Contents page 1 — my data – and quadrupled from 86 other customers page 2 — fear of identity theft page 3 — privacy complaints almost On a page

: Among other things, these articles are to be found in a document, received after a Request for the data information according to the European data protection basic regulation of a large online furniture retailer. Only: the recipient of The list has ordered these goods never. And the data also does not your. The recipient is me.

What happened?

DSGVO the end of may in the EU-final, came into force, was flooded by Mails from online shops. I also. An E-Mail came to me because I could not remember to have ever made it to the online shop bought. A short answer to this mail with the request for information and subsequent deletion is quickly sent out and the opportunity is equal to all of the companies that had registered because of the DSGVO. Some companies don’t react at all, some require only a passport copy and others will actually respond to the content.

the listed Berlin-based online furniture retailer Home24, which the Samwer brothers are involved, and Holtzbrinck Ventures, which belong to the Holtzbrinck Publishing Group, which also publishes the TIME. In the first three quarters of the year 2018 Home24 made a turnover of 221 million Euro. About two months after the request a friendly email with a password secured PDF. : Data that has saved the company about me, a – now no longer a valid postal address, private email address, telephone number, and gender. But not only that.

credit card information, and credit index

The document is over 200 pages long and contains the data of 86 other customers. So it is that I know that Mrs B. of Cologne has ordered for 819,97 Euro bedroom furniture. A Mr. K. from my Berlin Nachbarkiez probably not a good payment morale. And that Home24 has taken my data from a different furniture retailer, than it bought. At least I know now why the company has originally written at all, although I have bought never.

The stored information of the other customer’s name and address on mail address and the phone number to the payment method, and in some cases credit card information with expiration date and card holder, as well as four Digits of the credit card number and a credit index.

© Michael stern, Rita Louder

editor in the Department of politics, the economy and society, TIME ONLINE

to the author of the page

To the document cloudy: “The credit rating index is created on the basis of the customer data and specifies a value on a scale of 0-1, where 0 is the assessment of risk in relation to the fulfilment of the best value.”

Apart from the fact that all of this information is private, and no third concern – a bad and in such an unclear way of incurred credit index can not only damage reputation, but also future loans, contracts, and purchases more difficult. And with the combination of the contact details and the only part of the encrypted credit card data, fraudsters could start quite a bit. The easiest way: a phone call, a Phishing email or a letter with the request to indicate missing data.