HEI – Medical Travel – €10,600 Fine (Iceland, 2022)

€10,600Persónuvernd3 May 2022Iceland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

HEI – Medical Travel was fined €10,600 for sending unsolicited emails and not providing information about how they got a person's email address. This case is important because it shows that companies must have a legal reason to contact people and must be transparent about their data practices.

What happened

HEI – Medical Travel accessed a person's email without permission and sent unsolicited emails.

Who was affected

An individual whose email was accessed and used by HEI – Medical Travel without consent.

What the authority found

The Icelandic DPA found that HEI – Medical Travel lacked a valid legal basis for accessing and using the person's email, violating GDPR.

Why this matters

This ruling highlights the importance of respecting individuals' privacy and being transparent about data collection practices. Companies should ensure they have a legal basis for contacting individuals and must respond to requests for information about data processing.

GDPR Articles Cited

Art. 15(1) GDPR
Art. 9(1) Act 90/2018 GDPR
Art. 17(2) Act 90/2018 GDPR
Iceland enforcementPersónuvernd actionsAll HEI – Medical Travel actions
Full Legal Summary
Detailed

The Icelandic DPA has imposed a fine of EUR 10,600 on HEI - Medical Travel. A data subject had filed a complaint with the DPA against the controller. The controller had gained access to the data subject's email via the Icelandic Medical Association's internal website and had then sent them unsolicited emails. The DPA found that such access was unlawful due to the lack of a valid legal basis. In addition, the data subject had asked the controller for information about the processing of their personal data, such as the origin of the e-mail address. The controller did not properly comply with this request.

Related Enforcement Actions (0)

No other enforcement actions found for HEI – Medical Travel in IS

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

3 May 2022

Authority

Persónuvernd

Fine Amount

€10,600

Enforcement Tracker ID

ETid-1428

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. HEI – Medical Travel - Iceland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: