Jump to content


Registered Users

Change your profile picture
  • Content Count

  • Joined

  • Last visited

Community Reputation

52 Excellent

About steveod

  • Rank
    Basic Account Holder

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. And if our infamous liars Boris and Cummins do this then they can spend a few years in jail under misconduct in public office laws.
  2. Never mind that their signs rarely capable of forming a contract, but their signs and anpr in itself is not GDPR compliant. That is why PE and other ppc allow my appeals every time. Read up on the GDPR and two things stand out, and the court of justice has already ruled on these. One, if there is any alternative to the processing of personal data, especially of a data subject ie the RK that is not even there to view the data processing notification , then that must be used eg barriers such as NCP uses. Two, privacy info cannot be displayed on the same document/signage as other contract info. In almost every occasion they cannot meet these and therefore there is no legitimate reason for the parking charge notice.
  3. Some ideas are good. Some changes are great. This new look forum is not either of those. It’s a terrible layout and interface. Don’t know what platform it is but very poor.
  4. @dx I would agree with you, except we have seen the letter - post 15. And it’s not going in all guns blazing. I simply advised the OP as a starting point to do a SAR to see what has been said about them. Nothing more. They could then make the choice as whether to take it further. 9/10 in my experience starting off with the hint to the other side that the have broke the law leads to them dropping the issue like a hot potato. But in the end it’s the OPs choice
  5. My first post to the OP was based on the fact that the store has given them that letter which states that their details will be recorderd for future court action. Therefore the OP has the option of a SAR to see exactly what the head office, store manager has been told by the security guard. It’s the OPs choice to do that and whether to complain to the ICO or the company for breaching the GDPR. It was meant to offer advice to the OP. No need for snide remarks from anyone.
  6. Strange that. In post 21 you stated ”That letter is prob printed off by the security staff and signed by them without any knowledge of management. All they'll say to store management is ... we caught a shoplifters today and banned them. That's it.” The store manager is surely going to just say that the security guard had informed that the op was caught shoplifting, when the OP phones the store manager. Or was post 21 a mistake?
  7. From a reliable source that works in rlp with some of the large stores. Although in the case of this OP, it’s down to being known by the security and manager. even the ones that don’t keep photos, as you say keep names and address details. Again the GDPR comes into play, and if they haven’t provided the correct info under the GDPR, and haven’t taken the case-by-case evaluation under the GDPR then the keeping of that name and address list is unlawful.
  8. Maybe they do discard the names after a few months. Means nothing. They have not complied with the GDPR even if they keep the details for a couple of hours. Unless they have complied with all the articles I mentioned above. And I can tell you that the large chains have photographs of listed “offenders” that security use to refer to people that hav3 been banned. Not been tested in court under GDPR yet but won’t be too long.
  9. Rubbish. Everyone and every company has to comply with the GDPR. If you have any valid response to my points feel free to raise them so the OP has all the info to hand. But making simple statements that a supermarket can do whatever they feel like to keep a list of banned people without compliance with the GDPR is not helping anyone.
  10. PS I have already used similar to the above against 3 private parking companies and they just withdrew their stupid parking charge notices. Didn’t even need to bother with POPLA. They just escalated to their “legal”teams who knew they on a losing streak and didn’t even want to try test the GDPR in court. Possibly same for the OP from the limited info provided but that’s why the SAR is the first thing to do.
  11. Time you started learning about GDPR. It’s more powerful than you think if you know the law, Let’s see. 1.they need a lawful basis of processing under article 6. The only one is article 6(f). It requires them to have a legitimate reason. They do. It then requires a case-by-case evaluation of their rights against the data subjects rights. Some security guard writing on a form doesn’t meet this requirement. A failure of GDPR. 2. Where did the company get the OP or their husbands personal data from? From a third party ie the security guard or store manager. Therefore requirements under GDPR art 14 must be met. They haven’t probably. A failure. 3.they can share it perfectly fine with a third party as long as their privacy notice, which they have not provided to the OP anyway, states the recipients they can provide the data to. It’s then up to that 3rd party to provide info required under art 14 to themselves be compliant. As they didn’t provided their privacy notice it’s a GDPR failure. 4. They may only process personal data where there is a legitimate and lawful reason. And they may only keep processing for as long as is reasonably justified in all the circumstances. Even the police can only keep people Who have not been convicted personal data for 6 years. A life time ban and keeping the photos and personal data for a lifetime has no chance of being compatible.
  12. And if that’s the case then it’s definitely unlawful processing of personal data. And a claim for damages and distress would easily be obtained.
  13. Your names are your personal data. There must also be other communications, letters, email perhaps where they have used your personal data. Send them a SAR and let’s see what they have stored about you. Even them using your known as names to have given you the letter is using your personal data and they probably have not used it fairly or transparently.
  14. They may ban whoever they want that’s correct. However, you and your husband should both send them subject access request under GDPR and data protection act. Once you get that back, and there is no valid reason for them banning you, instruct them to remove all your and your husbands personal details from their systems. IMO these type of permanent banning restrictions involve the keeping and processing of personal data that exceeds far than what is necessary in all the circumstances. I would also determine from your SAR how they got your personal details, when they obtained them and hit them for a claim for unlawful processing as hopefully and probably they have nor provided the required notification under GDPR article 14.
  15. There are a couple of issues, but still waiting for ICO to get the correct legal advice as I have challenged them and DVLA under the GDPR. I have also challenged parking eye on use of aNPR when they sent me a NTK a few weeks back and they cancelled the pcn. The ICO is also not sure on this point that when using anpr there is no way for the parking company to provide The RK the required notice under GDPR art 13 when the RKs is not the driver and therefore the processing by both the dvla and the parking company is unlawful. So you could use that in your appeal. Plus the GDPR only allows processing when there is no alternative means to achieve the same objectives, and there are alternatives to using anpr which means that they don’t need to process a RKs details, so processing unlawful. As far as your query, they can pass the details on to anyone if it’s in their legitimate interests but only if their privacy notice they should have provided you states they can - so check the NTK for the privacy info and compare it to the GDPR art 14. Also, if they do pass the details on to a debt collection agency, that agency has to write to you within 30 days and provide you with their privacy notice which must contain the details under GDPR art 14. In both cases they can have the basics of the GDPR art 14 info on the NTk and letter as long as it then directs you to their privacy notice on their website, and that contains all the rest of the info required By the GDPR.
  • Create New...