Does your website comply with the Data Protection Law for Black Friday?

The importance of the Privacy Policy of websites

On August 26, 2022, an individual filed a complaint to the AEPD against a company for not providing sufficient information on its website to the user about the processing of his personal data. According to him, the Privacy Policy was not introduced on the web page.


Reasons for the complaint to the AEPD by the affected party

The reasons for the complaint by the user are as follows:

Firstly, it is alleged a lack of Privacy Policy of the website of the claimed company, where personal data are collected through forms.

On the other hand, it is stated that only one of those forms informs about the processing of personal data, with the following sentence:

“I agree that my data provided in the contact form will be processed electronically and used for the purpose of contacting me. I am aware that I can revoke my consent at any time”.


Principle of transparency

According to art. 5.1 GDPR, personal data must be processed lawfully, fairly and transparently with the data subject. 

The principle of transparency refers to the right that the GDPR grants data subjects to receive information, and the corresponding obligation of the data controller to provide the data subject with information about the data obtained directly from the data subject, as is the case in the data collection forms provided by the respondent company.


Non-compliance by the Respondent Company

After an analysis of the forms on the websites offered by the respondent company, it could be observed that at least five of them did not provide information on the company’s Privacy Policy. 

In this way, the company claimed acted in violation of the data subject’s right to be informed of the processing of his or her personal data (Article 13 of the GDPR).

For this reason, the AEPD initiated the agreement to initiate the sanctioning procedure.


Acknowledgment of liability within the time limit granted

The offending company was offered the possibility of a 20% reduction of the fine if, within the established period, it acknowledged its responsibility.

The company was also offered the possibility of a 20% reduction of the fine if, within the established term, it paid the fine voluntarily.


Penalty imposed by the AEPD on the infringing company

Finally, the defendant company proceeded to pay the fine imposed, thus acknowledging its responsibility and proceeding to the voluntary payment of the penalty imposed.

It was also imposed the obligation for the infringing company to rectify by adding the Privacy Policy in all those forms in which it did not previously exist. 

This obligation is fully compatible with the imposition of a financial penalty.


Privacy policies of websites for Black Friday

Black friday and Privacy Policy are two terms that should go hand to hand.

The celebration of Black Friday has meant a significant increase in commercial sales in recent years in the month of November. More specifically, online commercial sales.

With this, there are thousands of users who prefer to buy products through the Internet, instead of going to physical stores.

For this reason, it is important that the terms Black Friday and the Privacy Policy of web pages go along, in order to avoid any kind of breach of the Data Protection Law by the companies.

From Auratech Legal Solutions we hope that this post has been helpful and that, in this way, all those professionals who offer products or services online are aware of the importance of carrying out a correct treatment of the users’ personal data, as well as of the consequences that any company that does not make a lawful treatment of them will face.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *