No, it’s not at all legal for the company to do this. Reply and remind them they have one calendar month to comply from the date of your original request, otherwise you will make a complaint to which ever information regulator is correct for the juridiction they’re operating in.

I’m a lawyer specialising in Data Privacy, reply here if you need more help on this one.

Also feel free to name the company.

Name and shame the company

expired

No. They are obligated to obey the law as written. They don’t get to create conditions.

GDPR clearly states you can contact any part of the organisation with your request. You can make your request verbally or in writing and they must acknowledge it. They can't refuse and make you use their app.

For fun send them a Subject Access Request and if they don't acknowledge it, report them to the ICO (if you're in the UK)

Name & shame.

Simply ask for the official company name, registration number and country as well as the prereree means of communication that they would like your local data authorities to contact them on.

Also make a 1 star review, stating that you are in talks with your local gdpr authorities about their way of handling privacy.

This worked for me last time a company asked me to download an app to delete my account

I had this before, though not through a direct communication. Someone had gotten my email credentials somehow and installed a company's app and made an account. When I went through the support pages on the company's site to find out how to delete the account the only listed way was through the app itself.

They were accommodating and helpful when I emailed the company about it though. I just told them that I can't agree to the privacy policy and thus cannot install the app but still need the account to be deleted. They did it.

They were very friendly imo. No need to speak legalese or to be rude.

Just tell them that you can't or don't want to install the app.

If they don't help you, then you proceed to remind them that you are not required to install anything for them to comply with GDPR.

It is absolutely not

I had a simmilar situation with Nicehash (crypto shit company), but I had 2fa enabled and just wanted to unsubscribe from useless newsletters. They asked for a photo of me holding a paper with my personal information. Still didnt solve that, but some comments here might help, following

It's way too easy to spoof email "from" addresses.

There should be a way to do it through their website though. Requiring an app is just stupid.

I like how they end it with "greetings"

eBay does this too. They told me they can't access my data to delete it, that I have to log in with their website or app and send information to just get my data, let alone have it deleted.

I don't know, maybe? If they have a process, no matter how laborious and roundabout, they can always claim that they have a process and that you have nothing to complain about, legally speaking. Their wagering that people will not go through all the bullshit, and they're unfortunately right. That's literally why they do it. The only correct response is to hound them relentlessly, going to Twitter (or something else idk these days, and I'm not calling it X), the press if necessary, and pestering as many government bodies and officials as you have to in order to make them get their fucking shit together. And then they'll make your particular situation of priority because now you're being more of a pain in the ass than actually doing their job is. They won't change the broken system, because one exception in a thousand isn't worth it to them to be bothered with.

Tldr, maybe but it probably won't help you, so make it as big of a headache for them as possible.

Gmail. How ironic

Cool clickbait. By censoring the company you are complaining about you are removing any possibility of confirming the story. Why would you do this? you are supposedly mad about the company and thus airing a public grievance, yet what could is a public grievance if no one know the target of your ire? Well it's useless, so why would you post this? For internet points? Maybe go back to reddit.

Then you, kindly dispose urself of all my personal data.

—Dictated but not read, fuck you Me(also take me to ur leader)

OP send them one more request explaining that under GDPR you are not required to do anything more than request your data be deleted and they must comply. Explain to them that if they don't do so in a timely manner you will be contacting your country's data protection office and filing a complaint.

Use this template in chat gpt...

Can you write an official letter for removal of my private data for (company name) and (my name). Use a strong tone and legalese langage. Make sure you verify the timeframe they must respond (act with 30 days of this letter) and any other specific to make sure they know what my rights are and that I am serious. List the typical types of data they might have on me. And write in a 1800L lexile scale.