France France

Spartoo

250,000 €

GDPR enforcement action by French Data Protection Authority (CNIL) on 2020-08-05.

Rank · Sector
#60
of 597 in Industry and Commerce
Rank · France
#40
of 74
Rank · All fines
#320
of 3,050

Case details

Authority
French Data Protection Authority (CNIL)
Date
2020-08-05
Controller / Processor
Spartoo
Sector
Industry and Commerce
Quoted Articles
Art. 5 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR
Type of violation
Non-compliance with general data processing principles

Summary

A fine of EUR 250000 was imposed on the online retailer Spartoo. The reason for this was that the company, which has its headquarters in France but supplies a large number of European countries, fully recorded all telephone hotline conversations (including personal data such as address and bank details of orders) and in addition stored bank details partially unencrypted. Among other things, this represents a violation of the principle of data minimization. Furthermore, the supervisory authority also found a violation of the information obligations according to Art. 13 GDPR, as the company's data protection information was partially incorrect.

Open original source Links to the regulator's original publication or another source.

Related fines

France
France
2025-09-01
200,000,000 €
ETid-2862
GOOGLE LLC
Media, Telecoms and Broadcasting
France
France
2025-09-01
150,000,000 €
ETid-2864
INFINITE STYLES SERVICES CO. LIMITED
Industry and Commerce
France
France
2025-09-01
125,000,000 €
ETid-2863
GOOGLE IRELAND LIMITED
Media, Telecoms and Broadcasting
France
France
2021-12-31
90,000,000 €
ETid-978
Google LLC
Media, Telecoms and Broadcasting
France
France
2021-12-31
60,000,000 €
ETid-979
Google Ireland Ltd.
Media, Telecoms and Broadcasting
France
France
2021-12-31
60,000,000 €
ETid-980
Facebook Ireland Ltd.
Media, Telecoms and Broadcasting
Back to all fines