Despite never being a customer of De Vere Venes, they sent me hundreds of spam emails, ignored my requests to stop and I eventually complained to the Information Commissioner's Office. De Vere were instructed to stop spamming me and they admitted they had no idea where they got my details from. Since the Privacy and Electronic Communications (EC Directive) Regulations 2003 require the sender of unsolicited emails to have obtained informed consent directly from the recipient, they're on pretty dodgy ground if they don't have any records to demonstrate that they acquired that consent. Certainly, they won't be able to demonstrate consent with "we don't know where we got your details."
De Vere Venues then sold their brand and my details to VUR Village Hotels & Leisure. VUR Village Hotels & Leisure used those details to start sending me spam again. This is certainly unlawful - consent is non-transferable, so VUR Village Hotels & Leisure are in breach of the regulations by sending unsolicited emails to
anyone in the database that De Vere gave them. Furthermore, since the ICO had already told De Vere to suppress my details, actually using them was completely idiotic. I'm also not terribly happy that De Vere sold off my data.
Much like De Vere, Village Hotels also ignored the legal notices I sent to them, so the next step was to take court action. This is pretty easy to do - you just figure out how much the unsolicited email cost you, make sure you can justify it and submit a claim on moneyclaim.gov. It costs £25 to file with the court. They coughed up £225 (including the £25 filing fee) and stated that my details were bought from De Vere and that all other information had been removed during the transfer. They didn't comment on the unlawful use of email addresses which they had bought from De Vere, beyond stating that their spam emails carry an "unsubscribe" link (which the regulations do not consider an acceptable alternative to acquiring informed consent before sending the emails).
5 days after they confirmed that they had suppressed my email address, I received another spam email. Their defence was that it takes 3-5 days to suppress an email. This isn't really acceptable - there's no reason that updating a database should take more than a few minutes, and the court papers were issued 10 days previous so sensibly they would have suppressed my address immediately. In any case, as no further spams arrived I didn't press the point.
At the end of last year, it appears that VUR Village Hotels & Leisure moved to a different spam sending platform. It looks like they hadn't actually removed my details from their database, merely flagged them as not to be used, and I guess they didn't bother to transfer that flag over to the new platform. I started receiving more spam. So off went another Notice Before Action. An hour later I got an automated message from their spam sending platform (dotmailer.com) saying I'd been unsubscribed. And 9 days later an email notifying me that they were paying another £200 compensation - I didn't even need to file with the court.
Of course, the concern is that not only do they clearly have no regard for the regulations, which prevent them from just buying a database of email addresses and spamming them, they also don't seem to have the data handling abilities required to ensure that people who unsubscribe actually remain unsubscribed. I'd certainly recommend that any other recipients of spam from VUR Village Hotels & Leisure (or in fact, any registered UK company who is spamming your personal email address) serves them with a legal notice demanding compensation for their negligence.