The sending of advertising is increasingly monitored by the different organizations in charge of it. The Spanish Data Protection Agency has imposed a severe penalty for this reason, we will tell you the details.
As consumers, we are increasingly protected from commercial communications from companies that want to sell us their products or services. Although there is still a long way to go in this regard, news of companies that have received a sanction by the different organizations that ensure the privacy of our data for having violated it.
According to the information published by the media specialized in the matter Confilegal, the Spanish Data Protection Agency He has imposed a fine of 10,000 euros to the textile retailer Grimey Wear for having sent a consumer different advertising actions, despite repeated requests that your data was deleted on its part.
Deletion of data
In the month of January 2023, The consumer requested her removal from the company’s database. However, it was not enough and the textile company continued sending you promotional newsletters. Reason why he had to send a new request for withdrawal, alleging that the request made months ago had not yet been attended to. Despite this, he still received mailing campaigns during the months of June and July. Which he triggered a formal complaint.
In the claim, the plaintiff has been providing as evidence the different emails in which the deletion of your data. Explaining, furthermore, that the maximum period for the deletion of the data to be carried out should not be longer than one month, as explains the Data Protection Law.
A minor infraction
Although initially the penalty was 10,000 euros, it was reduced to 6,000, since the company accepted the voluntary payment and, in addition, recognized the facts presented by the plaintiff. According to the company, the explanation is due to the fact that the transition between two mailing platforms was taking place and, during the process, the data was not crossed in the correct way. Not making the plaintiff’s withdrawal effective.
Furthermore, in order to demonstrate that They did not act in bad faith in this regard, They invited the AEPD to check the history of requests relating to their databases, to verify that this error did not reflect their usual practices in everything related to the processing of personal data.
In addition to accepting and acknowledging the error, and apologizing to both the consumer and the AEPD itself, it has also been reported that they have added extra layers of security to protect everything that has to do with the user information found in its database, having hired a company to advise and guide them in this matter.
According to article 38.4.d), the violation of “sending commercial communications by email” is typified as “mild”. And, therefore, it is quantified at 10,000 euros, with the corresponding reduction for the previously mentioned mitigating factors.
