Sponge it - surveys / focus groups for rewards?

lisa_celtic

Got this back from Data Commissioner..

To Whom It May Concern

I acknowledge receipt of your e-mail to the Data Protection Commissioner.
Where your email relates to a query (as distinct from a formal complaint
under the Data Protection Acts),
you should be aware that in line with our Customer Service Charter we aim
to reply within 15 working days and usually much sooner.
In doing so, we will communicate clearly, providing you with a full
response to your query.

If we are not in a position to issue a reply within that period, we will
inform you of its status.Regards

Office of the Data Protection Commissioner
Canal House
Station Road
Portarlington
Co. Laois

MadsL

Dav wrote: »

I've received the following from Ger Farrell who's the MD of Sponge ITSo human error and case already on file with the Data Commissioners. For what it's worth, I think they've handled this very well and have taken all the correct steps in terms of notifying the Data Commissioners and sending emails to people who were sent the initial mail in error. It can't have been a fun day for their team and having gone through a hack, I can certainly empathise with them.

Dav, I see that it was a data retention problem that caused this, in other words had they not (illegally I might add) retained data that was given for a specific purpose and then "accidentally" used it for another, they would not have this problem.

Had their data retention policies been correct they would never have been able to do this. I trust SpongeIT if they are reading will now completely review these policies.

It can't have been a fun day, but hanging on to information you probably already know you shouldn't have is what causes these incidents.

As to being hacked, I know you are not saying they were, but let's be clear, they weren't, they did this to themselves. I do however think dealing directly with the DPC is a laudable approach and I am glad they did not try any diversionary tactics or excuses.

Dav

I'm checking with them in relation to their data retention - I need to confirm that we've got all the data of the actual census and will then ask that it all be deleted from their records.

I'll also ask about the mails that were sent around Christmas time.

mickdw

Does one have to contact them telling them that email was received in order for them to send out the apology?

iora_rua

mickdw wrote: »

Does one have to contact them telling them that email was received in order for them to send out the apology?

I'd like an answer to this as well please. Got the e-mial last night, started filling in the questionnaire, then suddenly realised that I had no idea who this lot were or why they should be contacting me - so didn't reply!

The e-mail is still sitting in my 'inbox' and I haven't received any apology - do I just delete and forget, or what?

Dav

I just got this from Ger

I have just received my first response from the data protection commission and we are working through that now.

Absolutely you have received all the information and everything is deleted on both the research and its members.

The data protection commission are outlining the next steps they want us to take, but yes everyone will be receiving a personal apology by email from Sponge It.

As I know you appreciate making sure this is done correctly and in line with the relevant authorities takes a little more time.

So that's all I have for the moment. The Data Commissioners will investigate and I can tell you from personal experience they're really good at what they do.

CrazyRabbit

but yes everyone will be receiving a personal apology by email from Sponge It.

More spam!!!

The Big Red Button

As I read through this thread, I became more and more left out because of the fact that I didn't received this e-mail.

Then I found it in my Spam folder. Yay, I can be outraged now! \o/

hdowney

I didn't I wanted 50 quid!

gallag

How can they send apology emails if they deleted the address?

El Inho

Just wanna point out that this crowd are the height of professionalism.

Sure they had that cock up, but personally don't care about my email reaching them as it landed fifty snots into my pocket :P

Just wanted to come back and comment that I've had the highest of positive experiences with them guys.

MadsL

El Spearo wrote: »

Just wanna point out that this crowd are the height of professionalism.

I understand that 50 snots makes you feel highly about them, but using data you are not supposed to be using, even by "accident" is not professional.

Professionalism would have ensured that the data in your possession had a specific trackback for each and every entry that detail when where and what permissions for use had been made by the owner of that data. Why? Because the law is very, very clear about what you can and cannot do with personally identifiable data.

Now, their response to their failure to be professional, has been very professional. But please don't try and tell me they behaved professionally in the first place. Data Protection legislation should be carved into the forearm of every marketing "professional" - sadly some of them either don''t care, or don't know the law until something like this happens to them.

If you work in Sales, or Marketing or Promotions take heed.

Orion

El Spearo wrote: »

Sure they had that cock up, but personally don't care about my email reaching them as it landed fifty snots into my pocket :P

And that's exactly the attitude professional spammers look for. For me - every single email that I didn't specifically request takes some of my time to delete. My time - not theirs. And I want that time back. So I use my spam filter and I report breaches to the DPC and the spammer's provider where appropriate.

That said I agree totally with MadsL - they have been very professional after the fact and I would have a high degree of certainty that they won't screw up in this fashion again.

I'm still waiting for the €50 charity donation they promised me on facebook though. If I don't see a receipt in the next day or two I'll be writing to them - pen on paper even.

wonderfulname

I found this in my spam folder, interestingly the Christmas mail went straight to my inbox and I never marked it spam, so the wording of the email would have put it there.

I hate when I see these things and just think "I could well do a better job at pissing people off than this lot".

Mongarra

I received the original e-mail but no sign of the apology. I suppose if they have done as promised and have deleted all e-mail addresses, they cannot now send the apology.

Dav

Just wanted to post an update on this which I received about 30 mins ago from the MD of Sponge It

Ger Farrell wrote:

We wish to individually apologise to all those who received our mail in error on Thursday the 14th of February.

As we have since deleted all contact details and records if you would like to receive a personal apology please email mailerror@spongeit.ie.

We will shortly be making a €1,000 donation to the Jack and Jill Foundation and will post receipt of this on our Facebook page.“

Ger Farrell
Managing Director
Sponge It

wnolan1992

So to get an apology for them misusing our email addresses, we have to give them our email address?


I think I'll be fine without an apology then...

MadsL

Good job on the €1000 donation by means of apology. Kudos.

shinikins

I'd like to see a public apology on their Facebook page, or maybe even a reply to the messages posted on it,(and an apology for deleting posts)

Also, maybe its just me but €1000 only covers 20 people's €50 fee if they had taken up the offer. Cheap, and unprofessional.

travis1976

Looks like they're at it again... recieved this a couple of mins ago

Hi there,

We would like to thank you for completing our recent survey in which you expressed an interest in our focus groups.

While we conducted a huge amount of focus groups we had huge demand; and for this reason you may not have heard from us until now.

Already we are lining up more groups for the coming weeks so if you would like to stay in touch for future groups please sign up to our panel. Otherwise we will be deleting your details as part of our new data processing procedures.

To find out more or to join up to our panel please click here: Join the panel here

Thank You

The Sponge It team

Obviously someone had a word, because they're deleting details..

Sky King

Well if you actually completed their form to say that you're interested in their focus groups, that is a legitimate use of your email address surely?

I think the problem here originally was that people were being contacted out of the blue, never having expressed an interest.

Happyman42

I have to say, this company dealt very professionally with my own complaint and satisfied me that it was a mistake and that they recognised the seriousness of it.

Sofaspud

Sky King wrote: »

Well if you actually completed their form to say that you're interested in their focus groups, that is a legitimate use of your email address surely?

I think the problem here originally was that people were being contacted out of the blue, never having expressed an interest.

Even then, I don't think the data protection laws apply to this type of email. Direct marketing is sales or advertising, market research is a different kettle of fish altogether and isn't covered by the same laws.

kingtut

Sky King wrote: »

Well if you actually completed their form to say that you're interested in their focus groups, that is a legitimate use of your email address surely?

I think the problem here originally was that people were being contacted out of the blue, never having expressed an interest.

I received both e-mails and have had no dealings with the company

MadsL

travis1976 wrote: »

Looks like they're at it again... recieved this a couple of mins ago

Hi there,

We would like to thank you for completing our recent survey in which you expressed an interest in our focus groups.

While we conducted a huge amount of focus groups we had huge demand; and for this reason you may not have heard from us until now.

Already we are lining up more groups for the coming weeks so if you would like to stay in touch for future groups please sign up to our panel. Otherwise we will be deleting your details as part of our new data processing procedures.

To find out more or to join up to our panel please click here: Join the panel here

Thank You

The Sponge It team

Obviously someone had a word, because they're deleting details..

Travis, send them a "subject data access request" email back requesting your personal details under the Data Protection Act.
I wish to make an access request under Section 4 of the Data Protection Acts 1988 and 2003 for a copy of any information you keep about me, on computer or in manual form in relation to...

They will have to send you
(a) a copy of the data,
(b) a description of the purposes for which it is held,
(c) a description of those to whom the data may be disclosed and
(d) the source of the data unless this would be contrary to public interest

Also ask for proof of your consent to be emailed.

That should clear things up.

MadsL

Sofaspud wrote: »

Even then, I don't think the data protection laws apply to this type of email. Direct marketing is sales or advertising, market research is a different kettle of fish altogether and isn't covered by the same laws.

Yes it is. They are directly marketing their service to you; which is market research.

jamesbondings

sorry to drag up an old thread, but got another email and wondered if anyone else did??

this time by a group call user needs ireland?

i rarely accept to pass on my details to third parties and it reminded me of this.

Spear

jamesbondings wrote: »

sorry to drag up an old thread, but got another email and wondered if anyone else did??

this time by a group call user needs ireland?

i rarely accept to pass on my details to third parties and it reminded me of this.

I got the original spam from spongeit, but didn't receive anything else or anything from User Needs Ireland.

Fr_Dougal

jamesbondings wrote: »

sorry to drag up an old thread, but got another email and wondered if anyone else did??

this time by a group call user needs ireland?

i rarely accept to pass on my details to third parties and it reminded me of this.

Domain that it was sent from?

jamesbondings

excuse my ignorance? domain like.ie .com kind of thing?