Pitagorasz Oktatási Stúdió Kft – €1,250 Fine (Hungary, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Pitagorasz Oktatási Stúdió Kft sent misleading letters to students and their parents about entry exam preparation courses. This is important because it shows that companies must be transparent about how they use personal data and cannot mislead people about their intentions.
What happened
Pitagorasz Oktatási Stúdió Kft sent letters that suggested an official communication while using personal data for marketing without proper consent.
Who was affected
Students and their parents who received the misleading letters were affected.
What the authority found
The Hungarian Data Protection Authority found that the company violated GDPR rules by not providing clear and complete information about data processing.
Why this matters
This ruling emphasizes the need for clear communication and proper consent when using personal data for marketing. Companies should review their practices to ensure compliance.
GDPR Articles Cited
Following several compaints, the DPA launched an "ex officio" investigation. The controller (Client 1, Pitagorasz Oktatási Stúdió Kft) organises preparation courses for entry exams to secondary schools. It sent letters to students of different age (who are probably interested in applying for an entry exam), addressed to the students but mentioning that they are destined (also) to their caretakers. The addresses were received from the official government register, quoting as purpose market research. There is a law enabling this, but since 2019, this is not possible for direct marketing in respect of private individuals. The letters were sent after the registration to the courses was closed. Parents were informed about the source of the data at the bottom of the letters, and that the use of the data was terminated when the letter was forwarded. The information on the letter and in the legal basis could give the impression that this was an official communication and based on a legal obligation. The letter itself did not contain a market research questionnaire and could not be returned by mail. It hinted to an on line questionnaire which could be filled in. The privacy statement was not provided, it was only mentioned that it is available on the homepage of the controller (not a specific link to the statement itself). The information on the privacy statement mixed the processing of addresses used for sending the letters, the processing of registrations and of responses to the on line questionnaire. Different pieces of information (registration form, privacy statement etc.) contained differing information as to the legal basis of processing. The information given for consent was incomplete. The DPA acquired information from the provider of a mailing software and database used. It was established that this provider did not have access to the personal data, was neither controller, nor processor. The DPA investigated the database and found data of different groups of data s
Related Enforcement Actions (0)
No other enforcement actions found for Pitagorasz Oktatási Stúdió Kft in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
24 November 2023
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€1,250
500,000 HUF
GDPRhub ID
gdprhub-7607About this data
Cite as: Cookie Fines. Pitagorasz Oktatási Stúdió Kft - Hungary (2023). Retrieved from cookiefines.eu
Last updated: