Fitness World A/S โ Violation Found (Denmark, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Fitness World A/S was investigated for using workplace video surveillance without properly informing employees and for storing employee data on a shared computer. The Danish DPA found the surveillance was legal but reprimanded the company for not securing employee data properly. This matters because it highlights the importance of data security and transparency in employee monitoring.
What happened
Fitness World A/S used video surveillance at work and stored employee data on a shared computer without proper security measures.
Who was affected
Employees at Fitness World A/S who were monitored by video and whose personal data was stored insecurely.
What the authority found
The Danish DPA ruled that the video surveillance was lawful but reprimanded Fitness World for not securing employee data, violating GDPR's data security requirements.
Why this matters
This case emphasizes the need for companies to secure employee data and be transparent about monitoring practices. It serves as a reminder that even if surveillance is justified, data protection measures must be in place.
GDPR Articles Cited
After being contacted by former employees of Fitness World A/S (the controller), the Danish DPA opened an investigation into the controller's processing of personal data. The investigation focused on the claims that the controller had been using video surveillance at work without adequately informing the employees. Another allegation concerned the case of storing employees' data about, among other things, resignations, contracts, written warnings, medical certificates and video surveillance recordings locally on a shared computer which was freely accessible to other employees. The controller responded to the DPA that it carried out video surveillance in all its centres based on legitimate interest under Article 6(1)(f) GDPR to prevent crime, increase the safety of its employees and members, and prevent gross violations of its internal rules. The controller also claimed that it had informed its employees about the monitoring in the employment contract, the staff handbook, the privacy policy for employees and the controller's policy on video surveillance. In addition, the entrance areas had clear signs informing those coming in about video surveillance. As for the storing of employees' data locally on a shared computer, the controller stated that this occurred because of an error from the manager who saved the documents on the wrong drive. The controller dealt with the situation individually and improved its practices to prevent future mistakes. The DPA held that the controller's video surveillance of the workplace complied with the GDPR because the controller had a legitimate interest in the processing, namely to prevent crime and to assert legal claims against its employees, the processing was not excessive, and the controller informed all data subjects about the monitoring. However, the DPA reprimanded the controller for violating Article 32(1) GDPR when the local manager saved employees' information on the wrong drive by mistake, making it accessible to other
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Fitness World A/S in DK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Fitness World A/S - Denmark (2022). Retrieved from cookiefines.eu
Last updated: