Sportitalia Società Sportiva Dilettantistica a.r.l. – €30,000 Fine (Italy, 2026)
Sportitalia was fined €30,000 for continuing to send marketing emails to a person who had asked to be removed from their list. This ruling matters because it reinforces that companies must honor users' requests to stop receiving communications.
What happened
Sportitalia continued to send direct marketing emails to a user despite their request to stop.
Who was affected
The individual who requested to be removed from Sportitalia's email list.
What the authority found
The Italian DPA ruled that Sportitalia violated GDPR by not complying with the user's request for erasure of their personal data.
Why this matters
This case highlights the need for businesses to respect user preferences and maintain accurate records of consent.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Sportitalia Società Sportiva Dilettantistica a.r.l. (the controller) is a company that owns a gym chain (“GetFIT”). In October 2025, the DPA initiated an investigation following a complaint by a data subject. According to the data subject, they continued to receive direct marketing emails from the controller, despite them objecting to these emails and requesting the controller to remove them from contact lists. The DPA investigated both potential data protection violations as well as a lack of collaboration from the controller. The controller argued that it had not responded to the DPA’s requests due to an internal error that was later remedied. The controller did not contest its potential data protection violations; however, it stated that the data subject’s personal data was included in a cloud-based CRM, and that direct marketing emails were sent to data subjects with their written consent. In this case, the data subject's data remained in the CRM due to a technical error. In addition, the controller claimed to have later deleted this data. The DPA found a violation of Article 17 GDPR, as the controller had failed to comply with the data subject’s request for erasure. The DPA stated that the exceptions under Article 17(3) GDPR did not apply. In addition, by not erasing the personal data, the controller then unlawfully processed the data subject’s data. The DPA found a violation of [https://www.garanteprivacy.it/documents/10160/0/Codice+in+materia+di+protezione+dei+dati+personali+%28Testo+coordinato%29 Article 130 of the Italian GDPR implementation law] (the Code), as the controller continued to send the controller direct marketing emails without their consent. The DPA also found a violation of Article 12(3) GDPR, as the controller did not inform the data subject of the actions taken to follow up on their erasure request. In terms of the controller’s lack of cooperation, the DPA did not find a violation of Article 31 GDPR. However, the DPA noted that the co
Related Enforcement Actions (0)
No other enforcement actions found for Sportitalia Società Sportiva Dilettantistica a.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
12 February 2026
Authority
Garante per la protezione dei dati personali
Fine Amount
€30,000
GDPRhub ID
gdprhub-9868About this data
Cite as: Cookie Fines. Sportitalia Società Sportiva Dilettantistica a.r.l. - Italy (2026). Retrieved from cookiefines.eu
Last updated: