GYMOOGIMNASIOS S.L. – €10,000 Fine (Spain, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
GYMOOGIMNASIOS S.L. was fined EUR 10,000 for requiring users to consent to the processing of their health data to use its reservation system. This practice violated the principle of data minimization, which means only necessary data should be collected. Small businesses should ensure they only ask for data that is essential for their services.
What happened
GYMOOGIMNASIOS S.L. required users to consent to health data processing to access its reservation system.
Who was affected
Users who wanted to use the sports facility and its reservation system were affected.
What the authority found
The Spanish DPA ruled that the company violated data minimization principles by collecting unnecessary health data.
Why this matters
This case highlights the importance of collecting only necessary information from users. Small businesses should review their data collection practices to avoid similar fines.
GDPR Articles Cited
The Spanish DPA has fined GYMOOGIMNASIOS S.L. EUR 10,000. The controller had installed a reservation system where data subjects had to consent to the processing of health-related data in order to use the system and the sports facility. The DPA considered this to be a violation of the principle of data minimization.
Related Enforcement Actions (0)
No other enforcement actions found for GYMOOGIMNASIOS S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 August 2023
Authority
Agencia Española de Protección de Datos
Fine Amount
€10,000
Enforcement Tracker ID
ETid-1999
About this data
Cite as: Cookie Fines. GYMOOGIMNASIOS S.L. - Spain (2023). Retrieved from cookiefines.eu
Last updated: