you ask, fill in the form. The one I was originally complaining about.
Just as a last bit of energy, I've said no, said why, and said please "forget" me anyway. Shan't be going any further if they say "yes yes, fill in the form".
|
The important thing isn't the mailing list redirection URL you provide because any old scammer could put you on a list. What is URL of the page it takes you to? Feel free to chop off the query part if you like.
Like Zero at the mo I think it's just a scam
|
I don't think it's a scam, as I used their contact form on their website I found independently about it, and they communicated back via that sensibly.
The form is here:
www.redletterdays.co.uk/data-delete
I've heard nothing more, and don't expect to. Firmly on their "totally ignore this request to be forgotten" heap I imagine.
|
>> They also want a phone number (which I know they don't already have) and will call in two days to "verify my identity". I never ever give my phone number to anyone,
There are websites where you can get a personalized 0845 number which can automatically be forwarded to your chosen number.
Usually they forward for free to a landline but mobile forward is chargeable.
Altertively, if you have a dual SIM phone you can put a temporary SIM for these types of issues. Just give them your 2nd SIM number and recycle it every few months.
2nd SIM also comes handy when travelling abroad and you want to take a local number.
|
I meant to post something about this when the GDPR issue came out.
I thought that this was going to be a god send by the backdoor, I was bombarded with emails from companies I had accounts with pleading me to re-register with them so that they could carry on sending me their weekly email offers, they said if I didn't then that would be it no more contact....
Brilliant a quick way of 'unsubscribing' en-mass so I just left them...
Guess what it made not a shot of difference!, they just kept coming..
|
|
Same here. E.g. Parking at Manchester Airport (never again)
|
When my kids were born I added them to my health insurance policy.
My eldest is now 25 and earning more than enough to finance her own insurance.
So I called up the company to cancel her element.
They point blank refused because of GDPR. The fact that she has no independent contract with them and didn't even know the policy details is irrelevant apparently.
Also, technically she is not even covered anymore because she has left home and not in education.
And they cannot write to her because that would also be a breach of GDPR.
So I got her to call the insurance co and cancel her element. They refused as she is not the policy holder!
So, the next solution was to cancel it when she next came home, I could confirm that I was the policy holder and she could cancel her element. No - that wasn't acceptable. I could be coercing her or her me!
Arrrrgh!
Stongly worded letter in the end sorted it.
|
I'm not quite sure if this is GDPR, something similar or dissimilar, or plain bull excrement, but Some months ago I'd signed up for the verification scheme with the Government Gateway through Royal Mail. They are stopping being a verifier so I tried signing up with a new one yesterday. Out of 5, for no particular reason, I chose Barclays.
I went though a whole load of screens, including giving my bank, passport and driving licence details. I'd consciously chosen to give my most aged bank account details rather than more recent ones. The next screen asked if I had a phone contract with Vodafone, EE or someone other specified company.
When i said no to the phone question it then said they'd need other forms of ID e.g. bank details or passport.
So I got onto to their web chat to find out what that meant.
He asked me when the bank account was set up. I told him in the 1970s and he said some accounts set up before 1999 had some conditions which prevented them using it to verify you. I suppose that pre-dates GDPR, but it sounded a similar principle.
To round the story off, he said I couldn't just put in a different account, I'd need to restart the process. So I went with Experian instead, where everything went straight through (but I did use a more recent account!)
|
GDPR data deletion - Zero
