Published On: July 26, 2023Categories: News, News

The Personal Data Protection Agency imposed three penalties in the total amount of 653,160.78 denars on a financial company for fast loans and three penalties in the amount of 55,347 denars on the responsible person at the financial company for a misdemeanour committed in accordance with Article 111 paragraph (1) point 2 and Article 111 paragraph (2), and in relation to Article 111 paragraph (1) point 2 of the Law on Personal Data Protection.

The Agency initiated three extraordinary supervisions following requests submitted by three natural persons, in accordance with Article 97 of the Law on Personal Data Protection. In all three cases, the natural persons claimed that the financial company (the controller) approved an online loan in the amount of 90,000 denars to other natural persons who used their personal data by using telephone numbers that were not theirs and without establishing their identity when submitting of the credit applications. The financial company (the controller) contrary to Article 10 paragraph (1) paragraph 1 of the Law on Personal Data Protection, without previously provided consent for the processing of personal data when applying for a loan, processed personal data for three natural persons (data subjects), whereby the controller did not demonstrate (prove) that the data subjects gave consent to the processing of their personal data.

A penalty was imposed on a company for catering, tourism, and trade for withholding guests’ identity cards and obstructing the performance of extraordinary supervision

The Personal Data Protection Agency imposed a penalty in the amount of 380,109.72 denars for a criminal misdemeanour against a controller – company for catering, tourism, and trade and a penalty in the amount of 21,522 denars for the responsible person at the Controller for a criminal misdemeanour in accordance with Article 111 paragraph (1) points 1 and 2 and Article 111 paragraph (2), and in relation to Article 111 paragraph (1) points 1 and 2 of the Law on Personal Data Protection.

The company for catering, tourism, and trade (the controller) contrary to Article 9 paragraph (1) paragraphs 1, 2, and 3 of the Law on Personal Data Protection, and pursuant to the provisions of Article 9 paragraphs (2) and (3) of the Law for the identity card and the regulations for catering activities, retained and kept identity cards of guests after their registration in the guest book until their departure. The Agency initiated extraordinary supervision after requests submitted by natural persons in accordance with Article 97 of the Law on Personal Data Protection. In the request, the natural person.stated that a company for catering, tourism and trade (the controller) kept his ID card and the only condition to return it to him was to pay the total amount for the stay.

Fine of 190,055 denars was imposed on the same controller – the company for catering, tourism and trade for a committed misdemeanour and a penalty of 18,447.5 denars was imposed on the responsible person at the controller for a committed misdemeanour in accordance with Article 110 paragraph (1) point 20 and the Article 110 paragraph (2), and in relation to Article 110 paragraph (1) point 20 of the Law on Personal Data Protection. The controller did not enable the unobstructed performance of the extraordinary supervision in the video surveillance system according to the provisions of Article 106 of the Law on Personal Data Protection.

Similar news

Look at them all
  • read more
  • On November 16, 2022, the Personal Data Protection Agency conducted […]

    read more
  • The Agency for the Protection of Personal Data with the […]

    read more