Zine likely farmed my personal information from a public website

Zine Ltd – a digital marketing agency, likely farmed my information from a public domain register but failed to clarify how they obtained my information.

Zine LtdZine tout themselves as being an ‘Award-Winning International Digital Marketing Agency’ but I couldn’t find anything on their website to indicate what awards they’ve actually won. In October 2015, Zine obtained my e-mail address from somewhere and processed it to send me the following communication by e-mail:

Hi David,

I just wanted to quickly follow up our previous communication regarding SEO for [one of my domain names].

We have already highlighted a number of areas that need urgent attention if you want Google Page 1 for the most important keyphrases in your industry.

Assuming you are interested in increasing quality traffic to your website, all we need is 5 minutes for a quick chat about the details of where you’re going wrong.

I have space in my schedule on Thursday afternoon or Friday morning.

Can you please let me know which time you’d prefer and if [my phone number] is the best number to call you on ?

If that’s not convenient for any reason, please do not hesitate to let me know a different time.

Thanks again


Firstly, I’ve never heard from this company before so to tell me that this is a “follow-up” is misleading. My first issue with Zine then is why on earth would I or anyone else want to do business with a company that starts out by misleading me? Upon receipt of the e-mail I replied with a Subject Access Request (SAR). In response to my SAR, they said:

Unfortunately it is not known where this information originated from but as I am sure you are aware it is not part of any Subject Access Request to provide this if it is not known.

As stated above the source is not known but as this information is publicly available on the internet to anyone searching for the domain owner of [my domain], maybe this is how your details have become part of a business database.

We contacted you in good faith as a business and not as an individual, as the owner of [my domain]. We regret that you feel this has inconvenienced you, your details have been removed from our database and hope we can consider this matter closed.

Regards Charlie

Let’s be clear, if Zine don’t know how they obtained my personal information then they shouldn’t be processing it. Such processing will likely be deemed unwarranted by the ICO because Zine would have failed to satisfy a condition for processing.

Secondly, It would appear that Zine likely obtained my information by trawling through the public domain registration database. If so, then processing personal information obtained from another website without permission of the website operator is likely to be unfair and possibly unlawful data processing. There’s no such thing as publicly available personal information as far as UK organisations are concerned. The data processing will likely be deemed unlawful if the data controller knowingly or recklessly obtained the information without the consent of the data controller.

Thirdly, assuming that Zine obtained my information from the public domain register, it would appear that they made no effort to clarify whether or not I registered the domain as a business or as an individual. I’ve been registering domains for nearly 20 years but never as a business. As an individual rather than a business, Zine would need to obtain my consent prior to targeting me with electronic marketing. What exactly did they do to clarify that I was operating as a business?

Fourthly, it took Zine a while to respond to my SAR. In fact they only responded after I followed-up. In his defence Charlie from Zine told me that he’d been away on holiday. He said:

I’ve just seen this email in my spam folder and looking at the dates of your previous emails they coincide with when I was on holiday so didn’t catch those either.

But the unsubscribe link at the bottom of the original marketing e-mail states:

Should you wish to receive no further communications by phone or email please simply reply to this email stating UNSUBSCRIBE in the subject.

Do you see where I’m going with this? If my replies to Charlie’s marketing e-mail are going into his spam folder, then Zine don’t have a working unsubscribe link. It’s a contravention of section 23 of the PECR not to have a valid address to which the recipient of the communication may send a request that such communications cease has not been provided.

Finally, Charlie from Zine told me that they contacted me in good faith. Bollocks! He wasn’t able or willing to tell me how he obtained my information so how can he possibly claim that he contacted me in good faith? It seems to me that Zine will happily say whatever they need to say to justify their abuse of my personal information.

I submitted a complaint to the ICO and they concluded their assessment as follows (RFA0607459):

From the information provided, it would seem likely that Zine has breached the DPA. This is because we are not able to identify any evidence to clearly suggest that it may have satisfied a relevant condition under schedule 2 of the DPA to process your personal data. We have therefore referred it to our guidance (https://ico.org.uk/for-organisations/guide-to-data-protection/conditions-for-processing/#conditions) on how to meet the relevant conditions in order to process personal data fairy and lawfully.

We have advised Zine that, in most cases, the data processing conditions require an organisation to clearly demonstrate the necessity of processing data. However, taking into account all the circumstances we do not consider that further action is required at the moment. This is because we do not consider at this stage that there is an opportunity to further improve Zine’s information rights practices and that the matters tzine_010216hat have been raised do not meet our investigatory criteria.

Zine has now been clearly advised by the ICO that they cannot obtain and process personal information from a public website without the consent of the website operator. If you’re not operating as a business and you receive a marketing e-mail from Zine, then you might want to ask them how they obtained your information and how they obtained your consent to target you with electronic marketing. You might want to submit a complaint to the ICO if they are unable or unwilling to clarify.

Zine were given the opportunity to comment on or to identify any incorrect facts prior to publishing this article but I received no response from them.