SUNERIS, S.A. – €5,400 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Spanish data protection authority fined SUNERIS, S.A. EUR 5,400 for processing ID card and passport scans of guests without following proper data minimization rules. This matters because it highlights the importance of only collecting necessary information from users.
What happened
SUNERIS, S.A. processed scans of ID cards and passports of their guests, violating data minimization principles.
Who was affected
Guests whose ID cards and passports were scanned by SUNERIS, S.A.
What the authority found
The authority found that SUNERIS, S.A. did not comply with the principle of data minimization as required by GDPR.
Why this matters
This case underscores the need for companies to limit the personal data they collect to what is strictly necessary. It serves as a reminder for businesses to review their data collection practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA has imposed a fine of EUR 5,400 on SUNERIS, S.A. The controller processed scans of ID cards and passports of their guests, infringing the principle of data minimisation. The original fine of EUR 9,000 was reduced to EUR 5,400 due to immediate payment and admission of responsibility by the controller.
Related Enforcement Actions (0)
No other enforcement actions found for SUNERIS, S.A. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
16 July 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€5,400
Enforcement Tracker ID
ETid-2760
About this data
Cite as: Cookie Fines. SUNERIS, S.A. - Spain (2025). Retrieved from cookiefines.eu
Last updated: