Spartoo

€250,000

Non-compliance with general data processing principles

Otsuse kuupäev

5. august 2020

Ametiasutus

French Data Protection Authority (CNIL)

FR

Sektor

Industry and Commerce

Riik

FR

Seadus

GDPR

Staatus

FINAL

Kirjeldus

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Õiguslikud viited

Art. 5 (1)Art. 13Art. 14

Probleemid ja rikkumised

Non-compliance with general data processing principles
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
Italian Data Protection Authority (Garante) - Supe...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.