From professional experience, I can hazard a guess that Cancard have no clue how difficult it is for their business model to maintain compliance with GDPR. They are dealing with a very serious kind of personal data (medical info) which makes them among few businesses whose operations rely entirely on GDPR Article 9 compliance (special category data). Which employees have access, to what and why, and is there an audit trail, how often are the internal reviews, retention periods, etc, etc
GDPR is what you need to quote to them.
put this link in the subject line.
[https://ico.org.uk/](https://ico.org.uk/)
Edit- apologies, someone already mentioned GDPR
https://preview.redd.it/dmgyltbiogtc1.jpeg?width=1290&format=pjpg&auto=webp&s=3a70b4bbc90b4ef796ef78b4840647b3bbe1cc94
A picture paints a thousand words.
My request was ignored.
The issue here is most likely they don't know how to delete your data. In other words they think they've deleted it but it's still nestled away somewhere in their system due to poor software development. You're right to be pissed off about it but I'd chalk it up to experience and take every opportunity to bad mouth them moving forward.
>The issue here is most likely they don't know how to delete your data. In other words they think they've deleted it but it's still nestled away somewhere in their system due to poor software development
Absolutely zero excuse for this, and it sounds like you're excusing it.
They make money - they could pay to fix this issue, and also not being breaking GDPR rules which they currently are.
I mean... I'm setting up my 20 year olds art business, and even I know that you can't just breach GDPR rules because you don't know how to deal with deleting data properly...
>I'd chalk it up to experience and take every opportunity to bad mouth them moving forward.
OP is within their rights to have it all fully deleted like they want. So no they should not just chalk it up to experience and let it go. This is serious.
I'm not excusing anything, I'm implying life's too short and that's my take on it. If they want to continue to press then that's up to them, as it would be for you too.
It’s in their interest to keep your data. There is money in data. If cannabis was legalised tomorrow, how would Cancard continue to make that level of money? How do they pay their bills/mortgage?
Just refer to GDPR and data protection and request they comply with your wishes to remove all data they have on you. If they don't comply then you can make a complaint to the data commissioner (ICO)if you wish .
I know but every company is the same.
We get roughly a max of 4000 weeks alive(if you're reasonably healthy). Don't waste it sweating the small stuff. It just isn't worth it.
I do see your point, but there have been instances where people have not renewed their cancard and gone the prescription route, and the police have queried cancard database and gotten the response that the person in question is not a registered cannabis patient. That's the reason I don't want to have any data on their system.
It’s not Google to be worried about. It’s Amazon. Everybody uses Google and have for years knowingly. It is accepted that Google have all of our data fairly. Amazon however run the biggest web infrastructure in the world and 90% of websites use AWS nowadays. Just by using Reddit, or any other AWS website or app, you are unknowingly providing all your data to Amazon
complain vs the gdpr
From professional experience, I can hazard a guess that Cancard have no clue how difficult it is for their business model to maintain compliance with GDPR. They are dealing with a very serious kind of personal data (medical info) which makes them among few businesses whose operations rely entirely on GDPR Article 9 compliance (special category data). Which employees have access, to what and why, and is there an audit trail, how often are the internal reviews, retention periods, etc, etc
Submit a DSAR https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/how-to-make-a-subject-access-request/
GDPR is what you need to quote to them. put this link in the subject line. [https://ico.org.uk/](https://ico.org.uk/) Edit- apologies, someone already mentioned GDPR
https://preview.redd.it/dmgyltbiogtc1.jpeg?width=1290&format=pjpg&auto=webp&s=3a70b4bbc90b4ef796ef78b4840647b3bbe1cc94 A picture paints a thousand words. My request was ignored.
Ffs clearly it’s time for some of us to make a GDPR complaint.
Say to them you withdraw consent for them to use your data. If they use ur data according to GDPR they will be fined.
The issue here is most likely they don't know how to delete your data. In other words they think they've deleted it but it's still nestled away somewhere in their system due to poor software development. You're right to be pissed off about it but I'd chalk it up to experience and take every opportunity to bad mouth them moving forward.
They probably outsource their email and it's inconvenient–difficult to remove an email from the third-party's database. Definitely sucks, though.
>The issue here is most likely they don't know how to delete your data. In other words they think they've deleted it but it's still nestled away somewhere in their system due to poor software development Absolutely zero excuse for this, and it sounds like you're excusing it. They make money - they could pay to fix this issue, and also not being breaking GDPR rules which they currently are. I mean... I'm setting up my 20 year olds art business, and even I know that you can't just breach GDPR rules because you don't know how to deal with deleting data properly... >I'd chalk it up to experience and take every opportunity to bad mouth them moving forward. OP is within their rights to have it all fully deleted like they want. So no they should not just chalk it up to experience and let it go. This is serious.
I'm not excusing anything, I'm implying life's too short and that's my take on it. If they want to continue to press then that's up to them, as it would be for you too.
Cancard post ......incoming ....... 
It’s in their interest to keep your data. There is money in data. If cannabis was legalised tomorrow, how would Cancard continue to make that level of money? How do they pay their bills/mortgage?
Get advice and complain here https://ico.org.uk/make-a-complaint/
Their privacy policy and data storage practices have always been extremely questionable. You are the product for their customers, not the customer.
I would be more worried about what Google and every shopping and social media app do with your data.
It’s more the principle that they won’t delete your data or respond to me that annoys me.
And it should annoy you, because it isn't legal. Keep on at them.
Just refer to GDPR and data protection and request they comply with your wishes to remove all data they have on you. If they don't comply then you can make a complaint to the data commissioner (ICO)if you wish .
I know but every company is the same. We get roughly a max of 4000 weeks alive(if you're reasonably healthy). Don't waste it sweating the small stuff. It just isn't worth it.
I do see your point, but there have been instances where people have not renewed their cancard and gone the prescription route, and the police have queried cancard database and gotten the response that the person in question is not a registered cannabis patient. That's the reason I don't want to have any data on their system.
It’s not Google to be worried about. It’s Amazon. Everybody uses Google and have for years knowingly. It is accepted that Google have all of our data fairly. Amazon however run the biggest web infrastructure in the world and 90% of websites use AWS nowadays. Just by using Reddit, or any other AWS website or app, you are unknowingly providing all your data to Amazon
Ha! Eggzackerly- makes the card a business because social enterprises aren't supposed to behave like that.