I run a small company and have in the last months, received a few very intimidating legal notices from a firm called Privacy Bee.
They've caught my and my counsel's attention because while they claim to be protecting people's privacy, they cite individuals that my company has never done business with, has not emailed, and has no records of.
We have spent considerable resources checking and double checking our lists so we are sure that we are not keeping records of them or direct marketing to them so we don't know what to make of it. As I look at them and see that they are charging a subscription to users, I wonder more and more about them.
Privacy Bee is one of these highly automated web companies which is incredibly buckled down and private. .No individuals are listed. For those of you not familiar with this, it's sometimes companies that are doing something controversial and nobody wants their name actually associated with it. Specifics.:
- The Privacy Bee website does not cite a single individual who invests in the company or works at the company. NO executives, no president, no individual to address legal concerns to. Nothing. Even the fine print, nothing.
- LinkedIn shows no individuals working there.
- Webhosting info is carefully managed so no individual can be found (I think btw, they are not in compliance with the need to make these records transparent). https://whois.domaintools.com/privacybee.com
- Date or birth
- mobile cell phone
- secondary phone number
- home address
Does clicking on I refuse somehow put me on record that my company refuses to support privacy?
From: Privacy Bee <email@example.com>
Sent: date, 2020
To: "MY COMPANY" <emails@ "MY COMPANY">
Subject: Urgent Followup: Legal Request for Data Deletion and Opt-Out of Resale [Request ID: xyz]
Concerns: "MY COMPANY"
Request ID: xyz
Signed Power of Attorney: Yes
Request Date: November 2020
Respond At: https://app.privacybee.com/request/xyz
To Data Protection Officer or Legal Counsel:
I am hereby submitting a follow-up to a personal data request pursuant to Section 1798.105 of CCPA (SB-1121), Article 17 of GDPR, Nevada SB-220, New Hampshire HB 1680-FN, Washington Privacy SB-5376, Illinois DTPA SB2330, New York S5462, Hawaii SB 418, North Dakota HB 1485, Massachusetts S-120, Maryland SB 613, Texas Privacy Protection Act HB 4390, or other applicable right-to-be-forgotten legislation. If you feel my data is exempt from privacy legislation for any reason, I'm still asking you to respect my wishes regardless, as I believe privacy is a universal human right and I'm hopeful the integrity of your organization will honor my request with or without legal requisite.
The initial request was sent <time and date> UTC and I still have not received a response that my request has been fulfilled. This is a reminder that you only have 5 days left to respond!
Specifically for "MY COMPANY":
- Data Deletion: I hereby request the immediate and complete purging of any and all information your company has on me including but not limited to: user accounts, marketing data, transaction data, behavioral data, social data, CRM records, or absolutely anything that that contains my personal information.
- No Dissemination: if any information is being or has been disclosed, resold, licensed, rented, or otherwise disseminated by your company to third parties, I hereby request to opt-out of that data sharing, and request you communicate this request for opt-out and deletion to those entities as well.
If I have given consent to the processing of my personal data (e.g. according to Article 6(1) or Article 9(2) GDPR, or other applicable legislation), I am hereby withdrawing said consent. In addition, I am objecting to the processing of personal data concerning me (which includes profiling).
As I’m legally permitted, please confirm your compliance of my request without undue delay and in any event within one month of receipt of this request.
I am including the following information necessary to identify me:
Primary Phone: xxx (Mobile)
Secondary Phone: yyy (Home)
Primary Address: specific home address
Birthday: Detailed date of birth
If you require additional information to resolve my identity, to view my signed Power of Attorney authorizing this request, or to respond to this request, please visit: https://app.privacybee.com/request/xyz
If you do not answer my request within the stated period, I and my legal privacy advocate, Privacy Bee, are reserving the right to take legal action against "MY COMPANY" and to lodge a complaint with the responsible supervisory authority.
This request was submitted by and tracked by Privacy Bee (privacybee.com).
Route::get('request_followup', [TestEmailController::class, 'request_followup']);
In reviewing Privacy Bee's Terms of Service, I note that they are NOT a law firm.
4. Fees and Payment.
You agree to pay fees (the “Fees”) for the Services on a monthly basis (the “Subscription”), in advance, in the amounts set forth in our price list for the Services in effect at the time of payment. The Fees applicable to you are set forth when you sign up for your Account, and may be amended by us, from time to time, in our sole discretion and with advance notice to you. By signing up for the Services, you expressly authorize us to withdraw funds from your bank account and/or charge your payment card (as applicable) for the full amount of the Fees. Since the Services are on-going and are subject to recurring payments, you expressly authorize us to withdraw funds from your bank account and/or charge your payment card on a recurring basis until you affirmatively cancel, remove or stop your use of the Services. You may be provided with the option to prepay Fees in advance on a quarterly or annual basis, in which event we may offer a discount or other incentive to you. All Fees paid by you for, via, or in connection with the Services are final and are non-refundable. You understand that the fees you pay to the Company for the Services are associated with the attempt to exercise your rights under the CCPA, and not for the guarantee of results associated therewith.
They claim extensive rights to any info their subscribers provide them.
7.3 User Content. You hereby grant to us a royalty-free, fully paid-up, sublicensable, transferable, perpetual, irrevocable, non-exclusive, worldwide license to use, copy, modify, create derivative works of, display, perform, publish and distribute, in any form, medium or manner, any text, information, data, materials, images, or other content you provide to us using the Services or submit or post to the Site and that is not Feedback owned by us (the “User Content”). You represent and warrant that: (a) you own the User Content or have the right to grant the rights and licenses in these Terms, and (b) the User Content and use by us of the User Content as licensed herein does not and will not violate, misappropriate or infringe on the rights of any third party. We may remove any User Content from the Site for any reason at our discretion.
In the Privacy Bee privacy agreement they both say that they don't sell (unclear if they license) personal data and won't without some sort of opt out first. And I quote:
- For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see Section 3 “How We Use Your Information” above. We collect this information for the business and commercial purposes described in Section 4 “How We Share and Disclose Your Information” above. We share this information with the categories of third parties described in Section 4 “How We Share and Disclose Your Information” above. We do not sell (as such term is defined in the CCPA) the Personal Information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes as further described in Section 4 “How We Share and Disclose Your Information” above.
Post a Comment