In most cases recently, no.

What am I talking about? What websites are doing with my information. I have been working on contracts as part of some GDPR implementation work and one of the contracts I reviewed was with a call answering service. The contract was very unclear with regard to confidentiality and Data Protection so I went across to the website to see what it said there. It did have terms and conditions on the website and a privacy policy, neither of which addressed how they used the caller information they collect on behalf of their customers (when someone calls the service and leaves a message for the intended company, how long is that information held, what do they do with it, how are the destroying it).

There was a chat box which required me to put my name and email address in before it would start (no collection notice telling me they needed my information). I asked the question about how they used the information they were collecting and how long it was retained. I was told that they couldn’t answer that and that it would have to be referred to their client support team and they would contact me shortly. I was also told that they were GDPR compliant – I know from looking at their Terms and Conditions and Privacy policy that they are not. So I suspect they need some staff training too.

Needless to say that client support have not contacted me, so I can add poor customer service to the list.

If you are collecting personal information (name, email address etc) via your website, be clear what that information will be used for and bear in mind that you cannot ask for more information than you need to be able to provide the service.