I asked this company to close and delete my account, and they replied that they have closed it. They use a type of ticket system where you need to log in to their site to see replies.

I wanted to reply, to ask if they also have deleted my data, instead of just closing the account. In order to contact them, they will create a new account SMH

  • Terces@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    ·
    2 months ago

    They have to list their legal contact. Write them an e-mail there and quote the GDPR. Request a confirmation.

    • cosmicrookie@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      21
      ·
      2 months ago

      I’ve done that a few times yeah with other cases. This is just the first time that i see someone create an account just for contacting them

      • Rosoe@fedia.io
        link
        fedilink
        arrow-up
        15
        ·
        2 months ago

        Aye it’s ass. Even the temp mail idea is flawed because at some point you need to confirm your identity/ownership of the account.

        I did a huge GDPR cleanup of various accounts I owned based on what I had and wanted gone from my password manager at the time. A mix of:

        • Please fill out this pdf with all your details of all the information you want deleted. If we can’t find the data base don that form then it’s on you. (Unnecessary amount of work. Solution, report to national GDPR Rep for obfuscation.)
        • Non-response from any active email. (Illegal for companies with operation sin the EU. Report to national GDPR rep for non0compliance.)
        • Did not respond for 30 days (Illegal for companies with operation sin the EU. Report to national GDPR rep for non0compliance.)
        • Asked for an extension to 60 days (Only possible in certain extreme circumstances that they need to prove to you. Report to national GDPR rep.)
        • Asked for copy of passport to confirm identity. (Unnecessary if emailing from the email they have on file. Tell them this. If they don’t delete/ignore report them to national GDPR rep.)
        • Self-service deletion does not work and customer service will only refer you to that self-service. (Report to national GDPR rep.)

        And probably more I don’t remember. Maybe 30% of companies I reached out to actually just deleted it and confirmed as such within 30 days. If you’re doing similar then you’ve got to get good at reporting people to strong arm them, especially if they just no respond after 30 days. Gotta proactively stay on top of that.

        • cosmicrookie@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          When they reply that they have deleted the account, do you assume that they also delete any information that they have stored or that they simply close it and keep the information?

          Personally i want them to delete my email name and other information so that it is not at all in their systems.

          The problem here is, that I can’t write and check, without them creating a new account for that email

          • EddoWagt@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            By the fact that they require an account to contact them, I’m going to assume they keep your data unless explicitly asked to delete it

          • Rosoe@fedia.io
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            So I don’t know the company you’re contacting but this should help: part of GDPR legislation is that you can contact and live email the company has and make your legally mandated demands that your data be deleted under GDPR. If they ask that you create an account to submit a request then you can claim this is unnecessary and obfuscatory to the purpose of deleting account details.

            Make sure you tell them they have 30 days. Make sure you ask for all data related to your email, name, identity, phone numbers, whatever… to be deleted. Quote the parts of GDPR legislation that are relevant to this (it’s actually quite short so worth a read), and send them a link to the national authority you will report them through if they don’t provide a satisfactory resolution in 30 days.

            I did this for Hermes, an atrocious courier company in the UK who I hadn’t used for anything for about 7 years. I got bounced around but eventually got a direct email to their data handlers. They demanded I give them a passport to prove my identity. I told them that the email I’m messaging from is more than enough for them to confirm. No response for 20 days (the timer was ticking from when I first emailed anyone at their company with the request) then they deleted my information right before the deadline and confirmed it with me.

            Bastards, but if you’re committed to reporting them then that seems to be good enough leverage for many crappy companies.