Salesman text me from his personal phoneAm I obliged to obtain quotes for my builder's insurance company?GDPR vs. Copyright for a recommendation letterUsing GDPR against cold-call marketing emailsGDPR - User invitation functionality within learning and development platformHow does GDPR affect a personal web application that uses third parties to authenticate?GDPR - is user social ID personal dataUse of trademark in personal email aliasHow does GDPR apply for normal email communication?False advertising to consumersGDPR Requirements for restricted use corporate webapp
How can I prevent hyper evolved versions of regular creatures from wiping out their cousins?
What's the point of deactivating Num Lock on login screens?
Where does SFDX store details about scratch orgs?
Why "Having chlorophyll without photosynthesis is actually very dangerous" and "like living with a bomb"?
Blender 2.8 I can't see vertices, edges or faces in edit mode
When a company launches a new product do they "come out" with a new product or do they "come up" with a new product?
Is it possible to create light that imparts a greater proportion of its energy as momentum rather than heat?
What is the most common color to indicate the input-field is disabled?
Assassin's bullet with mercury
What to put in ESTA if staying in US for a few days before going on to Canada
If human space travel is limited by the G force vulnerability, is there a way to counter G forces?
Has there ever been an airliner design involving reducing generator load by installing solar panels?
What is the word for reserving something for yourself before others do?
What is the intuition behind short exact sequences of groups; in particular, what is the intuition behind group extensions?
How to draw the figure with four pentagons?
What killed these X2 caps?
How do I write bicross product symbols in latex?
Why can't we play rap on piano?
In a Spin are Both Wings Stalled?
How to take photos in burst mode, without vibration?
I would say: "You are another teacher", but she is a woman and I am a man
AES: Why is it a good practice to use only the first 16bytes of a hash for encryption?
Is it possible to run Internet Explorer on OS X El Capitan?
In Romance of the Three Kingdoms why do people still use bamboo sticks when papers are already invented?
Salesman text me from his personal phone
Am I obliged to obtain quotes for my builder's insurance company?GDPR vs. Copyright for a recommendation letterUsing GDPR against cold-call marketing emailsGDPR - User invitation functionality within learning and development platformHow does GDPR affect a personal web application that uses third parties to authenticate?GDPR - is user social ID personal dataUse of trademark in personal email aliasHow does GDPR apply for normal email communication?False advertising to consumersGDPR Requirements for restricted use corporate webapp
I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".
To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.
I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.
EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.
united-kingdom gdpr european-union
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
|
show 8 more comments
I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".
To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.
I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.
EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.
united-kingdom gdpr european-union
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
9
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
8
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
6
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
2
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
3
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago
|
show 8 more comments
I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".
To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.
I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.
EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.
united-kingdom gdpr european-union
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".
To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.
I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.
EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.
united-kingdom gdpr european-union
united-kingdom gdpr european-union
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
RyanK
asked 2 days ago
RyanKRyanK
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
RyanKRyanK
2715
asked 2 days ago
RyanKRyanK
2715
2715
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
9
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
8
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
6
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
2
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
3
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago
|
show 8 more comments
9
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
8
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
6
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
2
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
3
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago
9
9
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
8
8
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
6
6
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
2
2
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
3
3
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago
|
show 8 more comments
1 Answer
1
active
oldest
votes
This is possibly but not necessarily fine.
The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”
Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.
Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.
A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:
- they do have a BYOD policy and the salesman is acting within their instructions
- the salesman was using a company-controlled device, not their personal phone
If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:
- You can of course complain to the data controller, especially if they have a dedicated data protection officer.
- You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.
- You can sue them for compliance and for actual damages suffered (you have none, though).
Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.
answered 2 days ago
amonamon
71915
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
RyanK is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f38695%2fsalesman-text-me-from-his-personal-phone%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is possibly but not necessarily fine.
The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”
Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.
Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.
A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:
- they do have a BYOD policy and the salesman is acting within their instructions
- the salesman was using a company-controlled device, not their personal phone
If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:
- You can of course complain to the data controller, especially if they have a dedicated data protection officer.
- You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.
- You can sue them for compliance and for actual damages suffered (you have none, though).
Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.
answered 2 days ago
amonamon
71915
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
add a comment |
This is possibly but not necessarily fine.
The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”
Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.
Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.
A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:
- they do have a BYOD policy and the salesman is acting within their instructions
- the salesman was using a company-controlled device, not their personal phone
If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:
- You can of course complain to the data controller, especially if they have a dedicated data protection officer.
- You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.
- You can sue them for compliance and for actual damages suffered (you have none, though).
Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.
answered 2 days ago
amonamon
71915
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
add a comment |
This is possibly but not necessarily fine.
The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”
Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.
Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.
A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:
- they do have a BYOD policy and the salesman is acting within their instructions
- the salesman was using a company-controlled device, not their personal phone
If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:
- You can of course complain to the data controller, especially if they have a dedicated data protection officer.
- You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.
- You can sue them for compliance and for actual damages suffered (you have none, though).
Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.
answered 2 days ago
amonamon
71915
This is possibly but not necessarily fine.
The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”
Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.
Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.
A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:
- they do have a BYOD policy and the salesman is acting within their instructions
- the salesman was using a company-controlled device, not their personal phone
If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:
- You can of course complain to the data controller, especially if they have a dedicated data protection officer.
- You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.
- You can sue them for compliance and for actual damages suffered (you have none, though).
Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.
answered 2 days ago
amonamon
71915
answered 2 days ago
amonamon
71915
answered 2 days ago
amonamon
71915
answered 2 days ago
amonamon
71915
71915
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
add a comment |
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.
– RyanK
2 days ago
13
13
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.
– alephzero
2 days ago
4
4
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.
– amon
2 days ago
add a comment |
RyanK is a new contributor. Be nice, and check out our Code of Conduct.
RyanK is a new contributor. Be nice, and check out our Code of Conduct.
RyanK is a new contributor. Be nice, and check out our Code of Conduct.
RyanK is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Law Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f38695%2fsalesman-text-me-from-his-personal-phone%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
9
This must be the most modern-day-British thing I've read today.
– Tobias Weiß
2 days ago
8
So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?
– MonkeyZeus
2 days ago
6
You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.
– Davor
2 days ago
2
@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.
– MonkeyZeus
2 days ago
3
@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.
– Davor
2 days ago