Page 1 of 3 123 LastLast
Results 1 to 16 of 36

Thread: Privacy concern - Scan orders being reported to 3rd parties.

  1. #1
    Member
    Join Date
    Apr 2006
    Location
    North West, United Kingdom
    Posts
    131
    Thanks
    0
    Thanked
    3 times in 3 posts

    Privacy concern - Scan orders being reported to 3rd parties.

    I've noticed a recent (and unwelcome) change in Scan's ordering process. When an order is confirmed, details of that order are sent to 2 other sites, shopzilla.com and nextag.com. In both cases, the information is sent via https which means that external filters will not detect or block this activity (see the Wilders forum thread The dangers of HTTPS for more information about this).

    The following HTML in Scan's webpage causes the connection to shopzilla:

    <script language="javascript" src="https://www.shopzilla.com/css/roi_tracker.js"></script>

    The Javascript at https://www.shopzilla.com/css/roi_tracker.js appears to be a screen-scraper that presumably obtains the details of the order just placed.

    The following HTML in Scan's webpage causes the connection to nextag:

    <script type="text/javascript">
    <!--
    var id = '2191258';
    var rev = '63.02';
    var order = '<customer order number - removed>';
    //-->
    </script>

    <script type="text/javascript" src="https://imgsrv.nextag.com/imagefiles/includes/roitrack.js"></script>

    https://imgsrv.nextag.com/imagefiles...es/roitrack.js creates a new URL which appears to include seller ID, order ID and item codes and quantity.

    I would like to ask Scan exactly why this data is collected and passed onto third parties, using a method which would not even have the knowledge, let alone consent, of most customers. In particular, cookies could be set by these sites despite any third-party filters (only browser settings and Firefox extensions could block them) though this does not appear to happen here.

    However since this data transfer involves companies outside the EU, it is not covered in Scan Computer's Data Protection Registry entry (purpose 3 specifies no transfers outside the European Economic Area) raising a question about compliance with the Data Protection Act 1998.

  2. #2
    I machine things !
    Join Date
    Nov 2005
    Location
    Southampton
    Posts
    435
    Thanks
    3
    Thanked
    1 time in 1 post
    Wow, your userID is pretty apt

    /me awaits Scan's response

  3. #3
    Treasure Hunter extraordinaire herulach's Avatar
    Join Date
    Apr 2005
    Location
    Bolton
    Posts
    5,618
    Thanks
    18
    Thanked
    172 times in 159 posts
    • herulach's system
      • Motherboard:
      • MSI Z97 MPower
      • CPU:
      • i7 4790K
      • Memory:
      • 8GB Vengeance LP
      • Storage:
      • 1TB WD Blue + 250GB 840 EVo
      • Graphics card(s):
      • 2* Palit GTX 970 Jetstream
      • PSU:
      • EVGA Supernova G2 850W
      • Case:
      • CM HAF Stacker 935, 2*360 Rad WC Loop w/EK blocks.
      • Operating System:
      • Windows 8.1
      • Monitor(s):
      • Crossover 290HD & LG L1980Q
      • Internet:
      • 120mb Virgin Media
    that is indeed worrying, especialy seeing as a quick google on the script names gets this site:
    http://www.roitracker.co.uk/index.htm
    On further reading it looks to monitor sales brought in by advertsiing companies, rather than the other way around, i assume the advertisers (nextag is a comparison site) get a cut of any inbound sales from their site

  4. #4
    Senior Member
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    452
    Thanks
    0
    Thanked
    0 times in 0 posts
    Hmm Scan... True, I would like to know also.
    --

  5. #5
    Registered+
    Join Date
    Sep 2003
    Location
    Bolton
    Posts
    1,478
    Thanks
    168
    Thanked
    90 times in 74 posts
    Paranoid2000,

    Thank you for posting your concerns.

    I can assure you that the tracking code implemented on the page https://secure.scan.co.uk/Shop/ShowInvoice.ASP is in place purely to monitor ROI (Return On Investment) and certainly has no hidden agenda. We do not send any of your personal information.

    As with most other Internet retailers, we use various methods to promote ourselves. Part of our strategy includes price comparison sites such as NexTag and ShopZilla.

    You can find the London office details for NexTag here:
    http://www.nextag.co.uk/serv/uk/about/contact_us.jsp

    The registered office in London for ShopZilla can be located using the following site:
    http://www.companieshouse.gov.uk/
    The Company No. is 05220340

    If you have any more concerns, or if you need me to elaborate on anything, I would be more than happy to put your mind at ease, via dan@scan.co.uk if you prefer.

    Many thanks,

    Dan (borrowing Wesley's Hexus account)
    IT Manager
    Scan Computers

  6. #6
    Member
    Join Date
    Apr 2006
    Location
    North West, United Kingdom
    Posts
    131
    Thanks
    0
    Thanked
    3 times in 3 posts
    Dan,

    Thanks for taking the time to post a response here - I would however like to address some specific issues.
    Quote Originally Posted by wesleyaldred
    I can assure you that the tracking code implemented ... certainly has no hidden agenda.We do not send any of your personal information.
    While I have no reason to doubt this, the information sent does include order details and the order number which is unique to an individual. Would you not consider this personal? If there is no hidden agenda, why is this data sent encrypted?
    Quote Originally Posted by wesleyaldred
    As with most other Internet retailers, we use various methods to promote ourselves. Part of our strategy includes price comparison sites such as NexTag and ShopZilla.
    Fair enough, but why does this require the transmission of order details? For a price comparison site, surely the data flow should be the other way, with Scan receiving details on competing offers? The only point I can see in sending them this data would be to allow them to combine it with information from other sites for profiling, data mining, etc. Indeed NexTag's Privacy Policy includes the following paragraph:

    INFORMATION ACQUIRED AUTOMATICALLY

    We collect certain information on the Websites through the user's experience and activities, cookies, log files, clear gifs, and/or third parties to create a profile of our users. A profile is stored information that we keep on individual users that detail their viewing preferences, activities and interactions with NexTag. Consequently, collected information is tied to the user's personally identifiable information to provide offers and improve the content of the site for the user. This profile is used to tailor a user's visit to the Websites, and, subject to the Communications Policy stated below, to direct pertinent marketing promotions and communications to them.


    I personally would object strongly to this level of monitoring to the point of blocking any communications with NexTag. However as I mentioned above, Scan using https to send such data will result in it bypassing almost all third party filters - whether intentional or not, this does result in co-opting customers into a data collection scheme without their knowledge.

    Of course, Scan has a valid interest in maintaining its own customer profiles and statistics, but this should not require (or justify) submitting such information to a third party without customer consent.
    Quote Originally Posted by wesleyaldred
    You can find the London office details for NexTag here:
    http://www.nextag.co.uk/serv/uk/about/contact_us.jsp

    The registered office in London for ShopZilla can be located using the following site:
    http://www.companieshouse.gov.uk/
    The data itself is still being sent outside the European Union for processing so this leaves the question of Scan's DP registry entry unanswered.
    Quote Originally Posted by wesleyaldred
    If you have any more concerns, or if you need me to elaborate on anything, I would be more than happy to put your mind at ease, via dan@scan.co.uk if you prefer.
    If you wish to continue this discussion privately, I would be prepared to oblige. However given that this does potentially concern all Scan customers, I do hope that you see fit to continue to address this publicly.

  7. #7
    Senior Member
    Join Date
    Dec 2005
    Location
    England, UK
    Posts
    452
    Thanks
    0
    Thanked
    0 times in 0 posts
    Ok as long as I dont get a phone call form someone named bob from a company trig to sell me volcano insurence all is cool
    --

  8. #8
    Senior Member
    Join Date
    May 2006
    Posts
    527
    Thanks
    0
    Thanked
    0 times in 0 posts
    I'm interested to know if there's any update on this discussion?

  9. #9
    lazy student nvening's Avatar
    Join Date
    Jan 2005
    Location
    London
    Posts
    4,656
    Thanks
    196
    Thanked
    31 times in 30 posts
    lol, volcano insurance, you never know when your local may erupt!
    (\__/)
    (='.'=)
    (")_(")

  10. #10
    Senior Member FatalSaviour's Avatar
    Join Date
    Jun 2004
    Location
    London/Oxford/York
    Posts
    1,876
    Thanks
    42
    Thanked
    12 times in 11 posts
    • FatalSaviour's system
      • Motherboard:
      • MSI P55-GD80
      • CPU:
      • Intel Core i7 860
      • Memory:
      • 4x2GB GEiL PC17000
      • Storage:
      • 3x1000GB, 2x500GB (RAID1), 1x2TB
      • Graphics card(s):
      • GTX 470
      • PSU:
      • Corsair HX700
      • Case:
      • Antec P180
      • Operating System:
      • Win 7 x64
      • Monitor(s):
      • Dell U2311, Dell 2005FPW
      • Internet:
      • VM 30Mb
    My volcano insurance doesn't run out till 2012, so I've no need to worry
    Update anyone?

  11. #11
    Senior Member ExceededGoku's Avatar
    Join Date
    Sep 2005
    Location
    Lincolnshire, UK
    Posts
    1,578
    Thanks
    8
    Thanked
    1 time in 1 post
    I'm not worried, Scan can do whatever they like with my data (don't hold me to this )
    Core 2 Duo E6600 @ 3.2Ghz (400Mhzx8) 1.52V (set in bios, 1.47v real) | 4GB GeIL PC6400 4-4-4-12 | Gigabyte DQ6 @ 1600Mhz | HD2900XT 1GB | Enermax Infiniti 720W | Silverstone TJ07-B with custom watercooling | BenQ FP241WZ
    3dmark05 - 13140 | 3dmark06 - 6698 | SuperPi 1M - 15s

  12. #12
    Scan Computers Steve A's Avatar
    Join Date
    Jul 2004
    Location
    MUFC
    Posts
    2,957
    Thanks
    220
    Thanked
    141 times in 105 posts
    • Steve A's system
      • Motherboard:
      • Asus Maximus Gene IV
      • CPU:
      • Core i7 2600K (4.3Ghz)
      • Memory:
      • 12Gb Corsair 1600
      • Storage:
      • 240Gb SSD + 6TB
      • Graphics card(s):
      • NVIDIA - GTX680
      • PSU:
      • 750W BeQuiet Pro GOLD
      • Case:
      • Corsair 500R White
      • Operating System:
      • Windows 8.1 Pro 64Bit
      • Monitor(s):
      • 27" Asus 3D Monitor
      • Internet:
      • 100Mb BT Fibre
    Hi All,

    This is an email that the MD wanted me to post to re-asure the hexus people of our intentions ::

    All valued Hexus customers…

    Its been a while since I have posted on here, I do keep an eye on how we are servicing our customers each day and our trust rating speaks for itself.

    In short, we can’t please everyone and we have made the occasional booboo…but one thing for sure is that each and every employee in Scan has a commitment to Hexus members.

    We are still offering the free carriage and we try very hard to give the best possible service and resolve any issues in the quickest time possible. I really do believe that we bend over backwards.

    There are not many companies that give such a valued approach to a given user base.


    I am personally aware of any problems with Hexus users as I value our relationship. The latest thread on “privacy concerns” that has been posted deserves my explanation as to why we do this.


    There are a number of facts here which I must explain…


    We submit our product information and prices (know as feeds)to various price portals such as Dealtime, Kellkoo, Froogle etc.


    These feeds our outbound and in most instances cost us money for the submission, on the hope that anyone who browses the feeds may buy from Scan.


    As you all are probably aware, when a user clicks on a feed to www.scan.co.uk from a price portal we get billed a “cost per click”.


    Almost each and every Etailer in Eurpoe does this.


    It is important to distinguish between outbound price feeds and what information we disclose to the price engines about our sales orders.


    The feeds are outbound links detailing what we would like displayed on the price portals. These are done PRIOR TO ANY SALE BEING MADE.


    If and when a customers purchases a product of a price portal, then we automatically get billed for that transaction.


    In order to calculate if the feed is profitable or not, we need to look at the value of the order placed by a customer and then compare it our cost of running a campaign.


    This calculation is called “ROI, Return on Investment”. In short, it tells us whether we are “getting shafted” by the price portals.


    In order to calculate an ROI, we need to disclose relevant orders to the price portals so they can verify if the sale originated from them…they do this by matching up the cookies from the referral to the sale.

    As we do not read 3rd parties cookies we need to disclose the orders so they can pick up their relevant orders to calculate an ROI.


    ONE THING FOR SURE IS THAT WE DO NOT DISCLOSE ANY PERSOAL INFORMATION RELATING TO OUR CUSTOMERS.


    BY THIS I MEAN

    NAME AND ADDRESS

    CARD DETAILS

    EMAIL ADRESSES OR TELEPHONE

    NUMBER OF ORDERS PLACED.



    ALL WE DISCLOSE IS THE ORDER ID, THE PRODUCTS AND THE VALUE. AS THESE AR NEEDED TO CALCULATE OUR ROI.


    THE ORDER ID DOES NOT RESOLVE TO ANY OTHER PERSONAL INFORMATION THAT THE PRICE PORTALS CAN READ AND POSSIBLY USE FOR DIRECT MARKETING.


    THE ONLY INFORMATION THAT THE PRICE PORTALS CAN HAVE IS WHAT PRODUCTS SCAN SELLS AND THE VALUE OF THEIR SALES.


    IF ANYONE SHOULD BE WORRED, IT SHOULD BE SCAN!!!



    The thread is incorrect as WE DO NOT PASS OVER ANY PERSONAL INFORMATION THAT RELATES AN ORDER TO AN INDIVIDUAL.


    I will ask my development team for a fuller reply to the more technical aspects in “Paranoid 2000’s” thread.


    My final message to all members is, that I value all the business that comes from Hexus, and that we do bend over backwards to ensure that we give the best service possible. I will make sure that all members of Scan keep our service offering ongoing to ensure we keep members of Hexus happy J


    Be assured that we don’t disclose any personal info to any 3rd parties.


    Finally, my opinion on the thread is that it is a reflection of the user name…”paranoid 2000 “…





    WE COME IN PEACE….

    Hope that will clear things up for you

    Last edited by Steve A; 03-06-2006 at 02:15 PM.

  13. #13
    Senior Member ExceededGoku's Avatar
    Join Date
    Sep 2005
    Location
    Lincolnshire, UK
    Posts
    1,578
    Thanks
    8
    Thanked
    1 time in 1 post
    ye take that paranoid! Scan I still love you <3
    Core 2 Duo E6600 @ 3.2Ghz (400Mhzx8) 1.52V (set in bios, 1.47v real) | 4GB GeIL PC6400 4-4-4-12 | Gigabyte DQ6 @ 1600Mhz | HD2900XT 1GB | Enermax Infiniti 720W | Silverstone TJ07-B with custom watercooling | BenQ FP241WZ
    3dmark05 - 13140 | 3dmark06 - 6698 | SuperPi 1M - 15s

  14. #14
    radix lecti dave87's Avatar
    Join Date
    Sep 2005
    Location
    England
    Posts
    12,806
    Thanks
    657
    Thanked
    931 times in 634 posts
    • dave87's system
      • Motherboard:
      • Asus
      • CPU:
      • i5 3470k under Corsair H80 WC
      • Memory:
      • 8gb DDR3
      • Storage:
      • 240gb SSD + 120gb SSD
      • Graphics card(s):
      • Asus HD7950
      • PSU:
      • XFX 600w Modular
      • Case:
      • Lian Li PC-A05FNB + Acoustipack
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2x Dell S2309W (1920x1080)
      • Internet:
      • BT Infinity Option 2
    Nice to see management still have a sense of humour

  15. #15
    blueball
    Guest
    Not many companies where the MD would bother to take the time to provide a reasoned reply.

    Nice one Scan

  16. #16
    Senior Member
    Join Date
    Apr 2006
    Posts
    1,244
    Thanks
    3
    Thanked
    43 times in 41 posts
    I think we all owe paranoid 2000 many thanks for bringing this issue to the surface, confidiently and privacy shuld be any body;s concern, in this age of ID cloning and misuse of info.

    Scan's md should be applauded for his clarification of the points raised by paranoid 2000.

    I am glad people like paranoid2000 are vigilant, and the boss takes an intrest in his company, staff and customers.

    Many Thanks
    Deo Adjuvante non Timendum

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. what time to scan stop picking orders
    By TiMeZeRo in forum SCAN.care@HEXUS
    Replies: 16
    Last Post: 01-11-2005, 07:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •