We may pass your data to carefully selected third parties…

It started when I got a new Tesco credit card. The following day I went to an outlet retail park and bought a few T shirts from Cotton Traders, Craghoppers and similar stores. The next wednesday I received through the post a Craghoppers catalogue. I was intrigued. I’d used Craghoppers decades ago when I was young and fit but the only connection between me and them was my Tesco credit card. No-one in the retail park had asked for my address – they’d just taken payment. Had Tesco supplied my data to Craghoppers? I thought I’d find out. I made a subject access request to Craghoppers.

To  ‘customerservices@craghoppers.com’

Date Mon 18/04/2011 15:45

Dear Sir

My  address is xxxxxxxxxxxxxxxxxx. If you require anything further to validate this request please tell me.

Please supply me with any personal data you hold on me particularly about the mailing I have just received from you with the media code CE14 and 51574/38122A  516 in the right hand corner of the label.

Please tell me from where you obtained my address. This includes “any information available to the Data Controller as to the source of those data”. (Section 7 (1) (c) (ii) of Data Protection Act 1998).


Dear Mr xxxxxxxxx

Thank you for your recent email. The only information on our system is your name, address and details of an order you recently placed with us. It appears that until you placed this order none of your details were on our systems, this would indicate that the mailing data for the catalogue you received was sourced from a third party whom you have given permission to share your data. Your account now on our system does not have any mailing options activated.

If we can be of any further assistance please do not hesitate to contact us.

Kind regards

Craghoppers Customer Service Team

Hmmm. This says (I think) that until I bought a shirt (I’m a sucker for shirts) on Monday 18th April at 1552 they didn’t have any personal data on me at all. How then did they send me a catalogue?

I didn’t ask for my mailing options to be de-activated.

I never give my permission for a 3rd party to share my data (I am a DP freak)

It seems someone out there who is not Craghoppers sent me a Craghoppers catalogue. Hmmm… there’s work to do. Little did I realise it would mean many subject access requests and a story of subterfuge and data sharing…

Read more at  http://www.actnow.org.uk/media/articles/sar2012.pdf

About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 16 years. We have an extensive GDPR and FOI course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises.
This entry was posted in Data Protection, Privacy and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s