SAINTS & STARS B.V. – Court Ruling (Netherlands, 2026)

SAINTS & STARS B.V. (the controller) is a company that operates several gyms. In 2025, a data subject cancelled their membership and requested the controller to erase all their personal data in accordance with Article 17 GDPR. The controller sent two general marketing emails after terminating the data subject’s membership. The controller argued that it had a legal obligation to retain the data subject’s data, as they had not paid the final invoice. The controller also claimed to have unsubscribed the data subject from its marketing emails list. The data subject brought a case to the court, requesting the court to order the controller to erase their data and pay €750 in non material damages. During the proceedings, the court informed the data subject that their claim for erasure would be rejected, as they did not file the case within the time limit set by national law. The data subject stated that they no longer wished their data to be deleted, but still maintained their claim for damages. The court first clarified that the deadline applied for the erasure claim and not the claim for damages, as the six week limit under national law applies to requests under Articles 15 to 22 GDPR. The court then stated that it was not in dispute that the controller unlawfully processed the data subject’s data to send them marketing emails. The controller processed this data without a valid legal basis under Article 6 GDPR, as the data subject did not consent to this processing. However, the court refused to award the data subject damages. Under Article 82 GDPR, a violation of the GDPR in itself is not sufficient to grant a data subject damagesSee also C-300/21 (Österreichische Post), margin 32. According to the court, the data subject did not provide evidence beyond stating they felt “genuine discomfort“ when receiving the emails after canceling their membership. This was insufficient to establish non material damage. The court dismissed the case.