Resolutions, opinions and reports search tool

The complainant complains that the ITV station provided a third party with the ITV card of their vehicle. This was due to human error and the accused entity proceeded to take measures to correct the situation. Despite this, the registration of a vehicle is personal data and therefore constitutes a breach of data protection regulations.  The principle of confidentiality must be upheld.

The right to information of the users of the entity, due to lack of documentary accreditation at the time of collection (Articles 12, 13, and 14 GDPR); and due to violation of the principle of application, due to the improper use of the data, which consists of subjective and negative comments on a group of members who wish to submit their candidature.

The disclosure of data of a user of the Legal Orientation Service of the ICB is reported in a private law firm. ICAB responsibility has not been accredited.

Data protection regulations do not prevent the person from notifying the data they request, regarding access to their clinical history, including the identity of the professionals who have accessed it, in relation to the requested period.

Data protection regulations do not prevent access to information relating to the calls, including information relating to the requirements for participation and the selection process, as well as the template or criteria for correcting the tests. Nor must there be any problem in granting access to the claimant to the data that are his or her own. However, with regard to information affecting third parties who have participated in the selection process, and given the circumstances that occur in the specific case, the complainant has only the right of access to the requested information with regard to persons who have passed the personal interview phase, as information relevant to the control of the selection body's action and to the defence of his or her interests.

The incorporation of the address relative to the domicile in the notifications that must be made through electronic means would be contrary to the principle of data minimization. In this case, it is necessary to adopt the appropriate measures to ensure that the program used to generate the notifications does not incorporate this personal data by default. It is also necessary to proceed with the blocking of this data in the electronic notifications already made to a working person, given their deletion request.

There are four unjustifiable accesses to the HC3 of the person denouncing by staff of the Sanitary Corporation Parc Taulí de Sabadell. It resolves to admonish the Corporation as the person responsible for an infringement provided for in Article 83.5.a) in relation to Article 5.1.a), both of which are in the GDPR, for 2 undue access to the HC3 which have not been prescribed, for the violation of the basic principles for processing, specifically the principle of application.

It is decided to admonise the City Council of Tarragona since, in a call made by the person denouncing the Urban Guard of this City Council, he was collected personal data (name, surnames, DNI number and voice) and was not informed of the content provided in Article 13 GDPR. In addition, the city council is also credited with violating the principle of confidentiality since the Guardia Urbana informed the House denouncing that the "Seva Más" would have called, from the same home, to denounce the same facts. With regard to the collection of personal data, which the complainant considers excessive, it is appropriate to archive the facts since, according to the rules of administrative procedure, when a citizen submits a complaint, it must be identified.

The Department of the Presidency, through the Pensions Plan Control Commission, did not sign the corresponding contract of controller of treatment with the management and depository entities of the pension scheme.

The Department for Climate Action, Food and Rural Agenda notified the person denouncing a resolution addressed to a third person and containing personal data. It is decided to admonish the Department as the person responsible for a breach provided for in Article 83.5.a) in relation to Article 5.1.f), both of which are in the GDPR, for breach of the confidentiality principle.