Mollie (data controller) – Court Ruling (Netherlands, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that Mollie, a payment service provider, lawfully ended its services with two foundations after suspecting improper use of its payment system. The court also addressed the foundation director's request for access to his personal data, which Mollie had denied. This case is important for businesses to understand their rights and obligations regarding contract termination and data access requests.
What happened
Mollie terminated its services with two foundations due to suspected improper use of its payment system.
Who was affected
The director of two foundations using Mollie's payment services was directly affected.
What the authority found
The court held that Mollie lawfully terminated its contract and addressed the denial of the director's data access requests.
Why this matters
This ruling underscores the importance of compliance with legal obligations when terminating services and handling data access requests. Businesses should ensure they have clear policies and procedures for both.
GDPR Articles Cited
National Law Articles
The data subject was the director of two foundations engaged in activities with regard to the Islam. Foundation 1 focussed on, among other things, arranging funerals in accordance with Islamic rules. Foundation 2 focussed on promoting and disseminating knowledge about the Islam. The data subject was also the Ultimate Beneficial Owner (UBO) for both foundations.see comment Both foundations used Mollie B.V. (the controller) as a payment service provider. To be in compliance with the Money Laundering and Terrorist Financing (Prevention) Act (Wwft),Mollie B.V. conducted a customer due diligence, where it requested and obtained data on the data subject in his capacity as the UBO for both foundations. Following a periodic inspection, the controller terminated its services to both foundations. It stated that the account was no longer a good fit due to recent changes in legislation and its internal policies. Later, the controller informed Foundation 1 that the service was terminated, partly due to its affiliation with foundation 2, as it had become aware that foundation 2 might have used its payment system for improper purposes. Foundation 1 contested the termination in court. However, in a preliminary ruling, the Court held that the controller lawfully terminated the contract. The data subject then submitted multiple access requests with Mollie B.V. which, in turn, denied all of them. Therefore, the data subject brought the matter before the court. The data subject requested the Court to order the controller to provide him with all personal data relating to him in the context of the customer due diligence. More specifically data relating to him (i) in his capacity as UBO, (ii) regarding signals received by the controller, (iii) regarding transactions, and (iv) regarding the risk profile drawn up and risk classification. The data subject further requested the purposes for processing, the categories of personal data concerned and the recipients of his data. In addition,
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Mollie (data controller) in NL
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Mollie (data controller) - Netherlands (2022). Retrieved from cookiefines.eu
Last updated: