Jump to content


Help !!!! - RBS have no credit agreement but refusing to remove default


Stornoway
 Share

style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 5538 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Hi

 

As part of a claim for refund of charges I recently sent a S78 request to RBS and eventually received a response advising that they couldnt find the agreement and accordingly the debt was "discharged". Unfortunately I have a default on this account so I responded to advise that:

"I have never given agreement for my personal data to be processed and under Point 1 of the Data Protecton Act 'Conditions relevant for purposes of the first principle: Processing of any personal data', a data subject must have given his consent to the processing of any data. Therefore please remove my default and all other records from CRA files otherwise I wil take appropriate court action."

 

Response received last week states that

1. the account has been registered with credit reference agencies.

2. the application has been lost but this does not mean the default entry has to be removed as a customer does not have to have given his consent for such registration (??????????)

3. the bank will only notify a CRA of a default once customer has been sent notice of default and copies of the notices sent to you on xxxx are enclosed

4. the default has been correctly registered and we await details of the court action that will be taken by you.

 

 

Help !!!!!!!!!!! Surely if they have no agreement, then they dont have consent to process data and default must be removed ?

All comments are my personal views - if in doubt then seek professional advice. If you think i've helped then please tip my scales.

Link to post
Share on other sites

Hi

 

eventually received a response advising that they couldnt find the agreement and accordingly the debt was "discharged". Unfortunately I have a default on this account so I responded to advise that:

"I have never given agreement for my personal data to be processed and under Point 1 of the Data Protecton Act 'Conditions relevant for purposes of the first principle: Processing of any personal data', a data subject must have given his consent to the processing of any data. Therefore please remove my default and all other records from CRA files otherwise I wil take appropriate court action."

 

Response received last week states that

1. the account has been registered with credit reference agencies.

2. the application has been lost but this does not mean the default entry has to be removed as a customer does not have to have given his consent for such registration (??????????)

3. the bank will only notify a CRA of a default once customer has been sent notice of default and copies of the notices sent to you on xxxx are enclosed

4. the default has been correctly registered and we await details of the court action that will be taken by you.

 

 

Help !!!!!!!!!!! Surely if they have no agreement, then they dont have consent to process data and default must be removed ?

 

The first bit is obviously good news. But as far as the default is concerned your arguement to them would be that under THE NATURE OF BREACH mentioned in the default notice it refers to a clause blah blah blah and that you are not aware on any such clause that you signed. If anything they would have to remove the default but might argue that the balance will still show on your file without any payment history.IMO

  • Haha 1
Link to post
Share on other sites

Many thanks Humbleman, I have used your link to find the following letter which I have adapted to my circumstances. All feedback on the letter gratefully received !!!

 

Thank you for your letter of 6th March. After scrutiny of all relevant legislation, including the Consumer Credit Act (As Amended), the various Financial Services Acts and the Data Protection Act it is clear that there is absolutely no legislation that allows a lender to collate, process or distribute any information unless there is express written permission from the data subject. In fact, Section 10 of the Data Protection Act awards the real authority, regarding privacy of data, to the data subject, not the Data Controller. The Act is also very clear as to the rights of the data subject in respect of withdrawing permission to continue data processing and disclosure:

10. - (1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons-

(a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and

(b) that damage or distress is or would be unwarranted.

 

However, there are some exclusion provisions for Data Controllers, and Section 10 does continue with various exceptions to subsection (1) above, and these are quoted, in full, below:

10. - (2) Subsection (1) does not apply-

(a) in a case where any of the conditions in paragraphs 1 to 4 of Schedule 2 is met,

or

(b) in such other cases as may be prescribed by the Secretary of State by order.

To paragraph (b), I can only presume that RBS has not applied to HM Secretary of State for an order allowing you an exclusion, which leaves RBS with the only remaining possibility of requesting an exemption under paragraph (a). So, we must turn to the exemptions permitted in paragraph (a) to find where RBS may invoke a perceived exemption to the DPA, namely, those listed in paragraphs 1 to 4 of Schedule 2. I have reproduced these exemption paragraphs, in full, below:

1. The data subject has given his consent to the processing.

2. The processing is necessary-

(a) for the performance of a contract to which the data subject is a party, or

(b) for the taking of steps at the request of the data subject with a view to entering into a contract.

3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.

4. The processing is necessary in order to protect the vital interests of the data subject.

 

It is my contention that RBS’ supposed right of obtaining an exemption is not contained within any of these paragraphs. I have followed each in turn with my notation to give a clearer explanation, should there be any lack of clarity.

1. The data subject has given his consent to the processing.

As far as I am aware I have never given my consent.

2. The processing is necessary-

(a) for the performance of a contract to which the data subject is a party, or

(b) for the taking of steps at the request of the data subject with a view to entering into a contract.

For (a), there is no contract being performed, and for (b), RBS and I are not entering into any form of contract, and certainly not at my request.

3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.

According to the Information Commissioners Office (I.C.O.), exemption 3 includes all other statutory obligations for which the interests of national security and welfare override personal privacy. These obligations allow for the provision of data to Official agencies and organisations, e.g. disclosure to crime prevention agencies (Police, Intelligence Services, etc), official Government agencies (DVLA, DSS, Passport Agency, etc.) and health authorities, etc. and for any other purpose not agreed within a civil contract. We all know that the three major credit reference agencies are not Government bodies, nor official agencies, but for-profit companies. None of these three agencies are listed in the appropriate DPA Schedule that names the specific organisations that are permitted any such exemption rights.

4. The processing is necessary in order to protect the vital interests of the data subject.”

With reference to the I.C.O. again, this is interpreted as anything that affects the data subject as a matter of life and death. This clause is included in the DPA to permit data, like medical records or contact details, being disclosed in emergency situations. I do not believe that my former account details could be described as anything like a matter of life or death.

 

So, it is clear to see that there is neither statutory provision permitting RBS to assume processing rights of my data at your discretion, nor any exemption.

I have no recollection of having given my permission for you to process my data. You are no doubt aware that any non-agreed disclosure of personal data to third parties, without express written permission, is a criminal offence under Section 35, of the DPA.

However, if I am mistaken, and a contract did, indeed exist permitting disclosure of my personal data then you must provide me with a copy of those signed terms indicating where I have agreed to them. This should be sent to me as one of your enclosures, if you wish to contest the enclosed Statutory Notice. You should be aware that you have, by statute, twenty-one days in which to either comply with my Notice, or give written notice stating your reasons and why you consider the Notice unjustified.

 

In summary, I am formally instructing you, as an authorised officer of the Bank, from this day onwards, to:

1) cease to continue storing, processing or communicating my data;

2) remove all such data from automated process systems, as per the provisions of Part II, Section 12 (1) of the Data Protection Act, namely:

(1) An individual is entitled at any time, by notice in writing to any data controller, to require the data controller to ensure that no decision taken by or on behalf of the data controller which significantly affects that individual is based solely on the processing by automatic means of personal data in respect of which that individual is the data subject for the purpose of evaluating matters relating to him such as, for example, his performance at work, his creditworthiness, his reliability or his conduct.

Of particular note is the Acts own term “his creditworthiness”;

3) cease to disclose any data to any third party including, but not restricted to, Equifax plc, Experian Ltd and Callcredit plc; and

4) instruct Equifax plc, Experian Ltd and Callcredit plc to remove all data pertaining to your records on me, to the extent that no data entry in relation to RBS Group plc will exist on my credit files.

 

Any failure on your part to adhere to these statutory timescales will automatically be interpreted as your non-compliance with the legal procedure. In that case, you will be expected to unconditionally comply with my Statutory Notice or I shall have no alternative but to refer the matter to the Court to seek an Order to that effect. Should it be necessary to refer the matter to the Court, then I shall also apply for Court fees and legal costs against the Bank. I shall also reserve the right to seek redress for damages as per the remit of the DPA.

 

I trust that I have made my position clear, and that RBS will now make a serious effort to understand its legal obligations and effect the changes requested. Should you be in any doubt as to the Banks obligations as a Data Controller, then I would advise that you consult your corporate counsel.

 

In any event, I shall expect a written confirmation from you acknowledging the contents of this letter within 5 working days, as per the requirements of section 15.3 of the Banking Code.

Please confirm by return that you will arrange for all information to be removed from Credit Reference Agency files.

I look forward to hearing from you.

 

Yours faithfully,

All comments are my personal views - if in doubt then seek professional advice. If you think i've helped then please tip my scales.

Link to post
Share on other sites

The Act is also very clear as to the rights of the data subject in respect of withdrawing permission to continue data processing and disclosure:

 

This line worries me a bit. It might suggest that you did at one time give them permission to process your data.

 

I think you should be aware that this excellent template was for an individual that did actually have a credit agreement in the first place, unlike yourself where the existance of such an agreement has not been proven.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...