GDPR - first ever request

JamesAus

Active member
Hi All, one of my members who has recently been banned for 7 days seems to want to cause time-wasting and problems for our site, and sent this email:

Subject access request

In accordance with Article 15 of the General Data Protection Regulation (GDPR) of the European Union, by which XXXXXXX is bound, I am hereby making a data subject access request in respect of the personal data you (i.e. XXXXXXXXX) hold in relation to me.

Please supply the personal data you hold about me, which I am entitled to receive under data protection law.

In particular, I am interested in receiving personal data relating to:

  • Posts made about me in the moderators forum (made between August 2006 and August 2020)
  • Emails between moderators in which I am discussed (between August 2006 and August 2020)
  • Emails sent to me by any members of the moderation team (between August 2006 and August 2020)
  • Any information pertaining to my location (e.g. IP addresses)
  • Any marketing tracking or behaviour data (e.g. click rate, website user behaviour, browser user agent, user preferences, inferred user behaviour etc.)
  • How many infraction points I currently hold.
If you need any more information, please let me know as soon as possible.

I would prefer to receive the data in MS Word/PDF format.

It may be helpful for you to know that GDPR requires you to respond to a request for personal data within one calendar month.

If you do not normally deal with these requests, you may wish to consult a solicitor or other data protection professional.

If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website is ico.org.uk, or it can be contacted on 0303 123 1113
We're a small fan site and can't afford to engage any legal assistance so I hoped the forum community here would be able to offer some advice.

In relation to the points:

  • Posts made about me in the moderators forum (made between August 2006 and August 2020
We were using vBulletin up until recently and when a reported post was made, it automatically created a thread in the subforum that we would sometimes merge into a thread about the member if they were problematic. This member was and the mod team would discuss what approach to take.

  • Emails between moderators in which I am discussed (between August 2006 and August 2020
  • Emails sent to me by any members of the moderation team (between August 2006 and August 2020)
Moderators are volunteers and other members on the site - would have thought what they do in their own personal email addresses is outside what is a reasonable request of my site?

Any information pertaining to my location (e.g. IP addresse
I believe I can get this from default XenForo contracts.

  • Any marketing tracking or behaviour data (e.g. click rate, website user behaviour, browser user agent, user preferences, inferred user behaviour etc.)
I use Google Analytics. Assume I can then pass him to Google?

  • How many infraction points I currently hold.
How is this personal data?
 
So I have the following in my terms, ans I'm curious if it covers this, or if I should add the extra clause to be safe.

We may remove or modify any Content submitted at any time, with or without cause, with or without notice. Requests for Content to be removed or modified will be undertaken only at our discretion. We may terminate your access to all or any part of the Service at any time, with or without cause, with or without notice.
That doesn't address the issue of license - you're addressing a different issue I think.
 
Top Bottom