Spartoo

€250,000

Non-compliance with general data processing principles

Data deciziei

5 august 2020

Autoritatea

French Data Protection Authority (CNIL)

FR

Sector

Industry and Commerce

Țara

FR

Legea

GDPR

Statut

FINAL

Descriere

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Citări juridice

Art. 5 (1)Art. 13Art. 14

Probleme și încălcări

Non-compliance with general data processing principles
Vezi documentul oficial
Înapoi la baza de date a amenzilor
Amenda anterioară
Italian Data Protection Authority (Garante) - Supe...
Următoarea amendă
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rămâneți la curent cu aplicarea normelor de confidențialitate

Îți respectăm confidențialitatea. Un e-mail pe lună, fără spam, dezabonare oricând.