Restaurant

€170

Non-compliance with general data processing principles

Datum der Entscheidung

1. Januar 2021

Behörde

Data Protection Authority of Hessen

DE

Sektor

Accomodation and Hospitality

Land

DE

Recht

GDPR

Status

FINAL

Beschreibung

In order to identify a guest who had not paid, several visitors were contacted by employees of a restaurant. For this purpose, the telephone numbers provided by the guests as part of the Covid contact tracing tracing were used. Since the guests had provided their data solely for infection control purposes, the DPA considered the contacting for the purpose of identifying the guest to be a violation of the principle of purpose limitation (Art. 5 (1) b) GDPR).

Juristische Zitate

Art. 5 (1)

Probleme und Verstöße

Non-compliance with general data processing principles
Offizielles Dokument anzeigen
Zurück zur Bußgelddatenbank
Vorherige Geldstrafe
Data Protection Authority of Hessen - Police offic...
Nächste Geldstrafe
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bleiben Sie auf dem Laufenden über die Durchsetzung des Datenschutzes

Wir respektieren Ihre Privatsphäre. Eine E-Mail pro Monat, kein Spam, jederzeit abbestellbar.