irulan.net

The Reality of GDPR "Right to be Forgotten" Requests

Ever since the GDPR (or in Germany the DSGVO) came into effect, practically every service I ever signed up for (or not) sent out a confusing mess of annoying privacy notice emails. Every single one of those emails was either asking for renewing consent or informing you that your consent would be carried on if not actively declined. From what I’ve gathered, since the changes are basically changes in the terms of a particular service, the only valid approach is of notifying you about an upcoming change in the respective terms of service document (usually with ample time before the change), giving you the possibility to end any agreement or contract, even out of term, because of a one-sided change in the contract’s wording. This is a standard legal practice.

Out of fear, most service providers sent out proactive emails asking you to click a link or otherwise “renew” your consent. What they apparently didn’t plan on was the amount of people being surprised about what services they were contacted by. One of those people is me.

I have made it a point to reply to most of those emails with a formal request to make available to me a dump of all the data they have collected on me, followed by a complete deletion of all personally identifying information in their systems. Here, I document my oftentimes frustrating experiences with the companies (mostly US-American) in complying with the GDPR requirements.

What I hope to highlight here is how incredibly poorly executed the GDPR legislation is. There is no official recourse for private citizens to make sure their privacy interests are actually respected. The legislation is confusing, oftentimes vague and will without a doubt have to be tested in court before long. Until then, there is literally nothing changing for the people the legislation is supposed to protect. You continue to be at the mercy of the companies collecting information about you and are powerless to change it with reasonable effort. The exceptions for credit rating agencies and similar data hydras effectively make the GDPR more dangerous to your local amateur sports team than any half-way organized commercial entity.

Since many companies hide the contact address for privacy-related inqueries deep in the privacy notice, I’ve listed them in the index below, next to the company name.

Index

Company Email Address
Indeed privacy-dept@indeed.com
Envato privacy.champion@envato.com
Namecheap support@namecheap.com, legal@namecheap.com
Toggl info@toggl.com, support@toggl.com
appear.in feedback@appear.in, privacy@appear.in
Freeletics support@freeletics.com
Twilio privacy@twilio.com
Hype Machine privacy@hypem.com
Snyk contact@snyk.io
MacUpdate support@macupdate.com
No-IP privacy@noip.com
Sketch App privacy@sketchapp.com
Apple emea_ac_privacy@apple.com

Indeed

A service I have never actually used. A search in my email archive shows that I somehow signed up for their “Indeed Prime” service back in 2016. Why and how I couldn’t say.

In progress, awaiting response.

Initial Email

From: Indeed <do-not-reply@indeed.com>
Subject: We've updated our Privacy and Cookie Policies
Reply-To: do-not-reply@indeed.com
Date: Sun,  3 Jun 2018 13:58:18 -0500 (CDT)

Hello,

We're emailing you to let you know about updates to our Privacy and Cookie Policies (https://www.indeed.com/legal), which make a number of improved changes, providing:

* Greater transparency about how Indeed uses your information;
* Accessible information related to individuals’ rights and Indeed’s obligations with respect to your personal data; and
* Additional details about Indeed’s use of cookies to make your use of the Indeed Site more convenient and effective.

You don’t need to take any further action upon receiving this email. By continuing to use our services, you agree to the updated terms. You can also update your account information at
http://www.indeed.com/my/account.

Thank you for using Indeed!

Best,
The Indeed Team

--

© 2018 Indeed, Inc. | 6433 Champion Grandview Way, Building 1, Austin, TX 78750
  • They did not have this ready by the May, 25th.
  • They do not provide an easy way to disagree with the changes, even though they are probably in the interest of user privacy.
  • I had to visit their legal page and search for @ symbols to be able to actually write to them. The email has a user-hostile “do-not-reply” address both in the “From” and “Reply-To” field. Emails to such addresses are not delivered.

Initial Request

Subject: Re: We've updated our Privacy and Cookie Policies
To: privacy-dept@indeed.com
Date: Sat, 16 Jun 2018 15:03:44 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Support <privacy-dept@indeed.zendesk.com>
Subject: [Support] Re: Re: We've updated our Privacy and Cookie Policies
Reply-To: Support <privacy-dept+id[REDACTED]@indeed.zendesk.com>
Date: Mon, 18 Jun 2018 19:03:44 +0000

[...]

Hello,

Please confirm your request to delete your personal data. If a Job Seeker wants to delete a job application performed on Indeed’s Site, they are advised to contact the prospective Employer directly to
request deletion of their application.
REQ# [REDACTED]

Regards,

Indeed Privacy Program

Reply

Subject: Re: [Support] Re: Re: We've updated our Privacy and Cookie Policies
To: Support <privacy-dept+[REDACTED]@indeed.zendesk.com>
Date: Tue, 19 Jun 2018 12:15:30 +0200

Yes, I verify that I want you to the delete all my data AFTER you sent
me a dump of all the data you have collected on me in your systems, as
you are required by the GDPR.

Envato

A deep dive in my email archive shows that at some time back in 2011 I must have purchased a WordPress theme for a friend or a small project from ThemeForest using an old email address. I have never interacted with this site again and not subscribe to any newsletters.

In progress, awaiting response.

Initial Email

From: Envato <donotreply@envato.com>
Subject: We’ve updated our Privacy Policy
Date: Mon, 04 Jun 2018 00:15:27 +0000

    Author Upload Limits <https://account.envato.com>         *We’ve
updated our Privacy Policy*

 Hello,

 You’re receiving this email because a while ago you created an account
with Envato Market, which includes *ThemeForest, CodeCanyon, GraphicRiver,
VideoHive, AudioJungle and PhotoDune.*

 Whilst you haven’t visited our sites for a while, we wanted to notify
you of updates we’ve made to our privacy policy because of changes to EU
data protection laws.

 We’ve also updated our Privacy Policy to:

    - Give you more clear and detailed information about your collective
rights and responsibilities with respect to your privacy and personal
information.
  - Make it easier for you to control the information you provide us.
You’ll see that our policy explains your choices about this.
  - Provide more detail about the measures we have in place to keep your
personal information secure.



 You can read the full text of our Privacy Policy here.
 <https://envato.com/privacy>

  The updated Privacy Policy automatically came into effect for all Envato
users on 25 May 2018. So your continued use of the Envato sites from that
date will be subject to it.

 Thanks again for being part of the Envato community!

 Regards

 Envato



                    Envato, PO Box 16122, Collins Street West, VIC 8007,
Australia     http://envato.com
  • They did not have this ready by the May, 25th. In fact, they notified me after the change had already occurred.
  • They do not provide an easy way to disagree with the changes, even though they are probably in the interest of user privacy.
  • I had to visit their legal page and search for @ symbols to be able to actually write to them. The email has a user-hostile “donotreply” address in the “From” field. Emails to such addresses are not delivered.

Initial Request

Subject: Re: We’ve updated our Privacy Policy
To: privacy.champion@envato.com
Date: Sat, 16 Jun 2018 15:02:43 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: "Dan @ Envato (Envato Privacy Champion)" <privacy.champion@envato.com>
Subject: Re: Re: We’ve updated our Privacy Policy
Reply-To: Envato Privacy Champion <privacy.champion@envato.com>
Date: Tue, 19 Jun 2018 02:27:12 +0000

[...]

Dan @ Envato, Jun 19, 12:27 AEST

Hi Marcel,

Thanks for contacting the Envato Customer Success Team.

I’m happy to assist you with obtaining your personal data collected by Envato and I have forwarded your request onto the relevant teams.

We will email you a link with instructions on how to download your data within 30 days.

Once you have received your data, please contact us to confirm you have been able to access this so we can proceed with deleting your account as per your request.

Kind regards,

Dan M

Customer Success

Australia (UTC+10)

By the way: I hate it when companies give their support team an overblown name like “Customer Success Team”. If you’re providing great customer service, there’s no need for such humbug.

Namecheap

Namecheap refuses to delete personally identifying information.

Initial Email

From: Namecheap Support <support@namecheap.com>
Subject: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Fri, 25 May 2018 12:04:14 +0000 (UTC)

========================================
Namecheap.com
PROTECTING YOUR PRIVACY
========================================

Hi Marcel,

We’ve made some updates to our Privacy Policy to make it easier for you to understand what information we collect and why we collect it:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEfslCQQ0u-2BZN7i8dtF3iGFHiuhJwnb3QUmxOOO4UbZufIsDeijmc9YBLHve7j4fwg-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwLzCoexT2vqpTw6ooRd5KPMR7Ds2ip-2BU1-2BqyEEOBjuiFRzTDCTorqfsa6f5-2BISMkdGHQ4qXGO3g4DWXxkz5ZTmGPRib1XQm0-2Fwa3QHDwMstV5CoB-2FBBapxEdNk-2FL4WV7aCn73E8EvO3BZB50Z2S7qKOmqTW0jINoxBaRxRPg2gnOY

Nothing has changed about your current settings or how your information is processed. We’ve simply improved the way we describe our practices with the options you have to update, manage and delete your data.

We’ve made these changes as new data protection regulations come into effect in the European Union from 25 May 2018. To learn more about the General Data Protection Regulation (GDPR), click here:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VGcGKWQCEzZbvqLirQA32XoJZVjKko-2Bl86YWw1pEbirqSAQe66qXwLTwtA1RzBy5wM-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL8Efmjly1N9g1x01cRNEiaZPesN-2FCd4vnSBDUnSeRAZlkebZju2K89LRFge2BBJRidm9jr0QdGDDkFOug1U8H1vsVkHk-2Fje-2By0c57ZDsOgh8D8M74lA7H-2Bg-2BXIh3Ja6UTPxkrGJMTY2AQ9xKnQfxJYf8rJLDdQzef5b2ToKUy0zG

-----------------------------------

Our newly updated Privacy Policy:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEfslCQQ0u-2BZN7i8dtF3iGFHiuhJwnb3QUmxOOO4UbZufIsDeijmc9YBLHve7j4fwg-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL9YUl-2Fg0YoxLPf1TTLufT8pAePdDsBJ1i6blK-2FRHDLKgBBBFbIoVMIIxUJKVFnSJABmOczjGQNcIxwssU2-2BsQvEZnFBXhPjj9N0XMrNpz06mvloRoU-2BZSQz8-2BlwwPXHMJp-2FbcEYeYuCFqE5T3B1mWQdCBz5AlW2yIshuaMITOxt9

Information about our Privacy Commitment to you:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEiu3r1iVa2pIOcMM9sJeaUEtAarGJjBrysgBraqmn5sQ-3D-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL0Z5qP2fl7NI1dJ08a5wQZYWQxgNbZSg9LxWImauOLS8pgwc9HQ4qXoojwzQ2bqyJLX8bBLpfzbFpxPEmbKOnmdcKAZn0Bvcg6mutF8rHawSZdmVcp-2B3aJA9ki-2B5Pv3cJV-2F18Lh5x9-2B-2BfJrEBGDtaiG0Khc7e3k9D8Uq3BaSLcUC

If you’d like to review or manage your email preferences, click here:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uVz6zI919LetZjVJi9hU5rgRziQKCaQmT-2BIAEHiRI4PRsM44zncAZg8-2FV5kp1FPTvO2FfdLUueoehcuzrbRQRSQI-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL7pJO-2BT0KsZkq0MIDrbLfo-2FPKHMQ5H6uuz-2FujgfI-2FADQOE1YttpzBLPwrUUwHMPjVmMWJDViV2gOyq9vbF8atmG2vmtT-2FyQGlBxc9z2hQn-2F3QhtnzpdongY3tMVlYlmVw6UWmL44iY6JhwusylXYwLbkXt4QjM7JOR7vNBDDZAh9

------------------------------------------------------------

** Need to chat? **

If you’d like to discuss the new Privacy Policy or have any other questions, feel free to contact our support team who are here for you 24/7: http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEHm-2BzfI3Fjs7HwkJWTK02B_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL8jqDl9csO9CmJh-2F39QvvAtyLcGtIpz0FQ35OKcU-2Bcd1YCeDIPFxOG9AD0mZAbYurpA6oeysT0uwhWrL-2Fwej7bKSw6aANEZVELNgU-2BXfiYH-2FpzOOhuTxDsGcbQdosJQqOoF8-2B-2Bm-2FBcwzYN15TJchWR6pxeo7Vg-2Fgug7HGkq0auSN

Best regards
Team Namecheap
http://mailtrackemailout1.namecheap.com/wf/click?upn=p-2FB6KkgKAHfaKOCGl8yewKk4-2B7QF3n4XMdgM8cS1cwSD6ujT2WxH6zx2WX-2F1ULOW_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL8-2FG0kZouFKw6iiDhT6Y-2Fj2fg-2BU1-2FEsE4chlzDyUHARxXT8I1sp-2BeMrS1ZM30-2FjF2tb-2BvzxB6mQqCmqah2R7Dz7rsN-2FCuPzqnfu1JaHWdblrPWa8xPFF5Mx-2Fi0IYQkUVtgpNL8Q5WHUV88TzLSXV8-2FLtUI4CgDCbRMU1oTtHAKsX

-----------------------------------

About Us
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VENTzbbW64Osu87q17SCFXP_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL8CdP-2B2FO7mbdh2x4s-2FxYZtxh2phVZmSSjSkIh05rVTMb36iLY-2FOkO82sJXYAm0-2BorUbwYt1Mscd1ElXoq3Rev4SFw30j64Wk3AuxrGnGYiBCyxriMNw-2BRqgR5h2sFXTjievhv7-2BidJTz-2BftESXQe29v1JUpzxxduDw275wWvuaR

Privacy Policy
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEfslCQQ0u-2BZN7i8dtF3iGFHiuhJwnb3QUmxOOO4UbZufIsDeijmc9YBLHve7j4fwg-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL8y9Owm3-2BQ3R8qtpsPNlD3ZeKkuDTNBMJuEoZwfytuGZiRuy-2FNurfW7iryMtTJgX0U-2Byv8e2ks4aZhJt42Ep1pn7Q0gbovcQZQsDCrY-2BMQOKMQoCZpFTJk00uKL275CPWfaqEGhTY6G6fDJaNnxzsfKGqNCgXYOENVeVbisG0Uwh

Terms and Conditions
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VEryiTIgcFX3lF-2BFPUKNaNK_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwLzszSTf-2FJoyUDXyv9Io41-2BxroSF2sPoi00ogTJEhuPADLx7py4g9po8dYa6FUdOkuVmb9yI3DTeRW2RaDnTTjvGfPe1hz4Rplr-2BohLsHbnEkwSYlG2tZ5xXB7aHJcTDb1uOg3yx6WFvLXanC73gvp2RJRtPFaUY3Q070-2BVK1uwLx

Account Login:
http://mailtrackemailout1.namecheap.com/wf/click?upn=pCAh6y-2FKZ6FEfPrZsj3uV-2BYxcWCNnYJXQsWP-2Fnt80VG4g87aFhI4-2F0I3cegVqY4X1qKRhNbYChvv8eLd2GU8Gg-3D-3D_pNJ-2FomNXNRtxCB5EKYR41NLtpQ0-2B5RkfYnkSWwlggn84UYuF46HIYHaWOv-2FjnmUv6v7mIylQyQ8vzOwuDBeSDDl8mCT3FZ1z9-2FGXrNdV8cCDCJDnckrB3ZoYNbTv90ti354ZeJa9oXwN0fQU5-2Fh-2FUJhQ15o5ysuSXWI3BMJsNS-2Bnyf9cnXFntMn5PaXVOcgmyZX7tUYCyx-2FDVCaVEytwL74QRcrFg7cgzG1qhux6ILEJZh6L6ZyKJ9IX6PNnDx71Hdxwt0xmTNPi4njLDtmgKjcf7R0s84lZz82CNtD7-2Br7CRT-2FTnz6mRHX4UNYv044g8R-2FiSd5F6td1uPI8ZpMkc0YgAcmp8OIGyMUx0RHhiZrAvkc1JyaYQxdH4WZPqatL


4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA

This is a beauty. Little did I know that this would turn out to be a gift that kept on giving.

  • They do not provide an easy way to disagree with the changes, even though they are probably in the interest of user privacy. They do however link directly to the affected documents.
  • But every single link is booby-trapped by a tracking URL with no way to get to the information without triggering it. Kind of ironic for a company claiming to be “PROTECTING YOUR PRIVACY” in uppercase letters right from the start.
  • I just had a chat a couple of months ago with a support representative to have my account permanently closed. This was explicitly verified. Due to it being a chat, there’s unfortunately no written proof.

Initial Request

Subject: Re: We’ve updated our Privacy Policy
To: Namecheap Support <support@namecheap.com>
Date: Sun, 27 May 2018 16:46:53 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

Also, I have had my account deleted in the past, so you’re already in
violation of the GDPR just by sending my this notice.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Namecheap Domain Team <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Sun, 27 May 2018 17:01:34 +0000 (UTC)

Greetings Marcel,

Thank you for your inquiry.

Namecheap is committed to GDPR compliance. While the GDPR does provide the ability to request the deletion of personal data, it also instructs that this right is limited by contractual and/or legal grounds for retention, some of which require a 7-year retention period such as SSL certificates. We will process your request and ensure your information is deleted as soon as possible according to these guidelines. For more information please visit our Privacy Policy page here: https://www.namecheap.com/legal/general/privacy-policy.aspx

Also, please let us clarify that it is possible to receive emails from us even if you do not have an account opened with us.

If you do not wish to receive our newsletters anymore please feel free to unsubscribe from them in the following way:

- Log in to your Namecheap account;
- Go to section Profile - Tools;
- Click on Manage next to Emails from Namecheap in the section Notifications;
- Scroll down to the Optional section and turn off "Namecheap Newsletter & Marketing Communication" option;
- Click on Done to implement the changes.

Here is the link to this section for your convenience: https://ap.www.namecheap.com/Profile/Tools/Notifications

If you would like we will gladly make the necessary changes to remove you from the subscription list.

In order for us to do this please provide your Namecheap account username and support pin code which can be found at https://ap.www.namecheap.com/Profile/Security

Also, if you still would like to close your Namecheap account, please be informed that as soon as the account is closed, it *cannot* be re-established, and you *will not* have any access to it anymore. Also, you will not be able to create an account again with the same username, but you will be able to create a new account with us any time.

Looking forward to hearing from you.





----------------
Regards,
Eugene [REDACTED]
Customer Support

Alright, so first they claim that it is possible to receive emails from them even without actually having an account with them. Then they suggest the way to unsubscribe is to log in to this non-existing account and make the changes there. It is obvious this support person did not spend more than five seconds with my request and created a response by combining existing text blocks without attempting to understand what I was asking for.

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: support@namecheap.com
Date: Sun, 27 May 2018 19:08:13 +0200

I reiterate my request to have all my personal information be permanently
deleted from your systems. Also, you are required to send me all data you
have on me beforehand. I don’t have an active account with you, therefore I
cannot "log in" to “unsubscribe”. If you currently retain an account in my
name, you are already in violation of applicable laws as I have asked it to
be closed several months ago.

Failure to comply with my request will result in reports to the EU data
privacy officer as well as the Better Business Bureau and other entities.

When can I expect the request to be carried out?

Response

From: "Rafael R." <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Sun, 27 May 2018 20:45:37 +0000 (UTC)

Hello Marcel,

Thank you for contacting us. Please accept our apologies for the delayed reply.

We respect decisions of our customers and always close accounts whenever we receive such a request. However, an account can be closed only if we verify the corresponding person as the account owner and there are no services in the account (if there are services, they can removed from the account only if our customers agree to this).

There is an active account with the email address [REDACTED] in the system. If you wish us to close it and do not remember your account details, please try to reset your password at https://ap.www.namecheap.com/ResetPassword . This way, your account username and a link to reset your password will be sent to [REDACTED].

Once you get access to the account, please provide us with 1) your Namecheap username and 2) your Support PIN so that we verify the account and could check it. You can find the PIN here: https://ap.www.namecheap.com/Profile/Security . To our regret, we cannot close the account without your cooperation.

If you have questions or requests concerning General Data Protection Regulation (GDPR), please send them to legal@namecheap.com email address, so that the corresponding checks them and addresses them.

We hope for your cooperation and will be looking forward to hearing from you.

------------------
Regards,
Rafael R.
Customer Support

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: Namecheap Domain Team <support@namecheap.com>
Cc: legal@namecheap.com
Date: Mon, 28 May 2018 13:31:58 +0200

As I had already written: the account was closed months ago by a support
representative via the chat function on your website. I gave all the
information necessary and now wonder why the deletion wasn’t carried out
when it was confirmed to me that it had been.

Again, as there cannot be active domains or products under my account,
please proceed immediately to close it. I will NOT go through the procedure
outlined below as all I want is to close the account. You are required to
do so by law. Any security considerations are void since I am writing and
replying to you from the very email address I would recieve a password
recovery link.

Now please, finally, carry out my wish and send me the data you have on me
then delete the account and all data you have on me. This is highly
annoying for me and will result in several reports to proper authorities
and organisations if not carried out promptly.

I have cc’d your legal team which will surely verify that my request is
well within my rights.

I am looking forward to having this dealt with and no more red tape
spinning from your end.

Thank you.

Response

From: Andrey [REDACTED] <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Mon, 28 May 2018 12:55:17 +0000 (UTC)

Hello Marcel,

Thank you for getting back to us.

First of all, allow us to mention that we cannot process such a request without verifying your account ownership.

Since you have received a notice about our Privacy Policy, this means that your account is still active. In such case, it will be required to provide the verification details for your account. The following details are necessary:
1) Your Namecheap account username;
2) Your Support PIN. You can find your PIN here: https://ap.www.namecheap.com/Profile/Security

If you do not remember login credentials of your Namecheap.com account you can use our Password Reset option and a link to reset your password will be emailed to the email address indicated in your account. Your username will be also listed in that email.

You can find password reset option at https://ap.www.namecheap.com/ResetPassword .

Once we have the necessary verification details, we will be ready to process the account closure for you.

Such requirements are in place to make sure only the owner of the corresponding account is able to close it.

If you have further questions about the General Data Protection Regulation (GDPR, please submit a separate request via email legal@namecheap.com, so that the corresponding team will be able to provide you with more information.

We are looking forward to hearing from you.

------------------
Regards,
Andrey [REDACTED]
Namecheap Customer Support

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: "NameCheap.com Support" <support@namecheap.com>, legal@namecheap.com
Date: Mon, 28 May 2018 15:30:36 +0200

My usename is: [REDACTED]
Support PIN: [REDACTED]

Will you now please close this account?

Also, don’t forget to send me all the data you have gathered on me BEFORE
you delete it.

Let me emphasize at this point that this is the account that should have been closed months ago. I jumped through exactly the same hoops as they make me again now.

Response

From: Maria [REDACTED] <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Mon, 28 May 2018 17:09:32 +0000 (UTC)

Hello,

Thank you for your response and provided verification details!

We deeply apologize for the delay and thank you for your patience.

There are no services in the account "[REDACTED]" and we can close it after you confirm the following:

Once the account is closed it will not be possible to restore it, so as create a new account with the same username. When your Namecheap account is cancelled (either voluntarily or involuntarily) all of your personally identifiable information is placed in "deactivated" status within our corresponding databases. However, you should know that deactivation of your account does not mean your personally identifiable information has been deleted from our database entirely. We will retain and use your personally identifiable information, if necessary, in order to resolve disputes, enforce our agreements and/or as required by laws or regulations. Thus, it may not be immediately deleted upon request and is an approved exception to GDPR deletion rights. By creating an account with us, using our support services and/or purchasing Services, you acknowledge and agree to these terms of retention.

Looking forward to your reply.

--------------------------
Regards,
Maria [REDACTED]
Customer Support

Interesting. They do not delete the data, they merely deactivate the account and retain my personally identifying information. This is clearly in contrast to GDPR requirements. Assuming that Namecheap has proper legal counsel available and is not breaking the law or international treaties: if there are local laws or requirements that trump GDPR requirements, is the GDPR even worth the paper it’s printed out on, outside of Europe? If not, wouldn’t that provide huge incentives to move your company out of Europe to not be bound by the GDPR to its full extent?

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: support@namecheap.com
Date: Mon, 28 May 2018 20:33:47 +0200

Yes. As I have confirmed now for the fourth(!) time. Yes. Delete it AND
send me my collected data before you do.

Sure, I’m getting snappy and annoyed. Wouldn’t you — at this point?

Response

From: Maria [REDACTED] <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Mon, 28 May 2018 20:27:42 +0000 (UTC)

Hello,

Thank you for your confirmation!

We have checked that there is such information in your Namecheap account:
First name: Marcel
Last name: [REDACTED]
Email: [REDACTED]

There have been no orders created in this account, there are no cards attached to it at the moment.

Please let us know that you received the data so that we can close the account (you requested that we send it before the account closure so we cannot close the account without it).

We are looking forward to your reply.

--------------------------
Regards,
Maria [REDACTED]
Customer Support

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: support@namecheap.com
Date: Thu, 31 May 2018 09:45:59 +0200

Yes, delete it now.

Response

From: Maria [REDACTED] <support@namecheap.com>
Subject: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Thu, 31 May 2018 08:41:51 +0000 (UTC)

Hello,

Thank you for your response!

Let us clarify that we do not delete accounts, but close them. As for the information stored in the account, we will process your request and ensure your information is deleted as soon as possible
according to the GDPR ("General Data Protection Regulation") guidelines.

As per your request, the account with username "[REDACTED]" has been permanently closed. If you decide to purchase any other services with us, you can always create another account. We will be glad to see
you as our customer again.

If we may be of any further assistance, please feel free to contact us any time.

Our Team is available 24/7 for you.

--------------------------
Regards,
Maria [REDACTED]
Customer Support

Wow. After just 6 days of continuous back and forth, they closed (not deleted) my account, still retain my information for an unspecified time and are generally cheerful about it.

Reply

Subject: Re: [#[REDACTED]]: Re: We’ve updated our Privacy Policy
To: Maria [REDACTED] <support@namecheap.com>
Date: Sat, 16 Jun 2018 15:10:49 +0200

You do know that to comply with the GDPR, you are required to DELETE any
personally identifying information, which extends to the accounts.
Therefore, not deleting accounts but closing them violates that
requirement.

Sadly, private persons have no real means to enforce GDPR compliance.
However, as you are obviously willful in not complying and actively
trying to confuse the process, I will now report you to the appropriate
authorities on those grounds. I hope you will get to experience the
consequences of not complying at some time.

Let me add that in this process I have had one of the worst customer
experiences ever. I will not be doing business with you again and will
actively discourage others to do business with you on the basis of my
experiences.

Response

From: Namecheap Domain Team <support@namecheap.com>
Subject: [#[REDACTED]]:  Re: We’ve updated our Privacy Policy
Reply-To: support@namecheap.com
Date: Sat, 16 Jun 2018 13:18:56 +0000 (UTC)

Hello Marcel,

Thank you for contacting Namecheap Support!

We are very sorry to hear that your experience with Namecheap was not good. We do strive to provide a positive experience to every individual.

We would like to clarify that when your Namecheap account is canceled (either voluntarily or involuntarily), all of your personally identifiable information is placed in "deactivated" status within our
corresponding databases. However, you should know that deactivation of your account does not mean your personally identifiable information has been deleted from our database entirely. We will retain and
use your personally identifiable information, if necessary, in order to resolve disputes, enforce our agreements and/or as required by laws or regulations. Thus, it may not be immediately deleted upon
request and is an approved exception to GDPR deletion rights. By creating an account with us, using our support services and/or purchasing Services, you acknowledge and agree to these terms of retention.

While the GDPR does provide the ability to request the deletion of personal data, it also instructs that this right is limited by contractual and/or legal grounds for retention, some of which require a
7-year retention period such as SSL certificates. We will ensure that your information is deleted as soon as possible according to these guidelines. Please refer to our Privacy Policy at
https://www.namecheap.com/legal/general/privacy-policy.aspx .

Should you have any additional questions or concerns, feel free to contact us any time and we will be glad to sort them out.

------------------
Regards,
Marina [REDACTED]
Namecheap Customer Support

So, nothing new here. More canned text blocks with general information and standard procedure what amounts to a formal and respectfully written middle finger. This is what you expect from slick corporations are those working on the fringes of legality. I expect customer service to be personal and precisely not the pseudo-legalese I was confronted with.

Given that practically all support representatives I interacted with had Russian first and last names, I wonder what kind of company Namecheap is exactly — or has become over time. The fact that they are a US company does not mean there are no unsavoury connections. Even if it’s as simple as hiring the people who can be paid the least. Either way, lesson learned. I will never do any business with them again. Additionally, not with any company sporting “cheap” or “discount” within their name.

Setapp

I had signed up for a trial of the Mac App Store alternative and found not enough worthwhile software in the offer that I didn’t already own. Also, I don’t like subscriptions.

In progress, awaiting response.

Initial Email

From: Setapp Team <support@setapp.com>
Subject: We've updated our Privacy Policy and Terms of Service
Date: Fri, 25 May 2018 01:19:10 +1000

Hi there,       You've probably already seen quite a few emails like this, so we'll keep it brief. We have updated our  Privacy Policy [https://setapp.com/privacy-policy?utm_source=pp-update-email&utm_medium=email&utm_campaign=pp-update-email] and  Terms of Service [https://setapp.com/terms-of-use?utm_source=pp-update-email&utm_medium=email&utm_campaign=pp-update-email] to comply with the new GDPR requirements. We kindly ask you to read them and get familiar with the updates.       Not much has changed, we've always been careful and responsible with the data we collect. This is an information notice and you don't need to respond to this letter.        Your Setapp Team                        This email is a required legal notice. You received it because you have a registered account with  Setapp.com [https://my.setapp.com/account?utm_source=pp-update-email&utm_medium=email&utm_campaign=pp-update-email] and we are notifying you of changes to our Privacy Policy and Terms of Service.  Setapp Ltd., NSC Campus, Mahon, Cork, T12 XY2N, Ireland

Yes, that’s exactly how the email looks like in a text email client.

  • Again a Privacy Policy email with Google Analytics tracking that is invoked without even agreeing to its use. The HTML part of the email is booby-trapped with all kinds of image loading tracking.

Initial Request

Subject: Re: We've updated our Privacy Policy and Terms of Service
To: Setapp Team <support@setapp.com>
Date: Sun, 27 May 2018 16:51:06 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you have on
me and immediately following that fully delete it afterwards, including all
accounts that may be active or inactive in my name, in short: everything you
know about me and is in any way connected to me. Additionally, I explicitly
deny you any right whatsoever to collect any data about me or is connected to
my person in the future.

You shall confirm that the deletion has taken place and you will comply with my
request of non-collection of personal data within one week.

Thank you.

Response

From: "Volodymyr [REDACTED] (Setapp Customer Support)" <support@setapp.com>
Subject: [Setapp] Re: Re: We've updated our Privacy Policy and Terms of Service
Reply-To: Setapp Customer Support <support@setapp.com>
Date: Tue, 29 May 2018 06:50:59 +0000

[...]

Volodymyr [REDACTED], May 29, 09:50 EEST

Hello Marcel,

Thank you for contacting Setapp Customer Support.

This message is to confirm that we've received your subject access request for the [REDACTED] Setapp account and started our work on preparing it for you. You will receive the report within
the period of 40 days from your request, as specified in the Act. You will also receive further notifications about the account removal, as requested.

Best regards,

Volodymyr [REDACTED] | Setapp Customer Support
https://support.macpaw.com.com/

A month is now 40 days. Interesting. I will have to reschedule a couple of things then.

Reply

Subject: Re: [Setapp] We've updated our Privacy Policy and Terms of Service
To: Setapp Customer Support <support@setapp.com>
Date: Thu, 31 May 2018 09:38:27 +0200

You are aware that you are required to comply with my request within 4
weeks at the latest, correct? 40 days is way past that time limit. I urge
you to speed this up. I really cannot see what could possibly take you this
long to compile the data you collected on me. It sure lets me suspect you
collected a lot more than you should have. Failure to comply will result in
an official report to the proper authorities.

Response

From: "Volodymyr [REDACTED] (Setapp Customer Support)" <support@setapp.com>
Subject: [Setapp] Re: Re: We've updated our Privacy Policy and Terms of Service
Reply-To: Setapp Customer Support <support@setapp.com>
Date: Thu, 31 May 2018 08:15:38 +0000

[...]

Volodymyr [REDACTED], May 31, 11:15 EEST

Hello Marcel,

Yes, that's correct. A month after the request. This does not mean it will take a whole month, though and we hope to deliver it faster.

Best regards,

Volodymyr [REDACTED] | MacPaw Customer Support
http://macpaw.com/support

Reply

Subject: Re: [Setapp] Re: Re: We've updated our Privacy Policy and Terms of Service
To: Setapp Customer Support <support@setapp.com>
Date: Sat, 16 Jun 2018 15:11:38 +0200

It's been two weeks already — when can I expect my request to be
fulfilled?

Toggl

I have no freaking idea what this even is.

Still awaiting response. Say that they make take longer than 4 weeks, claiming the GDPR only states "without undue delay". Longer than 4 weeks to provide user data is clearly "with undue delay".

Initial Email

From: Toggl <info@toggl.com>
Subject: Toggl Terms of Service and Privacy Policy change
Reply-To: Toggl <info@toggl.com>
Date: Tue, 29 May 2018 14:48:58 +0000



https://toggl.com/
Dear Toggler,

You’ve probably received tons of emails from all your favorite apps recently.
We are here to join in: we have updated our Terms of Service and Privacy Policy.
We made changes to these documents to make sure we’re prepared for the EU’s General Data Protection Regulation.

This update doesn’t change our existing and continued commitment to keep your data safe.
We’re not using your data for anything other than to provide you with the best possible experience and to help you get the most out of your time tracking.

If you have already read and accepted the new Terms and Privacy Policy, there is nothing more you need to do.

If you haven’t had a chance to review the updated documents, you can find them at https://toggl.com/legal.
After reading the updated Terms of Service and Privacy Policy, please accept them in the web app.

ACCEPT IN THE APP (https://toggl.com/app)
If you have any questions, please feel free to get in touch with us by replying to this email.

All the best,
Toggl team

Initial Request

Subject: Re: Toggl Terms of Service and Privacy Policy change
To: Toggl <info@toggl.com>
Date: Tue, 29 May 2018 16:50:04 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Toggl <info@toggl.com>
Subject: Re: Toggl Terms of Service and Privacy Policy change
Reply-To: Toggl <info@toggl.com>
Date: Wed, 30 May 2018 09:52:49 +0000 (UTC)

[...]

Hi Marcel,

Thanks for getting in touch.
We'll aim to respond to any legitimate GDPR request within a month of its receipt but it may take us longer if your request is particularly complex or you have made several requests. If that is the case,
we shall let you know and keep you updated.

Best regards,
--
Nick
Toggl Support

Reply

Subject: Re: Toggl Terms of Service and Privacy Policy change
To: Toggl <info@toggl.com>
Date: Thu, 31 May 2018 09:44:42 +0200

You do realize that you have a maximum of 4 weeks to comply with my
request? I don’t see a scenario in which this is not possible as you
shouldn’t have complex distributed data about me in the first
place.

I expect my data dump and its following deletion June 29, 2018 at the
latest. Failure to comply will result in a report to the proper
authorities.

Response

From: Toggl Support <support@toggl.com>
Subject: Re: Toggl Terms of Service and Privacy Policy change
Reply-To: Toggl Support <support@toggl.com>
Date: Thu, 31 May 2018 08:46:34 +0000 (UTC)

[...]

Dear Marcel,

to clarify - the GDPR specifies only "without undue delay". See the quote below

> The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay

We as Toggl process the data when and only it’s needed for the processing as requested by the user. To be able to fully comply with the erasure requests we have to take into account the consistency of our overall data, and operational effectiveness to guarantee delivering the service to all users without exception.

Your request has been filed, and we will proceed forward in a best way respecting the compliancy, internal policies and service quality.

Let me know if i can help you further.

Thank you

Radim [REDACTED]


---

Radim [REDACTED]
Toggl Business

www.toggl.com

Blog: blog.toggl.com
Twitter account: twitter.com/toggl
Facebook page: www.facebook.com/Toggl

Nice. So here we are with an example of legal nitpicking. Since Article 17 GDPR does indeed read

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: […]

it means that “undue delay” is completely non-defined. What constitutes a reasonable time frame is up to interpretation. Good luck getting a bad actor to behave on the grounds of GDPR legislation. They can take all the time they “need”, betting on you forgetting about your request in the first place.

How it can take longer than four weeks to comply with a data request and its deletion for a single user is beyond me. It’s obvious those companies were collecting way more than they should have and are now struggling to keep it under wraps. I fail to see another reason. Since companies are required to comply with the requests, the sheer volume of requests cannot be the limiting factor. Those are engineering companies. Engineers build automated workflows for that. Unless, that is, you’ve built a data kraken even you don’t fully understand.

Reply

Subject: Re: Toggl Terms of Service and Privacy Policy change
To: Toggl Support <support@toggl.com>
Date: Sat, 16 Jun 2018 15:05:11 +0200

When can I expect my request to be fulfilled? It's been two weeks
already.

Response

From: Toggl Support <support@toggl.com>
Subject: Re: Toggl Terms of Service and Privacy Policy change
Reply-To: Toggl Support <support@toggl.com>
Date: Mon, 18 Jun 2018 01:46:54 +0000 (UTC)

[...]

Hi Marcel,

Thanks for getting back to us.

It's in the queue with our backend team as they have to manually process these requests. Unfortunately, I can't advise of an exact timeframe but all requests will be processed in order so please rest
assured that it should be handled soon.

All the best,
--
Jordan

Toggl Support

www.toggl.com

appear.in

I had used this video chat application at one time due to project requirements years ago.

They have no workflow in place to provide user data upon request and do not respond to further questions.

Initial Email

From: "appear.in" <feedback@appear.in>
Subject: Updates to our Terms of Service, Privacy Policy and Cookie Policy
Reply-To: feedback <feedback@appear.in>
Date: Thu, 24 May 2018 13:16:03 +0000

You are receiving this because you have registered an account with this email in appear.in. Go to account: https://appear.in/user/profile

At appear.in we take our users' privacy very seriously. To strengthen our users’ control of their data, and ensure that we’re compliant with the new EU directive for privacy (GDPR) coming into force on May 25th, we have made several updates to our service.

New Terms of Service, Privacy Policy and Cookie Policy
We have updated the Policies that govern your use of appear.in. You should take time to read them carefully:

Terms of Service: https://appear.in/information/tos/
Privacy Policy: https://appear.in/information/tos/privacy-policy/
Cookie Policy: https://appear.in/information/tos/cookie-policy/

Key updates include:
You must be 16 years old to use appear.in
You are responsible for any content you upload, show or share in appear.in (including room names, profile pictures, background images, content shown/shared in video and audio, shared screen content. You must ensure that any content is not breaching our list of Prohibited User Content: https://appearin.helpscoutdocs.com/article/191-list-of-prohibited-user-content, or violates other users’ privacy or copyrights.
Our Privacy Policy now lists the different types of personal data we collect, how they are being used and the legal ground for collecting them.

New Privacy Settings
You can now give and revoke your consent to different types of communication in our new Privacy Settings: https://appear.in/user/privacy/consents. If you want to view or export the personal data we have stored about you, an option to download the data is available from the Privacy Settings: https://appear.in/user/privacy/consents page.

The new Terms, Privacy Policy and Cookie Policy will take effect on May 25, 2018. By using appear.in on, or after that date, you'll be agreeing to these updates. If you want to delete your account, you can do so in Profile Settings: http://www.appear.in/user/profile.

Review your email settings
We need your consent to continue sending you emails about improvements, new features and invitations to user research surveys. Take a moment to review your new privacy settings for consents, to make sure you continue receiving only the communication that you want:

Review email settings:
https://appear.in/user/privacy/consents


To learn more, visit the new Privacy section: https://appearin.helpscoutdocs.com/category/186-privacy in our FAQ. For any questions, please contact privacy@appear.in.

This email is a required legal notice about your account; it is not a marketing or promotional email. That is why this email does not contain an unsubscribe link.

Initial Request

Subject: Re: Updates to our Terms of Service, Privacy Policy and Cookie Policy
To: feedback <feedback@appear.in>, privacy@appear.in
Date: Sun, 27 May 2018 16:51:52 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.
  • I reviewed their privacy information and added the respective email address for such inqueries.

Response

From: Feedback <feedback@appear.in>
Subject: Re: Updates to our Terms of Service, Privacy Policy and Cookie Policy
Cc: privacy@appear.in
Date: Mon, 04 Jun 2018 17:52:56 +0000

[...]

Hi Marcel!

I apologize for the delayed response here.Hate to see you go! In order
to ensure that account deletion is authorized by the account holder,
we respectfully ask that you use the self-service page at
https://appear.in/user/profile [1] to do this. We'll send you a code
to validate that you are the rightful holder of this email address,
you'll then have the option to "Delete profile". You do not need to
remember a password.

It is very easy to delete your user, just follow these steps:

    * Copy the email address you received this message to
    * Go to https://appear.in/user/profile [2] and enter the email
address
    * You will receive a one-time login code to verify that you own the
email
    * Click “Delete profile” to complete the account deletion

If you have any trouble with the process please let us know!

Have a good day!

Links:
------
[1] https://appear.in/user/profile
[2] https://appear.in/user/profile

--
Ashley Sachs
Customer Support Manager
feedback@appear.in
Stay in touch with us!
Blog [1] | Twitter [2] | Facebook [3] | Instagram [4] | Newsletter
[5]


Links:
------
[1] https://blog.appear.in/
[2] https://twitter.com/appear_in
[3] https://www.facebook.com/appear.in.video
[4] https://www.instagram.com/appear_In/
[5] http://eepurl.com/MSYTP

Reply

Subject: Re: Updates to our Terms of Service, Privacy Policy and Cookie Policy
To: Feedback <feedback@appear.in>
Date: Sat, 16 Jun 2018 15:00:10 +0200

While that may take care of the profile, what about the data dump of all
the information you have on me, as required by the GDPR?

Additionally, since I am the one using the registered email address,
there is no conceivable way your argument about having to log in
manually holds water. If I were not the account holder, all I would have
to do is reset the password to achieve the same result. Therefore I
assume it's a thinly veiled attempt at frustrating me into not going
through the steps needed to delete the account.

Therefore I am again asking you to comply immediately with the following
request:

1. Send me a dump of all data you have collected on me.
2. Following that, completely delete all data you have collected on me,
which of course includes any active or inactive account with you.
3. Comfirm that the deletion has taken place.

Failure to comply with this reasonable request will result in reports to
the appropriate authorities.

Reply

Subject: Re: Updates to our Terms of Service, Privacy Policy and Cookie Policy
To: Feedback <feedback@appear.in>
Date: Tue, 19 Jun 2018 16:11:50 +0200

Will you please respond to my questions?

Freeletics

I have no idea how I ended up with them. Probably I’ve looked into their app and they required signing up to see anything.

Deleted account and data without providing me with a dump of the collected data. Marked the support ticket as "solved" although my request it is still not resolved.

Initial Email

From: Freeletics <instructors@mails.freeletics.com>
Subject: We are updating our terms and conditions and privacy policy
Reply-To: Freeletics <re-2QVQRAYN-[REDACTED]@mails.freeletics.com>
Date: Fri, 25 May 2018 23:24:23 +0200 (CEST)

View email in browser
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html&value.bmLanguage=en

====================================================================

FREELETICS
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

====================================================================

Hi Marcel,

the privacy of your personal data is very important to us. That’s
why, on May 25th, 2018, we’re updating our general terms and
conditions and privacy policy. With these changes, your privacy is
protected even more, and we hereby address the high standards of the
new EU General Data Protection Regulations (GDPR). In fact, even
members of the Freeletics Community living outside of Europe will
benefit from the updated conditions. Want to know how it will affect
you? Read on to find out more.

====================================================================

What does this mean for you?

With these changes we want to ensure that you enjoy full
transparency concerning everything that has to do with your data and
Freeletics. This includes, for example, information about how we
collect, process, use and protect personal data. Below are the most
important changes to the terms and conditions and the privacy
policy:

====================================================================

We provide more clarity

We want to clarify details in the terms of use of Freeletics to
ensure both parties - you as a Freeletics user, and we as the
service provider - are on the same page. The main changes in the
terms and conditions include the following points:

- We introduced some rules concerning user profile names: Domain
names or web URLs are not valid user names, unless approved by us.
- We explain cancellation details about our product packages, such
as the Training & Nutrition Bundle.
- We clarify that we have separate terms and conditions for
different deals, sales and promotions - such as reward programs -
for the purpose of information and participation.
- We define clear rules concerning the publication of inappropriate
content by users and the consequences: Advertising commercial
websites or other products through the user account is prohibited.
Furthermore, we reserve the right to delete published instigating
content without forewarning.
- We state that we are not participating in dispute resolution
proceedings.
- We reserve the right to adjust the general terms and conditions
with future effect if this is required by the legal, regulatory or
technical environment. Of course, these changes have to be within
reason and will take your interests into consideration.

====================================================================

We provide more transparency

We want you to understand how and what kind of data we collect and
use, for which purposes we use your personal information, and how
you can control this usage. Our updated privacy policy clarifies our
processes with data, such as data storage and deletion, as well as
how you can use your account settings to manage our usage of your
data. Moreover, we want you to know in detail what your rights and
our responsibilities towards you are. We also provide you with more
detailed information about the newsletter subscription.

====================================================================

We offer you more control

You decide if you want to share your journey with other Free
Athletes. Despite the fact that we are one big community, we respect
if users want to control their network within the app. Because this
is very important to us, we clearly state this in our terms of use:

You have the possibility to make changes to your profile settings,
such as who can see your information, i.e. user profile, training
data, posts, training spots, etc. We should inform you that unless
you make changes to these privacy settings, all Freeletics users
will be able to view your profile. You can set these profile
settings to private at any time, which allows only selected Athletes
to access your profile.


To learn more about what’s changing, please feel free to check out
the new terms and conditions in more detail here [1] and have a look
at our privacy policy here [2].

If you don’t agree with the changes mentioned above, you can object
within the next 14 days after receiving this email by writing an
email to customer support. Please note that in the event of
objection, we explicitly reserve our rights of ordinary
cancellation. If you do not object to the validity of the new
general terms and conditions and privacy policy within 14 days, then
we will regard the changes to have been accepted - meaning you’re
okay with the new updates.

[1]
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

[2]
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

====================================================================

Glad to have you on our team, Athlete. Keep achieving!

====================================================================

The Freeletics Instructors Team

====================================================================

App Store
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

Google play
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

--------------------

Freeletics
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

Facebook
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

Twitter
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

YouTube
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

Instagram
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

Pinterest
http://mails.freeletics.com/go/16/2QVQRAYN-[REDACTED].html

====================================================================

You received this mandatory email service announcement to update you
on important changes to your Freeletics account. This email was sent
automatically and therefore cannot receive replies. For further
information and support, please contact us at support@freeletics.com
[1].

Copyright © 2018 Freeletics GmbH, All rights reserved.
Freeletics - Lothstr. 5 - 80335 Munich, Germany

Court: Munich, HRB 205346, VAT-ID: DE289794913
Managing Director: Daniel Sobhani


[1] mailto:support@freeletics.com

Initial Request

Subject: Re: We are updating our terms and conditions and privacy policy
To: Freeletics <re-2QVQRAYN-[REDACTED]@mails.freeletics.com>, support@freeletics.com
Date: Sun, 27 May 2018 16:44:11 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Iliana | Freeletics Support Team <support@freeletics.com>
Subject: [Freeletics] Re: Re: We are updating our terms and conditions and privacy policy
Reply-To: support@freeletics.com
Date: Mon, 28 May 2018 13:26:10 +0000

[...]

Hi Marcel,

Thank you very much for your message.

We have received your request and will contact you as soon as we extract your data.

Don't hesitate to contact us, if you should have more questions.

* * *

Iliana | Freeletics Support Team

freeletics.com

facebook.com/freeletics

Do you have any questions? Visit our Help Center

Response

From: Freeletics Support <support@freeletics.com>
Subject: [Freeletics] Re: Re: We are updating our terms and conditions and
 privacy policy
Reply-To: support@freeletics.com
Date: Tue, 12 Jun 2018 12:26:07 +0000

[...]

Your request (442685) has been solved.
<br>----------------------------------------------

Freeletics Support, Jun 12, 14:26 CEST

Hi Marcel,

Thank you for your message.

Thank you for writing to us about your data at Freeletics. We checked our records and we do have personal data stored for your email address, marcel@irulan.net. We will send you an email to the address registered with Freeletics with a link where you can download your data. Keep an eye on your inbox, and don’t forget to check your spam folder, too. **The link to your data will be valid for 7 days.**

We hope we’ve helped you with your request. Please don’t hesitate to contact us again about privacy issues. Or go to the privacy settings in your app. There you can request your data automatically and adjust all of your privacy settings.

In addition, we have just deleted your Freeletics account and all the data associated with it.


We take your privacy seriously. To learn more about your privacy, your personal data, and your rights, please view the document we attached to this email.


Best



* * *

Clara | Freeletics Support Team

freeletics.com
facebook.com/freeletics

Do you have any questions? Visit our Help Center

Attachment(s):
report data template.pdf - https://help.freeletics.com/attachments/token/[REDACTED]/?name=report+data+template.pdf

Reply

Subject: Re: [Freeletics] Re: Re: We are updating our terms and conditions and privacy policy
To: Freeletics Support <support@freeletics.com>
Date: Sat, 16 Jun 2018 14:53:23 +0200

I still haven't received the link to the data.

Twilio

Despite having to manually delete my account and their automated ticketing system trying to be too smart for its own good, the collected data was sent to me and I could delete the account.

I used to use Authy, their one-time password (OTP) application for securing access via two-factor authentication (F2A). I stopped using it as soon as 1Password gained the functionality.

Initial Email

From: Twilio Updates <Twilio-updates@campaigns.twilio.com>
Subject: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio Updates <twilio-updates@twilio.com>
Date: 24 May 2018 20:44:22 -0400


Ready for GDPR: Authy User Data Deletion
-----------------------------------------

Dear Customer,

The Authy team, along with the entire Twilio team, has been working hard to get ready for the European Union’s new General Data Protection Regulation (GDPR). As part of these new rules, customers can request that a company delete all data about them, and companies must have a process to fulfill those requests.

To that end, any Authy user can delete all of the data that we store about them by visiting https://forms.authy.com/users/deletion.

However, many of our customer implementations of Authy are not visible to the end-user, and so your users may not know that their data is being held with Authy. You can remove a user’s data from Authy by removing the user from your Authy app via this API https://www.twilio.com/docs/authy/api/users#remove-a-user  or the Twilio console at twilio.com/console/authy.

Authy users are shared between different customer applications. That means that if one of your users is using Authy on multiple websites, the user’s data will not always be fully deleted when you remove them from your integration with Authy.

*If the user has not been associated with any other application, and has not used the Authy app to backup authenticator tokens, the user’s data will be completely deleted.

*If the user has enabled 2FA with another application, but the email provided by the user to your application is NOT the primary email associated with the account, the email provided by your application will be deleted. The user will also no longer be associated with your Authy app.
*If the user has enabled 2FA with another application, and the email provided by your application IS the primary email associated with the account, the authentication history and data associated with your app will be deleted, but phone number and email will not. The user will no longer be associated with your Authy app.

In order to ensure that you are complying with GDPR, you should:

*Remove any user that requests deletion from your Authy app via this API https://www.twilio.com/docs/authy/api/users#remove-a-user or the Twilio console at twilio.com/console/authy .
*Alert the user that you use Authy to power your two-factor authentication, that as part of that service Authy stores user data such as phone number and email, and that the user can visit https://forms.authy.com/users/deletion  to ensure that all of their data will be deleted.
*Include this information in your Privacy Policy.

You can find more information about the work Twilio is doing to help you comply with GDPR at twilio.com/gdpr.

Sincerely,

The Authy Team

If you have any questions or concerns, please email us at help@twilio.com <mailto:help@twilio.com>.

Twilio, 375 Beale St, Suite 300, San Francisco, CA 94105

initial Request

Subject: Re: Ready for GDPR: Authy User Data Deletion
To: privacy@twilio.com
Date: Sun, 27 May 2018 16:49:44 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: "Esdras [REDACTED] (Twilio)" <support@twilio.com>
Subject: [Twilio] Re: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio <support@twilio.com>
Date: Wed, 30 May 2018 19:12:36 +0000

[...]

Hi Marcel.

Thank you for contacting us at Authy Support.

We have a clear understanding that you have the right to request this information.

To be able to disclose this information we will need first to verify that you are the owner of this account and that you have the right to this information.

Please respond to this thread mentioning both codewords I will be sending to your email and phone.

Thank you for your understanding.

Kind regards,

Esdras [REDACTED]
Sr. Technical Support Engineer
Twilio, Inc. - https://www.twilio.com/help

Office hours: 12m - 9pm GMT Monday - Friday
For emergency support, please directly contact help@twilio.com

Reply

Subject: Re: [Twilio] Re: Ready for GDPR: Authy User Data Deletion
To: Twilio <support@twilio.com>
Date: Thu, 31 May 2018 09:05:47 +0200

E-Mail: [REDACTED]
Phone: [REDACTED]

Response

From: "Esdras [REDACTED] (Twilio)" <support@twilio.com>
Subject: [Twilio] Re: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio <support@twilio.com>
Date: Fri, 01 Jun 2018 16:13:11 +0000

[...]

Hi.

Thank you for your prompt response.

We are now working on gathering your data, I will ask you for a few days while we do it and let you know as soon as we have it compiled.

Thank you for your reply.

Best regards,


Esdras [REDACTED]
Sr. Technical Support Engineer
Twilio, Inc. - https://www.twilio.com/help

Office hours: 12m - 9pm GMT Monday - Friday
For emergency support, please directly contact help@twilio.com

Response

From: Twilio <support@twilio.com>
Subject: Re: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio <support@twilio.com>
Date: Wed, 06 Jun 2018 17:03:21 +0000

## In replies all text above this line is added to the ticket ##

Hi Marcel,

It's been a few days since I last heard from you and I wanted to check in with you to see if you had received my last update.

Please let me know if you have any questions about my reply or if you need more time to respond.  If the issue is fixed or resolved, I would love to know that as well.

If I don't hear back from you in a few days, I will check back to see how you are doing.  I look forward to hearing from you.

Sincerely,

Esdras [REDACTED]
Customer Support
Authy

Response

From: Twilio <support@twilio.com>
Subject: Re: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio <support@twilio.com>
Date: Mon, 11 Jun 2018 18:14:05 +0000

## In replies all text above this line is added to the ticket ##

Hi Marcel,

It's been about a week since we talked last - how time flies!  I am hoping that my response helped to fix your issue, but I don't want to assume that.  Our customer experiences are very important to us
and I want to make sure that I do my best to ensure that the problem is resolved.  Please let me know if you have any feedback or if everything is working now.

If I don't hear back from you in a few days, I will close this ticket for now.  Thank you.

Sincerely,

Esdras [REDACTED]
Customer Support
Authy

In hindsight I should have realized that the emails were auto-generated. However, it’s an inexcusable mistake to sign auto-generated notifications with the name of the person you’re talking to. You never do that. Never. You will receive messages like the following one if you do it regardless.

Reply

Subject: Re: Ready for GDPR: Authy User Data Deletion
To: Twilio <support@twilio.com>
Date: Sat, 16 Jun 2018 14:52:05 +0200

I have indeed received your update. Why in the world you would need to
have me verify to have received what amounts to a notification that it
takes more time is beyond me. The only reason can be a thinly veiled
attempt at aborting the data notice and deletion via a tiny
technicality.

I expect that my request will be processed within the next week. Failure
to comply with this deadline will result in a comprehensive report to
the appropriate authorities. I'm rather annoyed by your transparent
attempts to confuse the process. I have already asked for a dump of all
the data you have on me followed by the full deletion of all data. I
don't see any reason why I should have to continue to verify anything.

Just get it done.

Response

From: "Esdras [REDACTED] (Twilio)" <support@twilio.com>
Subject: [Twilio] Re: Ready for GDPR: Authy User Data Deletion
Reply-To: Twilio <support@twilio.com>
Date: Mon, 18 Jun 2018 18:58:57 +0000

[...]

Hi Marcel.

I'm sorry this ticked started requesting updates from you.  It was us who were supposed to send you your information as you requested, this is not how it supposed to behave, and we are taking necessary precautions to prevent this from happening again.

Also, I'm attaching here a pdf file with the data we have about you.

This ticket includes a secure attachment. Use this link to access the attached files: https://twilio.sendsafely.com/receive/?thread=[REDACTED]#keyCode=[REDACTED]


To delete your data on our systems and close your Authy account, we have provided a self-service option for closing and deleting your account. This process includes a number of verification steps to ensure that this request is authentic and to prevent the unintended loss of access to the accounts that you use 2FA for. These will include confirmation emails which will give you the opportunity to terminate the process if you change your mind during the 30 day period. Please note that once the process is completed it is irreversible and we cannot recover your account.

In order to proceed, please use the link provided below and follow the prompts:

https://authy.com/account/delete/

**_Note: If you have created and registered an Authy app for others to log into (Via the Authy Dashboard or Twilio Console), you will need to delete it prior to closing and deleting your account._**

We have appreciated the opportunity to help secure your accounts and we are happy to provide this option for your secure account deletion. If you run into any issues with this process or have any questions about it, please let us know.



Esdras [REDACTED]
Sr. Technical Support Engineer
Twilio, Inc. - https://www.twilio.com/help

Office hours: 12m - 9pm GMT Monday - Friday
For emergency support, please directly contact help@twilio.com

Hype Machine

In progress, awaiting response.

I have no idea what this is and how they got my information.

Initial Email

From: Hype Machine <hello@hypem.com>
Subject: Privacy Policy Update (also, hi)
Reply-To: hello+m[REDACTED]@hypem.com
Date: Thu, 14 Jun 2018 10:41:04 +0000 (UTC)

  Hi [REDACTED],

  Just a note to let you know that we’ve updated our Privacy Policy to
  clarify how we use your information. We also provide simple tools that let
  you control your data:

  • You currently do not allow us to send you occasional, non-essential email
  updates. You can opt in

  • You can download a copy of your data (favorites, listening history, etc).

  • You can also sync your favorites with other services

  • Finally, you can delete your account and all related data.

  If you haven’t checked us out in a while, catch up quickly on the best new
  music in our weekly 🥞 Stack newsletter

  This is Hype Machine’s 13th year on the web, and our second as a
  listener-supported service. Read about what we do, and how we’ve been
  funding our independent company.

  Support Hype Machine today →

  — Anthony, Zoya, and Dave

  https://hypem.com

  [20S] [242] [520]
  Questions? Just reply to this email.
  Follow us on Twitter, SoundCloud and Spotify.

  This email was sent to Hype Machine user [REDACTED] ([REDACTED])
  because it is an essential update about our service.

  Hype Machine 161 Engert Ave #2R Brooklyn NY 11222.

  You can't unsubscribe from billing messages or critical service updates,
  but you can delete your Hype Machine account to stop receiving email from
  us completely.

Initial Request

Subject: Re: Privacy Policy Update (also, hi)
To: hello+m[REDACTED]@hypem.com
Date: Sat, 16 Jun 2018 14:44:40 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Snyk

Simple, straight-forward process and apparently no data collected that wasn't strictly necessary. However, their website uses a ton of tracking scripts. Who is responsible for providing me with the data collected by third-party services — the one implementing it on a website or the company running the tracker?

A vulnerability database for open source software components. A tested it but the deal breaker for me was that it requires you to have all your repositories on GitHub or GitLab, no self-hosting options available.

Initial Email

From: Guy Podjarny <contact@snyk.io>
Subject: Guess what – we've updated our privacy policy too!
Reply-To: contact@snyk.io
Date: Thu, 24 May 2018 05:14:01 -0700

Hi there,

You've probably had a lot of these types of email already, and we're sorry to add to that. We'll try and keep this short!

Privacy policy

We've reviewed and updated our privacy policy (https://info.snyk.io/e1t/sc2/[REDACTED] ) . Here are a few key things that have changed:

- We've updated the section on what information we store and why.
- We've added more detail around when we disclose personal information to third parties.
- We've updated the section about the rights you have around the processing of your personal information.

Notifications

We've made some big improvements to your notifications settings – you now have many more options to customise the emails you receive from us (https://info.snyk.io/e1t/sc2/[REDACTED] ) about vulnerabilities, license issues, and new products and services. Please be aware that if you opt out of certain notifications you may not hear about important updates.

Other updates

Some less visible changes we've made in the past few months to protect your data include:

- Setting up additional audit logs.
- Restricting internal access to any personally identifiable information.
- Reviewing our third parties and partners to ensure they are GDPR compliant.
- Reviewing both our internal and external processes regarding data protection, retention, and privacy.

If you have questions about any of these things, reply to this email or send us a message through our website (https://info.snyk.io/e1t/sc2/[REDACTED] ) .
Stay secure!

Guy Podjarny, CEO

Snyk

1 Mark Square



London

United Kingdom





You received this email because you are subscribed to Product Updates
from Snyk.

Initial Request

Subject: Re: Guess what – we've updated our privacy policy too!
To: Guy Podjarny <contact@snyk.io>
Date: Sun, 27 May 2018 16:53:05 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Anna from Snyk <anna@snyk.io>
Subject: Re: Re: Guess what – we've updated our privacy policy too!
Reply-To: Anna from Snyk <anna.[REDACTED]@snyk.inbound.intercom-mail.com>
Date: Mon, 28 May 2018 09:44:19 +0000

Thank you for your message. We understand that you wish to be deleted from our systems. We will start the process of deleting you from all our systems. In order to complete this we will have to run checks
on various different platforms to ascertain if your data appears in those places. We will inform you when this has been done, and as requested, send you all the data that we had on you.

Response

From: Danny from Snyk <danny@snyk.io>
Subject: Re: Re: Guess what – we've updated our privacy policy too!
Reply-To: Danny from Snyk <danny.[REDACTED]@snyk.inbound.intercom-mail.com>
Date: Thu, 07 Jun 2018 08:07:06 +0000

Hi Marcel,
 Wanted to provide you with the requested information, and let you know that following this email we will completely delete your account.
 ====== Email address: [REDACTED] Github username: [REDACTED] Snyk organisaztion name: [REDACTED] ======
 Kind Regards, Danny

Response

From: Snyk <accounts@snyk.io>
Subject: Your Snyk account was deleted
Date: Wed, 13 Jun 2018 07:58:52 +0000

Hi [REDACTED],

Your account has now been deleted.

I'm sorry to hear Snyk didn't provide value to you, and I'm curious to hear why. Would you have time to drop me a note with feedback?

Kind regards,

The Snyk team

MacUpdate

Still awaiting response.

Initial Email

From: MacUpdate <no-reply@macupdate.com>
Subject: Updates to your email settings and more GDPR fun
Date: Fri, 25 May 2018 01:27:54 +0000

More Power to You

Thank you for being a loyal MacUpdate community member. We've made a few changes to give you more control over the communication you receive and more transparency about the information we use to improve our products.

Email Settings

We've updated our email offerings to make sure you get the information you want or send you nothing at all.

We may send occasional emails like this one with legal information

We may send account-related email messages that are triggered by your site activity, such as welcome emails, notifications, and reminders.

With your continued permission, we will send you promotional messages based on yourpreferences.

Please take a moment to review and change your Email Settings (http://mg.macupdate.com/c/eJxVkLtuwzAMRb_GWoQYlhzL6aAhQOquRYHOBi3RiQrrAT0a5O-[REDACTED]).

Privacy Policy

We wanted to let you know that we're making some important updates to our Privacy Policy (http://mg.macupdate.com/c/eJx1kD1vwjAQhn9NvFhEsU0cMnhAoulaVeocHbYBo_hD8bmIf18XWDpUuul97uPRGQWiA-IU79iu67lkA-[REDACTED]) that will go into effect on May 25, 2018.

We're committed to protecting your privacy. That's something that will never change. These updates aim to explain what happens to the data we collect from you, provide details on how we protect your privacy, and address new privacy laws.

In our Privacy Policy, we've added detailed explanations about what information we collect from you and why, what we do with it, and how we make sure that information stays safe and private.

We've also added a section to make sure users in the European Economic Area understand their rights under the new EU General Data Protection Regulation (GDPR).

Products and Features
Our new Privacy Policy reflects our current product offerings and features.

We encourage you to read through our updatedPrivacy Policyto make sure you understand the changes and how they affect you. By continuing to use MacUpdate on or after May 25, 2018, you agree to these updates. Other than that, there's nothing you need to do.

Thank you for being a part of MacUpdate. We look forward to continuing to be your favorite Mac community and your trusted source for great Mac resources

Please let us know if you have any questions at all.

Initial Request

Subject: Re: Updates to your email settings and more GDPR fun
To: support@macupdate.com
Date: Sun, 27 May 2018 16:39:02 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Joel <support@macupdate.com>
Subject: Re: Re: Updates to your email settings and more GDPR fun
Reply-To: Joel <support@macupdate.com>
Date: Tue, 29 May 2018 15:33:11 +0000 (UTC)

Hi Marcel,     Thanks for reaching out to us.     First, you will need to go here: https://www.macupdate.com/member/account-preferences and request your data. Please read the text and once you have done
so let me know and then I can delete your account. You will need to click the word "here" to request your data.     Cheers,  Joel Editorial Content & Support | MacUpdate support@macupdate.com
Ticket: https://support.macupdate.com/helpdesk/tickets/[REDACTED]

Reply

Subject: Re: Updates to your email settings and more GDPR fun
To: Joel <support@macupdate.com>
Date: Tue, 19 Jun 2018 17:33:15 +0200

I have done this. It reads "Request was sent and is in progress" for
three weeks now. What is going on?

No-IP

They do not respond at all.

Initial Email

From: No-IP <notice-[REDACTED]@noip.com>
Subject: NOTICE: Updates to Our Privacy Policy and Terms of Service
Reply-To: notice-[REDACTED]@noip.com
Date: Wed, 23 May 2018 19:06:46 -0700 (PDT)

We’re updating our Privacy Policy and Terms of Service Agreement

The new European General Data Protection Regulation (GDPR) goes into effect on
May 25, 2018. We want to assure you that No-IP takes your personal data
seriously and is taking all of the necessary actions to be compliant with this
GDPR regulation.

To help you understand what this means for you and the steps we have taken to
ensure the protection of your personal data, we have updated our Privacy
Policy and Terms of Service Agreement. You can view the updated versions here:
Privacy Policy and Terms of Service.

The updated Privacy Policy and Terms of Service automatically come into effect
for all No-IP users on May 25, 2018. If you continue to use our service, you
are agreeing to the changes to these policies.

If you do not agree with the updates to our Privacy Policy and Terms of
Service Agreement, please deactivate your No-IP account before May 25, 2018.
(To deactivate your account, log in, click Account on the left navigation,
scroll down and click “Deactivate” on the left.) Please note, accounts
with active paid services will need to contact our Customer Success team to
deactivate their account.

Thanks again for being a No-IP customer!

No-IP

Note: This email is a required legal notice; it is not a marketing or
promotional email. That is why this email does not contain an unsubscribe link
and why you are receiving this email even though you may have unsubscribed
from No-IP's marketing emails.

Initial Request

Subject: Re: NOTICE: Updates to Our Privacy Policy and Terms of Service
To: notice-[REDACTED]@noip.com
Date: Sun, 27 May 2018 16:55:52 +0200

Regading account [REDACTED]

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

n/a

Sketch App

Take a long time to respond and deletion of my data means losing the ability to use a paid software product.

Initial Email

From: Sketch App <privacy@sketchapp.com>
Subject: Important updates to Sketch Terms of Service and Privacy Policy
Reply-To: Sketch App <privacy@sketchapp.com>
Date: Thu, 24 May 2018 13:13:40 +0000

Sketch


** We’re updating our Terms of Service and Privacy Policy
------------------------------------------------------------
We’re making some important updates to our Terms of Service and Privacy Policy. Don’t worry, these are just small changes to make it easier for you to find out what data we store and what you can do with it.

Here’s a quick summary of what’s changing:
* More transparency — We’ve explained what data we store and what we do with it. We've also provided information on what third parties we work with to provide our services.

* Control over your data — We’ve made it easier to find out how to request your data and how to have it deleted.

* Sketch Cloud — We’ve created new terms for Sketch Cloud (https://sketchapp.com/tos)  that will explain what data and information we store and how we use it, as well as security and privacy information.

* Security — We’ve outlined in detail (https://sketchapp.com/security/sketch-cloud/)  what steps we take to ensure your work and your personal data always stay secure.

We care about your privacy and that’s why we were already GDPR compliant, and why we only store customer data that is needed to provide our services. We also think privacy is for everyone, which is why we’re ensuring that our policies continue to meet the high standard of the European data protection laws, and why we’re extending the same rights to all our users, inside and outside the EU.

You can learn more about these changes and how they affect you here (https://sketchapp.com/legal/) . We encourage you to read our terms and get in touch with us at privacy@sketchapp.com (mailto:privacy@sketchapp.com?subject=RE%3A%20Important%20updates%20to%20Sketch%20Terms%20of%20Service%20and%20Privacy%20Policy) , if you have any questions or concerns.

The new Terms of Service (https://sketchapp.com/eula) and Privacy Policy (https://sketchapp.com/privacy) will take effect on May 25, 2018 and, by using Sketch or any of our services on or after that date, you will be agreeing to these updates.

Thanks for using Sketch.

The Sketch Team

Initial Request

Subject: Re: Important updates to Sketch Terms of Service and Privacy Policy
To: Sketch App <privacy@sketchapp.com>
Date: Sun, 27 May 2018 16:52:24 +0200

Hello,

with regard to the GDPR, I kindly request that you send me all data you
have on me and immediately following that fully delete it afterwards,
including all accounts that may be active or inactive in my name, in short:
everything you know about me and is in any way connected to me.
Additionally, I explicitly deny you any right whatsoever to collect any
data about me or is connected to my person in the future.

You shall confirm that the deletion has taken place and you will comply
with my request of non-collection of personal data within one week.

Thank you.

Response

From: Jorge [REDACTED] <privacy@sketchapp.com>
Subject: Re: Important updates to Sketch Terms of Service and Privacy Policy
Reply-To: privacy@sketchapp.com
Date: Tue, 19 Jun 2018 12:25:15 +0000

Hi,

Thank you for contacting us.

You'll find attached your personal data in a machine-readable format. It's a JSON file with info about your License(s).

About the deletion, please note that deleting all your data will imply the deletion of a Sketch License. Meaning that you'll lose the ability to use Sketch until the version 43.2. Please confirm if you
want to proceed with the deletion.

Best regards,


—
Jorge [REDACTED]
Customer Support at Sketch
www.sketchapp.com

Apple

No emails, no fuss, you can do everything easily yourself.

Apple provides a self-service portal at https://privacy.apple.com where you can immediately request and download the data associated with your Apple ID.