foreveryoung Posted September 27, 2023 Posted September 27, 2023 Posts moved from a different topic Subject deserves a topic of it's own On 27/09/2023 at 17:41, VILLAMARV said: It's worth everyone remembering that private businesses don't have a legal obligation to serve anybody. Businesses have the right to refuse service. You can be asked to leave, refused service and you don't have any right to be told why. You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for.
bickster Posted September 27, 2023 Moderator Posted September 27, 2023 16 minutes ago, foreveryoung said: You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for. That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten. You can also add that to the list of things the EU did for you Edit: Also you don’t have to ask in writing, they must recognise any request including verbally 2
foreveryoung Posted September 27, 2023 Author Posted September 27, 2023 1 minute ago, bickster said: That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten. You can also add that to the list of things the EU did for you What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.
bickster Posted September 27, 2023 Moderator Posted September 27, 2023 2 minutes ago, foreveryoung said: What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime. I can’t help it if you mean one thing and type something completely different Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and could deny you on that basis. 3
VILLAMARV Posted September 27, 2023 Posted September 27, 2023 AFAIK (VT Law dept correct me if I'm wrong of course) but what you're talking about FY is information kept on file about you under The Data Protection Act. There are still plenty of interactions where there is no information exchange between businesses and customers. I was referring to the Common Law Right to Refuse Service. The Equalities Act lists the protected areas - gender, sex, sexual preference, age, disability, race, religeon, pregnancy or maternity. It would be unlawful to refuse service because of any of those reasons. You also can't discriminate so evenly applying whatever rules you see fit. It would probably be precient to display said rules somewhere, install cameras to back up your version of events if challenged legally, perhaps even log or record reasons for refusing service as they occur but AFAIK there's no obligation in Law to do so. The management reserves the right..... 1
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 On 27/09/2023 at 19:46, foreveryoung said: What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime. DSAR 1
bickster Posted September 29, 2023 Moderator Posted September 29, 2023 2 minutes ago, Follyfoot said: DSAR SAR actually
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 On 27/09/2023 at 19:52, bickster said: I can’t help it if you mean one thing and type something completely different Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and could deny you on that basis. They could be in reality if you threaten to report them to ICO they will comply
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 (edited) 2 minutes ago, bickster said: SAR actually No it is a data subject access request DSAR Edited September 29, 2023 by Follyfoot
bickster Posted September 29, 2023 Moderator Posted September 29, 2023 1 minute ago, Follyfoot said: They could be in reality if you threaten to report them to ICO they will comply They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 (edited) 2 minutes ago, bickster said: They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests In reality they will send it, I own a fully regulated claims firm Edited September 29, 2023 by Follyfoot
bickster Posted September 29, 2023 Moderator Posted September 29, 2023 1 minute ago, Follyfoot said: No it is a data subject access request DSAR OK you win, I only do it for a living but... Quote How do we recognise a subject access request (SAR)? ICO
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 (edited) 26 minutes ago, bickster said: OK you win, I only do it for a living but... ICO As do I I am approved by the FCA under the approved persons regime (SMF29) and my firm makes regular DSAR requests, splitting hairs as the same thing anyway https://dataprivacymanager.net/what-is-data-subject-access-request-dsar/ A subject access request (SAR, also called a data subject access request (DSAR), is any request by a data subject for access to their personal data. Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record. GDPR.co.uk https://www.gdpr.co.uk › subject-access-requests https://www.gdpr.co.uk/subject-access-requests#:~:text=A subject access request (SAR,of their child's pupil record. Edited September 29, 2023 by Follyfoot 1
bickster Posted September 29, 2023 Moderator Posted September 29, 2023 23 minutes ago, Follyfoot said: Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record. That's bollocks too Quote Children who are of sufficient age, maturity and ability to make a request are treated in the same way as adults. For these children, the child alone has the right to ask for and see their personal data. As a general rule, we think that children aged 13 and above are capable of making a subject access request on their own behalf, but whether this is possible will depend upon the ability and maturity of the child in question. A child who is capable of making a subject access request can also ask someone to act on his or her behalf in the same way that that an adult can. Office of the Schools Adjudicator
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 (edited) 3 minutes ago, bickster said: That's bollocks too Office of the Schools Adjudicator Did not mean to include that in the copy and paste What else is 'bollocks' by the way Edited September 29, 2023 by Follyfoot
bickster Posted September 29, 2023 Moderator Posted September 29, 2023 3 minutes ago, Follyfoot said: Did not mean to include that in the copy and paste What else is 'bollocks' by the way gdpr.co.uk for starters
Follyfoot Posted September 29, 2023 VT Supporter Posted September 29, 2023 (edited) 28 minutes ago, bickster said: gdpr.co.uk for starters Whatever, just everyone I speak to in the industry uses DSAR not SAR, pointless argument https://www.itgovernance.co.uk/data-subject-access-requests Edited September 29, 2023 by Follyfoot
blandy Posted September 29, 2023 Moderator Posted September 29, 2023 Here’s the form for students to use https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/921235/SLC_DSAR_Subject_Access_Request_Form.pdf Quote Data Subject Access Request Form This form allows you, or an authorised person, to request information that we hold about you. This is called making a Data Subject Access Request (DSAR) and is covered under UK data protection legislation... There, that should solve the row. Oh! Anyway, I don’t know which form Farage used, but whatever he used, I’d pick the other one.
foreveryoung Posted September 29, 2023 Author Posted September 29, 2023 I have done it a few times with betting companies,. if they play silly buggers, I just brief them about my rights, ICO and IBAS noted, they always send my request.
Xela Posted September 29, 2023 Posted September 29, 2023 Saw GDPR title thread and knew Bicks would be all over it like a hungry dog eating sausages. Wasn't disappointed. 1
Recommended Posts