You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
How does this work then?
I have a duplicate account with an online retail site and I would like to have it completely removed from their databases along with my purchases, personal details, etc.
Do I just send them an email asking them to delete my data? Can anyone point me to an email template, if there is one available for this purpose?
eh?
[erasure]
Why do you need to go through all that though ?
Can you not just not use it anymore and unsubscribe from emails?
A company can hold data on what they recently sold and to who, and wouldn't necessarily be obliged to delete it except where a few years have passed and it is no longer relevant. Or something like that.
Look at their privacy statement online. They will probably have an email address for their data protection officer. Send them an email identifying yourself and asking to be removed.
Recognise also that they might not be able to erase everything for legal reasons (eg. If you have made purchases and they need to be able to show it was a real purchase) but they should remove everything that they can
Edit: also watch you don't shoot yourself in the foot. If you have made a purchase and they delete too many details they might not be able to find you if you make a warranty claim
Write to them and say this this problem is driving you Wild and that they should should show you A Little Respect.
I don’t fully understand it, but first thing to do would be to just ask them to remove the duplicate account - I’m dying to know why, is the OP desperate for order in a chaotic world, or wants to hide some unauthorised purchases from a loved one, I don’t know 😉
If they refuse or just fob you off you can ask again and quote some part of the revised legislation and hope they comply, but they don’t HAVE to if they have a justified reason for holding your data. You can skip straight to this point, but it seems a bit over-kill.
I got a phishing email where somebody had obtained my email and password. So I'm trying to limit the possibilities of this happening again.
You can contact them either by writing or verbally to make a request, there's no mandate within GDPR to state how a request must be made. They then have a month to respond.
Note that your "right to erasure" isn't absolute, it depends on a bunch of factors. (Very) basically, they have to comply unless they have good reason not to. It seems unlikely in this case, unless they'd want to hang on to purchase history for warranty purposes maybe.
Write to them and say this this problem is driving you Wild and that they should should show you A Little Respect.
Gateau sir!
I got a phishing email where somebody had obtained my email and password. So I’m trying to limit the possibilities of this happening again.
Stop reusing passwords across different sites. That'll do it.
Also, see here. https://haveibeenpwned.com/
Do US (might be Canadian actually) companies have to comply, such as Madbid.com or, does this law only apply to European companies?
Perhaps we could show a little respect to the OP? EDIT: Dammit, too slow!
If it's an online a/c with a human customer service dept, I would actually ring them up and ask them to delete the account under GDPR as the a/c is inactive and, as a result, they no longer have any need to retain the data.
Follow it up with an email to the same effect. Shouldn't be any Drama!
Not sure how lquickly organisations have to comply with your request.
Do US (might be Canadian actually) companies have to comply, such as <span class="skimlinks-unlinked">Madbid.com</span> or, does this law only apply to European companies?
If they operate in the EU yes.
Madbid? Really? No wonder.
Madbid? Really?
It won't be A Bitter Parting from them
Exactly, sometimes it doesn't have to be complicated. Just tell them to stop!
that reminds me i need to email ribble and close my 17 accounts,
if you buy from ribble cycles, order something without signing in and pay using paypal it automaticaly creates a new account,
a right ball ache if you've bought XT brakes and need to warranty return, as they get shipped to any old address,
I'm not sure they can remove details of your purchases etc, as most companies have to keep financial records for something like 7 years. At our place, every transaction is filed away in boxes saying 'Archive, don't destroy before date XXX', whole room full of them all...
I got a phishing email where somebody had obtained my email and password. So I’m trying to limit the possibilities of this happening again.
I've been asking a few sites / suppliers to delete accounts - not because I feel particularly vulnerable to phishing per se - although the particular emails doing the rounds reminded me to do it - more because any site is at risk of a data breach. Its a risk you have to accept if its a site you actually use - but if its a site or account that you don't (but had to register with as part of a purchase) then I'd rather my details there weren't part of the next haul - not so much for the login-password as any further personal details that would be attached to the account
Not sure how lquickly organisations have to comply with your request.
You can tell them how long - give a timescale of 28 days to either acknowledge that they've removed you or to tell you why they haven't / won't/ can't. They can't ignore it, they have to do one or the other.
You can tell them how long – give a timescale of 28 days
They're legally obliged to respond within a month.
Financial records (cc/payment) both method and details will be kept for the HMRC defined 6 years, that also includes the item(s) you bought.
Source records (name/address) again, 6 years if you’ve bought something from them.
If you registered for email marketing only, this can be deleted within a reasonable period. Not the 40 days some seem to quote.
Sometimes the truth is harder than the pain inside....
Just have in mind they will not necessarily have to delete everything straight away as some of it forms part of their accounting records (e g. invoice data) that they are legally required to keep, typically for six years.
I wonder whether the right to be forgotten could be made to apply to every single post you'd ever made on here.
Yes it can..... i doubt that there is a legitimate business interest for retaining them. However they could be archived? So no longer in process?
Who knows and i do this for a living....
Data in archive is still being processed. The ICO has said they'll turn a blind eye to data put beyond use, so depends how inaccessible your archive is, but anything called "archive" implies that the data may be used in the future so looks dodgy.
For the rest of this thread, if you have to take advice from the Internet then Cougar is more right than anyone else. Not that anyone knows what right is yet.
...and the Erasure jokes stopped being funny round about March, after the 50th time.
You are refering to "the right to be forgotten"
Your rights are explained here:
https://gdpr-info.eu/art-17-gdpr/
I met a real live person whose first name was erasure this week. True story
...and the Erasure jokes stopped being funny round about March, after the 50th time.
Always or Sometimes?
You cannot be erased per-se, but your pii could be hashed/anonymised to exclude you from being contacted in future, however, there needs to be enough left to match you should there need to be a legal reason to contact you. If you have two records, they need to be merged.