Court case II SA/Wa 607/20 – Court Ruling (Poland, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Polish bank faced complaints from customers about using their personal data for marketing without permission. The court ruled that the bank failed to respect the customers' request to stop processing their data, highlighting the importance of honoring consent.
What happened
Customers complained that their bank processed their personal data for marketing without a legal basis.
Who was affected
Bank customers who held personal and savings accounts were affected.
What the authority found
The court found that the bank did not have a valid legal basis for processing the customers' data after they withdrew consent.
Why this matters
This case emphasizes that companies must respect customers' requests regarding their personal data. Businesses should ensure they have clear processes for handling consent withdrawals.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Individuals have complained to the Polish supervisory authority about the processing of their personal data by their bank without a legal basis and for marketing purposes. The applicants were customers of the bank and held personal and savings accounts with it. After some time, the customers requested the bank in writing to stop sending advertising material and bank statements to their address and withdrew their consent to the processing of their personal data by the bank, which withdrawal of consent included the quote: "the use, processing and archiving of all our personal data by the Bank". The bank informed the applicants that it would not comply with the request due to the impossibility of confirming the identity of the applicants, and also indicated the possibility of submitting the request in person at any bank office or by sending a request to that effect via the bank's helpline or Internet channel. The applicants have refused to use the communication channels indicated to them by the bank and have renewed their statement withdrawing their consent to the processing of their personal data by the bank. The bank eventually closed the customers' bank accounts and at the end sent them a monthly bank statement and later a combined bank statement, which contained information about the bank's subscription to a new structured deposit. By letter from November 2018 the bank stated that it currently processes the applicants' data in terms of first names, surnames, type of identity document, identity document number, expiry date of identity document, country of issue of identity document, PESEL identification number, date of birth, place of birth, country of birth, residence status, nationality, parents' first names, marital status, mother's maiden name, gender, residential address, correspondence address, mobile phone number, home phone number, form of employment and preferred language of contact, data on the bank's products held, CIF number (identification number assign
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case II SA/Wa 607/20 in PL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case II SA/Wa 607/20 - Poland (2021). Retrieved from cookiefines.eu
Last updated: