On 2020-06-02 at 22:58 +0100, Tim Bray via mailop wrote: > > I don't really believe I've been sat in people's dormant lists (at an > email service provider) for years and years. I think it is fresh > lists extracted from CRMs and webstores, but maybe several years of > old data. And maybe people sharing lists with their mates or when > sales people move companies. > > (if you pay by paypal, then pretty much the merchant gets your email > address whatever)
> I've put a subject access request into mailchimp, so I'll see what > comes back. I guess depends whether mailchimp think they are governed > by GDPR or not. I was going to suggest GDPR. IANAL, but I think they would need to have proper evidence for processing of your data.* Maybe one company has really been doing its homework for so long, and can provide that you signed up on a web form at xxxx on 15th February 1997 11:47 am, with name "Nadine" and checkbox "Feel free to spam me whenever you want" checked. Actually, I would doubt that the consent of (most) marketing lists gathered prior of GDPR would pass (did they really inform you back them of everything your are now entitled to?). In fact, even for later ones, they are probably still not getting properly the consent for processing. (user consent is not the only legal path for processing your information, but it's certainly the easiest one. Sending an invoice could easily fit as 'legitimate interest' but adding you to a marketing list wouldn't) * I'm not sure if mailchimp would qualify here as the processor or not. Anyway, I think you should be able to reach them with your request, and they should be liable to get that information from their customer. Of course, should the customer not timely produce such information, they should be booted from the platform with no further questions needed. Best regards _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
