One.com's Blatant Disregard For Data Protection & Customers' Privacy
October 18, 2017 10:32 PM
For around ten years I've been recommending the domain and hosting company One.com to many of my friends and clients. In fact, one client who I signed up to One.com around six years ago has caused me a little bit of annoyance over the last few weeks.
It seems this client hasn't paid their bill and owe One.com money for their hosting. How do I know this? Because unbelievably One.com sent me an email telling me about the former client of mine's inability to pay their bills, despite the fact I am not an authorised admin of their account.
Furthermore, One.com shouldn't have been contacting me via the email address they used, as I removed it from their system at the time I set up the account and handed it over to my client, therefore withdrawing their consent to contact me via this contact method.
So, I contacted One.com's support team and said "this email is not intended for me" and I asked them to remove my email address from their system. To my amazement, they came back and refused to. They told me the owner of the account needs to remove my details. This is not the case, data protection law states that if an individual requests to have their information removed from a company's database then the company must oblige.
The law also states that personal data should be retained for no longer than necessary, and that inaccurate personal data should be corrected or deleted. So, as I had already removed my email address from the account, six years on it should have been completely removed from One.com's database.
In May next year, the General Data Protection Regulation (GDPR) comes into effect. One of the key things a company must do in order to be compliant is erase an individuals personal data upon request if the data is incorrect, out-of-date, or if consent has been withdrawn.
Failure to comply with these new regulation can result in a fine of up to 4% of the annual worldwide turnover of the company or €20m, whichever is greater.
Although the new regulations don't come into effect until May, the rights of an individual in the case of my dispute with one.com haven't changed. GDPR just ensures that companies are compliant and imposes a new harsher penalty, the fine, for those who fail to comply.
With that threat of a terrifying €20m fine fresh in our minds, I ask you, how would you have handled my query? Here's my full conversation with One.com's infuriating support team...
We are unfortunately still registering an outstanding amount on your One.com account, even though more than 200 days have elapsed since we last contacted you concerning the outstanding amount.
We have terminated your subscription which means that we are no longer handling your domain. This means that you risk losing your domain.
We would like to inform you that the outstanding amount must still be paid.
Additional cost and interest on arrears will have to be paid for, in case we already forwarded the issue to our debt collection agency.
This email is not intended for me. Surely sending me information on monies in arrears for someone else's account is a major breach of privacy? Not to mention the fact you shouldn't have this (old) email address of mine on file.
In accordance with data protection law, please could you remove my contact details from this account to ensure I'm not contacted about this again as it is someone else's private business.
You are receiving the notification emails from us because your email is the registered email address listed with us.
If this is an old email account then the owner should have updated it with us in order for us to be able to send the details to the correct email account.
If you have any questions or need any help at all, please do not hesitate to reply to this email or visit our website and chat with us!
That's not the case. This account was handed over to a local business about six years ago and the email address I used to set up for them was REMOVED from the account. Since then I haven't received a single email about this account so therefore it cannot be the registered email address listed with you, and for the last six years the annual renewal emails will have been going to someone else.
Firstly, I request that, in accordance with data protection law, you remove my email address from this account. This should have been done years ago. You don't have my permission to contact me using an old email address, once I have deleted it from an account and your system.
Secondly, you are telling me about a STRANGER's failure to make a payment to you, this is a local business who I have no contact/connection with. It's really worrying that you would share the billing information of one of your customers with me, as I am not authorised to act on that company's behalf. This is a massive breech of trust and privacy.
I ask again, please remove my details from your database so that I am not contacted in future. If I receive further email from you in connection with this account then I will be forced to make a complaint to the Information Commissioner's Office as I consider this to be a breech of data protection law on two counts.
We understand that you wish for your email address to be removed on our records. However, in order to change the registered email address of the account, the owner can request it by filling out the Change Contact Details form. We cannot just remove the email address on the account without the form.
If you have any questions or need any help at all, please do not hesitate to reply to this email or visit our website and chat with us.
You're saying my email address is the registered address on the account, so does that mean I can log in and change it?
If not, I don't know who the owner is anymore and if they haven't paid their bill they might have left the country or died or anything.... so where does this leave me?
As you are operating in the United Kingdom, does this mean you comply with UK law? The Data Protection Act states that I have "a right to have inaccurate personal data rectified, blocked, erased or destroyed." Please could you exercise this right in accordance with UK law and remove my data and stop sending me further emails in connection with this account.
We will forward your concern to the admin and we will get back to you once we received an update from them.
Sorry, what do you mean by "the admin"? Is this someone in your team?
I'm really not concerned about the answer from "the admin", I'd just like you to stop emailing me which is my right in accordance with data protection law.
If you cannot confirm that my details have been removed in your next email, then I will be forced to report this as an official complaint to the Information Commissioners Office.
I work in this industry and if I had an email from someone asking to be removed from a contact list because the emails were being sent in error, I would immediately remove their details. I don't understand why you are unable to compile with the law in regards to this request.
Please remove my contact details from this account. I have already removed them once, my details have been used to contact me UNLAWFULLY.
We apologise for the inconvenience this has caused.
Please allow us to explain as to why you had received this email. The records show that you are not the current registered owner, however, since the account still has pending invoice which was not paid, we tried to get hold of the customer through email address.
These are the email address used as contact email address for the account. We try to get hold of the customer in any way we can and contacting previous owner is one way as you might still have contact with the customer and you might be able to contact him.
Please rest assured that your email address isn't the current owner email address. However, we cannot remove your email address. You may disregard the email you received.
This is unacceptable.
Why can't you grasp than in accordance with data protection law you have to remove my email address from your database?
You're holding my personal information, I've already removed this information once, yet you are emailing me without consent.
Your rules and process are irrelevant, my request falls under basic data protection law and really someone within your organisation should have a basic grasp of these rules if you're operating within the UK, as you're certainly not exempt from fine imposes by the Information Commissioner's Office.
So, I'll give you two options:
1. Please confirm you have removed my details from my database and that I will receive no other communications in relation to this account.
2. Tell me exactly how I can get my contact details remove. Without me having to track down the owner of the account, which would mean driving 120 miles and knocking on the former business address of the company from six years ago.
Please resolve this to avoid further action.
Your issue has been forwarded to us Customer Care at One.com!
We understand your frustration. We assure you that your satisfaction is our top priority.
All email notifications are automated. So in this case, let me check with our Development team if they can completely remove your email on the system to avoid future notifications. I will get back to you for update.
Customer Care Coordinator
Only two mails were sent to old e-mail-address. Apologies for that.
No more emails will be sent to the old address.
What Makes A British Christmas – A New Book May Have The Answer
December 13, 2017 6:00 AM
The ParaPod Series 3 Review
April 05, 2017 8:27 AM
The ParaPod Series 2 Review
May 03, 2016 1:48 AM
The ParaPod Podcast Review
December 23, 2015 7:33 AM
Glowing Snake-Like UFO Caught Over California
June 16, 2019 6:00 AM
Review: 'Dybbuk Box - True Story Of Chris Chambers'
June 15, 2019 6:00 AM
Most Haunted At Hereford Shire Hall
June 14, 2019 6:00 AM
First Look At 'The Shining' Sequel: Doctor Sleep
June 13, 2019 8:00 PM
New Ghost Hunting Game Featured At E3 Gaming Conferences
June 13, 2019 6:00 AM
Dobby-Like Elf Captured On CCTV Footage
June 12, 2019 6:00 AM
New Stranger Things Fan Theory Blows-Up Online
June 11, 2019 10:00 PM
You May Also Like