Got something to say or just want fewer pesky ads? Join us... 😊

Data Protection Law-Anyone know their onions on this law?



pastafarian

Well-known member
Sep 4, 2011
11,902
Sussex
let me get this straight from the outset, this is a silly first world problem but is this excuse using data protection legislation correct?

Have been shopping at tesco for a while now to get points to convert to avios.
every reward cycle I get a letter from tesco saying your points cant be transferred because your tesco registered address and avios registered address don’t match.
I phone up tesco every few months,go through a long winded pavlova where the girl says thats odd it looks ok,we will call you back pasta. No one ever calls back.

This week after another phone call tesco finally called back


Tesco: wassssup pasta?
Pastafarian: im fine thanks
Tesco: look, we phoned avios to sort out your shit and we both agree the address thingy is ballocks….they match no problem bruv
Pastafarian: nice one,so you will transfer the points over so I can get airmiles then
Tesco:No cant do that the computer says no
Pastafarian: ok then whats the problem?
Tesco: Don’t know really
Pastafarian: what did avios say the problem was.
Tesco: they didn’t say anything,we cant discuss your problem further due to data protection law
Pastafarian: but you discussed my address problem though…..you are balls deep already….finish the job
Tesco: Yes we did,you gave us verbal permission though to address the problem surrounding the linking of your address
Pastafarian: ok,I give you verbal permission to sort out any issues surrounding the linking of my tesco account with my avios account.
Tesco: sorry we cant discuss you amongst ourselves it would contravene data protection laws.
Pastafaian:But I give you permission like
Tesco: haha…..nice try tosser,we are tesco…..we rule the world…..**** you.
Pastafarian: no **** you we are top of our league….where are you?

artistic licence used

Is this the correct use of data protection law?
 
Last edited:




Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,530
The arse end of Hangleton
No it's not is the straight answer. Too many businesses spout crap about the DPA. At a very high level the DPA is there to protect how your data is used and to ensure it is secure. If they have carried out sufficient checks to prove who you are then the DPA becomes irrelevant. In this case they've contradicted themselves - if they are unsure enough to discuss your issue with you then potentially they've broken the DPA by discussing your address with you - they can't have it both ways.

I'd be contacting this lady - Katie.McQuaid@uk.tesco.com - she's the Director of Tesco Clubcard. You might want to point out she needs to provide proper training to her staff on the DPA.
 


pastafarian

Well-known member
Sep 4, 2011
11,902
Sussex
No it's not is the straight answer. Too many businesses spout crap about the DPA. At a very high level the DPA is there to protect how your data is used and to ensure it is secure. If they have carried out sufficient checks to prove who you are then the DPA becomes irrelevant. In this case they've contradicted themselves - if they are unsure enough to discuss your issue with you then potentially they've broken the DPA by discussing your address with you - they can't have it both ways.

I'd be contacting this lady - Katie.McQuaid@uk.tesco.com - she's the Director of Tesco Clubcard. You might want to point out she needs to provide proper training to her staff on the DPA.

holy cow, have to love NSC,will send her an email,would like to hear her views on their company data protection procedures as well as getting my airmiles
 


albionite

Well-known member
May 20, 2009
2,762
You should quote the above conversation word to word to her, well at least inform her we are top of the league!
 


Goldstone1976

We Got Calde in!!
Helpful Moderator
NSC Patron
Apr 30, 2013
14,125
Herts
No it's not is the straight answer. Too many businesses spout crap about the DPA. At a very high level the DPA is there to protect how your data is used and to ensure it is secure. If they have carried out sufficient checks to prove who you are then the DPA becomes irrelevant. In this case they've contradicted themselves - if they are unsure enough to discuss your issue with you then potentially they've broken the DPA by discussing your address with you - they can't have it both ways.

I'd be contacting this lady - Katie.McQuaid@uk.tesco.com - she's the Director of Tesco Clubcard. You might want to point out she needs to provide proper training to her staff on the DPA.

Ummm. Two different companies are involved. Both hold personal data about him. He says he's only ever given one of them permission to talk about his data. It might be that it's Avios citing DPA; and they'd be right to do so - just because Tesco tell Avios that their customer has given them verbal (not even written) permission to talk to Avios doesn't mean that Avios will (or, IMO, should) believe them.

doesnt explain why they seem to have talked about it already though! Guess: some manager in Avios said to the person who'd been speaking to Tesco: "You did what?!. Have you not heard of the DPA?"

Also doesn't detract from your suggestion that he should email the person you suggest :thumbsup:
 




beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
36,031
companies use DPA as a catch all for any problem with their systems and processes. if they had no commercial relationship with Avios then wouldnt be able to talk to each other about your data. however they clearly do have some data sharing, so therefore have an agreement in place to respect/trust each others systems in regards to data being processed correctly. what they mean is they havent got an integreated system to cover these issues, the person at Tescos cant tell you what the Avios system says because they have no accesss. they probably say its ok but then in the processing literally computer says no because theres a problem.

try getting the address changed from the Avios side, or check you haven't got two accounts with one of them that might be screwing things up.
 


Westdene Seagull

aka Cap'n Carl Firecrotch
NSC Patron
Oct 27, 2003
21,530
The arse end of Hangleton
Ummm. Two different companies are involved. Both hold personal data about him. He says he's only ever given one of them permission to talk about his data. It might be that it's Avios citing DPA; and they'd be right to do so - just because Tesco tell Avios that their customer has given them verbal (not even written) permission to talk to Avios doesn't mean that Avios will (or, IMO, should) believe them.

doesnt explain why they seem to have talked about it already though! Guess: some manager in Avios said to the person who'd been speaking to Tesco: "You did what?!. Have you not heard of the DPA?"

Also doesn't detract from your suggestion that he should email the person you suggest :thumbsup:

Oh agreed, as two companies are involved it makes it more complicated. Basically it comes to two possibilities :

1. They have adhered to DPA - otherwise how did they discuss the address issue. Therefore they can discuss the other issue.

2. They have broken the DPA by discussing the address issue.

Either way they're in the wrong although only option 2 is breaking the law.
 


Goldstone1976

We Got Calde in!!
Helpful Moderator
NSC Patron
Apr 30, 2013
14,125
Herts
Oh agreed, as two companies are involved it makes it more complicated. Basically it comes to two possibilities :

1. They have adhered to DPA - otherwise how did they discuss the address issue. Therefore they can discuss the other issue.

2. They have broken the DPA by discussing the address issue.

Either way they're in the wrong although only option 2 is breaking the law.

Yep.
 




timbha

Well-known member
Jul 5, 2003
10,524
Sussex
Remind both companies that under DPA they have an obligation to keep their records accurate and up to date.
 


beorhthelm

A. Virgo, Football Genius
Jul 21, 2003
36,031
Oh agreed, as two companies are involved it makes it more complicated. Basically it comes to two possibilities :

1. They have adhered to DPA - otherwise how did they discuss the address issue. Therefore they can discuss the other issue.

2. They have broken the DPA by discussing the address issue.

Either way they're in the wrong although only option 2 is breaking the law.

i dont think this is the case. they can raise a enquiry with Avios to see if the address matches, and confirm to you it does. they cant fix the problem of linking accounts because there is some other issue. they can tell you what that issue is either because they cant see it (most likely) and/or they cant tell you the alternative information thats on the system, as they that may breach the DPA. i.e. you may be someone else with similar details. could be a mistyped name, address etc, so the details match but not exactly so some backend system doesnt match them because it has strict criteria.
 


BensGrandad

New member
Jul 13, 2003
72,015
Haywards Heath
Could he not send the same letter to each company asking them to liase with each other and sort it out and also enclose a seperate authority adressed to each giving them permission to act under the DPA?
 




Uncle Spielberg

Well-known member
Jul 6, 2003
43,098
Lancing
They did nothing wrong. You could have been anyone they were talking to. Verbal consent is not sufficient as the account information would hold more sensitive information. I would say they were being responsible. I would see them in branch and take a copy of your passport and proof of address
 


Bozza

You can change this
Helpful Moderator
Jul 4, 2003
57,328
Back in Sussex
Regardless, get on the phone to Avios and ask why they won't accept the transfer from Tesco, as the issue seems to be with them.

(I have no problem with my similar Tesco -> Virgin Atlantic transfers, and I only recently noticed that the address that each had were completely different as I'd been slack at updating companies across the course of several home moves)
 


Wardy

NSC's Benefits Guru
Oct 9, 2003
11,219
In front of the PC
As others have said it is not straight forward. What you could do is ask both companies for a breakdown of all the information that they hold on you. With that you can see if there are any differences and if so get them corrected. If however all the information seems to match then it will be a software issue that might not be as easy to resolve. Not really knowing too much about Avios could you create a new account with them and try transferring the points to that account?
 


Lethargic

Well-known member
Oct 11, 2006
3,511
Horsham
This is a misinterpretation of DPA when companies enter into these agreement data sharing is part of the contract so there is no problem with them checking the address across both companies. Data Protection is not just about keeping data safe it is also about ensuring data is correct, if they have your address wrong they are in breach of the DPA.
When you phoned up what form of authentication (questions) did you go through if you authenticated then they can deal with you query by phone.
As someone that works in this space, I suspect this is totally down to poor integration of their systems and they want you to do the work.
 


Albion and Premier League latest from Sky Sports


Top
Link Here