AQAPHOTO – €1,000 Fine (Latvia, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
AQAPHOTO was fined for using inconsistent privacy policies while offering photography services at a water park. This matters because it shows that clear and consistent communication about data use is essential. Businesses should ensure their privacy policies are easy to understand and consistent across all platforms.
What happened
AQAPHOTO was fined for having inconsistent privacy policies regarding their photography services at an amusement park.
Who was affected
Visitors at the Līvu Akvaparks who had their photos taken by AQAPHOTO.
What the authority found
The DPA found that AQAPHOTO failed to provide clear and consistent information about how visitors' data would be processed, violating GDPR.
Why this matters
This ruling highlights the need for businesses to have clear and consistent privacy policies. Website operators should regularly review their policies to ensure they are straightforward and match across all communication channels.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 20 May 2023, the DPA carried out an on-site investigation into the operations of a company called AQAPHOTO (‘controller’), carried out the at the Līvu Akvaparks, a water amusement park. The controller’s primary activity was offering photography services to visitors (‘data subjects’) at the amusement park. For the purpose to capture and provide photographic memories, the controller hired photographers which took photos of the visitors and were recognizable by wearing yellow T-shirts saying “AQUA FOTO TEAM”. The visitors could then select their photos on the monitors located at the AQUAPHOTO booth. In addition, the controller used facial recognition technology software to identify the individuals that requested their photos and offer the pictures to them. The controller informed about its data processing operations in 4 different forms available to the visitors. However, their privacy policy was inconsistent across these different places. # On the amusement’s park website, the privacy policy stated that visitors would be photographed by walking up to the photographers and then obtain their photos at the AQUAPHOTO stand. # The section concerning “Visitor rules” published on their website further specified that visitors with minors under their guardianship may be photographed in the amusement park. If the visitors did not wish to be photographed they had to take a distinguishing sign from the employees of the AQUAPHOTO stand. # On the contrary, the “Terms and Conditions of Photo Services and Personal Data Processing” posted at the company’s stand said that distinguishing sign could be obtained from the amusement park’s cash desk or the photographers hired by AQUAPHOTO. # By a visual information poster at the amusement park’s cash desk with a text saying: #* Don't be afraid of the AQUAPHOTO photographer. You do not want to be photographed in red. Green wristbands make many beautiful photographs’; #* The posted also provided that the data subjects would not receive
Related Enforcement Actions (0)
No other enforcement actions found for AQAPHOTO in LV
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. AQAPHOTO - Latvia (2024). Retrieved from cookiefines.eu
Last updated: