I run a small company and have in the last months, received a few very intimidating legal notices from a firm called Privacy Bee.
They've caught my and my counsel's attention because while they claim to be protecting people's privacy, they cite individuals that my company has never done business with, has not emailed, and has no records of.
We have spent considerable resources checking and double checking our lists so we are sure that we are not keeping records of them or direct marketing to them so we don't know what to make of it. As I look at them and see that they are charging a subscription to users, I wonder more and more about them.
Privacy Bee is one of these highly automated web companies which is incredibly buckled down and private. .No individuals are listed. For those of you not familiar with this, it's sometimes companies that are doing something controversial and nobody wants their name actually associated with it. Specifics.:
- The Privacy Bee website does not cite a single individual who invests in the company or works at the company. NO executives, no president, no individual to address legal concerns to. Nothing. Even the fine print, nothing.
- LinkedIn shows no individuals working there.
- Webhosting info is carefully managed so no individual can be found (I think btw, they are not in compliance with the need to make these records transparent). https://whois.domaintools.com/privacybee.com
- Date or birth
- mobile cell phone
- secondary phone number
- home address
Does clicking on I refuse somehow put me on record that my company refuses to support privacy?
From: Privacy Bee <email@example.com>
Sent: date, 2020
To: "MY COMPANY" <emails@ "MY COMPANY">
Subject: Urgent Followup: Legal Request for Data Deletion and Opt-Out of Resale [Request ID: xyz]
Concerns: "MY COMPANY"
Request ID: xyz
Signed Power of Attorney: Yes
Request Date: November 2020
Respond At: https://app.privacybee.com/request/xyz
To Data Protection Officer or Legal Counsel:
I am hereby submitting a follow-up to a personal data request pursuant to Section 1798.105 of CCPA (SB-1121), Article 17 of GDPR, Nevada SB-220, New Hampshire HB 1680-FN, Washington Privacy SB-5376, Illinois DTPA SB2330, New York S5462, Hawaii SB 418, North Dakota HB 1485, Massachusetts S-120, Maryland SB 613, Texas Privacy Protection Act HB 4390, or other applicable right-to-be-forgotten legislation. If you feel my data is exempt from privacy legislation for any reason, I'm still asking you to respect my wishes regardless, as I believe privacy is a universal human right and I'm hopeful the integrity of your organization will honor my request with or without legal requisite.
The initial request was sent <time and date> UTC and I still have not received a response that my request has been fulfilled. This is a reminder that you only have 5 days left to respond!
Specifically for "MY COMPANY":
- Data Deletion: I hereby request the immediate and complete purging of any and all information your company has on me including but not limited to: user accounts, marketing data, transaction data, behavioral data, social data, CRM records, or absolutely anything that that contains my personal information.
- No Dissemination: if any information is being or has been disclosed, resold, licensed, rented, or otherwise disseminated by your company to third parties, I hereby request to opt-out of that data sharing, and request you communicate this request for opt-out and deletion to those entities as well.
If I have given consent to the processing of my personal data (e.g. according to Article 6(1) or Article 9(2) GDPR, or other applicable legislation), I am hereby withdrawing said consent. In addition, I am objecting to the processing of personal data concerning me (which includes profiling).
As I’m legally permitted, please confirm your compliance of my request without undue delay and in any event within one month of receipt of this request.
I am including the following information necessary to identify me:
Primary Phone: xxx (Mobile)
Secondary Phone: yyy (Home)
Primary Address: specific home address
Birthday: Detailed date of birth
If you require additional information to resolve my identity, to view my signed Power of Attorney authorizing this request, or to respond to this request, please visit: https://app.privacybee.com/request/xyz
If you do not answer my request within the stated period, I and my legal privacy advocate, Privacy Bee, are reserving the right to take legal action against "MY COMPANY" and to lodge a complaint with the responsible supervisory authority.
This request was submitted by and tracked by Privacy Bee (privacybee.com).
Route::get('request_followup', [TestEmailController::class, 'request_followup']);
In reviewing Privacy Bee's Terms of Service, I note that they are NOT a law firm.