We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
"GDPR Article 15: Right of Access" Questions
Options
iancowley
Posts: 27 Forumite
So I signed up for a direct debit with a company tied to and promoted by a well known UK shopping chain, they have my name, age, address, phone number, bank details and email.
The day I joined I started receiving phone calls from a fake +22 number which I've ignored and keep blocking each new one as it comes. I had a blackmail email from China saying they had access to my computers web cam while I was watching !!!!!! (I dont have a webcam) and wanted $1000,(which I ignored) they quoted one of my passwords as proof they had "cracked my computer". The very same password I used to sign up with the company.
Anyway, I cancelled the direct debit under the 14 day cooling off and asked them for GDPR Article 15: Right of Access and GDPR Article 17: Right to erasure. They supposedly have 2 months to get back to me on that. Received a generic "your cancellation was successful" email.
3 months go by and nothing. I emailed them back asking where the GDPR Right of Access was and now they are asking for more information like passport, driving licence or birth certificate details to prove its me.
So are they just messing me around, dont want to give me anything and hope to collect even more sensitive data on me like a photo of my passport or are they within their rights to ask me to prove that it is actually me, were my bank details and the bank confirming the direct debit through my online banking not enough.
Because that was enough to set up an account and have them start taking direct debits out of a bank in my name in the first place.
Where do I stand on this, refuse to give them more info and get nothing back or take it further because they are refusing my Right to Access?
The day I joined I started receiving phone calls from a fake +22 number which I've ignored and keep blocking each new one as it comes. I had a blackmail email from China saying they had access to my computers web cam while I was watching !!!!!! (I dont have a webcam) and wanted $1000,(which I ignored) they quoted one of my passwords as proof they had "cracked my computer". The very same password I used to sign up with the company.
Anyway, I cancelled the direct debit under the 14 day cooling off and asked them for GDPR Article 15: Right of Access and GDPR Article 17: Right to erasure. They supposedly have 2 months to get back to me on that. Received a generic "your cancellation was successful" email.
3 months go by and nothing. I emailed them back asking where the GDPR Right of Access was and now they are asking for more information like passport, driving licence or birth certificate details to prove its me.
So are they just messing me around, dont want to give me anything and hope to collect even more sensitive data on me like a photo of my passport or are they within their rights to ask me to prove that it is actually me, were my bank details and the bank confirming the direct debit through my online banking not enough.
Because that was enough to set up an account and have them start taking direct debits out of a bank in my name in the first place.
Where do I stand on this, refuse to give them more info and get nothing back or take it further because they are refusing my Right to Access?
0
Comments
-
I have not signed up for any company who is tied or promoted by a well known shopping chain. I have received a similar email about the !!!!!! - but I've not visited any !!!!!! sites. Well, not unless you count shopping for shoes or handbags.
That was about a year ago. Pretty sure it included a threat to post it on my social media (which I don't really use) or something that was akin to everyone finding out. Nothing has happened. I'm not holding my breath.
You keep using that word. I do not think it means what you think it means - Inigo Montoya, The Princess Bride1 -
Sounds exactly like the email I got. Something about all my friends and family will see it on social media. Thing is it came a couple of days after I signed up using the password I signed up with as proof. Maybe its a coincidence along with the phone calls. But still cancelled and they are pretty much refusing to tell me what they have on me and where it went, most probably haven't deleted any my data as requested.0
-
It almost certainly is a coincidence. I'm not sure what you're hoping to achieve, even if they were secretly flogging your data to a bunch of fraudsters they're hardly likely to tell you, are they?
0 -
I like the fact that you know they can’t have videoed you watching !!!!!! as you don’t have a webcam 😂
Sometimes it’s best to let things go. It’s unlikely that on the day of joining this site they would have instantly lost or sold your data. Sounds like it’s been got from somewhere else. I would just leave this be.1 -
But change the password!JReacher1 said:. It’s unlikely that on the day of joining this site they would have instantly lost or sold your data. Sounds like it’s been got from somewhere else. I would just leave this be.
1 -
Check your email address here https://haveibeenpwned.com/ it tells you if and where it's been compromised0
-
And check your pc. Who is to say that the leak of details came from their end and not yours?0
-
Basically GDPR is a joke and companies can just flaunt that in front of your face. "Right to Erasure", oKeY dOkEy CuStOmEr.davidmcn said:It almost certainly is a coincidence. I'm not sure what you're hoping to achieve, even if they were secretly flogging your data to a bunch of fraudsters they're hardly likely to tell you, are they?
Yet another useless law that companies either ignore or have work arounds to benefit them and make matters worse0 -
2
-
As it is a financial agreement, the company concerned do not have to comply with the right to erasure as they are legally obliged to keep records of any financial transaction (for 5 years I think).iancowley said:So I signed up for a direct debit with a company tied to and promoted by a well known UK shopping chain, they have my name, age, address, phone number, bank details and email.
Anyway, I cancelled the direct debit under the 14 day cooling off and asked them for GDPR Article 15: Right of Access and GDPR Article 17: Right to erasure.
3 months go by and nothing. I emailed them back asking where the GDPR Right of Access was and now they are asking for more information like passport, driving licence or birth certificate details to prove its me.
They are also entitled to request that you provide ID to show that you are entitled to the information that you have requested.
This is from the ICO.Can we ask an individual for ID?
If you have doubts about the identity of the person making the request you can ask for more information. However, it is important that you only request information that is necessary to confirm who they are. The key to this is proportionality.
You need to let the individual know as soon as possible that you need more information from them to confirm their identity before responding to their request. The period for responding to the request begins when you receive the additional information.
1
https://www.youtube.com/watch?v=x34icYC8zA0Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards