Jump to content
Just visiting?

GDPR / DPA2018 and Your Data Rights

foreveryoung

By foreveryoung
in Off Topic

 Share

Recommended Posts

foreveryoung Grand Master

foreveryoung

Posted
Posted

Posts moved from a different topic

Subject deserves a topic of it's own

 

On 27/09/2023 at 17:41, VILLAMARV said:

It's worth everyone remembering that private businesses don't have a legal obligation to serve anybody. Businesses have the right to refuse service. You can be asked to leave, refused service and you don't have any right to be told why.

You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for.

Link to comment
Share on other sites
bickster Grand Master

bickster

Posted
  • Moderator
Posted
16 minutes ago, foreveryoung said:

You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for.

That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten.

You can also add that to the list of things the EU did for you

Edit: Also you don’t have to ask in writing, they must recognise any request including verbally

  • Like 2
Link to comment
Share on other sites
foreveryoung Grand Master

foreveryoung

Posted
  • Author
Posted
1 minute ago, bickster said:

That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten.

You can also add that to the list of things the EU did for you

What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.

Link to comment
Share on other sites
bickster Grand Master

bickster

Posted
  • Moderator
Posted
2 minutes ago, foreveryoung said:

What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.

I can’t help it if you mean one thing and type something completely different

Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and  could deny you on that basis.

  • Like 3
Link to comment
Share on other sites
VILLAMARV Grand Master

VILLAMARV

Posted
Posted

AFAIK (VT Law dept correct me if I'm wrong of course) but what you're talking about FY is information kept on file about you under The Data Protection Act. There are still plenty of interactions where there is no information exchange between businesses and customers.

I was referring to the Common Law Right to Refuse Service. The Equalities Act lists the protected areas - gender, sex, sexual preference, age, disability, race, religeon, pregnancy or maternity. It would be unlawful to refuse service because of any of those reasons. You also can't discriminate so evenly applying whatever rules you see fit. It would probably be precient to display said rules somewhere, install cameras to back up your version of events if challenged legally, perhaps even log or record reasons for refusing service as they occur but AFAIK there's no obligation in Law to do so. The management reserves the right.....

05269.jpg

  • Like 1
Link to comment
Share on other sites
Follyfoot Grand Master

Follyfoot

Posted
  • VT Supporter
Posted
On 27/09/2023 at 19:52, bickster said:

I can’t help it if you mean one thing and type something completely different

Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and  could deny you on that basis.

They could be in reality if you threaten to report them to ICO they will comply 

Link to comment
Share on other sites
bickster Grand Master

bickster

Posted
  • Moderator
Posted
1 minute ago, Follyfoot said:

They could be in reality if you threaten to report them to ICO they will comply 

They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests

Link to comment
Share on other sites
Follyfoot Grand Master

Follyfoot

Posted
  • VT Supporter
Posted (edited)
2 minutes ago, bickster said:

They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests

In reality they will send it, I own a fully regulated claims firm

 

Edited by Follyfoot
Link to comment
Share on other sites
Follyfoot Grand Master

Follyfoot

Posted
  • VT Supporter
Posted (edited)
26 minutes ago, bickster said:

OK you win, I only do it for a living but...

ICO

As do I 

I am approved by the FCA under the approved persons regime (SMF29) and my firm makes regular DSAR requests, splitting hairs as the same thing anyway

 https://dataprivacymanager.net/what-is-data-subject-access-request-dsar/

A subject access request (SAR, also called a data subject access request (DSAR), is any request by a data subject for access to their personal data. Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record.
 
 
Edited by Follyfoot
  • Haha 1
Link to comment
Share on other sites
bickster Grand Master

bickster

Posted
  • Moderator
Posted
23 minutes ago, Follyfoot said:

Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record.

That's bollocks too

Quote

Children who are of sufficient age, maturity and ability to make a request are treated in the same way as adults. For these children, the child alone has the right to ask for and see their personal data. As a general rule, we think that children aged 13 and above are capable of making a subject access request on their own behalf, but whether this is possible will depend upon the ability and maturity of the child in question. A child who is capable of making a subject access request can also ask someone to act on his or her behalf in the same way that that an adult can.

Office of the Schools Adjudicator

Link to comment
Share on other sites
blandy Grand Master

blandy

Posted
  • Moderator
Posted

Here’s the form for students to use

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/921235/SLC_DSAR_Subject_Access_Request_Form.pdf
 

Quote

Data Subject Access Request Form
This form allows you, or an authorised person, to request information that we hold about you.
This is called making a Data Subject Access Request (DSAR) and is covered under UK data protection
legislation...

There, that should solve the row. Oh! 😜

Anyway, I don’t know which form Farage used, but whatever he used, I’d pick the other one.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...
Â