Hora Credit IFN SA – €24,000 Fine (Romania, 2023)

€24,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal7 December 2023Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Hora Credit IFN SA was fined for mistakenly sending personal documents to the wrong email address and failing to respond to a customer's data request. Their lack of proper data protection measures led to this error. The Romanian data authority took action to emphasize the need for better security practices.

What happened

Hora Credit IFN SA sent personal data documents to the wrong customer and did not respond promptly to a data access request.

Who was affected

A customer whose personal data was mistakenly sent to another person and who requested access to their data.

What the authority found

The Romanian data authority found that Hora Credit IFN SA failed to implement sufficient data protection measures, violating Articles 12(3), 15, 32, and 33(1) of the GDPR.

Why this matters

This ruling serves as a reminder for companies to have strong data protection practices in place. Timely responses to data requests and secure handling of personal information are crucial to avoid fines and protect customer trust.

GDPR Articles Cited

AI-verified

Art. 15(GDPR)
Art. 32(GDPR)
Art. 12(3) GDPR
Art. 33(1) GDPR
View original scraped data
Art. 12(3) GDPR
Art. 15(GDPR)
Art. 32(GDPR)
Art. 33(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
articles corrected
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Hora Credit IFN SA actions
Full Legal Summary
Detailed

The Romanian DPA imposed a fine of EUR 24,000 on Hora Credit IFN SA. The controller had accidentally sent documents containing the personal data of another person to a customer by e-mail. Although the customer reported the error to the controller, messages continued to be sent to the wrong e-mail address. The controller also failed to respond to the data subject's request for access to their data in a timely manner. During its investigation, the DPA found that the controller failed to implement sufficient technical and organizational measures to protect personal data. The controller also failed to report the incident to the DPA in a timely manner.

Related Enforcement Actions (1)

Other enforcement actions involving Hora Credit IFN SA in RO

Fine
Dec 2019· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The sanctions were applied as a result of a complaint alleging that Hora Credit IFN SA transmitted documents containing personal data of another perso...

€14K
Current
Dec 2023

Fine

€24K

Details

Fine Date

7 December 2023

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€24,000

Enforcement Tracker ID

ETid-2148

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hora Credit IFN SA - Romania (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: