Trionic Sverige AB – Complaint Upheld (Sweden, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Trionic Sverige AB faced a complaint upheld by the Swedish authority for sharing a customer's order confirmation with another company. The customer was unhappy that their data was shared without proper notice. This situation emphasizes the need for clear communication about data sharing practices.
What happened
The Swedish authority upheld a complaint against Trionic for sharing a customer's order confirmation with a third party.
Who was affected
A customer who ordered a product and had their order confirmation shared without consent.
What the authority found
The authority found that Trionic did not adequately inform the customer about sharing their personal data with another company.
Why this matters
This case serves as a reminder for companies to clearly communicate their data sharing practices in privacy policies to avoid complaints and potential penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject ordered a product from the German website of Trionic, a company selling wheelchairs among other products. According to the data subject, the controller then sent a copy of his order confirmation to the domain provider of the data subject's email provider. The data subject communicated his dissatisfaction about this practice to the controller. The data subject also complained about the fact that the controller was sharing personal data with another company, despite the fact that this was not mentioned in the privacy policy. The data subject later cancelled the order. The controller clarified its several processing operations and the corresponding legal bases. First, the controller suspected at first that the data subject had provided an incorrect personal e-mail address for this order. When the controller tried to contact the data subject with the provided telephone number, this did not work. It turned out that the data subject had provided a fax number instead of a telephone number. Because there was no other way to contact the data subject, the controller decided to send the order confirmation to the 'info' e-mail address of the data subject's e-mail domain. Besides the fact that the controller claimed that this was the only way to contact the data subject, the controller also stated that it was legally obligated to do so pursuant to Article 5(1)(d) GDPR. The controller did not explicitly mention Article 6(1)(c) GDPR, but it did mention that it was using the legal bases of 'legal obligation'. Second, the controller allowed its customers to pay with invoice in the German market. However, the controller had experienced before that these invoices were not paid. To prevent this from happening again, the controller shared the data subject's personal data with its processor, providing fraud control services. The controller's legal basis for this processing was Article 6(1)(f) GDPR, for the controller's legitimate interest to prevent fraud. It a
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Trionic Sverige AB in SE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Trionic Sverige AB - Sweden (2022). Retrieved from cookiefines.eu
Last updated: