ANSPDCP (Romania) - SYNOBIS MEDICAL S.R.L.
ANSPDCP - SYNOBIS MEDICAL S.R.L. | |
---|---|
Authority: | ANSPDCP (Romania) |
Jurisdiction: | Romania |
Relevant Law: | Article 12 GDPR Article 14 GDPR Article 4(5) and 13(1)(i) Law 506/2004 |
Type: | Complaint |
Outcome: | Upheld |
Started: | |
Decided: | 10.12.2024 |
Published: | |
Fine: | 10,000 RON |
Parties: | SYNOBIS MEDICAL S.R.L |
National Case Number/Name: | SYNOBIS MEDICAL S.R.L. |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Romanian |
Original Source: | Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (in RO) |
Initial Contributor: | elu |
Additionally, the DPA fined a medical center RON 10,000 (€4,972) as it forced users to accept cookies to access its website. These cookies collected and stored personal data of the data subject.
English Summary
Facts
The Romanian DPA was notified by a website user of possible data protection violations y SYNOBIS MEDICAL S.R.L., the controller. Upon investigation, the DPA found that it was impossible to enter the website of the controller without the users´ personal data being collected through cookies. Moreover, the data subject could not access their data.
Holding
The DPA found that the controller was collecting and storing personal data that was collected, through cookies, from the users´ equipment without obtaining their express consent. Moreover, the controller did also not inform the users of the presence of said cookies, violating Article 4(5) and 13(1)(i) Law 506/2004, Romanian law on the processing of personal data and protection of privacy in the electronic communications sector (implementation of the E-Privacy Directive).
Moreover, the controller did not inform the data subject of whose personal data they collected, and processed through the website, violating Article 12 and 14 GDPR.
Consequently, the DPA deemed it appropriate to impose a fine of RON 10,000 (€4,972) to the controller.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
10.12.2024 Sanction for non-compliance with Law no. 506/2004 and GDPR The National Supervisory Authority for Personal Data Processing completed, in October 2024, an investigation at the operator SYNOBIS MEDICAL S.R.L. and found: a) violation of the provisions of art. 13 paragraph (1) letter i) of Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as subsequently amended and supplemented. b) violation of the provisions of art. 12-14 of Regulation (EU) 2016/679. For the acts committed, the operator was fined 10,000 lei, as well as given a warning. The investigation of the sanctioned operator was initiated following a complaint regarding a possible violation of the provisions of Regulation (EU) 2016/679 and Law no. 506, as amended and supplemented, through the website www.synobis.ro, owned by SYNOBIS MEDICAL S.R.L., which did not offer the possibility of access without accepting the collection of information through cookie technologies nor did it ensure the information of the data subjects, according to the legal provisions in the field. During the investigation, it was found that the operator SYNOBIS MEDICAL S.R.L.: a) allowed the storage of information and obtaining access to the information stored on users' equipment by using cookie files available on the website www.synobis.ro, without complying with the legal conditions regarding the prior obtaining of express consent and without informing users, as provided for in art. 4 para. (5) of Law no. 506/2004, as amended and supplemented; b) does not provide complete information to the data subjects whose personal data are collected and processed through the website www.synobis.ro, in accordance with art. 12-14 of Regulation (EU) 2016/679. At the same time, the following corrective measures have been ordered: a) the operator shall actively implement the provisions of art. 4 paragraph (5) of Law no. 506/2004, as amended and supplemented, by obtaining express consent and informing users before installing cookies on their device; b) the operator shall provide complete information to the data subjects on the website www.synobis.ro, in a concise, transparent, intelligible and easily accessible form, using clear and simple language, on each section of the website where personal data may be collected/processed, in accordance with the provisions of art. 12-14 of the GDPR, the information will be mainly in Romanian. Legal and Communication Department A.N.S.P.D.C.P.