Editor's Blog1 min ago
Organisations holding onto credit card details
Is it true that it is illegal for organisations to hold onto credit card details.
I have recently placed an order (on the internet) from a well known company who had obviously held on to my card details (from a previous order). I was not asked to complete any credit card information prior to my order being processed and accepted yesterday.
I have recently placed an order (on the internet) from a well known company who had obviously held on to my card details (from a previous order). I was not asked to complete any credit card information prior to my order being processed and accepted yesterday.
Answers
Best Answer
No best answer has yet been selected by holbreck. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.Companies can store any information about you which is included in their registration under the Data Protection Act. (I wouldn't be able to post this reply if my ISP didn't store my credit card details because my monthly payments are automatically taken from a credit card).
However, one of the underlying principles of the DPA is that personal data should not be kept for longer than is necessary. So a company can retain credit card details for as long as the vendor-customer relationship is reasonably likely to exist. (e.g. my ISP can obviously hold onto my credit card details while I'm using it for monthly payments. If I ran out of credit on that card, resulting in the termination of service from my ISP, the ISP could keep the details for long enough to see if I was able to resume making payments with the card, but not indefinitely).
The company you dealt with might argue that they need to keep your card details on file in case you return faulty goods, resulting in them making a refund to the account which you'd used to pay for the goods. In which case, they'd have the right (subject to the terms of their registration under the DPA) to retain your card details until the end of whatever period they'd offer a refund (rather than repairing or replacing the goods). Beyond that time, they'd have to show that they had reasonable cause for believing that there was an ongoing vendor-customer relationship in place.
General information about the DPA is here:
http://www.ico.gov.uk/Home/what_we_cover/data_ protection.aspx
Chris
However, one of the underlying principles of the DPA is that personal data should not be kept for longer than is necessary. So a company can retain credit card details for as long as the vendor-customer relationship is reasonably likely to exist. (e.g. my ISP can obviously hold onto my credit card details while I'm using it for monthly payments. If I ran out of credit on that card, resulting in the termination of service from my ISP, the ISP could keep the details for long enough to see if I was able to resume making payments with the card, but not indefinitely).
The company you dealt with might argue that they need to keep your card details on file in case you return faulty goods, resulting in them making a refund to the account which you'd used to pay for the goods. In which case, they'd have the right (subject to the terms of their registration under the DPA) to retain your card details until the end of whatever period they'd offer a refund (rather than repairing or replacing the goods). Beyond that time, they'd have to show that they had reasonable cause for believing that there was an ongoing vendor-customer relationship in place.
General information about the DPA is here:
http://www.ico.gov.uk/Home/what_we_cover/data_ protection.aspx
Chris
and in addition to what Chris says, you may somewhere in the initial purchase have authorised them to retain the data.
I recently made an online purchase where I was given the option 'retain CC data for future use'. I had to click to accept, (I didn't) but some companies may do it the other way round.
I recently made an online purchase where I was given the option 'retain CC data for future use'. I had to click to accept, (I didn't) but some companies may do it the other way round.
Related Questions
Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.