TRIVE CREDIT SPAIN S.L. – €180,000 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
TRIVE CREDIT SPAIN S.L. did not respond to a person's request for their data, which is a requirement under privacy laws. The Spanish data protection authority found this failure serious and imposed a fine of EUR 180,000. This case highlights the importance of companies promptly addressing data access requests from users.
What happened
TRIVE CREDIT SPAIN failed to respond to a user's request for access to their personal data.
Who was affected
The person who requested access to their data from TRIVE CREDIT SPAIN was affected.
What the authority found
The Spanish data protection authority ruled that TRIVE CREDIT SPAIN did not comply with its obligation to respond to the access request, violating GDPR requirements.
Why this matters
This ruling emphasizes that companies must take user data requests seriously and respond in a timely manner. It serves as a reminder for businesses to have clear processes for handling such requests.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
TRIVE CREDIT SPAIN, S.L. (the controller) is a financial company that provides loans, including microloans online. On 19 September 2023, a data subject filed a complaint with the DPA on the grounds that the controller had not responded to their access request. During the DPA’s investigations, the controller did not prove that it had responded to the access request. Therefore, the DPA ordered the controller in March 2024 to respond to the access request by providing the data requested or denying the request with an explanation. The DPA set a deadline of ten business days to comply with the decision. The data subject contacted the DPA in July 2024, stating that the controller had not complied with the decision. The DPA then sent two requests to the controller to comply within five and ten business days respectively. The DPA began sanctioning proceedings in December 2024, as the controller had not responded to the access request or presented an appeal of the DPA’s decision to a court. The controller argued that the data subject had abused their rights under the GDPR. According to the controller, it had already processed the data subject’s erasure request in January 2023. In addition, the controller argued that the access request was part of a “confrontation strategy” intended to harm the company; this included two lawsuits, 80 phone calls and at least two complaints to the DPA. Finally, the controller argued that it had already responded to three access requests that year. The DPA found a violation of Article 58(2)(c) GDPR, as the controller had not complied with its previous decision to respond to the data subject’s access request. The DPA warned the controller that it had the proactive responsibility of proving its compliance with the GDPR in accordance with Article 5(2) GDPR; this extends to the entire “life cycle” of data processing. The DPA considered this a serious violation, as the controller failed to prove it had complied with its obligations under the G
Related Enforcement Actions (0)
No other enforcement actions found for TRIVE CREDIT SPAIN S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
16 July 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€180,000
About this data
Cite as: Cookie Fines. TRIVE CREDIT SPAIN S.L. - Spain (2025). Retrieved from cookiefines.eu
Last updated: