Banner2.png

ANSPDCP (Romania) - Shoppag Group Online SRL

From GDPRhub
ANSPDCP - Shoppag Group Online SRL
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 83(5)(e) GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided:
Published: 24.03.2025
Fine: 9,949.8 RON
Parties: Shoppag Group Online SRL
National Case Number/Name: Shoppag Group Online SRL
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Romanian
Original Source: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (in RO)
Initial Contributor: elu

The DPA fined an online retailer RON 9,949.8 (€2,000) for not responding to the DPA’s information request connected to a data subject’s prior erasure request which was also left unanswered by the controller.

English Summary

Facts

A data subject complaint before the DPA about the practices of Shoppag Group Online SRL, an online retailer store, the controller, of not replying to data erasure requests.

The DPA started an investigation, which revealed that the controller never replied to the erasure request advanced by the data subject to delete their account.

Additionally, the controller never cooperated with the requests for information advanced by the DPA during the investigation.

Holding

The DPA held that the lack of reply to the requests for information advanced by the DPA hindered the carrying out of the DPA’s tasks.

Thus, the DPA deemed it appropriate to impose a contravention fine of Article 83(5)(e) GDPR and thus imposed a fine of RON 9,949.8 (€2,000).

Additionally, the DPA ordered the controller to share all the information and documents requested through the erasure request.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details. 

06.03.2025

Sanction for violation of the GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in January 2025, an investigation at the operator SHOPBAG GROUP ONLINE SRL and found a violation of the provisions of art. 83 paragraph (5) letter e) of Regulation (EU) 2016/679.

As such, the operator was sanctioned with a fine in the amount of 9,949.8 lei (equivalent to 2,000 euros).

The investigation was initiated following the complaint of an individual who complained that he had not received a response to his requests to delete his account and the data associated with it from the site depozit-online.ro, owned by the operator. During the investigation, it was found that the petitioner wanted to delete his account created on the operator's website depozit-online.ro, but the operator did not respond to his request.

Also, the operator did not respond to the requests addressed by the National Supervisory Authority for the Processing of Personal Data in the exercise of its investigative powers.

Thus, given that the operator did not provide the information that the National Supervisory Authority requested in order to fulfill its tasks, the operator was sanctioned with a minor offence fine, for violating the provisions of art. 83 para. (5) letter e) of Regulation (EU) 679/2016.

“Art. 83 General conditions for imposing administrative fines

(….) (5) Administrative fines of up to EUR 20 000 000 or, in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is the higher, shall apply to infringements of the following provisions, in accordance with paragraph (2):

(a) the basic principles for processing, including the conditions for consent, in accordance with Articles 5, 6, 7 and 9;

(b) the rights of data subjects in accordance with Articles 12 to 22;

(c) transfers of personal data to a recipient in a third country or an international organisation in accordance with Articles 44 to 49;

(d) any obligations under national law adopted pursuant to Chapter IX;

(e) failure to comply with an order or a temporary or definitive limitations on processing, or suspension of data flows, issued by the supervisory authority pursuant to Article 58 paragraph (2), or the refusal to grant access, in breach of Article 58 paragraph (1). (….)”

At the same time, the operator was ordered to take the corrective measure of communicating to A.N.S.P.D.C.P all the information and documents requested through the addresses communicated to it.

Legal and Communication Department

A.N.S.P.D.C.P
Retrieved from "https://gdprhub.eu/index.php?title=ANSPDCP_(Romania)_-_Shoppag_Group_Online_SRL&oldid=46646"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki