Palumbo Superyacht Ancona s.r.l. – €50,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
On 29 September 2020, the Italian DPA received a complaint from a former commercial agent for Palumbo Superyacht Ancona s.r.l. The data subject is the former commercial agent. The controller is Palumbo Superyacht Ancona. On 23 June 20, the controller inhibited the data subject from using her work email address without any notice. She was not allowed to retrieve any information from the account beforehand. The data subject's requests for access to the account were ignored by the controller. The controller stated that the contract with the data subject was terminated over the disclosure of confidential information and that out of court proceedings over said disclosure were ongoing. The controller claimed that the data subject's email account was kept active to investigate the alleged breach of confidentiality, and to store information for later use in the proceedings. The controller argued that the processing was in compliance with the principles of necessity and data minimization, as it neither used the account themselves nor allowed third parties access. The controller also stated that it made itself available to discuss ways for the data subject to access his account and retrieve his personal data, ensuring that she could not alter the information present. The DPA found that the controller did not provide the data subject with sufficient information on their policies regarding work emails. Furthermore, the DPA found that the controller was unable to prove compliance with the information duties under Article 13 GDPR, as the information allegedly provided to the data subject lacked the requirements laid down in said Article, and the relevant documentation was not signed by the data subject. The DPA further noted that email accounts are not a suitable tool to store data for later use as evidence in proceedings. The Italian DPA held that the controller violated the principle of fairness and in particular the principle of storage limitation by keeping the data subject
GDPR Articles Cited
On 29 September 2020, the Italian DPA received a complaint from a former commercial agent for Palumbo Superyacht Ancona s.r.l. The data subject is the former commercial agent. The controller is Palumbo Superyacht Ancona. On 23 June 20, the controller inhibited the data subject from using her work email address without any notice. She was not allowed to retrieve any information from the account beforehand. The data subject's requests for access to the account were ignored by the controller. The controller stated that the contract with the data subject was terminated over the disclosure of confidential information and that out of court proceedings over said disclosure were ongoing. The controller claimed that the data subject's email account was kept active to investigate the alleged breach of confidentiality, and to store information for later use in the proceedings. The controller argued that the processing was in compliance with the principles of necessity and data minimization, as it neither used the account themselves nor allowed third parties access. The controller also stated that it made itself available to discuss ways for the data subject to access his account and retrieve his personal data, ensuring that she could not alter the information present. The DPA found that the controller did not provide the data subject with sufficient information on their policies regarding work emails. Furthermore, the DPA found that the controller was unable to prove compliance with the information duties under Article 13 GDPR, as the information allegedly provided to the data subject lacked the requirements laid down in said Article, and the relevant documentation was not signed by the data subject. The DPA further noted that email accounts are not a suitable tool to store data for later use as evidence in proceedings. The Italian DPA held that the controller violated the principle of fairness and in particular the principle of storage limitation by keeping the data subject
Related Enforcement Actions (0)
No other enforcement actions found for Palumbo Superyacht Ancona s.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
7 April 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€50,000
Enforcement Tracker ID
ETid-1185
GDPRhub ID
gdprhub-4969About this data
Cite as: Cookie Fines. Palumbo Superyacht Ancona s.r.l. - Italy (2022). Retrieved from cookiefines.eu
Last updated: