Viewing 16 posts - 1 through 16 (of 16 total)
  • GDPR and Direct Debit question.
  • CHB
    Full Member

    Just had an odd conversation on the phone with a member of staff at a large optician chain.

    At the start of this year we signed up my daughter (then 16) for their contact lens plan, with all the payment info (Direct Debit) linked to my account.

    Daughter is not using as many lenses as anticipated (and has now turned 17), so asked me to cancel the regular monthly plan and associated DD.

    I just phoned up to cancel the Direct Debit and the member of staff said “Due to GDPR we can’t discuss the account with you!”.

    Now I understand that my daughters medical info should be confidential to her under GDPR, but surely the financial info on the account should be classed as my data and not hers?

    As things stand I have cancelled the DD via the bank and will get daughter to phone up the opticians next week when she is back from four days walking in the Dales.

    Any local GDPR experts care to adjudicate on whether a parent should be able to cancel a direct debit that is in the parents name on a 17 year olds opticians account?

    wwaswas
    Full Member

    GDPR – the new ‘Data Protection’

    It’s like Health and Safety – people think it’s some sort of talisman against accountability and explanation.

    poly
    Free Member

    I would agree with you.  The messy bit could be if your daughter is committed to buying the lenses even if you cancel the payment (say it was a “signup for 12 months to get X price deal”.  However that would seem to be a credit agreement which she can’t enter at <18.  They will have a DPO just look them up on their website and send them a message.  They will probably enjoy sorting it out rather than reading a policy document everyone will ignore.

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    legend
    Free Member

    For all they know you are just phoning up to cancel her account as you’re a spiteful **** So it is a bit odd, but they’re probably in the right

    kelron
    Free Member

    If she was an adult I’d say they’re definitely in the right here, it’s her account regardless of who’s paying.

    Not sure what provision GDPR makes for children though, as parents obviously need to manage accounts for their kids up to a point.

    CHB
    Full Member

    I am a spiteful ****, but you are not permitted under GDPR to remember that unless I give permission 🙂

    The commercial set up of the DD and payment was all signed by me and is set up in my name, but with daughter as the account holder from a medical perspective. Appreciate it potentially is messy, but surely the commercial bit of GDPR data and the medical bit of the data should be two separate permissions. The view from Vision Express is that they have daughter as the customer, even though all the paperwork was signed by me.

    PrinceJohn
    Full Member

    For all they know you are just phoning up to cancel her account as you’re a spiteful **** So it is a bit odd, but they’re probably in the right

    Surely they would have security questions to stop this ?

    kelron
    Free Member

    Maybe they should be separate, ideally. In practice they probably have it all under the name of the account holder who needs to be the one making any changes.

    You do have a right to access data held about you so maybe there’s a problem there, but wasn’t that part of the old data protection act too?

    wwaswas
    Full Member

    Surely they would have security questions to stop this ?

    Like “Are you the person named on this account? No? Then we can’t let you cancel it.”

    IHN
    Full Member

    Just cancel the DD with your bank.

    grumpysculler
    Free Member

    The key is here:

    The view from Vision Express is that they have daughter as the customer, even though all the paperwork was signed by me.

    and you can’t discuss accounts with a third party unless you have permission to do so.

    legend
    Free Member

    What he says ^ Seems to be working ok

    (was meaning wwaswas but then shit got crazy!)

    thehustler
    Free Member

    Opticians are wrong……until 18 she is classed as a minor and so  unable to enter into a contract (see phnes bank acc DD’s etc) and you retain parental resposibility and are therefore able to discuss things……They are just being a bit awkward (dont want to lose the DD). Regardless of this either go in with daughter or get a letter from daughter acknowledging you can act on her behalf…..

    thehustler
    Free Member

    An example of how far wrong they are…….if your DD was to bounce would they only discuss this with your daughter regarding your banking info…….a clear breach of GDPR……some (even large) companies are so spooked by and dont really understand GDPR……Oh wait wouldn’t changing cancelling a DD on your bank be exactly the same thing…….see what I mean!

    CHB
    Full Member

    The Hustler, that’s exactly what I thought! If the contact lens agreement is in my name then it’s my financial data, not my daughters, and though it’s her prescription it’s me who signed the DD and supply agreement.

    Cougar
    Full Member

    I’ll wager this is just a random employee being over-cautious.  Ring them up again and speak to someone else.

Viewing 16 posts - 1 through 16 (of 16 total)

The topic ‘GDPR and Direct Debit question.’ is closed to new replies.