We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Gymbox - PT added me on Facebook
Comments
-
the only difference between my post and yours is that mine is actually correct. whilst yours is an opinion you cannot support..
Until you are able to provide something official to back up what you state, I'm afraid that your post is also just an opinion that isn't supported.
I'm not stating that you are wrong and other posters are right, (or vice versa) simply that anything written by totally anonymous posters on a forum such as this one can only be taken as their personal opinions until such a time as those posts or claims can be proven to be correct.
You stated that you have worked closely with the ICO many times but I could equally claim to be Elizabeth Denham, the information commissioner of the ICO so why shouldn't my claim have as much or as little credence as yours?0 -
I'll take my jacket off and get the popcorn for this one.
Oh look, OP has done a runner!0 -
ThumbRemote wrote: »You're wrong as well.
Yes, you are not saying i am wrong at all are you...0 -
Blackbeard_of_Perranporth wrote: »I'll take my jacket off and get the popcorn for this one.
Oh look, OP has done a runner!
Keep running.... it'll save a fortune on gym membership!0 -
lets try to simplify this..
Person A has facebook, their profile is public, they have their discovery setting to visible.
Person B has facebook, they have their contacts import to facebook.
Person A gives (voluntarily) their phone number to Person B
Person B enters this number in to their phone.
Facebook imports the contacts as per Person B's settings, Person A appears in line with their security settings and a friend request is issued.
Where is the security breach? Where is the GDPR issue and why would the ICO care that person A has not sufficiently updated their security settings in line with what they want.
The GDPR breach would be the PT failing to protect the customers details by allowing a 3rd party to run a search in their database with those details without permission (presuming that he has not informed her this will happen).0 -
The GDPR breach would be the PT failing to protect the customers details by allowing a 3rd party to run a search in their database with those details without permission (presuming that he has not informed her this will happen).
But the customer has accepted and has a privacy setting to allow their profile to be located by contact number.
So the PT hasnt breached anything, she gave him the number and has consented to Facebook profile being publicly visible and searchable by phone number0 -
But the customer has accepted and has a privacy setting to allow their profile to be located by contact number.
So the PT hasnt breached anything, she gave him the number and has consented to Facebook profile being publicly visible and searchable by phone number
Unless the PT has informed the OP that he will be processing the data in this way he is not permitted to do so.
I am not arguing though that I doubt action will be taken against them unless this is a regular occurrence.0 -
I totally agree with the OP. The same thing happened to me once, I joined a local gym, filled in the form and went about my workout. The next day the guy who I had spoken to at the counter when signing up had added me on Facebook, obviously from my personal details I'd used on the form. Luckily I hadn't signed a contract and paid upfront for 1 month. I went back a couple of times after he had tried to add me but felt so uncomfortable I didn't return. I do find it invasive, unless he had asked 'do you have facebook' or 'can I add you on facebook' first. I'm friends with my hairdresser on facebook but we added one another whilst in the salon. I don't think the OP is overreacting at all, it's creepy behaviour0
-
princesse_sarah_x wrote: »I totally agree with the OP. The same thing happened to me once, I joined a local gym, filled in the form and went about my workout. The next day the guy who I had spoken to at the counter when signing up had added me on Facebook, obviously from my personal details I'd used on the form. Luckily I hadn't signed a contract and paid upfront for 1 month. I went back a couple of times after he had tried to add me but felt so uncomfortable I didn't return. I do find it invasive, unless he had asked 'do you have facebook' or 'can I add you on facebook' first. I'm friends with my hairdresser on facebook but we added one another whilst in the salon. I don't think the OP is overreacting at all, it's creepy behaviour
I Think you are being a princess...0 -
I suspect we are derailing the thread a bit here, but the GDPR is not nearly as draconian as a lot of you guys think.
I followed the ICO's self-assessment tool as if I were a PT and it suggests that registration is not required. See https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/y/N/Y/Yes/Yes/No/No/Non/Yes.unholyangel wrote: »Somehow I very much doubt that the PT has complied with GDPR or even that they're registered as a DPO.
There is a specific exemption for advertising, marketing and public relations (in connection with your own business activity).
This is not required for the PT - the basis of processing personal data in this case is 'legitimate interest', not 'consent': the requirements associated with 'consent' do not apply.If they were, they would've told OP that they were collecting their data, how they were going to use it, that they were going to disclose it to third parties etc.
Personally I would expect to be contacted by a PT to ask if I wanted more sessions and in this day and age I would expect that to come by electronic means. My old PT added me to facebook, along with all of his other clients, and I found that perfectly normal.Anyway, you wouldn't expect a worker from other places to do it, so why make excuses for the PT? If you gave a restaurant worker your phone number for a reservation, would you expect to be added on facebook? What about your hairdresser/barber? The builder you asked to give you a quote? The BT employee you queried a bill with?
In any event, from a more legal perspective, the PT is permitted to contact people who booked a trial session to see if they want more sessions, unless those people have specifically asked not to be contacted.
The PT does not need permission to to do this. Consent is not required to use third party providers. Nobody could run a business if consent was needed to use 3rd party technology. These days even something like Microsoft Word is hosted online through 3rd party servers.The GDPR breach would be the PT failing to protect the customers details by allowing a 3rd party to run a search in their database with those details without permission (presuming that he has not informed her this will happen).
Anyone can browse the list of enforcement actions here: https://ico.org.uk/action-weve-taken/enforcement/. As you will see, pretty much all enforcement action has been against large businesses in respect of major data breaches or in respect of unlawful mass marketing campaigns. I failed to identify any small businesses on that list.ThumbRemote wrote: »The ICO publishes a list of actions they've taken. There are numerous actions against individuals/small businesses.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards