oldgrumpy
Member of DD Central
Posts: 5,087
Likes: 3,233
|
Post by oldgrumpy on Jan 16, 2017 15:43:57 GMT
Hi All We have instigated a ticketing system for all enquiries. It can be directly accessed here: ablrate.freshdesk.com and all customerservices@ and info@ now go through this portal. Although we don't think we do too badly... we wanted to make the process of Customer Services as efficient as we can. How can I and others opt out of your planned use of cookies by thirteen different add networks to serve adds to us based on the web sites that we visit? They in theory link to an opt out service but that is not specific to them if reached and it doesn't actually go to even that page, taking us to a page mentioning scary zombies instead. I suppose you/they are really keen to serve those ads. How should customers who do not wish to accept the Freshdesk terms and conditions contact Ablrate and ensure that no personal information is stored in Freshdesk systems? How can we find Freshdesk's membership details in the Privacy Shield program that they claim to be a member of, given that a search for their name turns up no hits? Less specifically, did anyone actually read their (lack of) privacy policy before deciding to use them? For Ablrate to try to require customers to accept interest-based advertising as a condition of contacting Ablrate is most unimpressive. I for one will be seeking to avoid communication methods that I know will use their services. ablrate What private (and what I thought secure with you) details have you already given this "portal". How will they use it? Do I have to agree to anything before I can still contact you? Concerned!
|
|
|
Post by ablrate on Jan 16, 2017 18:24:21 GMT
I have contacted FD for their response to this, but their privacy policy is quite clear that they do not share third party data. Much of the privacy policy is based around how they interact with US not you:
"When you provide us with personal information about your contacts we will only use this information for the specific reason for which it is provided" - I.e for us to contact you.
James - We set this up to best serve customers.... 80,000 companies use the same service, including Cisco, Unicef, 3M, Honda, Solar City, Bridgestone etc etc
1. There are no ads served to our customers, it is not free so not ad supported. You do not have to sign up to the portal, nor visit their site - in fact we have switched off the options to do so right now, for no other reason, than it doesn't make any difference to the response whether you visit FD or not, it was there for convenience. (You will have more ads served to you by using this forum, than you would with FD!)
2. We use it strictly for its ticketing system and we have purposely not linked it via API so that no personal data other than an email is on the system or could be on the system.
3. You can download and use 'Virtru' to communicate with us which is on the signature of every email we send:
"We always have security in mind. If you would like to add extra security to your message, because of sensitive information that may be contained within your email, we use Virtru to send and receive encrypted messages. You may download Virtru here"
This is if you would like further encryption for any of your interactions with us, which cannot be seen by Freshdesk or anyone else who it is not intended for, even internally!
4. The servers are SSL encrypted servers like our platform.
I will respond when FD contact me. If you still don't want to use FD then we will set up a support email that does not use it and will add an FAQ with the terms of use of FD and how we use it.
Regards Ablrate
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Jan 16, 2017 20:40:18 GMT
ablrate , not sure if you read it but the ablrate.freshdesk.com customer login page has a cookie policy link which says this: "Why we love Cookies We use cookies to try and give you a better experience in Freshdesk. You can learn more about what kind of cookies we use, why, and how from our Privacy Policy (link to freshdesk.com/privacy ). If you hate cookies, or are just on a diet, you can disable them altogether too. Just note that the Freshdesk service is pretty big on some cookies (we love the choco-chip ones), and some portions of Freshdesk may not work properly if you disable cookies. We’ll also assume you agree to the way we use cookies and are ok with it as described in our Privacy Policy, unless you choose to disable them altogether through your browser." The privacy policy terms are not restricted to just the direct customers of Freshdesk like Ablrate, they would also apply to anyone accessing their services and information about your customers that is placed by you on the Freshdesk system. Assuming, that is, that you complied with the Freshdesk terms and conditions and obtained that consent: "It shall be our customers’ responsibility to inform the End-Customers about and obtain necessary consent for any personal information that is collected through our customer’s use of the Service(s)". I'm unsure how you think that someone just sending an email to info or support who might not even be a customer has given that consent or even been offered the opportunity to read the terms and conditions you're asking them to agree to. The "How Do We Collect, Use and Share Your Personal Information and Other Information?" does not say that it applies only to their direct customers, nor does the bulk of the rest of it. This part of the terms and conditions appears to contain a lie, since per the cookie and privacy policy the end customers must agree to the Freshdesk terms and conditions, which does create a direct relationship: "Freshdesk collects information on behalf of our customers, and has no direct relationship with the individuals with whom our customers may interact using the Service(s). If you are a customer of one of our customers (“End-Customer”) and would no longer like to be contacted by that customer, please contact the customer that you interact with directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Freshdesk’s customer (the data controller). If requested to remove data, we will respond within a reasonable timeframe." Of course it would not be wise for someone who didn't want data in the Freshdesk systems to send an email to Freshdesk since that would undoubtedly end up in their systems. To be clear, at least given these terms and conditions, I don't want any information about me, whether explicitly identifying me or doing so by proxy like IP address, flash stored info, HTML5 stored info, browser cookies, unique mobile device ID or any method in any Freshdesk system. So far as cookies and such tracking and ad targeting methods go, it is not inherently sufficient to use email to avoid them, in part because it is quite common to hide cookies and other identifying things in emails and if you send an email via the Freshdesk system it may add them to the email you send, perhaps using the "clear GIFs" or "web beacons" terminology that serves cookies or equivalents by hiding an invisible image in something. For example it might say that it will try to use them to provide you with read receipts, circumventing your customer's email setting controlling whether they voluntarily send them or not, then also deliver the ad targeting ones. I'm not sure that you understand how ad targeting works. The ad networks will track an individual via the cookie-equivalents and use that to target them on other sites they visit. So it doesn't matter to privacy if they show the ads on your site hosted by them or email sent via them if they are collecting the information to target the individual elsewhere. They will know that yours is a financial services business and also use that and other information to target your customers based on what you told them about those customers via your business details. "Freshdesk customers have the responsibility to inform the individuals with whom they interact with via the help of the Service(s) about the cookies used by Freshdesk and by themselves and should obtain individuals’ consent, if necessary." So to be clear I do not consent to Freshdesk using any cookies or equivalents except solely session-duration cookies and equivalent session duration technologies in a web browsing session (not in emails for any purpose). Whether served from a web site, email or any other method. Freshdesk say you're supposed to get my consent. I do not grant that consent. Under the Privacy Shield program there are a number of rights that participants are required to provide, including these: "Choices for limiting use and disclosure of your personal data Access to your personal data" So for Freshdesk as a firm that claims to participate I want none of my data stored in their systems under their current privacy policy. Please also provide me all information about me that is currently in their systems, except that which can only be provided with identifiers you don't know, like IDs in cookie equivalents and unique device identifiers.
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Jan 16, 2017 20:50:53 GMT
"There are no ads served to our customers, it is not free so not ad supported."
That is not what their terms and conditions say. Those say that even if you are paying they are going to prostitute your customer's information and privacy as well to make more money.
I trust you so I suppose that they told you that and you may not have read or realised what you were told you had to have your customers and non-customers who email you agree to.
Or maybe they don't actually intend to do that and the terms and conditions are not what they intend them to be. If so please ask them to provide the ones that do really represent the relationship.
Fee and ad aren't mutually exclusive, so that assumption may be another thing that could have caught you out.
Either way it would be nice to have the inconsistencies between what you are saying and what they appear to be saying eliminated.
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Jan 16, 2017 21:03:26 GMT
"The servers are SSL encrypted servers like our platform" If you think that SSL really protects the information stored on web servers please read this article about transport layer security. SSL is an old and no longer ideal technology for protecting information in transit between two systems. It doesn't protect the information at either end, just while in transit. As of 2015, SSL is deprecated because of known insecurities and the IETF recommendation is that it must not be used because it's security has been comprehensively broken. So even at the job that SSL is for, while you undoubtedly didn't realise it, you were in fact claiming that the communication between your servers and your customers is insecure through using an insecure technology. But don't worry, you don't actually use SSL, you really use the secure TLS alternative as this tester says. Ablrate refuses to accept SSL, as it should. Links to check many other P2P sites are here. While on the subject, do you actually encrypt the information in the databases and logs on your servers? Pretending that you use MySQL that would include: 1. The database pages on disk 2. The InnoDB transaction logs 3. The binary logs 4. The mysqldump backups that are used for disaster recovery along with the binary logs 5. The temporary files created while processing transactions and other queries Or alternatively encrypting the information before it is stored in the database server or some hybrid solution or using a whole of disk encryption approach, which is what it really takes to do it well at the moment.
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Jan 16, 2017 21:35:49 GMT
"You will have more ads served to you by using this forum, than you would with FD!"
Certainly by default and at least some use tracking technologies, including some of those mentioned in the Freshdesk privacy policy. So if the privacy policy is right, it could/could have allowed your competitors to try to target just your customers using ads here and elsewhere, identified caused having visited your support site, without ever having been served an ad there or even having logged on. Not sure that you'd really appreciate that level of interest-based targeting of ads, though I'm not sure how fine-grained the per-site targeting is today.
I've normally opted out of every tracking technology and ad network that I can, as well as trying not to get opted in in the first pkace. Also normally have most ads blocked for security as well as privacy and sensitivity to animation reasons.
|
|
stevio
Member of DD Central
Posts: 2,065
Likes: 894
|
Post by stevio on Jan 24, 2017 9:44:33 GMT
Could the SM columns be sortable by 'Best Offer' interest rate please, like the Interest rate column currently sorts (or just make all columns sortable if just as easy) - Thanks!
|
|
|
Post by ablrate on Jan 24, 2017 14:07:21 GMT
Could the SM columns be sortable by 'Best Offer' interest rate please, like the Interest rate column currently sorts (or just make all columns sortable if just as easy) - Thanks! hmmm... will have a look at that, they are all supposed to be sortable... Regards Ablrate
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Jan 25, 2017 1:29:35 GMT
The difficulty is perhaps that the column for "best offer interest rate" doesn't exist. Adding it was one of the earliest secondary market change requests.
|
|
stevio
Member of DD Central
Posts: 2,065
Likes: 894
|
Post by stevio on Feb 5, 2017 22:26:58 GMT
Could the SM columns be sortable by 'Best Offer' interest rate please, like the Interest rate column currently sorts (or just make all columns sortable if just as easy) - Thanks! hmmm... will have a look at that, they are all supposed to be sortable... Regards Ablrate Yes please, saves scanning through all the loans looking for a good rate
|
|
blender
Member of DD Central
Posts: 5,719
Likes: 4,272
|
Post by blender on Feb 8, 2017 9:31:32 GMT
A small bug/inconsistency. Today I tried to make an offer on a loan which makes a payment tomorrow. Set validity for a week, but this was rejected because it was amortising and the offer could not go past the repayment. OK I suppose. It said that it would accept a validity date up to 8th, ie today. But when I tried to do as told, it would not accept an offer where the date was not in the future. So you find, eventually, that you cannot offer an amortising loan for sale the day before the repayment. Annoying, but I suppose the offer is taken down at the start of the date rather than the end. If it is not possible to offer on an amortising loan the day before the payment, or presumably on the day of payment, then then that first message should be corrected for amortising loans.
|
|
|
Post by ablrate on Feb 8, 2017 15:56:00 GMT
A small bug/inconsistency. Today I tried to make an offer on a loan which makes a payment tomorrow. Set validity for a week, but this was rejected because it was amortising and the offer could not go past the repayment. OK I suppose. It said that it would accept a validity date up to 8th, ie today. But when I tried to do as told, it would not accept an offer where the date was not in the future. So you find, eventually, that you cannot offer an amortising loan for sale the day before the repayment. Annoying, but I suppose the offer is taken down at the start of the date rather than the end. If it is not possible to offer on an amortising loan the day before the payment, or presumably on the day of payment, then then that first message should be corrected for amortising loans. Thanks Blender - will sort
|
|
james
Posts: 2,205
Likes: 955
|
Post by james on Feb 8, 2017 23:57:11 GMT
Annoying, but I suppose the offer is taken down at the start of the date rather than the end.
If it is not possible to offer on an amortising loan the day before the payment, or presumably on the day of payment, then then that first message should be corrected for amortising loans. Yes, that's how it works, a pretty much guaranteed one day suspension of the market. It's just down to the poor design. The only time an offer can have insufficient ownership to allow the sale is after a payment is made, so cancelling offers as part of the payment run would solve the problem without any need to restrict the duration of offers. Then at some point it could be modified to only reduce or cancel under-funded offers and it then wouldn't be bugging people unnecessarily. Hackish workarounds on top of each other instead of just doing what's obvious.
|
|
elliotn
Member of DD Central
Posts: 3,063
Likes: 2,681
|
Post by elliotn on Feb 9, 2017 6:23:40 GMT
As mentioned, 'Best Offer' to be sortable.
Even better would be an additional Best AER column per FS Effective Rate to directly assess the best available returns.
|
|
blender
Member of DD Central
Posts: 5,719
Likes: 4,272
|
Post by blender on Feb 9, 2017 8:11:29 GMT
Annoying, but I suppose the offer is taken down at the start of the date rather than the end.
If it is not possible to offer on an amortising loan the day before the payment, or presumably on the day of payment, then then that first message should be corrected for amortising loans. Yes, that's how it works, a pretty much guaranteed one day suspension of the market. It's just down to the poor design. The only time an offer can have insufficient ownership to allow the sale is after a payment is made, so cancelling offers as part of the payment run would solve the problem without any need to restrict the duration of offers. Then at some point it could be modified to only reduce or cancel under-funded offers and it then wouldn't be bugging people unnecessarily. Hackish workarounds on top of each other instead of just doing what's obvious. This is true and it seems a two day suspension. However, it is only an inconvenience and not a mis-operation, and I think the Ablrate platform pretty good for a system funded by a niche operator with no fees to lenders. I have been working round some issues with the FC platform since August 2012, which they have no interest in fixing.
|
|