Jump to content


  • Tweets

  • Posts

    • The move marks the first time the country's central bank has raised interest rates for 17 years.View the full article
    • The move marks the first time the country's central bank has raised interest rates for 17 years.View the full article
    • The firm has benefited from the AI boom, making it the third-most valuable company in the US.View the full article
    • Former billionaire Hui Ka Yan has been fined and banned from the financial market for life.View the full article
    • In terms of "why didn't I make a claim" - well, that has to be understood in the context of the long-standing legal battle and all its permuations with the shark. In essence there was a repo and probable fire sale of the leasehold property - which would have led to me initiating the complaint/ claim v SPF in summer 19. But there was no quick sale. And battle commenced and it ain't done yet 5y later. A potential sale morphed into trying to do a debt deal and then into a full blown battle heading to trial - based on the shark deliberately racking up costs just so the ceo can keep the property for himself.  Along the way they have launched claims in 4 different counties -v- me - trying to get a backdoor B. (Haven't yet succeeded) Simultaneously I got dragged into a contentious forfeiture claim and then into a lease extension debacle - both of which lasted 3y. (I have an association with the freeholders and handled all that legal stuff too) I had some (friend paid for) legal support to begin with.  But mostly I have handled every thing alone.  The sheer weight of all the different cases has been pretty overwhelming. And tedious.  I'm battling an aggressive financial shark that has investors giving them 00s of millions. They've employed teams of expensive lawyers and barristers. And also got juniors doing the boring menial tasks. And, of course, in text book style they've delayed issues on purpose and then sent 000's of docs to read at the 11th hour. Which I not only boringly did read,  but also simultaneously filed for ease of reference later - which has come in very handy in speeding up collating legal bundles and being able to find evidence quickly.  It's also how I found out the damning stuff I could use -v- them.  Bottom line - I haven't really had a moment to breath for 5y. I've had to write a statement recently. And asked a clinic for advice. One of the volunteers asked how I got into this situation.  Which prompted me to say it all started when I got bad advice from a broker. Which kick-started me in to thinking I really should look into making some kind of formal complaint -v- the broker.  Which is where I am now.  Extenuating circumstances as to why I'm complaining so late.  But hopefully still in time ??  
  • Recommended Topics

  • Our picks

    • If you are buying a used car – you need to read this survival guide.
      • 1 reply
    • Hello,

      On 15/1/24 booked appointment with Big Motoring World (BMW) to view a mini on 17/1/24 at 8pm at their Enfield dealership.  

      Car was dirty and test drive was two circuits of roundabout on entry to the showroom.  Was p/x my car and rushed by sales exec and a manager into buying the mini and a 3yr warranty that night, sale all wrapped up by 10pm.  They strongly advised me taking warranty out on car that age (2017) and confirmed it was honoured at over 500 UK registered garages.

      The next day, 18/1/24 noticed amber engine warning light on dashboard , immediately phoned BMW aftercare team to ask for it to be investigated asap at nearest garage to me. After 15 mins on hold was told only their 5 service centres across the UK can deal with car issues with earliest date for inspection in March ! Said I’m not happy with that given what sales team advised or driving car. Told an amber warning light only advisory so to drive with caution and call back when light goes red.

      I’m not happy to do this, drive the car or with the after care experience (a sign of further stresses to come) so want a refund and to return the car asap.

      Please can you advise what I need to do today to get this done. 
       

      Many thanks 
      • 81 replies
    • Housing Association property flooding. https://www.consumeractiongroup.co.uk/topic/438641-housing-association-property-flooding/&do=findComment&comment=5124299
      • 160 replies
    • We have finally managed to obtain the transcript of this case.

      The judge's reasoning is very useful and will certainly be helpful in any other cases relating to third-party rights where the customer has contracted with the courier company by using a broker.
      This is generally speaking the problem with using PackLink who are domiciled in Spain and very conveniently out of reach of the British justice system.

      Frankly I don't think that is any accident.

      One of the points that the judge made was that the customers contract with the broker specifically refers to the courier – and it is clear that the courier knows that they are acting for a third party. There is no need to name the third party. They just have to be recognisably part of a class of person – such as a sender or a recipient of the parcel.

      Please note that a recent case against UPS failed on exactly the same issue with the judge held that the Contracts (Rights of Third Parties) Act 1999 did not apply.

      We will be getting that transcript very soon. We will look at it and we will understand how the judge made such catastrophic mistakes. It was a very poor judgement.
      We will be recommending that people do include this adverse judgement in their bundle so that when they go to county court the judge will see both sides and see the arguments against this adverse judgement.
      Also, we will be to demonstrate to the judge that we are fair-minded and that we don't mind bringing everything to the attention of the judge even if it is against our own interests.
      This is good ethical practice.

      It would be very nice if the parcel delivery companies – including EVRi – practised this kind of thing as well.

       

      OT APPROVED, 365MC637, FAROOQ, EVRi, 12.07.23 (BRENT) - J v4.pdf
        • Like
  • Recommended Topics

DSAR Opos Ltd ***Settled in Full***


style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 1980 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Well here's another company failing to adhere to the GDPR

 

I requested a DSAR from Opos on 23/06/18 and have just received the following email -

 

Dear XXXXX

 

I am in receipt of your below email and I have noted the contents accordingly.

 

In order for us to proceed with your request, please complete the attached form and return this, along with the requested documentation, to this email address.

 

Once the completed form and requested documentation is received, we will progress with your request.

 

Regards,

 

Rob Sands

Data Protection Officer

 

So they are failing by asking me to fill out their form and asking for ID even though they have previously contacted me by email and I have raised complaints with them by email. ( its an email address I only use for this sort of stuff so don't care if they have it)

 

Ive let them know that if they continue to ask me to fill out their form and request ID I shall be reporting them to the ICO and if they fail to send me the required info within the 30 Days then I reserve the right to issue proceedings against them

Link to post
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hi Jon8214

 

What does their form consist off?

They still need to verify your I if they send you a DSAR under GDPR.

But there are limits to how restrictive the can be...

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

Hi fk, ill attach the form below,

when I requested the SAR I used bank fodders one,

plus they are stating that their 30 days doesn't start until they receive the info,

I sent the SAR to them on 26/6

 

I know they can ask for id if there aren't sure of who I am but as I said above I have communicated with them before from this email address about various issues including complaints, so as far as I'm concerned they know who I am.

OposCom0018_DataSubjectAccessRequestForm.pdf

Link to post
Share on other sites

Understandable... Much more can be derived from a DSAR then a simple email etc

Their form is overly restrictive. I recognise the Rob Sands name... Could he be Ex MMF?

 

Essentially their form isnt fit for purpose and is too many hoops to jump through. A simple letter saying what you require with Passport should suffice.

I did a DSAR with the DWP recently to test under GDPR and amazingly didnt need any ID but they spoke to me over the phone...

 

Thats my take however BF is on the thread... Let him assist to :)

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

Lanturn and OPOS have no link - However i do know Lanturn did purchase a Scottish based DCA

But Old Sandy stepped down from MMF sometime ago...

 

COI? No - But the industry does make me laugh... I had the pleasure of visiting Intrum's HQ the other day...

They have a big notice on the door - No Mobiles can be used beyond this point... But the offices they work in are all Glassed into the main atrium with other companies... You can see what everyone is doing along with their Screens :rofl:

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

  • 2 weeks later...

Hi FK, Opos's 30 days is up on Monday and I don't think they are going to comply, do you think I should email Mr Sands my LBA on Tuesday morning ?

 

I was thinking of giving them 48 hrs as they have already had 30 days to comply

 

Whats your thoughts on this?

Link to post
Share on other sites

I will go to ico as well, but I find them to be swamped and nothing is getting done by them at the minute

 

plus I also want this company to feel some pain after all the crap they put me through few years back

Link to post
Share on other sites

I think that as per the Direction on pre-action conduct, you need to give them 14 days to comply. https://www.justice.gov.uk/courts/procedure-rules/civil/rules/pd_pre-action_conduct

 

If you are seeking monetary compensation for their breach of the GDPR, it doesn't matter if they send you the requested information, they've already breached the GDPR by asking you to fill in a form and by failing to provide the information within the 30 day time limit. Your rights have already been breached and their belated compliance shouldn't extinguish your claim for compensation. At most it can only mitigate it.

Link to post
Share on other sites

  • 2 weeks later...

Well Opos did not act on my DPA but have replied with the following letter after being issued with the Court Claim.

 

Mr XXX

 

The court paperwork has been received and shall be vigorously defended.

 

You have refused to provide us with any identification to prove your identity and have further refused to clarify which information you require, whether you require any further information on the subject of collection and processing of data and whether it is likely to be covered by CCTV or not.

 

You may consider this request extraneous or superfluous, but we do not.

 

We take the protection of our client and customer data very seriously and are acting well within our remit to ensure the individual requesting the information is the data subject prior to disclosing that information.

 

If you refuse to provide that, that is your prerogative. It is my prerogative as Data Protection Officer of this organisation to reasonably request such information.

 

We could avoid this unnecessary court proceeding by you simply proving you are the data subject in question.

 

Should you wish to do so, please arrange for the return of the SAR form at your earliest convenience.

 

All email correspondence shall be retained, where necessary, to protect our legal interests.

 

Regards

 

Rob

Link to post
Share on other sites

Oh bless Sands got his knickers in a twist...

Right... What ID have they asked for and have you provided any to them? It's just they seems to suggest you haven't sent them anything. Mm

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

I haven’t sent them any id, because my argument to that is they have been contacting me by email and have responded to complaints

 

The request I initially sent the bankfodders sar request

Link to post
Share on other sites

here's my POC

 

1) On 23/06/18 the claimant sent Mr Rob Sands, the Data Protection Officer, of Opos Limited a Data Subject Access Request (DSAR) under Chapter 3 Article 15 of the General Data Protection Regulations 2018 (GDPR).

2) Under the GDPR Mr Sands had 30 days to supply the required information. To date Mr Sands is in default of this request.

3) Under Chapter 8 Article 82 of the GDPR the claimant claims £250 for damages and distress due to Mr Sands failure to provide the required information.

 

I am going to be relying on case law which I don't want to put public for the justification of the amount. I will pm you it

 

He is also saying they are not the data controller but they are the Data Processor, I know Opos are owned by Kapama and Mr Sands is the registered DPO for Kapama also

Link to post
Share on other sites

here his other email -

 

It is correct to say we have sent you information by email but not all information we hold, and your request is specifically for all information is it not?

 

Furthermore, I think you are mistaking Opos Limited as the Data Controller when it is in fact the Data Processor.

 

To confirm:

 

If you only require information that has already been sent to you by email please confirm and we will reissue this information - although if you already have it I would question why it is needed again.

 

If you require information that has not already been disclosed by email, then please complete the form and provide the relevant ID.

 

Your original email specifically states “If there is specific information which you require in order to satisfy yourself as to my identity, please let me know by return..” and yet you now refuse to provide this information and have found it necessary to instigate civil proceedings against the Data Protection Officer of a Data Processor and not a Data Controller.

 

Should you wish to retract your claim immediately, and avoid my counterclaim please contact me to discuss this.

Link to post
Share on other sites

here his other email -

 

It is correct to say we have sent you information by email but not all information we hold, and your request is specifically for all information is it not?

 

Furthermore, I think you are mistaking Opos Limited as the Data Controller when it is in fact the Data Processor.

 

To confirm:

 

If you only require information that has already been sent to you by email please confirm and we will reissue this information - although if you already have it I would question why it is needed again.

 

If you require information that has not already been disclosed by email, then please complete the form and provide the relevant ID.

 

Your original email specifically states “If there is specific information which you require in order to satisfy yourself as to my identity, please let me know by return..” and yet you now refuse to provide this information and have found it necessary to instigate civil proceedings against the Data Protection Officer of a Data Processor and not a Data Controller.

 

Should you wish to retract your claim immediately, and avoid my counterclaim please contact me to discuss this.

 

Kapama and OPOS are one and the same company. Yes different entities but collectively under the OPOS Group... Doesnt fly Mr Sands. Collectively as a group they are a Data Processor and Data Holder so under your DSAR to OPOS you can request info held with sister companies too - So that part also doesnt fly Mr Sands... And this ladies and gents is the DPO for a stupid DCA...

Its not required to fill out the form as that is very restrictive.

 

They are making you fill out that form to get your info... What you can do is send a letter / email explaining what info you require... And you dont have to fill out any compulsory form... ID may be required and i see why this may be an issue to comply with from their side... However you are quite right, if they have already sent you information pertaining to you as a Data Subject then they shouldnt have any issue providing this information to you...

 

Should we provide a specially designed form for individuals to make a subject access request?

Standard forms can make it easier both for you to recognise a subject access request and for the individual to include all the details you might need to locate the information they want.

 

Recital 59 of the GDPR recommends that organisations ‘provide means for requests to be made electronically, especially where personal data are processed by electronic means’. You should therefore consider designing a subject access form that individuals can complete and submit to you electronically.

 

However, even if you have a form, you should note that a subject access request is valid if it is submitted by any means, so you will still need to comply with any requests you receive in a letter, a standard email or verbally.

 

Therefore, although you may invite individuals to use a form, you must make it clear that it is not compulsory and do not try to use this as a way of extending the one month time limit for responding.

 

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

Thanks Fk, that was my understanding of the GDPR

 

you don't have to send individual DSARs to all companies in the same group you can send one and they have to disclose all info for all the groups especially when there is one DPO for them, the only thing is I've seen this somewhere in the legislation but I can't remember for the life of me where I saw it, have you any idea?

 

I just needed some reassurance on the ID bit but I was sure I was covered by them having emailed me previously and me raising complaints thought he same email address and them replying to the complaint

 

Going to let this run and start pulling together my WS - its going to contain the relevant bit of legislation, emails to/from Opos, ICO guidelines and the case law I'm relying on for the compensation

 

I will post it up here for checking when I have compiled it and would appreciate anyones input to it

 

I think Mr Sands is trying to bully me by saying counterclaim but in my eyes my case is open and shut according to the relevant legislation

Link to post
Share on other sites

https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf

 

This maybe helpful... Have a look at data processor and data controllers...

Technically if they have already identified you then yes this is valid IMHO - If you ask for the information electronically which you can do - Then whats the difference between sending out a CCA / Statement if they already have etc against sending them all out as part of a DSAR Bundle. Common Sense Application Even Though DCAs Are Nonsensical.

 

And thats fine... I dont normally get involved with Court Cases and WS etc. because its not my strong point - But... Im happy to learn and help with it...

TBH with you GDPR has made Data Protection worse as its so hard for companies to be fully compliant. But lets see how this goes... I would love to knock Mr Sands off his perch :)

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

here's and except from Opos's Privacy policy -

 

Accessing Your Data

You have the right to see the personal data relating to you that we hold. As a data processor we will forward your request to the relevant data controller for completion.

 

So they have failed under their own policy and how can they pass it to a controller whenever the controller and processor DPO is the same person?

 

They also have previously sent me statements and the CCA by email to the same address

Link to post
Share on other sites

Lol - I think this random picture ... Erm is most applicable in this case...

Simply they cant use this veil... MAke sure you get the titles of Mr Sands under both firms... Just for clarity and for other readers, this isnt a witch hunt... This is more a firm trying to avoid its responsibilities under GDPR

 

As for other stuff...

 

How should we provide the data to individuals?

 

If an individual makes a request electronically, you should provide the information in a commonly used electronic format, unless the individual requests otherwise.

The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information (Recital 63). This will not be appropriate for all organisations, but there are some sectors where this may work well.

n-508653049-628x314.jpg

 

We could do with some help from you.

 

Have we helped you ...?         Please Donate button to the Consumer Action Group

 

**Fko-Filee**

Receptaculum Ignis

 

Link to post
Share on other sites

I've downloaded copies of both Kapama and Opos privacy policy and in Kapama the email address of their DPO is - [email protected] lol

 

they have tied themselves in knots my only problem is trying to get this all across to the judge in my witness statement.

 

Ive grown a healthy dislike to Sands as he seems to be full of himself and a bit of a bully, but I can take it and believe me by the end of it he'll wish he never crossed me lol

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...