The Italian data protection authority has imposed a fine of EUR 1.4 million on Douglas Italia S.p.a., a European beauty and cosmetics retailer for various GDPR violations.

Douglas asked their customers to give their consent to the privacy notes, the cookie policy, and the General Terms and Conditions all at once. The Data Protection Authority considered this a violation of Article 6 and Article 7 GDPR, as the data subject’s consent could not be considered voluntary due to the lack of separate options for consenting.

Douglas had obtained additional personal data, retained it for an extended period without securing consent from the data subjects, violating the purpose limitation principle.

Further, the data protection authority found that Douglas failed to provide sufficient and accurate information about the data processing and that it did not use the data for direct marketing in accordance with customer consent. For example, customers who had only consented to telemarketing also received SMS marketing messages.

Finally, the Data Protection Authority found that Douglas had breached its accountability obligations regarding the processing of personal data on its blog.

Scroll to Top
legalweb.io
Privacy
Thank you for visiting dataprotectionofficer.io, the website of Formamentum Technology GmbH in Austria. We use technologies from partners (1) to provide our services. These include cookies and third-party tools to process some of your personal data. These technologies are not strictly necessary for the use of the website, but they do enable us to provide a better service and to interact more closely with you. You can adjust or withdraw your consent at any time.
asd as asd