To ‘customerservices@craghoppers.com’
Date Mon 18/04/2011 15:45
Dear Sir
My address is xxxxxxxxxxxxxxxxxx. If you require anything further to validate this request please tell me.
Please supply me with any personal data you hold on me particularly about the mailing I have just received from you with the media code CE14 and 51574/38122A 516 in the right hand corner of the label.
Please tell me from where you obtained my address. This includes “any information available to the Data Controller as to the source of those data”. (Section 7 (1) (c) (ii) of Data Protection Act 1998).
Regards
Dear Mr xxxxxxxxx
Thank you for your recent email. The only information on our system is your name, address and details of an order you recently placed with us. It appears that until you placed this order none of your details were on our systems, this would indicate that the mailing data for the catalogue you received was sourced from a third party whom you have given permission to share your data. Your account now on our system does not have any mailing options activated.
If we can be of any further assistance please do not hesitate to contact us.
Kind regards
Craghoppers Customer Service Team
Hmmm. This says (I think) that until I bought a shirt (I’m a sucker for shirts) on Monday 18th April at 1552 they didn’t have any personal data on me at all. How then did they send me a catalogue?
I didn’t ask for my mailing options to be de-activated.
I never give my permission for a 3rd party to share my data (I am a DP freak)
It seems someone out there who is not Craghoppers sent me a Craghoppers catalogue. Hmmm… there’s work to do. Little did I realise it would mean many subject access requests and a story of subterfuge and data sharing…
Read more at http://www.actnow.org.uk/media/articles/sar2012.pdf
