With the purchase of the coffee, there were also unsolicited phone callsl. TheSupervisory Authority has imposed a fine of 70 thousand euros on a coffee producing company for having promoted its brand through unwanted, insistent and concentrated phone calls over time, aimed mostly at users registered in the Public Registry of Oppositions (Rpo).

The Authority took action following numerous reports and complaints from users who complained of having received calls also from counterfeit telephone numbers. In many cases the unwanted phone calls followed the purchase of coffee. To the request for information by the Authority, the company responded that the telephone marketing activity concerned users’ personal data acquired in various ways: through the form on its website, through word of mouth from customers, the “Bring your friend” programme and contact lists collected by third-party companies.

From the checks carried out by the Authority, several violations emerged, starting from the use of data for marketing purposes without having obtained the consent of the users and without having provided them with specific information (absent during the telephone calls and the one present on the website was insufficient since promotional activity was not indicated among the objectives pursued by the company). Furthermore, the same violation also affected users who had purchased coffee through the call center since the purchase order was considered as proof of consent to marketing. Furthermore, the company had not activated preventive checks to verify whether the users present in its database were registered in the public register of objections and had completely omitted checks on the process of data acquisition by third-party companies.

In light of the serious violations found, the Authority therefore imposed a fine of 70 thousand euros on the company for illicit processing of personal data.

The company will also have to delete data acquired illicitly for marketing purposes and activate suitable technical, organizational and control measures so that the processing of users’ personal data occurs in compliance with privacy legislation throughout the entire supply chain.

URL: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9949032