Jump to content


Registered Users

Change your profile picture
  • Posts

  • Joined

  • Last visited

Everything posted by steveod

  1. Looking for consumer law assistance. I signed up on a website for their offer of a free service in the Terms of Use of the services, there was no mention of price, contract or length they would provide the service but there was a mention that they would continue processing my personal data for 5 years. The lawful basis was for contract reasons or legal reasons. i have tried to cancel the service so they stop sending me the information by post and email, but they are stating that the contract for the service is for 5 years and they don’t need to stop processing my personal data and they consider the contract as still in effect. My feelings are there is no contract, merely a gratuitous promise by them to provide the service. Is this correct: 1. They made an offer for providing the service for free 2. I accepted the offer by signing up for the service 3. Their consideration was the actual service and implementation of that service 4. As the promisee I did not provide any consideration 5. Thus there is no contract they are saying there is a contract, they will not cancel it, and my consideration was the signing up for the service, and the obligations they set out in the terms. The obligations under the contract are obviously not consideration but what about the signing up for the service. how can I get them to cancel any alleged contract and remove my personal data? thanks
  2. That sounds like a reasonable option. Except I will be abandoning an untaxed, uninsured vehicle onto the public highway. That’s an offence. Vehicle could get towed and crushed and then under tort interference of goods act I could be liable.
  3. Hi, Purchased a vehicle from a trader for £5200 on a credit card. Rejected the vehicle with the trader within 14 days due to multiple failures on the vehicle in addition to it being sold in an unroadworthy condition. The trader refused to refund the money even though accepting my rejection but he wanted me to pay for the original delivery and the return delivery of approx £800. I of course did not accept this and did a section 75 claim. The credit card company did a dispute with the trader and has refunded me the money from the trader. This is where the issue comes to head. I have my original purchase price refunded. The credit card company has not lost their money as they did chargeback under the MasterCard rules. So appears the trader has “lost” the £5200 but now still owns the car on my driveway even though I am the registered keeper. I believe the trader and credit card company owe me a few hundred pounds for my losses suffered such as insurance cancellation, expert report, car tax. The trader refuses to communicate with me even though I have told him many times to come collect the car. What are my options as I need this car off my driveway as it is effecting my wife’s business. Car is not insured and SORN now. Car been on my drive for almost 3 months. Cost to repair car minimum of £3000 just on known faults according to expert report. Thanks
  4. And if our infamous liars Boris and Cummins do this then they can spend a few years in jail under misconduct in public office laws.
  5. Never mind that their signs rarely capable of forming a contract, but their signs and anpr in itself is not GDPR compliant. That is why PE and other ppc allow my appeals every time. Read up on the GDPR and two things stand out, and the court of justice has already ruled on these. One, if there is any alternative to the processing of personal data, especially of a data subject ie the RK that is not even there to view the data processing notification , then that must be used eg barriers such as NCP uses. Two, privacy info cannot be displayed on the same document/signage as other contract info. In almost every occasion they cannot meet these and therefore there is no legitimate reason for the parking charge notice.
  6. Some ideas are good. Some changes are great. This new look forum is not either of those. It’s a terrible layout and interface. Don’t know what platform it is but very poor.
  7. @dx I would agree with you, except we have seen the letter - post 15. And it’s not going in all guns blazing. I simply advised the OP as a starting point to do a SAR to see what has been said about them. Nothing more. They could then make the choice as whether to take it further. 9/10 in my experience starting off with the hint to the other side that the have broke the law leads to them dropping the issue like a hot potato. But in the end it’s the OPs choice
  8. My first post to the OP was based on the fact that the store has given them that letter which states that their details will be recorderd for future court action. Therefore the OP has the option of a SAR to see exactly what the head office, store manager has been told by the security guard. It’s the OPs choice to do that and whether to complain to the ICO or the company for breaching the GDPR. It was meant to offer advice to the OP. No need for snide remarks from anyone.
  9. Strange that. In post 21 you stated ”That letter is prob printed off by the security staff and signed by them without any knowledge of management. All they'll say to store management is ... we caught a shoplifters today and banned them. That's it.” The store manager is surely going to just say that the security guard had informed that the op was caught shoplifting, when the OP phones the store manager. Or was post 21 a mistake?
  10. From a reliable source that works in rlp with some of the large stores. Although in the case of this OP, it’s down to being known by the security and manager. even the ones that don’t keep photos, as you say keep names and address details. Again the GDPR comes into play, and if they haven’t provided the correct info under the GDPR, and haven’t taken the case-by-case evaluation under the GDPR then the keeping of that name and address list is unlawful.
  11. Maybe they do discard the names after a few months. Means nothing. They have not complied with the GDPR even if they keep the details for a couple of hours. Unless they have complied with all the articles I mentioned above. And I can tell you that the large chains have photographs of listed “offenders” that security use to refer to people that hav3 been banned. Not been tested in court under GDPR yet but won’t be too long.
  12. Rubbish. Everyone and every company has to comply with the GDPR. If you have any valid response to my points feel free to raise them so the OP has all the info to hand. But making simple statements that a supermarket can do whatever they feel like to keep a list of banned people without compliance with the GDPR is not helping anyone.
  13. PS I have already used similar to the above against 3 private parking companies and they just withdrew their stupid parking charge notices. Didn’t even need to bother with POPLA. They just escalated to their “legal”teams who knew they on a losing streak and didn’t even want to try test the GDPR in court. Possibly same for the OP from the limited info provided but that’s why the SAR is the first thing to do.
