Hello!
To use the forum, login or register above.
(If you are already logged in above, please click here)
Issues with BO's Privay Policy
I'm worried about particular phrases in the Privacy Policy, which you can find here: https://www.brickowl.com/privacy
(1)
"Brick Owl processes personal data as a Controller as defined in GDPR. We process personal data to allow Users to place orders and interact with Brick Owl. All data collected by Brick Owl is stored securely in data centres located in the European Economic Area."
Since Brexit GDPR is no longer effective for the UK, the privacy policy needs to be updated and failing to do so is a criminal offence in the UK.
(2)
"Information correction & deletion. You can update any of the information that we have stored on you from your user profile, or you can contact us if you would like for your information to be deleted. Some information may need to be kept for financial record-keeping according to local government regulations."
I have submitted about one thousand edits to the BO catalogue, including many pictures. If I cancel my account I don't want them to be used in the future. According to GDPR law - which no longer is in effect since the UK left the EU, but still is in the Privacy Policy of Brickowl, I assume I still have the right to be forgotten: https://gdpr.eu/right-to-be-forgotten/
The latter will mean that all my contributions to the catalogue on BO are lost.
Please inform your sellers outside the UK how you are going to handle this and comply to the law. Thanks.
(1)
"Brick Owl processes personal data as a Controller as defined in GDPR. We process personal data to allow Users to place orders and interact with Brick Owl. All data collected by Brick Owl is stored securely in data centres located in the European Economic Area."
Since Brexit GDPR is no longer effective for the UK, the privacy policy needs to be updated and failing to do so is a criminal offence in the UK.
(2)
"Information correction & deletion. You can update any of the information that we have stored on you from your user profile, or you can contact us if you would like for your information to be deleted. Some information may need to be kept for financial record-keeping according to local government regulations."
I have submitted about one thousand edits to the BO catalogue, including many pictures. If I cancel my account I don't want them to be used in the future. According to GDPR law - which no longer is in effect since the UK left the EU, but still is in the Privacy Policy of Brickowl, I assume I still have the right to be forgotten: https://gdpr.eu/right-to-be-forgotten/
The latter will mean that all my contributions to the catalogue on BO are lost.
Please inform your sellers outside the UK how you are going to handle this and comply to the law. Thanks.
Powered by Vanilla
Comments
We would hope that any members that no longer wish to have a Brick Owl account, would not also ask for all their catalog contributions to be reverted.
It is a complicated area of both EU and UK law, but essentially, if you photograph a product that is subject to copyright, and the product is the only substantive part of the image, the photographer could not claim it to be a copyrightable work. The copyright of the photograph would belong to whoever owns the copyright of the product.
There's also the consideration that users willingly uploaded images for BrickOwl to use for purposes they were explicitly aware of (that is, they knew that by uploading images, BrickOwl would possibly use them in the catalogue). This effectively assigns the relevant part of any copyright that does exist (likely none) to BrickOwl.
Considerations under "right to be forgotten" can often be met by anonymising data, not necessarily removing it. In any case, an image of a Lego item is unlikely to qualify as they contain no personal data.
Just remove all references from the requester to the submissions hence forgetting the requester.
As far as I know there is no rule that all submitted data from a person has to be deleted, there only should no longer be a reference to a person that wants to be forgotten.
https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm
Photos might be another case, but that was not part of my question for the lawfirm. I've seen websites ask for an indefinite publication right, but that might be hard if you ave to remove attribution data.