What do data brokers know about you?

Data brokers are in the business of gathering as much data on you as possible and then selling it on to anyone willing to pay for it. But you can get back control.

Why should I find out what data brokers know about me?

The data brokers’ currency is your data. They trade it, acquiring it where they can and always looking to sell it on to anyone who will pay. That means your personal data can end up in the hands of companies that you've never even heard of. And they may sell it on again, and so little by little, your personal information is spread all over the world and you have no idea who has access to it.

The kind of data data brokers hold is often sensitive in nature. They get permission from website owners to monitor browsing. This information is then stored against a unique identifier to build up a detailed picture about the needs, wants, and habits of individual consumers, and sold on. They don't sell this information as individual bits of information, but rather as part of a data 'profile' of you as a person.

It’s important that you know who has what and that you are able to get back control, and stop them sharing your data if that’s what you want.

What types of personal data are used to profile you?

Personal data like your relationship status, financial data, and causes you might volunteer for are collected and repackaged as part of a valuable data profile to be sold to others. For many, this feels like an invasion of privacy.

Personal data that data brokers typically store:

  • Name and date of birth
  • Tastes and habits
  • Contact details
  • Economic, social and cultural information
  • House price data
  • Family details
  • Previous addresses
  • Financial information
  • Sexual orientation

How do I find out what information data brokers have about me?

The easiest way to find out where your information is by sending a ‘subject access request’ through Rightly. A subject access request allows you to see any personal information a company has stored about you.

You can pick from our list of data brokers and websites and send an access request, or if you can't find the one you want, you can search on our main subject access request page. And of course our customer support team is ready to help!

Some common questions

How do I send a subject access request (SAR)?

The easiest way to find your information is by sending a request through Rightly:

  • Search for any company
  • Enter your basic details so that they can confirm your identity
  • Check your email and send your request

What can you expect after you send your request?

Your request simply connects you to all of the companies or organisations you select. They’ll link you to their own forms and processes for you to complete. Only your name and email address is required to send these requests, but companies will likely ask you for more information to make sure you're you.

They should confirm what personal information of yours they have within 30 days.

So I don't need a subject access request template?

No - they tend to be of varying quality and take a lot of effort. That's why we made Rightly, so that things can be as safe and time-effective as possible for you to have more control over your data.

How long until a company responds to my request?

After the company has received your request, they have to reply in full within 30 days, or give a valid reason for asking for an extension. However, we're glad to say that most companies normally reply within a week.

Responses from companies are likely to come directly into your inbox.

If you have any questions, or have any difficulty at all with how companies respond, our friendly support team is here to help!

What if they don't reply?

They have to reply by law. You can ask any company if they have your personal data, even if you don't know for sure whether or not they have it. They have to tell you what they have, as well as how and why they are using it. This is thanks to your ‘right of access’ under GDPR law.

How long can a company store my data for?

There is no specific time limit on how long a company can hold your personal data. Under GDPR, your information should simply not be kept for any longer than necessary.

While a company should be able to justify the length of time that your data is stored, whether or not this is acceptable depends on what the data was collected for in the first place.

For instance, a company can keep hold of employment contract data for a total of 6 years since this is the window of time in which a contract breach claim could be made.

However, when it comes to job applicant CVs for example, these can only be stored for a maximum of 6 months, based on this being the length of time in which a candidate could file a discrimination claim.