Got it and junked it. Didn't look right to me, and lot's of you too from the look of it, some well done Ducati you cocked up bigtime. I mean FFS who thenhell thinks we would agree to give new passwords on a dodgy looking email.
So I bought my new Multistrada 1260S at the beginning of February and some weeks ago I got a letter through the post from Ducati with my "Ducati Card" stuck to it, telling me about the "reserved customer area" and giving me the URL to the website which is http://owners.ducati.com and it also had printed a "Ducati Code" which I entered along with my surname to authenticate. I wanted to see if this site had any reference to the site which we've all received details of. On visiting the website (cautiously since it's http but it does actually redirect to a https) the supplied credentials appear to work. Once logged in just gives you a single page which is extremely basic - if I charged you £10 to code this I'd be ripping you off. It is just a few lines of text and nothing else except two links, which are :- Want to view or change your profile? click here Sales questionnaire > I mean I would take a screen shot and post it up but there really is not point - the two lines above are literally the only things worth mentioning and look exactly as above. If I click on the link to change my profile it's already pre-filled with some personal information, some of which is mis-typed, but also wants me to complete other personal details such as date of birth (surprised they haven't already got that), height, education, family status, occupation, make of smartphone, make of tablet, how many cars I own, mobile number (which is blank), alternative telephone number (which has my mobile number). Last but no means least there is the privacy section which is dated 2003 and make specific to Italian privacy laws which assume that you've allow your data to be shared with a single box tick - which A. is not a current law and is superseded by EU GDPR laws, and B. they're not allowed to make the assumption that you're happy for your data to be shared unless it's a separate "opt in" and they also have to be VERY specific about who they are sharing it with. Just using the term "third parties" is not enough. There is a couple of tick boxes at the bottom - you tick one if you give consent to data processing and you tick the other is you do not consent to data processing. If you tick the box which says that you do not consent, hit the save button, and then go straight back into that page then that setting is no longer set, which suggests that it's a field that they disregard and do nothing with. Once you hit the save button (there is no option to cancel it) you are taken straight back to the first page and your "Sales questionnaire" link has a little red arrow beside it which the key on the page indicates as meaning "To be filled". This website appears to have absolutely no value to the owner and only serves to bolster Ducati's customer profile data Ducati has no legitimate reason to hold the data that they are requesting you to complete and I would advise that anyone with access to this page not supply any additional personally identifiable information as the content and structure is unlawful under EU GDPR. I would not correct any errors either. This information has obviously been supplied by the dealer in good faith, and in accordance with the requirement to process the data for warranty purposes, etc, but appears to be being abused purely for marketing purposes.
I simply have a few email addresses. Web logins get one, friends get the other. Some websites get yet another. Thus it all get sent straight to junk.
I think you're missing the point. If you bought a bike from a dealer then the dealer would have provided your details (not just your email address) to Ducati. If Ducati have shared your data with a third party then you're making the assumption that they've only shared your email address. They could just as easily shared MUCH more than your email address. The fact is that until Ducati answer my email, which they are legally obliged to under GDPR law, we just don't know. I haven't had a response from them yet. I will be contacting Ducati UK to follow up because it's just as likely that my original email has just ended up in a sales and marketing mailbox where once some scrote realises that they are in the shit could just hit the delete button. Not letting it go.
The email I use points to another address with wrong DoB and quite a few other discrepancies. Sure they may have my actual data as Ive bought new from them, but how many of us sign warranty docs? That wasnt the point of my post, my point was that for some useless websites and assorted places, use a crappy email to stop getting spam in your genuine mailbox. Dont use your main email address except for personal. I should have been clearer. My bad.
As a member of the Scottish Ducati Club I received this from the club: WDW Discounted Prices for Members If you got a Ducati email asking you to update your password You need to update it Or sign up to Ducati.com at https://my.ducati.com/uk/en/register/ducati Then you will get sent a code and link to get DOC ticket discount Or get through Dealership Or pay full price FFS! So Ducati want you to provide them with personal data for marketing purposes which you can't opt out of and don't know who they will share it with before they will send you a link to get a DOC discount. Good job I'm not going
When I clicked on the usual link on the Ducati page and then to 'Profile', it now links to the same page as this link. Changed my password today and they already had all of my details and 'garage' in their records. It did feel like 10 mins of my life wasted though. Opted out of the marketing blurb.
I contacted Ducati about this breach on 23rd March - it is an unauthorised sharing of customer data and there is no getting away from it. Under GDPR it is nothing less than a breach and is unlawful. They told me someone would get back to me to discuss and I've been chasing them every few days for an explaination but to date nothing. It's been over 3 weeks since this occurred whilst under GDPR they are obligated to report the breach within 72 hours. If just emailed them again explaining if they do not offer up an explanation along with assurances that are data will only be processed lawfully that I will be passing this onto my solicitor without further notice. Based on their activities so far we have absolutely no way of knowing what they have done with our personally identifiable information or who they've shared it with. I'm seriously considering a very abrupt termination of any further dealings with Ducati and if they don't respond very soon I'm also contemplating disposing of this bike.
You are of course correct. It will be unlawful when it takes effect on 25th May 2018. At the moment it is not in force.
