datenanfragen
Update 'Conrad Electronic SE' (community contribution)
I have opened this issue via datenanfragen.de. You can contact me if you have any questions.
As part of a request for information, I have a PDF document in which it states that the address of the person responsible and not that of the data protection officer must be used for sending by post.
Is this PDF available for the public somewhere? Or was it sent to you in private? I am afraid we only use public sources.
I just looked again but couldn't find it online. With reservations, I would say it wasn't published. I don't know why this template should be put online either. An empty form offers no added value for the customer. The benefit only arises when the template has been filled with the required data information.
I couldn't find the postal reference elsewhere either.
The privacy policy (https://www.conrad.de/de/ueber-conrad/rechtliches/datenschutz.html) says:
Sofern Sie eines der genannten Rechte uns gegenüber geltend machen wollen, so wenden Sie sich bitte an unseren Datenschutzbeauftragten.
It's quite unfortunate that they appear to have contradictory information in different places.
To explain the reasoning behind the policy of only using public information as sources that @mal-tee mentioned: We need to make sure that the information we publish in records is (still) accurate). But, it is impossible for us to do that (continuously) based on non-public information. If Conrad should decide in the future that they do want requests to be sent to the DPO after all, we have no way of knowing of this change if the information is not public.
The same applies to users (independently of our site). If a user wants to send a request to Conrad, they will check their privacy policy. It's the company's duty to publish accurate contact details there. Users can't know of Conrad's internal policies and magically send their requests accordingly.
Now, this policy mostly applies to contact details that are not published (e.g. if a company only lists their own address on their website, but someone informs us of some non-public document that mentions a different address for a DPO). For the reasons I explained, we would have to be strict then and not publish the non-public address.
However, in this case (Conrad), both addresses are listed in the privacy policy, the question is just which one to use. That's a situation that we face quite often and many times there won't be any guidance from the company at all, so it's a judgement call on our part.
If Conrad did publish both address and not say anything about which one to contact, I'd say it would be fine to switch addresses.
But that's not the case. Conrad explicitly says in their privacy policy, that requests should be sent to the DPO. Unless they change that, I really don't think we can switch the address.
