Resolutions, opinions and reports search tool

One entity is sanctioned, absorbing another, within the framework of the provision of a health monitoring service. He sent citation emails to various workers who mistakenly contained data from other workers.

A private entity is sanctioned for having entrusted the management of the medical check appointments of workers to another entity without having formalised the contract of sub-responsor of the treatment, and without having requested the controller to authorise the sub-response of the treatment.

Within the framework of the contracting of a private home aid service, the entity did not make effective the right of information of the person concerned.

The request of the local company, to the banking entities, for the identification data of the persons who have made bank transfers for the payment of funeral rights of which the updated ownership is not stated may be covered by the legal basis. of Article 6.1.e) of the RGPD. With regard to the data relating to the telephone number and e-mail address of the person who made the payment, once their identity is known, it is considered compatible to use the contact details that the same entity has for the management. other funeral rights, as well as the possibility of contacting the person concerned using the data contained in the Municipal Register of Inhabitants or in the INE databases, so that it is the affected person who faciliti. Ultimately, and in a subsidiary manner with regard to the avenues just set out, the communication by banks of the contact details of the persons who have made the payments may be considered compatible if they are previously guarantees the right of the person concerned to oppose it.

The whistleblower complained that the public company fired her while in trial, due to a photograph that would have been made while she was drinking during the labor break. Previous information is archived because it could not be credited that the reported company has performed any processing of the image of the complainant. There is also no evidence to indicate that the company had any interest in obtaining the photograph of the person complaining for use for the purposes described by the person complaining, that is, to motivate the termination of the working relationship.

Aigües de Barcelona issued a total of 12 invoices and corresponding direct debit receipts with incorrect personal data. In particular, he assigned names and surnames of 5 different users to the DNI of the person complaining. For this reason, bank receipts were sent to the account of the person denouncing the names and surnames of persons other than the accountholder.

The principle|beginning of confidentiality is not harmed. The entity had a procedure normalized for the management|formality of the payrolls of its|his|her|their workers implemented. However, due to causes occurred and of quite biggest, this was seen obligatorily altered during the pike of the pandemic. With everything, it has not remained accredited|proved that the system adopted during this period entailed a significant risk of undue access to the contents of the payrolls of the workers.

Offense is stated|declared for breach of the principle|beginning of confidentiality, in so far as in an issued documentary on the public television they revealed a data set that they allowed the identification of a minor. In the same documentary a document was exhibited in the that data related to the health of another person, former mother of reception of the minor, were evident. Permanent offense.

A municipal trading company proposes if, to tenor of what orders the article 37.1.a) of the RGPD, it is forced to designating a Representative of Data Protection. The affected subjects and the functions attributed to the municipal trading company attended to, this Authority considers that the designation of a representative of data protection under protection of the article 37.1.a would not be exigible) of the RGPD, even though one good would constitute it practices. This without harm of its forcing in case the foreseen supposition contributes to the b letter) of the article 37.1 of the RGPD or in another rule of which its forcing is derived from it.