Spartoo

€250,000

Non-compliance with general data processing principles

Päätöspäivä

5. elokuuta 2020

Viranomainen

French Data Protection Authority (CNIL)

FR

Ala

Industry and Commerce

Maa

FR

Laki

GDPR

Tila

FINAL

Kuvaus

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Oikeudelliset viittaukset

Art. 5 (1)Art. 13Art. 14

Asiat ja rikkomukset

Non-compliance with general data processing principles
Näytä virallinen asiakirja
Takaisin sakkotietokantaan
Edellinen Fine
Italian Data Protection Authority (Garante) - Supe...
Seuraava hieno
Data Protection Authority of Hamburg (HmbBfDI) - C...

Pysy ajan tasalla yksityisyyden suojan valvonnasta

Kunnioitamme yksityisyyttäsi. Yksi sähköpostiviesti kuukaudessa, ei roskapostia, peruuta tilaus milloin tahansa.