  14. Time you started learning about GDPR. It’s more powerful than you think if you know the law, Let’s see. 1.they need a lawful basis of processing under article 6. The only one is article 6(f). It requires them to have a legitimate reason. They do. It then requires a case-by-case evaluation of their rights against the data subjects rights. Some security guard writing on a form doesn’t meet this requirement. A failure of GDPR. 2. Where did the company get the OP or their husbands personal data from? From a third party ie the security guard or store manager. Therefore requirements under GDPR art 14 must be met. They haven’t probably. A failure. 3.they can share it perfectly fine with a third party as long as their privacy notice, which they have not provided to the OP anyway, states the recipients they can provide the data to. It’s then up to that 3rd party to provide info required under art 14 to themselves be compliant. As they didn’t provided their privacy notice it’s a GDPR failure. 4. They may only process personal data where there is a legitimate and lawful reason. And they may only keep processing for as long as is reasonably justified in all the circumstances. Even the police can only keep people Who have not been convicted personal data for 6 years. A life time ban and keeping the photos and personal data for a lifetime has no chance of being compatible.
  15. And if that’s the case then it’s definitely unlawful processing of personal data. And a claim for damages and distress would easily be obtained.
  16. Your names are your personal data. There must also be other communications, letters, email perhaps where they have used your personal data. Send them a SAR and let’s see what they have stored about you. Even them using your known as names to have given you the letter is using your personal data and they probably have not used it fairly or transparently.
  17. They may ban whoever they want that’s correct. However, you and your husband should both send them subject access request under GDPR and data protection act. Once you get that back, and there is no valid reason for them banning you, instruct them to remove all your and your husbands personal details from their systems. IMO these type of permanent banning restrictions involve the keeping and processing of personal data that exceeds far than what is necessary in all the circumstances. I would also determine from your SAR how they got your personal details, when they obtained them and hit them for a claim for unlawful processing as hopefully and probably they have nor provided the required notification under GDPR article 14.
  18. There are a couple of issues, but still waiting for ICO to get the correct legal advice as I have challenged them and DVLA under the GDPR. I have also challenged parking eye on use of aNPR when they sent me a NTK a few weeks back and they cancelled the pcn. The ICO is also not sure on this point that when using anpr there is no way for the parking company to provide The RK the required notice under GDPR art 13 when the RKs is not the driver and therefore the processing by both the dvla and the parking company is unlawful. So you could use that in your appeal. Plus the GDPR only allows processing when there is no alternative means to achieve the same objectives, and there are alternatives to using anpr which means that they don’t need to process a RKs details, so processing unlawful. As far as your query, they can pass the details on to anyone if it’s in their legitimate interests but only if their privacy notice they should have provided you states they can - so check the NTK for the privacy info and compare it to the GDPR art 14. Also, if they do pass the details on to a debt collection agency, that agency has to write to you within 30 days and provide you with their privacy notice which must contain the details under GDPR art 14. In both cases they can have the basics of the GDPR art 14 info on the NTk and letter as long as it then directs you to their privacy notice on their website, and that contains all the rest of the info required By the GDPR.
  19. The PPCs like to quote that reasonable cause gives them rights to a RK personal details. However, the reasonable cause as described in the legislation specification only Allows the SoS to pass on a RKs personal details, it says nothing in it about third parties being obligated to obtain the personal data and thus does not provide them with the justification for obtaining the personal data. The only lawful basis which the PPCs can rely on under the GDPR for obtaining a RK personal details is the legitimate reasons. The CJEU and Eu Data Protection guidance state that in order for processing to be LEGITIMATE it must be in accordance with the law, compliant with ALL the member state’s local laws as well as eu laws. If the basis on which the data is processed is not fully compliant then the processing is unlawful and not fair. Also for the legitimate reasons lawful basis, as case-by-case analysis is required to weigh the RKs right to protection of the personal data against the right of the ppc to enforce their contract. They don’t do this case-by-case checking firstly, and even if they did in most cases they will not have fully complied with one law or the other and thus the processing would not br fair or transparent. The ICO has been trying to dodge this specific issue with me for months now and I am now escalating to the tribunal as the DVLA relying on the statutory obligation basis of the GDPR is incorrect, and the PPC that processed my data as the RK without doing the relevant case-by-case review and not fully complying with PoFA and the CRA and contract law, and BPA code of practice means that my data was not lawfully processed.
  20. DX, same as a PPC invoice is not a fine, the requesting of a RK details without legitimate reasons is not lawful. Legitimate is not as the ppcs would like in that they have legitimate reason to manage and control parking at a site, legitimate is as defined by the EU data protection body and the CJEU in that it must be lawful and fully comply with all the member states laws, etc. In case of PPCs, to be compliant with GDPR, PoFA, CRA, etc I have yet to see one and they are all non GDPR compliant and thus any processing of a RK data is not transparent or lawful.
  21. That is not entirely correct. The GDPR would require explicit consent for photos of this type that is totally unrelated to the performance of the job no matter what the employment contract states.
  22. The CMA has started action against various of these companies I think entirely possible to take the UK ltd and the EU office to court. They are purely an agent of the hotel as they take the payment. Imo
  23. Hi, they are incorrect IMO. they cannot state that any action can only take place under Dutch law. see the CJEU case in Helga Löber v Barclays Bank plc, http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d8e7c9e59f136f4ee2b4c9fa8a022e559b.e34KaxiLc3qMb40Rch0SaxyPaxb0?text=&docid=205609&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=518663 of relevance: article 5(3) of Council Regulation (EC) No 44/2001 of 22 December 2000; Article 5(1) and (3) of that regulation provides as follows: ‘A person domiciled in a Member State may, in another Member State, be sued: (1) (a) in matters relating to a contract, in the courts for the place of performance of the obligation in question;
  24. Look at the letter from Zenith and see if it has anything on it about data protection. Then compare that with article 14 of the GDPR. If the required information is not on there, and 30 days have passed, then Zenith have unlawfully processed your personal data and you can claim against them under the GDPR.
  • Create New...