Spartoo

€250,000

Non-compliance with general data processing principles

Data della decisione

5 agosto 2020

Autorità

French Data Protection Authority (CNIL)

FR

Settore

Industry and Commerce

Paese

FR

Legge

GDPR

Stato

FINAL

Descrizione

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Citazioni legali

Art. 5 (1)Art. 13Art. 14

Problemi e violazioni

Non-compliance with general data processing principles
Visualizza il documento ufficiale
Torna al database delle multe
Precedente Multa
Italian Data Protection Authority (Garante) - Supe...
Prossima ammenda
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rimanete aggiornati sull'applicazione della privacy

Rispettiamo la vostra privacy. Un'email al mese, niente spam, cancellazione in qualsiasi momento.