Germany
Restaurant operator
—
GDPR enforcement action by Data Protection Authority of Berlin on 2022.
Case details
- Authority
- Data Protection Authority of Berlin
- Date
- 2022
- Controller / Processor
- Restaurant operator
- Sector
- Accomodation and Hospitality
- Quoted Articles
- Art. 5 GDPR, Art. 6 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The DPA of Berlin has imposed a fine on a restaurant operator. During the Corona pandemic, the operator had required restaurant visitors to fill out forms with their personal data for the purpose of contact tracing as required by law. However, the controller unlawfully used the data to send promotional messages to the data subjects.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate