When You Are The Problem - Crust Pizza's Data Retention policy

LDoyen on 04/01/2023 - 18:18
Last edited 04/01/2023 - 20:15 by 1 other user

Dear Valued Customer,

We are writing to inform you that there is a scam website impersonating Crust.com.au and attempting to trick customers into providing personal and financial information.

Please be aware that the website 'crustpizza .org' is not affiliated with us in any way, and we strongly advise you not to provide any information or make any purchases through this site.

Please ensure when interacting with Crust online the URL begins with Crust.com.au and are the official social media pages linked below.

We apologize for any inconvenience this may cause, and we appreciate your cooperation in helping to protect your information.

We hope you are enjoying your summer, we are here to serve.
Order from www.crust.com.au - Only.

Crust, you are the scam. Why are you storing my email after I removed it more than 7 years ago. I have no account. What other info have you not deleted? My address? My credit card details. It will be all apologies when you get hacked and lose the data for people who don't even want to be customers anymore.

No I didn't opt to receive emails. You haven't sent me one for years. But in your system you are still storing my data without my consent.

Yes I am reporting to ACMA because you are the problem Crust as much as the other scammers and this is a spam email. Of course no unsubscribe on the email.

Internet

Related Stores

Crust Gourmet Pizza
Crust Gourmet Pizza

Comments

  • askbargain on 04/01/2023 - 18:23
    +19

    no unsubscribe on the email.

    you want to miss out on the next breach?

    • Doyen on 04/01/2023 - 18:29
      +12

      Imagine every company emailing every past customer each time there is a scam….

      • askbargain on 04/01/2023 - 18:31
        -2

        the irony in what you're doing

    • outlander on 05/01/2023 - 14:01
      +3

      Quite obviously you're making a joke, but given the lack of upvotes I'd say it went over peoples heads.

      Yes, I think he'd rather miss out on being part of the next breach. As would I (if crust had any of my real details, that is. I think I still read the odd email in my junk account and it comes addressed to Señor Butthole)

    • Powlie85 on 06/01/2023 - 11:36
      +3

      They don't need to put unsubscribe buttons on service/mandatory emails like that.

  • spackbace on 04/01/2023 - 18:29
    +12

    Ok…

    • Kangal on 06/01/2023 - 12:13
      +1

      Domino's keeps asking for my email, and I provide it everytime. If you like to contact me it is [email protected]

  • dcep on 04/01/2023 - 18:39
    +19

    Chill , my last medibank product was held and ended 15 years ago but still got the sorry email for recent data breach.

    Ohh i also got mobileciti suddenly auto resubscribed for their newsletter spam after 10 years since last transaction.

    • cwongtech on 04/01/2023 - 18:45
      +17

      Ohh i also got mobileciti suddenly auto resubscribed for their newsletter spam after 10 years since last transaction.

      The intern probably got a good idea to generate leads - recycle them

    • cloudy on 04/01/2023 - 21:49
      +4

      Not sure if it’s comparable, Medibank would probably have some reason to keep some details for some years, pizza chain should have zero reason to keep your details for longer than a week.

      • Sinnerator on 05/01/2023 - 08:16
        +2

        It could be argued good pizza is more important than health insurance. Ergo pizza company can keep details longer.
        Is crust good pizza?

    • singingwolf on 05/01/2023 - 09:08
      +2

      "Ohh i also got mobileciti suddenly auto resubscribed for their newsletter spam after 10 years since last transaction."

      Me too!

      • Save Medicare on 07/01/2023 - 04:44

        AHUANGSame! Randomly started getting mobileciti spam from 23/12/22. @ahuang pls explain

  • eek on 04/01/2023 - 18:48
    +8

    I still get SMS from a gym I joined in a different state over 14 years ago.

    • Nugs on 04/01/2023 - 21:15
      +5

      I get a message or two a year from Sanity. I can't even remember when the SA stores closed
      .

      • Sneeze on 05/01/2023 - 21:00
        +5

        I still keep getting Brashs catalogues in the mail and I can't get off their mailing list because they all closed down in 1998.

        • Nugs on 05/01/2023 - 21:19
          +1

          We had $300 of Brashs vouchers when they went into liquidation. Ended up with a pair of Boston bookshelf speakers that were $600. The administration conditions were had to use at least 50% cash. The Boston's are now my PC speakers driven by a no name amp
          .

      • capslock janitor on 06/01/2023 - 12:46

        sanity shutting in march this year if iirc

      • eek on 06/01/2023 - 14:39

        Whoa! I used to work for Sanity back in my uni days….Sanity and Virgin Music concessions inside Myer.

      • Matt P on 07/01/2023 - 12:37

        Ingle Farm is still open if you're looking for a nostalgia hit

  • CodeXD on 04/01/2023 - 18:51
    +10

    No I didn't opt to receive emails. You haven't sent me one for years. But in your system you are still storing my data without my consent.

    Did you tell them to delete your info or you just assume companies will delete after x years? lol

    • dcep on 04/01/2023 - 18:57
      +2

      But… but .. dormant bank accounts get closed automatically even with money inside still.

      • cookie2 on 04/01/2023 - 21:33
        +1

        Maybe they should have to close or be removed, especially when you never opt in in the first place. It would protect our personal data so it would be good for all of us.

  • Ghost47 on 04/01/2023 - 18:54
    +17

    Surprise surprise, Australian corporate entities have been holding onto old customer data and don't have clean data.

  • AndyC1 on 04/01/2023 - 19:01
    -1

    Where is the data breach link? No Link no breach!!!!

    • AndyC1 on 04/01/2023 - 20:18
      -1

      OZB mod just updated the original post with the real info @ 8:16PM!!!!

  • CodeXD on 04/01/2023 - 19:11
    +3

    This is the full message in the email, actually does sound like user issue clicking on fake links. There's been a lot of fake ads on facebook list this.

    Dear Valued Customer,

    We are writing to inform you that there is a scam website impersonating Crust.com.au and attempting to trick customers into providing personal and financial information.

    Please be aware that the website 'crustpizza .org' is not affiliated with us in any way, and we strongly advise you not to provide any information or make any purchases through this site.

    Please ensure when interacting with Crust online the URL begins with Crust.com.au and are the official social media pages linked below.

    We apologize for any inconvenience this may cause, and we appreciate your cooperation in helping to protect your information.

    We hope you are enjoying your summer, we are here to serve.
    Order from www.crust.com.au - Only.

    • hailstorm on 04/01/2023 - 19:34
      +1

      I'd like to believe that people are not so gullible to not notice the different between the two domain addresses specially the one mentioned has no .au

      • [Deactivated] on 04/01/2023 - 20:21
        +8

        In my experience running IT businesses over the last 14 years or so people are generally stupid. Hence why the likes of Zoom Broadband suck in customers with cheap pricing and why scams work because people don't do their research.
        With most of these Pizza and other online businesses you need to unsubscribe from all their crap on signup otherwise you agree for them to email you random offers and other stuff.

      • b0rnwithabeard on 05/01/2023 - 08:12
        +8

        tell me you’ve never worked in customer support without telling me you’ve never worked in customer support

      • bamzero on 05/01/2023 - 12:46

        There are some businesses that like to use a global domain though they'll still usually redirect from a .com.au. The .org is sus enough though.

  • fatpizza on 04/01/2023 - 19:16
    +13

    I'd like to think your credit card from 7 years ago has expired at least…

  • jizmo on 04/01/2023 - 19:16

    Yeah Exetel banned me from a new ADSL internet contract about 45 years ago when that Larry idiot accountant was running it. Pretty sure I'm still on their black list.

    • hailstorm on 04/01/2023 - 19:35
      +2

      Danggg that's some blacklist time, Exetel were very stingy back then

    • lachhelix on 05/01/2023 - 00:07

      45 years?!
      Didn't realise ADSL was a thing in the 70s 😂

      • Sleeqb7 on 05/01/2023 - 09:26
        +2

        Crazy that they were offering ADSL 20 years before they were founded too!

      • meong on 05/01/2023 - 13:12
        +1

        i was confused cause in the late 90s getting an unlimited dial-up connection was the best i could get as a regular consumer haha

  • Wiadro on 04/01/2023 - 19:23
    +1

    havent had crust in 10 years, its as crap as dominos but dominos doesn't make me sick

    • hailstorm on 04/01/2023 - 19:38

      Proper Italian wood fire places will always be better than crust/dominos/pizzahut they actually mean Large or Family sized pizzas when you order :D

      • [Deactivated] on 04/01/2023 - 21:00
        +1

        Bloody not wrong, i've been buying Dominos on and off lately but the other week I got a medium Pizza from one of the other local pizza joints and could of almost used it to bench press with their was that much wait in it. Dominos are tiny in comparison. It doesn't even fill the box.

      • cloudy on 04/01/2023 - 21:51
        +3

        Yea but can they deliver you the pizza in 15 mins when you’re bloody hungry? My experience is local pizza shops that deliver comes moderately warm after 30+ mins and isn’t piping hot. Hot fresh pizza is what I’m after.

        • [Deactivated] on 06/01/2023 - 15:35

          Yeah i'm in a regional town full of bogan's so yeah they deliver quickly generally.

  • Mechz on 04/01/2023 - 20:21
    +14

    I'm not sure which is worse. This, or my employers sending fake phishing emails trying to catch me out every other day.

    • SirCH on 05/01/2023 - 12:38
      +1

      Tmw you find out they've been sending them every day, but you've been falling for every other one

  • ddhar on 04/01/2023 - 20:30
    +2

    I don't remember ordering from Crust ever but somehow they have my email address.

    • [Deactivated] on 04/01/2023 - 21:01

      Some companies have a popup on their website that asks for it as soon as you enter and then they place you on a list.

  • b0rnwithabeard on 05/01/2023 - 08:23
    -7

    Grow up. You’re gonna report them? For what? You could try to dob on them, but you’ll no doubt find out that they’re legally required to keep basic contact information (your email) for a certain number of years to be able to notify all users of potential security threats. This isn’t a “opt-in” situation because it’s not a revenue-generating marketing email. There’s a difference between your user-controlled account information and their sales data

  • gee-man on 05/01/2023 - 09:12
    +4

    This kind of messaging falls into the Service message definition in the Spam Act, and is perfectly legal. ACMA won’t do anything about it.

    There’s no “statute of limitations”-type clause when it comes to how long a company can/should retain your data. GDPR doesn’t apply, and even that has a bunch of holes you could drive a truck through.

    Never had a Crust pizza so no judgement there.

    • [Deactivated] on 05/01/2023 - 15:20

      Yeah, I think it depends if its a mailinglist you opt in to, then they are meant to give you a way of removing yourself from it, but if you buy something and get opted in, actually even then they are meant to remove you if asked.

      • gee-man on 06/01/2023 - 07:36

        That’s irrelevant for this particular type of message.

        The Spam Act defines what counts as Marketing and Service messaging, Service messaging isn’t allowed to contain ANY Marketing content and does not require an opt-out.

        It’s only for sending information about your account (like being in arrears), security notifications, and similar info. This email falls into that definition.

        Using a burner email address is an option, but then you don’t get to complain if you miss an important notification (and end up giving no-really-we-are-crust.com your CC details).

    • AnophthalmiaCervidae on 06/01/2023 - 08:33
      +1

      The crustpizza.org web site doesn't seem to exist.
      I think this is a fake "service message" to spam people.
      Order from www.crust.com.au - Only.

  • Waltervp on 05/01/2023 - 09:55
    +1

    I've contracted for a few online businesses with shopping websites and all of the shopping websites I've seen retain customer data like shopping and billing address contacts (not credit cards etc), including emails indefinitely. I've also seen one 'soc.media consultant' import all the email addresses from all customers ever (10+yrs worth) to a mass mailing system (without consent of anyone, customers or management). Surprisingly there were no problems, no greater spam reporting or unsubscribe rates compared to normal. I don't think that was all that ethical, but don't think it's illegal either -as long as the data is used internally and not sold or passed on.

    This is why email is increasingly useless because normal communications get buried in all the unsolicited email! Imagine checking your letterbox and is full of marketing junk mail, you chuck it all and a bill or birthday card or two could be stuck inside it…

    • bamzero on 05/01/2023 - 12:48

      Surprisingly there were no problems, no greater spam reporting or unsubscribe rates compared to normal.

      Good chance a lot of them ended up in a spam folder and never got seen.

      • [Deactivated] on 05/01/2023 - 15:11

        I can't flog any specific products in these general forum topics without getting a rep warning, but what I will say is decent spam filtering works wonders you can even get systems that will just junk anything that comes from a mailinglist. Which is fine except when you go to use that same mailinglist software to email customers. But you can't have it both ways, also you can ajust the policies a bit.
        But even free Gmail has pretty good spam filtering.

        • quick-dry on 05/01/2023 - 23:04

          old POPfile really works well for me for many many years, the only trouble being that since it is client side and functions best with rules, it didn't help things with mobile devices which meant email stopped being as useful/useable on those.

    • [Deactivated] on 05/01/2023 - 15:17

      Retaining data indefinitely in Australia is a breach of the privacy Act. The laws around this will all be titan up I imagine because of the medibank breach because rather Ironically healthcare providers were one of the only orgs that were allowed to keep info all the time.
      Retail websites certainly aren't meant to unless your a regular customer and then all that data should be encrypted and should be removed when your not a customer.

  • lanjiao on 05/01/2023 - 12:09
    +2

    Unfortunately by their behaviour and the comments in this thread its obvious it is still years away from having proper data privacy in this country. I'd complain, tell them to take me off the mailing list, and use only spam emails from now onwards to sign up for these things

  • ProlapsedHeinous on 05/01/2023 - 12:43
    +1

    I found a good service called Crumbs that allows you to have temp email addresses that forward to your normal inbox. if you get the browser app its even easier to generate temp emails on the fly when you're forced to give an email to sign up to something. just click the icon to the right of the email and generate a new alias. Worthy of note, obviously don't use this for anything sensitive like your bank or trading stuff, after all it is a relay service, but for garbage websites its perfect. relay.crumbs.org

  • DiscoJango on 05/01/2023 - 13:57
    -2

    Neckbeards be mad.

  • Frank Murphy on 05/01/2023 - 16:41
    +2

    But in your system you are still storing my data without my consent.

    Who's to say you didn't consent? When you initially signed up all those years ago, and ticked the box that said "I have read and agree to the Terms & Conditions and the Privacy Policy", did you actually read them? Odds are you didn't, and for all you know, you consented to Crust keeping your info for a billion years, a la Scientology's best practices.

    • harshbdmmaster718 on 05/01/2023 - 18:45
      +1

      "Who's to say you didn't consent? When you initially signed up all those years ago,"

      Yes this.

  • herecomestheoost on 05/01/2023 - 16:45

    :D

  • harshbdmmaster718 on 05/01/2023 - 18:47
    +2

    Just to share another side. I have ordered pizza's from them a few times, never signed up but entered my email when ordering (not my main one).
    I didn't get this email. So at least they aren't skimming and storing people's email's without account creation.

    If I indeed was a big customer and ordered enough to benefit from an account and made one, I would be happy they sent an email warning to customers to help avoid getting scammed.

  • dogboy on 05/01/2023 - 20:34

    So sick of companies holding onto my personal data well after I no longer do business with them. How do we solve this issue?

    • ssfps on 06/01/2023 - 18:02
      -1

      Stop giving your personal info out.

      • dogboy on 07/01/2023 - 19:11

        Unfortunately this is a requirement to sign up for most services. Do you live on the same planet?

        • ssfps on 07/01/2023 - 21:28

          I don't sign up to many services. Something asked for my mobile yesterday so i clicked the [x] on the tab.

          My point was basically that it's naive to expect any company or individual to forget what they've seen, regardless of laws getting stricter. Make it part of your evaluation of a service.

          • harshbdmmaster718 on 08/01/2023 - 18:55

            @ssfps: "My point was basically that it's naive to expect any company or individual to forget what they've seen,"

            Yes I agree. Even if you haven't read all T&C's it's naive to think if you "delete account" that all data related to you is tracked down and deleted straight away. In fact I am always more on the suspicious and paranoid side so I would say most large mainstream services such as facebook/twitter will if anything hold onto a big chunk of your data even longer than a small website.

        • harshbdmmaster718 on 08/01/2023 - 18:53

          Yeah but you don't have to give up 100% true information unless it's a payment service or state service etc.
          If it's an online store that sends invoice/shipping info to email, just make a secondary email address you don't care about and use that one as a sub.
          I also always checkout as "guest" and never sign up if I don't have to.
          Some places will also make it seem like a phone number is compulsory but if you try a few things and click around the website you can get around it most times.

  • PurchaseAnxiety on 05/01/2023 - 20:38

    Unless you request otherwise, unsubscribing from emails almost definitely won’t remove your email from a businesses database. You’re more than likely just triggering a flag that says “don’t email this person”, but all your data will remain.

    • [Deactivated] on 06/01/2023 - 15:25

      Just on this in Australia if its an Au company and you hit unsubscribe they are legally required to remove you. If they don't complain to ACMA and they will fine them Millions. Or thousands if a small business. Its not hard to setup proper mailinglist software. Also read the Spam Act.

  • TrumpisKing on 05/01/2023 - 20:43

    Jesus you need to chill karen

  • LoserScott on 06/01/2023 - 06:41
    -1

    Crust misses you return now or else, plus I heard cockroaches are getting a better deal at Lebanese kabab stores.

    But the best mailing list names are:

    Mybusinessessucks@gmail
    WhybotherReading@gmail
    PleaseFireMe@gmail

  • Flying Ace on 06/01/2023 - 08:28
    +1

    Yes - I haven't ordered a Crust pizza for about 10 years. I was surprised and a bit shocked that they still had it on record.

  • capslock janitor on 06/01/2023 - 12:47

    imma say such a notice is fine, in case of returning customers

  • barge-in hunter on 06/01/2023 - 22:10
    +2

    All the responses here don’t quite get the point OP is making. Data retention policies are different from unsubscribes and account mailing preferences.

    The privacy act states companies should only retain and store an individuals personally Identifiable information for as long as they have a clear business requirement/use for it.

    Keeping someone’s email address in a marketing email platform for 7 years after their last purchase would be very hard to justify for any genuine business use, especially when they’re not subscribed to any marketing emails.

    This type of unnecessary data hoarding is what makes privacy breaches so much worse when they do happen

    • chriskq on 18/01/2023 - 15:13

      it would be argued that the communication was transactional and not marketing, the email addresses used may not exist in the marketing system

      transactional emails do not have unsubscribe mechanism… i can't unsubscribe from a password reset email (other end of the spectrum scenario)

      • barge-in hunter on 18/01/2023 - 15:46

        The privacy act states companies should only retain and store an individuals personally Identifiable information for as long as they have a clear business requirement/use for it.

        Marketing or transactional, no need to keep their email address

        • chriskq on 18/01/2023 - 16:06

          the transactional system they use would have the order that contains the email address… it would easily be argued that the email address is not stored for marketing as there is no marketing within that communication rather a service message… i understand we are getting into a grey area here but im just playing devils advocate. I work in the email software space so can see both sides here.

          • barge-in hunter on 18/01/2023 - 16:15

            @chriskq:

            it would easily be argued that the email address is not stored for marketing as there is no marketing within that communication rather a service message

            Marketing or transactional or service, no need to keep their email address

  • Willy Beamish on 07/01/2023 - 01:03

    If you ever used their service or signed up an account (which is the only way they would have gotten your email) then you agreed to it.

    End of story.

Login or Join to leave a comment
Login Join