Palumbo Superyacht Ancona s.r.l. – €50,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Palumbo Superyacht Ancona was fined for blocking a former employee's access to her work email without notice. This case shows that companies must inform employees about their rights regarding personal data. Businesses should have clear policies for handling employee information to avoid similar issues.
What happened
The company prevented a former commercial agent from accessing her work email account without any prior notice.
Who was affected
The former commercial agent who was unable to retrieve her personal information from her work email.
What the authority found
The Italian DPA found that the company did not provide sufficient information about its email policies and violated GDPR rules regarding fairness and data storage.
Why this matters
This ruling highlights the need for companies to communicate clearly with employees about their data rights. It sets a precedent for ensuring that businesses cannot withhold access to personal information without proper justification.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 29 September 2020, the Italian DPA received a complaint from a former commercial agent for Palumbo Superyacht Ancona s.r.l. The data subject is the former commercial agent. The controller is Palumbo Superyacht Ancona. On 23 June 20, the controller inhibited the data subject from using her work email address without any notice. She was not allowed to retrieve any information from the account beforehand. The data subject's requests for access to the account were ignored by the controller. The controller stated that the contract with the data subject was terminated over the disclosure of confidential information and that out of court proceedings over said disclosure were ongoing. The controller claimed that the data subject's email account was kept active to investigate the alleged breach of confidentiality, and to store information for later use in the proceedings. The controller argued that the processing was in compliance with the principles of necessity and data minimization, as it neither used the account themselves nor allowed third parties access. The controller also stated that it made itself available to discuss ways for the data subject to access his account and retrieve his personal data, ensuring that she could not alter the information present. The DPA found that the controller did not provide the data subject with sufficient information on their policies regarding work emails. Furthermore, the DPA found that the controller was unable to prove compliance with the information duties under Article 13 GDPR, as the information allegedly provided to the data subject lacked the requirements laid down in said Article, and the relevant documentation was not signed by the data subject. The DPA further noted that email accounts are not a suitable tool to store data for later use as evidence in proceedings. The Italian DPA held that the controller violated the principle of fairness and in particular the principle of storage limitation by keeping the data subject
Related Enforcement Actions (0)
No other enforcement actions found for Palumbo Superyacht Ancona s.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
7 April 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
About this data
Cite as: Cookie Fines. Palumbo Superyacht Ancona s.r.l. - Italy (2022). Retrieved from cookiefines.eu
Last updated: