Home » Comunicat_Presa_10_12_2024
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

10.12.2024

Sanction for non-compliance with Law no. 506/2004 and GDPR

 

The National Supervisory Authority for Personal Data Processing completed, in October 2024, an investigation at the controller SYNOBIS MEDICAL S.R.L. and found:

  • the infringement of the provisions of Article 13 paragraph (1) letter i) of Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communication sector, with further amendments and completions;
  • the infringement of the provisions of Articles 12-14 of Regulation (EU) 2016/679.

For the committed acts, the controller was sanctioned with a fine of 10,000 lei, as well as with a reprimand.

The investigation at the sanctioned controller was initiated as a result of an intimation of a possible violation of the provisions of Regulation (EU) 2016/679 and of Law no. 506, amended and supplemented, through the website www.synobis.ro, owned by SYNOBIS MEDICAL S.R.L., which did not offer the possibility of access without accepting the collection of information through cookies technologies, nor did it provide information to the data subjects, according to the legal provisions in the field.

During the investigation, it was found that the controller SYNOBIS MEDICAL S.R.L.:

  • allowed the storage of information and obtaining access to the information stored on the users’ equipment by using the cookies type files available on the website www.synobir.ro, without complying with the legal conditions regarding obtaining the prior express consent and without informing the users, as provided by Article 4 paragraph (5) of Law no. 506/2004, with subsequent amendments and additions;
  • does not ensure complete information of the data subjects whose personal data it collects and processes through the website www.synobis.ro, according to Articles 12-14 of Regulation (EU) 2016/679.

At the same, the following corrective measures were ordered:

  • the controller to actively implement the provisions of Article 4 paragraph (5) of Law no. 506/2004, with subsequent amendments and additions, by obtaining the express consent and informing users, before installing cookies on their device;
  • the controller to ensure complete information of the data subjects on the website www.synobis.ro, in a concise, transparent, intelligible and easily accessible form, using clear and simple language, on each section of the website where personal data can be collected/processed, by reference to the provisions of Articles 12-14 of the GDPR, the information to be, mainly in Romanian.

 

Legal and Communication Department

A.N.S.P.D.C.P