Spartoo

€250,000

Non-compliance with general data processing principles

Dato for beslutning

5. august 2020

Myndighed

French Data Protection Authority (CNIL)

FR

Sektor

Industry and Commerce

Land

FR

Lovgivning

GDPR

Status

FINAL

Beskrivelse

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Juridiske citater

Art. 5 (1)Art. 13Art. 14

Problemer og overtrædelser

Non-compliance with general data processing principles
Se officielt dokument
Tilbage til bøde-databasen
Forrige bøde
Italian Data Protection Authority (Garante) - Supe...
Næste bøde
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold dig opdateret om håndhævelse af privatlivets fred

Vi respekterer dit privatliv. En e-mail om måneden, ingen spam, afmeld når som helst.