Italy

Aimon Srl

200,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2021-11-25.

Rank · Sector

#82

of 369 in Media, Telecoms and Broadcasting

Rank · Italy

#61

of 543

Rank · All fines

#348

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2021-11-25
Controller / Processor: Aimon Srl
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 5 (1) a) GDPR, Art. 6 (1) a) GDPR, Art. 12 GDPR, Art. 21 GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Italian DPA has imposed a fine of EUR 200,000 on Aimon Srl. Two data subjects had complained about unsolicited SMS advertising from B&T S.p.A. to the DPA. In the course of the investigation, Garante discovered that B&T had contracted Aimon to send promotional SMS messages to potential customers. Aimon then contracted other providers, which in turn had purchased their databases from third parties. As it turned out, the other providers had obtained the data of the contacted individuals from unverified and illegal lists of foreign companies, some of whose information came from registrations on information portals or online gambling. The DPA found that Aimon had thus processed the data unlawfully.

Open original source Links to the regulator's original publication or another source.