ANSPDCP (Romania) - S.C. Viva Credit IFN S.A.

From GDPRhub
ANSPDCP - S.C. Viva Credit IFN S.A.
LogoRO.jpg
Authority: ANSPDCP (Romania)
Jurisdiction: Romania
Relevant Law: Article 12(3) GDPR
Article 12(4) GDPR
Article 17 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 30.07.2020
Fine: 9680 RON
Parties: S.C. Viva Credit IFN S.A.
National Case Number/Name: S.C. Viva Credit IFN S.A.
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Romanian
Original Source: ANSPDCP (in RO)
Initial Contributor: Isabel Hahn

Viva Credit failed to inform a data subject within the time frame necessary about the outcome of a request to have data erased under GDPR Article 17.

English Summary

Facts

The National Supervisory Authority conducted an investigation into Viva Credit following a complaint by a data subject claiming that Viva Credit had not complied with their request to have their data erased under GDPR Article 17. It was also alleged that Viva Credit did not provide the data subject with information on the actions they had taken as per their obligation under GDPR Art.12(3) and 12(4). Viva Credit had an obligation to respond to the request of the data subject without unjustified delay, and to notify them if they chose to not take action. However, Viva Credit did neither.

Dispute

Whether there was a violation of GDPR Art. 17 and Art. 12(3) & (4).

Holding

The National Supervisory Authority found that there had been a violation of the GDPR and imposed a fine of 9680 lei, the equivalent of 2000 Euro, on Viva Credit, along with corrective measures requiring that they send a response to the data subject within 5 days.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.

The National Supervisory Authority has completed an investigation at the operator S.C. Viva Credit IFN S.A., finding the violation of art. 12 para. (3) and (4) of the General Regulation on Data Protection, by reference to art. 17 of the same Regulation.

     Operator S.C. Viva Credit IFN S.A. was sanctioned with a fine of 9680 lei, the equivalent of 2000 EURO.

     The investigation took place as a result of a complaint claiming that the operator did not solve the petitioner's request by which he exercises his right to delete data, according to art. 17 of the General Data Protection Regulation.

     The operator also did not provide the applicant with information on the actions taken following his request within a maximum of one month (or a maximum of 3 months, stating the reasons for the delay) at his home address or contact address (e-mail). ) available in its records.

     Thus, the operator S.C. Viva Credit IFN S.A. violated the provisions of art. 12 para. (3) and (4), reported to art. 17 of the General Data Protection Regulation.

     The operator has the obligation, according to art. 12 para. (3), to respond to the requests of the persons concerned without unjustified delays and at the latest within one month from the receipt of the request, and according to par. (4) of the same Article "if he does not take action on the request of the data subject, the controller shall inform the data subject without delay and within one month of receipt of the request, of the reasons for not taking action and of the possibility to lodge a complaint with a supervisory authority and to bring a judicial appeal. "

     At the same time, the operator S.C. Viva Credit IFN S.A. a corrective measure was also applied to him, based on the provisions of art. 58 para. (2) lit. d) of the General Regulation on Data Protection, which is obliged to send a response to the petitioner to the request submitted, within 5 working days from the communication of the minutes.