BANCO CETELEM, S.A. – €150,000 Fine (Spain, 2024)

€150,000Agencia Española de Protección de Datos25 June 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

BANCO CETELEM, S.A. was fined €150,000 for making unauthorized debits from a customer's account to a third party. The bank continued these actions even after the customer complained and requested deletion of their data. This case stresses the importance of having a valid relationship with customers before processing their financial data.

What happened

BANCO CETELEM, S.A. made unauthorized debits from a customer's account to a third party without a contractual relationship.

Who was affected

A customer of BANCO CETELEM whose account was debited without permission.

What the authority found

The Spanish authority found that BANCO CETELEM violated GDPR by processing personal data without a valid legal basis.

Why this matters

This case serves as a warning for companies to ensure they have proper agreements with customers before handling their financial data. It highlights the need for compliance with data protection laws to avoid penalties.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 17(1)(d) GDPR
View original scraped data
Art. 6 GDPR
Art. 17(1)(d) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll BANCO CETELEM, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on BANCO CETELEM, S.A.. A person had filed a complaint against the controller with the DPA due to the fact that debits had been made from their account by the controller to a third party without there even being a contractual relationship between the data subject and the controller. The DPA also found that further debits were made despite complaints and requests for the data to be deleted. The original fine of EUR 250,000 was reduced to EUR 150,000 due to the voluntary payment and the acknowledgement of responsibility.

Related Enforcement Actions (0)

No other enforcement actions found for BANCO CETELEM, S.A. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

25 June 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€150,000

Enforcement Tracker ID

ETid-2384

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. BANCO CETELEM, S.A. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: