[varsketiz]

> Which would include things like names, email addresses, IP addresses, etc of people who are banned (to prevent them from returning).

I'm not sure about that. The company might reason it needs this data to operate, but you should be able to contest that with a data protection authority.

The data that you can not request to delete is for example money transaction data, which the company has to retain for 10 years or so due to other laws.

[cj]

Curious - has anyone here submitted a complaint to a data authority? I wonder what that process is like.

[varsketiz]

I have. It was about a company that kept spamming me with SMSes. I had to file an archaic form for a government agency. It took a while, I received a few emails about progress and asking for additional details.

The spam stopped.