Carrefour Banque

Description

The French DPA (CNIL) imposed a fine on Carrefour Banque for violation of its obligation to process data fairly (Article 5 (1) GDPR). If a person who subscribed to the Pass card (a credit card that can be attached to a loyalty account) also wanted to participate in the loyalty program, he or she had to tick a box in which he or she agreed to Carrefour Banque sending his or her surname, first name and e-mail address to 'Carrefour fidélité'. Carrefour Banque expressly indicated that no further data would be transmitted. However, the CNIL noted that other data such as postal address, telephone number and the number of children had been transmitted, although the company undertook not to transmit any further data.