Predase Servicios Integrales SL – €5,000 Fine (Spain, 2021)

Predase Servicios Integrales SL (PSI) provides advice on a range of issues such as occupational risk prevention; data protection or insurance. On its webpage, PSI has a section of interested parties which included requirements to fill in address, telephone number and had a data collection form. However, investigations by the Spanish DPA showed that PSI's website did not have a privacy policy, nor provided information in accordance with Article 13 GDPR. To justify this, PSI mentioned that the contact form was not operational, so an email address was provided instead. The Spanish DPA encountered many errors (server permission denial and object not found) attempting to access the website during its investigation. At the time of the decision, the website was still not accessible Does the lack of a privacy policy or information on data processing on a webpage's contact section breach Article 13 GDPR even if the contact form is not operational? The Spanish DPA (AEPD) held that the defendant, PSI, violated Article 13 GDPR by failing to provide information to parties interested in their services. The Spanish DPA also refered to Article 11 of the national Spanish Law on Data Protection and Digital Rights (LOPDGDD) on the provision of information to data subjects. The Spanish DPA therefore went to conclude that PSI violated Article 13 GDPR by provided a contact section that included requirements for telephone, an email and a data collection form without providing information on the data processing at stake. The argument that the contact section was not operational and therefore not collecting personal data could not be verified by the DPA due to the website's errors. Therefore, this argument was dismissed by the DPA. Similarly, the DPA held that the fact that the form is not operational, does not mean that the controller in charged of a webpage does not have to comply with the duty to provide information as per Article 12 and 13 GDPR. This is the case as the website w