Salesman text me from his personal phoneAm I obliged to obtain quotes for my builder's insurance company?GDPR vs. Copyright for a recommendation letterUsing GDPR against cold-call marketing emailsGDPR - User invitation functionality within learning and development platformHow does GDPR affect a personal web application that uses third parties to authenticate?GDPR - is user social ID personal dataUse of trademark in personal email aliasHow does GDPR apply for normal email communication?False advertising to consumersGDPR Requirements for restricted use corporate webapp

What would happen to a modern skyscraper if it rains micro blackholes?

Java Casting: Java 11 throws LambdaConversionException while 1.8 does not

Character reincarnated...as a snail

"You are your self first supporter", a more proper way to say it

What does it mean to describe someone as a butt steak?

What does "Puller Prush Person" mean?

How old can references or sources in a thesis be?

Intersection point of 2 lines defined by 2 points each

Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?

What's the output of a record needle playing an out-of-speed record

meaning of に in 本当に?

Watching something be written to a file live with tail

Can a vampire attack twice with their claws using Multiattack?

Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)

Cross compiling for RPi - error while loading shared libraries

Which country benefited the most from UN Security Council vetoes?

What is a clear way to write a bar that has an extra beat?

Why are electrically insulating heatsinks so rare? Is it just cost?

A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?

Why does Kotter return in Welcome Back Kotter?

How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?

Can you really stack all of this on an Opportunity Attack?

When a company launches a new product do they "come out" with a new product or do they "come up" with a new product?

NMaximize is not converging to a solution



Salesman text me from his personal phone


Am I obliged to obtain quotes for my builder's insurance company?GDPR vs. Copyright for a recommendation letterUsing GDPR against cold-call marketing emailsGDPR - User invitation functionality within learning and development platformHow does GDPR affect a personal web application that uses third parties to authenticate?GDPR - is user social ID personal dataUse of trademark in personal email aliasHow does GDPR apply for normal email communication?False advertising to consumersGDPR Requirements for restricted use corporate webapp













3















I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".



To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.



I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.



EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.










share|improve this question









New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 9





    This must be the most modern-day-British thing I've read today.

    – Tobias Weiß
    Apr 2 at 13:32






  • 8





    So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

    – MonkeyZeus
    Apr 2 at 15:07






  • 6





    You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

    – Davor
    Apr 2 at 18:27






  • 2





    @RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

    – MonkeyZeus
    Apr 2 at 19:18







  • 3





    @RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

    – Davor
    Apr 2 at 21:01















3















I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".



To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.



I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.



EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.










share|improve this question









New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 9





    This must be the most modern-day-British thing I've read today.

    – Tobias Weiß
    Apr 2 at 13:32






  • 8





    So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

    – MonkeyZeus
    Apr 2 at 15:07






  • 6





    You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

    – Davor
    Apr 2 at 18:27






  • 2





    @RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

    – MonkeyZeus
    Apr 2 at 19:18







  • 3





    @RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

    – Davor
    Apr 2 at 21:01













3












3








3


1






I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".



To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.



I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.



EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.










share|improve this question









New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I recently went to a garage to ask about different cars and offers, the salesman took some details; phone and email, when leaving I said to him I would be in touch if I wanted to proceed. He called me off the garage's phone and emailed me off their work email but I have been busy with work so missed the call and forgot to email back. I received a text from an unknown number asking if I still wanted the car, I replied asking who it was to which he replied: "it's X from Windsor's lol".



To say I'm furious he got my personal details from their system to text me off his personal phone is an understatement, I just want to know if this is a breach in GDPR or anything like that. Receiving calls and emails from the garage are fine because that is their work environment but when someone goes onto that system to get my information and use it this way is unacceptable to me.



I am looking to take this further and would just like to know my options here because who knows how many other people he has done this to, I have been in touch with his manager but got the feeling he thought X was doing an outstanding job by hounding me in his personal time.



EDIT: This question was purely to get some feedback and different points of view, I have/had no intention of suing the garage or pursuing that kind of legal action. I wanted to see which arguments I could raise when taking this up with the garage's head office, for me it is the principal of privacy and being a nuisance rather than any personal/legal damages. I feel some people may think that I am trying to make a claim, this is not the case so I just wanted to clear that up.







united-kingdom gdpr european-union






share|improve this question









New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 2 days ago







RyanK













New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Apr 2 at 9:23









RyanKRyanK

2715




2715




New contributor




RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






RyanK is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 9





    This must be the most modern-day-British thing I've read today.

    – Tobias Weiß
    Apr 2 at 13:32






  • 8





    So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

    – MonkeyZeus
    Apr 2 at 15:07






  • 6





    You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

    – Davor
    Apr 2 at 18:27






  • 2





    @RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

    – MonkeyZeus
    Apr 2 at 19:18







  • 3





    @RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

    – Davor
    Apr 2 at 21:01












  • 9





    This must be the most modern-day-British thing I've read today.

    – Tobias Weiß
    Apr 2 at 13:32






  • 8





    So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

    – MonkeyZeus
    Apr 2 at 15:07






  • 6





    You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

    – Davor
    Apr 2 at 18:27






  • 2





    @RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

    – MonkeyZeus
    Apr 2 at 19:18







  • 3





    @RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

    – Davor
    Apr 2 at 21:01







9




9





This must be the most modern-day-British thing I've read today.

– Tobias Weiß
Apr 2 at 13:32





This must be the most modern-day-British thing I've read today.

– Tobias Weiß
Apr 2 at 13:32




8




8





So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

– MonkeyZeus
Apr 2 at 15:07





So you are 100% certain that this salesman's cell phone is not provided to them and paid for by the dealership?

– MonkeyZeus
Apr 2 at 15:07




6




6





You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

– Davor
Apr 2 at 18:27





You gave them your number exactly so they could contact you. I'm confused how you think this could be a violation of GDPR.

– Davor
Apr 2 at 18:27




2




2





@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

– MonkeyZeus
Apr 2 at 19:18






@RyanK That still does not prove that it was a 100% personal and non-business cell phone. I worked at a company where my employer covered 40% of my personal cell phone bill because I would be using it for both personal and business purposes. Him saying "sorry" just shows that they are sorry to have bothered you. Given the situation, you are only rightfully upset that they contacted you outside of business hours which is a legitimate complaint. You should add this detail to your question because unless you can prove that it was a 100% personal cell phone then all of this is just hot air.

– MonkeyZeus
Apr 2 at 19:18





3




3





@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

– Davor
Apr 2 at 21:01





@RyanK - you are looking at the wrong thing. It doesn't matter who owns the phone, all that matters is how data is being used. He didn't use our phone number to ask you to go have a beer, he contacted you purely for business reasons. This is completelly within reasonable use of data you consented to.

– Davor
Apr 2 at 21:01










1 Answer
1






active

oldest

votes


















12














This is possibly but not necessarily fine.



The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”



Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.



Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.



A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:



  • they do have a BYOD policy and the salesman is acting within their instructions

  • the salesman was using a company-controlled device, not their personal phone

If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:



  • You can of course complain to the data controller, especially if they have a dedicated data protection officer.

  • You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.

  • You can sue them for compliance and for actual damages suffered (you have none, though).

Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.






share|improve this answer























  • Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

    – RyanK
    Apr 2 at 11:33







  • 13





    Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

    – alephzero
    Apr 2 at 13:16






  • 4





    @RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

    – amon
    Apr 2 at 13:49











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






RyanK is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f38695%2fsalesman-text-me-from-his-personal-phone%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









12














This is possibly but not necessarily fine.



The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”



Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.



Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.



A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:



  • they do have a BYOD policy and the salesman is acting within their instructions

  • the salesman was using a company-controlled device, not their personal phone

If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:



  • You can of course complain to the data controller, especially if they have a dedicated data protection officer.

  • You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.

  • You can sue them for compliance and for actual damages suffered (you have none, though).

Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.






share|improve this answer























  • Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

    – RyanK
    Apr 2 at 11:33







  • 13





    Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

    – alephzero
    Apr 2 at 13:16






  • 4





    @RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

    – amon
    Apr 2 at 13:49















12














This is possibly but not necessarily fine.



The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”



Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.



Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.



A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:



  • they do have a BYOD policy and the salesman is acting within their instructions

  • the salesman was using a company-controlled device, not their personal phone

If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:



  • You can of course complain to the data controller, especially if they have a dedicated data protection officer.

  • You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.

  • You can sue them for compliance and for actual damages suffered (you have none, though).

Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.






share|improve this answer























  • Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

    – RyanK
    Apr 2 at 11:33







  • 13





    Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

    – alephzero
    Apr 2 at 13:16






  • 4





    @RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

    – amon
    Apr 2 at 13:49













12












12








12







This is possibly but not necessarily fine.



The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”



Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.



Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.



A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:



  • they do have a BYOD policy and the salesman is acting within their instructions

  • the salesman was using a company-controlled device, not their personal phone

If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:



  • You can of course complain to the data controller, especially if they have a dedicated data protection officer.

  • You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.

  • You can sue them for compliance and for actual damages suffered (you have none, though).

Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.






share|improve this answer













This is possibly but not necessarily fine.



The data controller (the garage) is responsible for safeguarding your personal data. They must take appropriate safety measures, but this depends a lot on their own risk assessment. For example, to protect the data from being used by employees for their personal purposes, the controller might use organizational measures like a policy “you're not allowed to do that.”



Many companies allow employees to use their personal devices for work purposes (BYOD). When the data controller allows this and takes appropriate safety measures, everything is perfectly fine. The company still has to make sure that the data is only processed for legal purses and deleted afterwards.



Implementing a BYOD policy in a GDPR compliant manner is difficult but not impossible.



A data breach has occurred when the security measures were insufficient and your data was deleted or disclosed without authorization. Your scenario would only be a breach if the company did not have a BYOD policy and the salesman used their personal phone, and arguably then only if that device is also breached. However, do not discount the alternatives:



  • they do have a BYOD policy and the salesman is acting within their instructions

  • the salesman was using a company-controlled device, not their personal phone

If you have good reason to believe that your data was mishandled (and these alternatives do not apply), then the GDPR offers you the following remedies:



  • You can of course complain to the data controller, especially if they have a dedicated data protection officer.

  • You can lodge a complaint with a supervision authority, which is the ICO in the UK. They expect you to attempt to resolve your issue with the controller first. The ICO can then decide if they want to investigate the issue.

  • You can sue them for compliance and for actual damages suffered (you have none, though).

Note that all of these alternatives are more effort than they are likely worth. In particular, the garage can always correct the problem, e.g. by getting your contact info deleted from the personal device or by creating a retroactive BYOD policy.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 2 at 11:17









amonamon

76915




76915












  • Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

    – RyanK
    Apr 2 at 11:33







  • 13





    Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

    – alephzero
    Apr 2 at 13:16






  • 4





    @RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

    – amon
    Apr 2 at 13:49

















  • Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

    – RyanK
    Apr 2 at 11:33







  • 13





    Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

    – alephzero
    Apr 2 at 13:16






  • 4





    @RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

    – amon
    Apr 2 at 13:49
















Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

– RyanK
Apr 2 at 11:33






Thanks for the detailed response, I think it will be a case of just taking it higher up the chain, I'm not looking for damages or anything just an acknowledgement from them that I never gave permission for him to contact me in this way.

– RyanK
Apr 2 at 11:33





13




13





Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

– alephzero
Apr 2 at 13:16





Make sure you read all the small print of any data authorization you agreed to, before you say "you never gave permission"! In fact you don't know that is WAS his personal phone - it might have been a company-issued phone for work use only.

– alephzero
Apr 2 at 13:16




4




4





@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

– amon
Apr 2 at 13:49





@RyanK Your permission/consent may not have been required for them to contact you via texts (might be allowed as their legitimate interest). This answer only discusses whether the sales person would have been allowed to communicate with you over a personal device.

– amon
Apr 2 at 13:49










RyanK is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















RyanK is a new contributor. Be nice, and check out our Code of Conduct.












RyanK is a new contributor. Be nice, and check out our Code of Conduct.











RyanK is a new contributor. Be nice, and check out our Code of Conduct.














Thanks for contributing an answer to Law Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f38695%2fsalesman-text-me-from-his-personal-phone%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

រឿង រ៉ូមេអូ និង ហ្ស៊ុយលីយេ សង្ខេបរឿង តួអង្គ បញ្ជីណែនាំ

Crop image to path created in TikZ? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Crop an inserted image?TikZ pictures does not appear in posterImage behind and beyond crop marks?Tikz picture as large as possible on A4 PageTransparency vs image compression dilemmaHow to crop background from image automatically?Image does not cropTikzexternal capturing crop marks when externalizing pgfplots?How to include image path that contains a dollar signCrop image with left size given

Romeo and Juliet ContentsCharactersSynopsisSourcesDate and textThemes and motifsCriticism and interpretationLegacyScene by sceneSee alsoNotes and referencesSourcesExternal linksNavigation menu"Consumer Price Index (estimate) 1800–"10.2307/28710160037-3222287101610.1093/res/II.5.31910.2307/45967845967810.2307/2869925286992510.1525/jams.1982.35.3.03a00050"Dada Masilo: South African dancer who breaks the rules"10.1093/res/os-XV.57.1610.2307/28680942868094"Sweet Sorrow: Mann-Korman's Romeo and Juliet Closes Sept. 5 at MN's Ordway"the original10.2307/45957745957710.1017/CCOL0521570476.009"Ram Leela box office collections hit massive Rs 100 crore, pulverises prediction"Archived"Broadway Revival of Romeo and Juliet, Starring Orlando Bloom and Condola Rashad, Will Close Dec. 8"Archived10.1075/jhp.7.1.04hon"Wherefore art thou, Romeo? To make us laugh at Navy Pier"the original10.1093/gmo/9781561592630.article.O006772"Ram-leela Review Roundup: Critics Hail Film as Best Adaptation of Romeo and Juliet"Archived10.2307/31946310047-77293194631"Romeo and Juliet get Twitter treatment""Juliet's Nurse by Lois Leveen""Romeo and Juliet: Orlando Bloom's Broadway Debut Released in Theaters for Valentine's Day"Archived"Romeo and Juliet Has No Balcony"10.1093/gmo/9781561592630.article.O00778110.2307/2867423286742310.1076/enst.82.2.115.959510.1080/00138380601042675"A plague o' both your houses: error in GCSE exam paper forces apology""Juliet of the Five O'Clock Shadow, and Other Wonders"10.2307/33912430027-4321339124310.2307/28487440038-7134284874410.2307/29123140149-661129123144728341M"Weekender Guide: Shakespeare on The Drive""balcony"UK public library membership"romeo"UK public library membership10.1017/CCOL9780521844291"Post-Zionist Critique on Israel and the Palestinians Part III: Popular Culture"10.2307/25379071533-86140377-919X2537907"Capulets and Montagues: UK exam board admit mixing names up in Romeo and Juliet paper"Istoria Novellamente Ritrovata di Due Nobili Amanti2027/mdp.390150822329610820-750X"GCSE exam error: Board accidentally rewrites Shakespeare"10.2307/29176390149-66112917639"Exam board apologises after error in English GCSE paper which confused characters in Shakespeare's Romeo and Juliet""From Mariotto and Ganozza to Romeo and Guilietta: Metamorphoses of a Renaissance Tale"10.2307/37323537323510.2307/2867455286745510.2307/28678912867891"10 Questions for Taylor Swift"10.2307/28680922868092"Haymarket Theatre""The Zeffirelli Way: Revealing Talk by Florentine Director""Michael Smuin: 1938-2007 / Prolific dance director had showy career"The Life and Art of Edwin BoothRomeo and JulietRomeo and JulietRomeo and JulietRomeo and JulietEasy Read Romeo and JulietRomeo and Julieteeecb12003684p(data)4099369-3n8211610759dbe00d-a9e2-41a3-b2c1-977dd692899302814385X313670221313670221