Hungary Hungary

Claim management company

2,850 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-06-03.

Rank · Sector
#263
of 322 in Finance, Insurance and Consulting
Rank · Hungary
#41
of 73
Rank · All fines
#2,141
of 3,042

Case details

Authority
Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date
2019-06-03
Controller / Processor
Claim management company
Sector
Finance, Insurance and Consulting
Quoted Articles
Art. 5 GDPR, Art. 6 GDPR
Type of violation
Insufficient legal basis for data processing

Summary

The complainants stated during the case that they concluded a credit agreement with the bank, which sold its claim against the complainants and transferred their respective data to a third-party company (controller). NAIH determined in the case that the controller can neither rely on the consent of the data subjects nor the performance of the credit contract as the legal basis of the data processing, since the data subjects concluded such contract with the bank, not with the controller. The appropriate legal basis for processing could have been the legitimate interest of the controller.

Open original source Links to the regulator's original publication or another source.

Related fines

Hungary
Hungary
2022-02-08
634,000 €
ETid-1244
Budapest Bank Zrt.
Finance, Insurance and Consulting
Hungary
Hungary
2020-06-12
288,000 €
ETid-313
Digi Távközlési Szolgáltató Kft. ("Digi") (electronic communication service provider)
Media, Telecoms and Broadcasting
Hungary
Hungary
2023-04-12
253,000 €
ETid-1804
Aldi
Industry and Commerce
Hungary
Hungary
2023-06-22
205,000 €
ETid-2039
Digi Telecommunications and Services Ltd.
Media, Telecoms and Broadcasting
Hungary
Hungary
2022-08-11
197,000 €
ETid-1493
AMPLIFON Hungary Trade and Service Provider LLC
Industry and Commerce
Hungary
Hungary
2020-12-16
97,150 €
ETid-568
Unknown
Finance, Insurance and Consulting
Back to all fines