GDPR fine for the new owner of a food delivery platform in Berlin
Delivery Hero SE provides a food delivery platform in Berlin. In the past, there were several data breaches.
Takeaway.com became the new owner of Delivery Hero SE in April 2019. Berlin’s data protection authority has fined takeaway.com € 195.407,- for violating data subject rights. The regulator said it imposing the fine because the delivery company’s violation of data subject rights, such as the right to information or right to be forgotten. The company had failed to delete customer accounts on ten occasions, even though the customers had not used the platform for several years.
In one case, a customer had not used the platform since 2008. Eight other former customers had complained about receiving unsolicited marketing emails, the regulator said, while one customer received 15 marketing emails despite explicitly objecting to processing. In a further five cases, the company failed to provide information on processing on request or only did so after the regulator intervened.
The authority said that many violations pointed to “fundamental, structural, organisational problems”. A spokesperson for Takeaway.com said: “Although the violations on which the proceedings are based relate to a period prior to the takeover of Delivery Hero Germany and although the relevant proceedings relate exclusively to Delivery Hero Germany, Takeaway.com has accepted the fine and will not appeal against them.”
Type of Issue:
violated rights of the data subject
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
15. Right of access by the data subject
5. Principles relating to personal data processing
6. Lawfulness of processing