Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Print | Email this page

Case note 294682 [2018] NZPriv Cmr 4: Woman complains about marketing cold call to her mobile

A woman was surprised when a home improvement company cold-called her mobile phone. She rejected the sales offer and asked the caller to remove her details from the company’s marketing list.

Later, she wondered how the company had her mobile phone number, name and knew what region she lived in. But she couldn’t return the call because the number displayed as unknown.

The woman later called the company’s office to find out how the company got her details. An employee told her that she would make enquiries and get back to her. But the woman heard nothing. About two weeks later, she tried again. But again she heard nothing, so she complained to our office.

Complaint

The woman’s complaint raised issues under principle 6 of the Privacy Act.

Principle 6 gives individuals the right to get confirmation that an organisation has information about them. It also gives individuals the right to access that information. 

The woman wanted to know what information the company held about her (apart from her name and mobile number) and she wanted the information deleted.

We contacted the company’s privacy officer who said he would look into the woman’s situation. Soon afterwards, he responded to say he had found the woman’s details in the company’s marketing database. The company had got her details from a home show 10 years earlier. The personal information consisted of her name, her landline and mobile numbers, and her postal box address.

Resolution

The privacy officer said if a person asked not to be contacted by the company it usually retained the person’s basic details so call centre staff knew not to contact that person. That information also allowed it to match a person’s details against the Marketing Association’s Do Not Call list. The company was ‘Data Warranted’ by the Marketing Association which meant it complied with a set of voluntary industry data safety and privacy guidelines. 

He informed us he would write a letter to the woman explaining how the company had obtained her information and to assure her that its marketing teams would now not be able to contact her in the future.

In replying, the woman made a written request for her personal information to be deleted. Principle 7 of the Privacy Act gives individuals the right to ask for information to be corrected - but it does not give individuals the right to compel an organisation to delete the information. 

Even though he was not required to by law, the privacy officer agreed to delete the information as a means to resolve the complaint. He advised our office that the information would be permanently deleted. He said he trained the company’s call centre staff about privacy - but sometimes privacy requests got missed. He intended to use this case as a training example.

The complainant said she was satisfied with the steps the company had taken to resolve the complaint. We then closed the file.

June 2018

Access – deletion – Privacy Act 1993; principle 6

Back to top