Thyme Maternity selling customer names to corporations (including Nestle), without consent
May 27, 2014
Dear Thyme Maternity Privacy Officer,
I have avoided shopping at Thyme Maternity during my pregnancy, as I know your store partners with Nestle, which I do not agree with. Nestle’s marketing is a violation of the International Code of Marketing of Breastmilk Substitutes and undermines women’s efforts to breastfeed. However, I did make a trip in to see what the current Thyme Maternity policies and partnerships were currently (and returned my purchase, as I see they haven’t changed). The free bottle you give away when a woman signs up for your Thyme iD card is also a violation of the Code mentioned above. These are not “gifts” but well-placed marketing, illegal for a reason.
I specifically completed my Thyme card information, not checking the Nestle box, to avoid receiving any “gifts” from Nestle. So I was surprised when I started receiving emails from Nestle, marketing infant formula. Then I received their baby backpack filled with marketing, coupons and formula. I have also received information from Huggies. While ultimately I disagree with these cross-marketing affiliates (and know you lose business because of them- and not just mine), I am writing to complain about your faulty privacy practices.
On your Thyme iD card, it states that: “if I do not check the consent box, I will not be contacted by that specific cross-marketing affiliate.” Yet have been contacted by Huggies and Nestle, so I know that my contact information was sold to all of the cross-marketing affiliates, despite the fact that I did NOT check the consent box. From the reviews on the Thyme Maternity facebook page, it seems that this is common occurrence, and it does not matter whether your customer checks the consent box or not. Their name and contact information is sold anyways.
I submitted a complaint to the Office of the Privacy Commissioner of Canada. They requested that I contact the Information and Privacy Commissioner of Alberta instead. The Privacy Commissioner of Alberta recommends first completing the attached Privacy Concern Resolution Form to communicate with the company. If that is unsuccessful, then I will be completing a Privacy Breach Report Form.
Please see the attached Privacy Concern Resolution Form and I request that you please:
1) Delete my contact information from your files. I realize you have already sold my name to your cross-marketing affiliates, and expect that I remove my name from their mailing lists myself. I will do this, along with letting them know that I did not consent to having my contact information released to them.
2) Explain how you manage Thyme iD card customers information. It appears to me that it is sold to cross-marketing affiliates, despite opt-in permission.
3) Explain why you need a cross marketing affiliate program. I know it has caused many people to boycott and avoid shopping at your store, due to questionable privacy policies and partnerships.
The reply from Thyme Maternity is attached here: Thyme Maternity Reply.