Ravenna, 29 June 2024 – It was not Never been to that hotel on the Ravenna coast nor had he ever had anything to do with whoever now manages it. Despite that, had received an advertising promotion email. And then he had asked for formal explanations on how and where his data had been collected, invoking, in vain, the right to have a copy. A singular story that happened to a consumer and resulting in the conviction of the Ravenna srl which manages the hotel in question. In particular, the Guarantor for the protection of personal data has arranged a administrative fine of 10 thousand euros. That is, 0.05% of the maximum fine provided for by the sector regulations for this type of violation: 20 million euros.
Second what was reconstructed in the recent provision drawn up by the panel chaired by Professor Pasquale Stanzione, the complaint of the ‘ghost holidaymaker’ dates back to June 26 of last year. In particular, the man had complained of having received a promotional email from the Ravenna srl: how strange, he thought, given that he had never had any relationship with that company. At the request of the Guarantor for clarification, on September 19 the srl had made it known that it had the man’s data because in the past, according to it, he had been a customer of a Riviera hotel previously managed by another company.
The ‘ghost holidaymaker’ had then he specified that he had never stayed in that hotel. And so the LLC had assumed that it was the previous management that had collected its data, perhaps by fishing them from a stay in another of the managed hotels. At that point the Guarantor had asked for documentation to understand who, where and when: but on December 27 the srl had specified that it had now deleted the man’s data, specifying that the email was not promotional in nature: but had only been sent to ask that potential customer for consent to receive future commercial proposals.
Not at all according to the provision of the Guarantor: why “from the examination of the email, it is clear that it has an unequivocal promotional purpose” or “aimed at encouraging the purchase of a service through the recognition of bonuses and discounts”. A matter in which the Guarantor recognized various aggravating circumstances. That is to say “the grossly negligent nature of the violation” given that the Ravenna srl ”was not able to document the origin of the data in any way and never provided adequate feedback” to the requests of the ‘ghost holidaymaker’. As if to say a “serious negligence in the processing of personal data”. Furthermore, the “data controller demonstrated total inability” when faced with the request to provide “adequate feedback on data access”. Lastly “the degree of cooperation” with the Guarantor it was defined as “completely insufficient” with “inaccurate, contradictory and undocumented responses”. The fact that only one potential customer was involved is mitigated; that the “level of harm done is mere inconvenience from an unwanted email”; and that there are no other previous violations against the srl.
Ultimately, the stay never took place but there was a ‘bill’ to pay: 10 thousand euros.
