Sportitalia Società Sportiva Dilettantistica a.r.l. – €30,000 Fine (Italy, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Sportitalia continued to send marketing emails to a person even after they asked to be removed from the list. This is important because it shows that businesses must respect people's wishes regarding their personal data. Companies should ensure they have proper systems in place to manage marketing communications.
What happened
Sportitalia sent marketing emails to a person who had requested to stop receiving them.
Who was affected
The person who objected to receiving marketing emails from Sportitalia was affected.
What the authority found
The DPA found that Sportitalia failed to erase the person's data as requested, violating GDPR rules about data erasure.
Why this matters
This ruling emphasizes that companies must act quickly to remove personal data when requested. It serves as a reminder for businesses to regularly check their data management practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Sportitalia Società Sportiva Dilettantistica a.r.l. (the controller) is a company that owns a gym chain (“GetFIT”). In October 2025, the DPA initiated an investigation following a complaint by a data subject. According to the data subject, they continued to receive direct marketing emails from the controller, despite them objecting to these emails and requesting the controller to remove them from contact lists. The DPA investigated both potential data protection violations as well as a lack of collaboration from the controller. The controller argued that it had not responded to the DPA’s requests due to an internal error that was later remedied. The controller did not contest its potential data protection violations; however, it stated that the data subject’s personal data was included in a cloud-based CRM, and that direct marketing emails were sent to data subjects with their written consent. In this case, the data subject's data remained in the CRM due to a technical error. In addition, the controller claimed to have later deleted this data. The DPA found a violation of Article 17 GDPR, as the controller had failed to comply with the data subject’s request for erasure. The DPA stated that the exceptions under Article 17(3) GDPR did not apply. In addition, by not erasing the personal data, the controller then unlawfully processed the data subject’s data. The DPA found a violation of [https://www.garanteprivacy.it/documents/10160/0/Codice+in+materia+di+protezione+dei+dati+personali+%28Testo+coordinato%29 Article 130 of the Italian GDPR implementation law] (the Code), as the controller continued to send the controller direct marketing emails without their consent. The DPA also found a violation of Article 12(3) GDPR, as the controller did not inform the data subject of the actions taken to follow up on their erasure request. In terms of the controller’s lack of cooperation, the DPA did not find a violation of Article 31 GDPR. However, the DPA noted that the co
Related Enforcement Actions (0)
No other enforcement actions found for Sportitalia Società Sportiva Dilettantistica a.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
12 February 2026
Authority
Garante per la protezione dei dati personali
Fine Amount
€30,000
Enforcement Tracker ID
ETid-3089
GDPRhub ID
gdprhub-9868About this data
Cite as: Cookie Fines. Sportitalia Società Sportiva Dilettantistica a.r.l. - Italy (2026). Retrieved from cookiefines.eu
Last updated: