PILLOW HOTELS, S.L. – €4,200 Fine (Spain, 2024)

€4,200Agencia Española de Protección de Datos30 May 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish DPA has imposed a fine on PILLOW HOTELS, S.L.. A person had filed a complaint with the DPA. The individual had made a booking for an overnight stay with the controller via booking.com. A few days before the trip, they received a WhatsApp message from a person claiming to be the director of the hotel, addressing them by name and asking them to confirm the booking by referring to a fraudulent link to enter their credit card details. The data subject contacted the hotel to confirm the fraud and learned that similar cases were already known. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such fraud incidents. The DPA also found that the controller had failed to report these data breaches. The original fine of EUR 7,000 was reduced to EUR 4,200 upon admission of responsibility and voluntary payment.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll PILLOW HOTELS, S.L. actions
Full Legal Summary

The Spanish DPA has imposed a fine on PILLOW HOTELS, S.L.. A person had filed a complaint with the DPA. The individual had made a booking for an overnight stay with the controller via booking.com. A few days before the trip, they received a WhatsApp message from a person claiming to be the director of the hotel, addressing them by name and asking them to confirm the booking by referring to a fraudulent link to enter their credit card details. The data subject contacted the hotel to confirm the fraud and learned that similar cases were already known. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such fraud incidents. The DPA also found that the controller had failed to report these data breaches. The original fine of EUR 7,000 was reduced to EUR 4,200 upon admission of responsibility and voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for PILLOW HOTELS, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

30 May 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€4,200

Enforcement Tracker ID

ETid-2349

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. PILLOW HOTELS, S.L. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: