GDPR, data etc

As I noted in the rant thread my dishwasher broke down after just over a year and I’m not happy. Bought through an online retailer.

I’ve contacted Hotpoint to give them a chance to rectify. By that I mean waive their super kind offer of 120 quid for a standard call-out and fix. :+1:t4:

Apparently the only way I can get hold of them, without wasting a day on the phone, is via Facebook messenger or twitter. Ok, I have messenger. I’ll deal with that.

I lay out my query. Response next day says thanks, we just need your full name, address, telephone number and email address. :confused:

What for?! You’ve not even acknowledged my problem. So I give them my name and email. Next message from them - sorry we need your postcode and address.

I’m a bit more blunt. “why?”

"Hello Peter,

This is because of data protection and GDPR.

Thank you,


Is that not the exact opposite of gdpr i.e. not holding data unless you need to. We’ve not even started talking about the bloody dishwasher.

Now this stuff doesn’t normally bother me. I’m pretty blasé on data and stuff, rightly or wrongly. But this has really annoyed me. Perhaps because it’s on top of my frickin dishwasher not working.

Anyone in the data game got any advice? Or do I just accept it and move on. Cos they’ll probs end up being difficult anyway and I’ll have to get it repaired myself (for half the price).

Sorry bit long and ranty.

1 Like

The only reason I can think to take data under GDPR would be to confirm you are who you say you. But surely that doesnt fit in this case. Possibly to check warranty details but it sounds to early.

You could go back and say can you point me to the part in the GDPR regs that says you need all the data to answer a query on Facebook.

Sounds like a mistake, cant believe a big company world mess up their policy like that

1 Like

GDPR is really clear on this. You must only collect data when you have a business need to do so, and you must be very open and specific about why you need it and what you will use it for.

So… they MAY have a valid reason for needing it, but they need to tell you what that is… and “GDPR” isn’t a reason.

You could easily provide it, and then upon resolution of your issue, submit a Subject Access Request, requesting them to delete all Personally Identifying Information… which they are legally required to do, and for most orgs, is a complete ball ache.

It isn’t difficult to submit a SAR… a request on email, or even via phone is legally recognised as a SAR.


I’ve had a response from 3 different people so far. So clearly they don’t really know the reason!

I’ve already noted that it’s out of warranty, and I was never asked to register it. So there’s no database for them to check against etc. At this point I just want an acknowledgement of the issue, and to point me in the direction of someone who can offer me a resolution.

Like I said above, normally I wouldn’t care. But they’ve annoyed me now.

I’ll try pushing back one more time. Then I’ll take up your suggestion @magnacarter!


Dob them in to the ICO as well.

1 Like

They dont.

You are right, they absolutely do not need to ask you for personal data, and to say this is because if GDPR is an outright lie.

I have tried explaining it to so many phone operators it is daft.

Some companies/people do seem to use personal data as an authenticator. Which reveals their total ignorance of security AND privacy.

  1. If they called you, and you are their customer, you dont need to authenticate. They already know your details including your phone number. They need to prove they are, not the other way around.

  2. If you called them, it is fair that you need to prove you are entitled to whatever service being discussed. This should be in your case the details of the device itself, perhaps proof of purchase. Ideally, some kind of secret authenticator previously set up (password, passphrase, pin) or a one time password emailed or texted to you, depending on how expensive the service is.

In no situation is your address, birthday or mothers maiden name an acceptable authenticator for a very simple, basic security reason: They are not secret, quite the opposite…they are a matter of public record, anyone can know them.


Well these cowboys just get better and better.

4th person responding now. Still completely ignoring my question and just giving me a number to their ‘chargeable team’ regarding my query.

This is going to be fun :roll_eyes:

Are you? Whilst in transition, we’re still subject to EU rules I thought, and EU rules require a minimum 2 years

They are obligated, as a data processor ( or attempting to be) to collect the minimal amount of information needed to process you query.

This is a case people quoting ‘policy’ with zero realisation of the legal ramifications. Huge fines for companies and directors personally liable for breaching this.

Just as an aside. How handy are you? Ive frequently fixed our dishwasher and washing machines. They usually give an error code or it’s not hard to work out what’s wrong. Common stuff with dishwashers is they won’t drain, which is either a blockage or new pump needed. Wont heat, probably the element.

There is an online shop called eSpares. Stock the lot and good prices.

ETA: there is also a forum called DIY-not. Not been on it for years but it used to really helpful. As well as diyers it used to have pros on there too and there used to be an appliance repair main

1 Like

Totally unhandy! Like, every time I touch something I make it worse! :joy:

No screen, so no codes. It won’t even power up. Fuses etc have all been checked, so got to be something fairly key like the chipboard or the overheat switch (according to Google).

Technically I believe your contract is with the retailer, not the manufacturer. So while it doesn’t address the GDPR question, you could avoid Hotpoint altogether by going to whoever you bought it from.


Agreed from a perspective of the length of warranty / fit for purpose. I can’t see how a dishwasher can be reasonably considered to just cease working in the manner described in a little over a year and not be in breach of the relevant sales acts. If you’d snapped off a spinny arm or something, then they could more easily point to you causing the damage, but just failing to switch on is fairly clear that it’s a more critical internal issue that you could not ever be expected to have caused damage to yourself.

1 Like