597 results were found
The person making the complaint showed that her HC3 was accessed from CABO Centelles on four occasions, during the months of May 2022, despite not having been visited at that health center. In response, the DPD of the reported entity has confirmed that it is the material author of the accesses and has justified them by arguing that they were necessary to be able to respond to a request for information that this Authority notified to the aforementioned entity, within the framework of another complaint. filed by the same person complaining. In relation to this, during the prior information phase it was found that the accesses carried out by the personal data protection delegate to the complainant's HC3 were justified, given that they were carried out in the exercise of his duties. , and to respond to a request from this Authority. For all this, the filing of these proceedings is appropriate.
The Department of Social Rights (DDS) consulted the tax data of the complainant who was in the possession of the AEAT. This action is considered legitimate, taking into account that in accordance with Law 12/2007 and Law 2/2014 enables the DDS to consult ex officio, and without prior consent of the interested persons, the data of the beneficiaries of aid and those of their "economic unit of coexistence". The DDS has also accredited that in the forms to request aid for the dependency, an information clause is included on the possibility of consulting the data.
The filing of the complaint is necessary for the following reasons: 1) It is accredited that no improper access has been made to the clinical history of the complainant. 2) In this case, it is considered that giving an extemporaneous response and requesting to fill in a specific form are management irregularities that do not have enough entity to start a sanctioning procedure.
There is no element that allows to accredit the commission of an infringement of the data protection regulations by the bar association, the only data of the address of the complainant who has registered, and that the bar association provided to the Consejo General de la Abogacía Espa'ola (CGAE) is the one that the same person denouncing them in the moment of registration, without any modification.
Un club deportivo de fútbol de nueva creación contactó con la Federación Catalana de Fútbol dado que cuando intentaba vincular dieciséis jugadores a su club, la Intranet federativa le mostraba un mensaje mediante el cual se lo informaba que los mencionados jugadores estaban vinculados a otro club deportivo. Al respeto, la persona denunciando se quejaba por el hecho que, desde la FCF se había enviado al mencionado club de nueva creación unas impresiones de pantalla que contenían los datos personales de los 16 jugadores que, en aquel momento, estaban vinculados a otro club. Pues bien, por su parte, la entidad denunciada ha reconocido haber enviado las impresiones de pantalla - con información personal de los jugadores (nombre, apellidos y DNI) - al club de nueva creación, a los efectos de mostrarle los pasos que tenía que seguir para poder inscribir a los jugadores, y ha argumentado que este hecho no constituye una comunicación ilícita de datos personales dado que el receptor de la información, ya era conocedor de estas información. Al respeto, añadía que, la Intranet muestra el mencionado mensaje después de que el club haya introducido los datos personales de los jugadores. En estos términos, procede el archivo de los hechos denunciados dado que, cuando la FCF envió los datos personales de los jugadores al Club que los intentaba inscribir, este ya disponía de la información.
The reported entity sent the unpaid invoices by the leaseholder of a property owned by the complainant, to the complainant since this was the owner of the contracted policy for the supply of water and, therefore, the one obliged to pay the invoices. In this case, regardless of what the parties stipulated in the rental contract, the person who owned the property was obliged to pay before AGISSA. In this regard, it is worth saying that, later, the complainant changed the ownership of the policy in favor of a third person who leased his property and, when he left the property, he asked for the billing to be returned to his name. In this second case, the complainant also asked AGISSA to know the outstanding debt of the tenant since the transfer of rights and obligations of the aforementioned policy could only be carried out if the complainant assumed the amounts not satisfied. Likewise, he also alleged that he needed to know the outstanding amounts in order to be able to claim them judicially to the leased person of his property, to breach the clauses of the rental contract. In accordance with the above, the Authority considered that the sending of said information was protected by Article 6.1 f) RGPD since it was carried out to satisfy the legitimate interests of the complainant. Specifically, to satisfy the legitimate interest of the complainant to obtain the necessary evidence, to claim to the tenant of the property the amounts that he did not satisfy.
The person making the complaint complained of improper access to his or her medical records. It is resolved to archive the proceedings to the extent that within the framework of the prior information it has not been verified that any act that could constitute an infringement has occurred, while it has been sufficiently justified that the controversial access was carried out within the framework of the tasks assigned to the professional who carried it out.
Leaking of personal data in a plenary session of the City Council and through a non-corporate WhatsApp.
In relation to the data published by the representative of a political party in a plenary session of the city council, it is archived because it has not been proven that the published data was provided by the City Council. Furthermore, the data published is incorrect, which is indicative of the fact that the person who provided it was not linked to the City Council. In relation to the leak of personal data through a WhatsApp group, this fact is also archived since the fact that the photographs of the squares (with shifts and schedules) have been exchanged in a WhatsApp group is not an indication sufficient to allow a violation of the principle of confidentiality to be attributed because it is not proven that the people in the group are members of the local police of the City Council.
The archiving of the actions is resolved since the reported entity has justified that the controversial access to HC3 of the complainant was caused by a typing error, within the framework of the RedCov project, in which certain parameters had to be consulted in various clinical stories.
File resolution. No evidence has been provided that data of the person reporting between different councils has been communicated.
The complainant complained that the City Council would have shared their personal data, in particular the content of the various SAIPs that it had formulated, with other municipalities, which would have received similar requests. The archiving is resolved as long as no evidence element is available that allows to accredit the communication of reported data.