Oh hey, well, you (by 'you' I mean Virgin Media - your team structure is opaque and meaningless to me) have contacted my wife twice over the weekend demanding the return of the router. Please relay this message to whoever has been doing it (in caps because I want it to read as though I'm bellowing it into their astonished faces):
Just checking in to see if there's going to be a response to the above or if "the charge cancelled," "it's what we do," and "i know my team" are, as Adam Curtis might say, a fantasy.
And just a reminder, I suggested a policy of doing something when you say you're going to do it (by 'you' I mean Virgin Media, in case that's not clear). Seems like that's... not going well. Really doesn't seem like it's going well at all!
Could I please be sent all email correspondence and related documentation which contains my personal data, that's been produced as a result of this thread? Please consider this as a formal subject access request under the terms of the data protection act. Electronic copies are fine.
An individual is only entitled to their own personal data, and not to information relating to other people (unless the information is also about them or they are acting on behalf of someone). Therefore, it is important that you establish whether the information requested falls within the definition of personal data.
How do we recognise a request?
The GDPR does not specify how to make a valid request. Therefore, an individual can make a subject access request to you verbally or in writing. It can also be made to any part of your organisation (including by social media) and does not have to be to a specific person or contact point.
A request does not have to include the phrase 'subject access request' or Article 15 of the GDPR, as long as it is clear that the individual is asking for their own personal data.
This presents a challenge as any of your employees could receive a valid request. However, you have a legal responsibility to identify that an individual has made a request to you and handle it accordingly. Therefore you may need to consider which of your staff who regularly interact with individuals may need specific training to identify a request.
Additionally, it is good practice to have a policy for recording details of the requests you receive, particularly those made by telephone or in person. You may wish to check with the requester that you have understood their request, as this can help avoid later disputes about how you have interpreted the request. We also recommend that you keep a log of verbal requests.
How long do we have to comply?
You must act on the subject access request without undue delay and at the latest within one month of receipt.
You should calculate the time limit from the day after you receive the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.
What about requests made on behalf of others?
The GDPR does not prevent an individual making a subject access request via a third party. Often, this will be a solicitor acting on behalf of a client, but it could simply be that an individual feels comfortable allowing someone else to act for them. In these cases, you need to be satisfied that the third party making the request is entitled to act on behalf of the individual, but it is the third party’s responsibility to provide evidence of this entitlement.
If you think an individual may not understand what information would be disclosed to a third party who has made a subject access request on their behalf, you may send the response directly to the individual rather than to the third party. The individual may then choose to share the information with the third party after having had a chance to review it.
boggler appears to have made a valid data access request under the criteria noted above and should receive the data on or before 13th August 2018.
Despite the forum team representative on here trying to dodge Virgin Media's legal obligations, ANYONE (whether an account holder or not) can make this kind of request, and the request can be very specific, or it can be very general (i.e. send me ALL the data that you have about me). I would encourage everyone who is having a problem with Virgin's customer service to exercise their legal rights in this area, and request copies of the data that is being held about them to help resolve their issues. It's free since the introduction of GDPR in May, and organisations have thirty days to respond. If you're reading this, why not make a request? Feel free to use this thread to do it.
"Where you’ve got access to Virgin Media products and/or services but you’re not the account holder then Virgin Media will need contact to be made and/or authorised via the account holder. We don’t want to share information with anyone unless we know who they are and this can be difficult without proof; we’re acting in your best interests."