HomeIco

Home

 InternalIco

Internal

 GlobalIco

Global

 ContattoIco

Contatto
it

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.
Temi Poland: Personal data processing investigation in Vinted

Poland: Personal data processing investigation in Vinted

PrintMailRate-it

published on 26 July 2022 | reading time approx. 1,5 minutes


Following numerous complaints against Vinted UAB which is registered in Lithuania and sells clothes online at vinted.com, Lithuanian, Polish and French data protection supervisory authorities are working together to investigate the company's compliance with the General Data Protection Regulation (GDPR).

In particular supervisory authorities focus on checking the website operator's requirement from the account user to provide a copy of the identification document in order to unlock funds from sale via the account and the legal basis of that requirement and the procedure and criteria for locking accounts and personal data storage time limits.

To this end, the supervisory authorities have appointed a working group supported by the European Data Protection Board. After the group was created, the Dutch supervisory authority has joined in as well.

The supervisory authorities focus on checking the following aspects of the company's operations:
  • the website operator's requirement from the account user to provide a copy of the identification document in order to unlock funds from sale via the account and the legal basis of that requirement;
  • the procedure and criteria for locking accounts and personal data storage time limits.

Especially alarming is the Lithuanian company's practice of obtaining scanned identification documents from the users. Vinted explains that it is not their requirement but it is imposed directly by the online payment operator, namely Adyen.  In this context, pursuant to Article 61 GDPR, the President of the Polish Personal Data Protection Office asked (via the Internal Market Information System) the Lithuanian Data Protection Office to initiate proceedings or launch an investigation into Vinted UAB to bring its operations in line with the GDPR. The main objective of the investigation is to check if the requirement for scanned identification documents is in breach of the principle of proportionality and data minimisation referred to in the GDPR and whether the sales platform has the basis for processing such data in the first place.

Since Vinted is established in Lithuania and is available in several other European countries, national supervisory authorities formed a joint working group to coordinate actions in response to the complaints they receive. This will ensure consistent and effective examination of Vinted’s compliance with the GDPR.

Interestingly, this is not the first controversy over that sales platform. The Polish President of the Office for Competition and Consumer Protection imposed an administrative fine of PLN 5,300,000 on that company in May this year. The company was fined for its failure to inform users about the terms of transferring the money from sale of clothes from the service operator's account to the bank account of the seller who sells the product via the platform, as well as failure to inform buyers about the option to buy clothing without paying for the buyers protection scheme offered by the platform. This was found to be an act of unfair competition in the meaning of Article 5(1) of the Polish Unfair Market Practices Act.

 DATA PROTECTION BITES
Read all releases »

CONTACT

Contact Person Picture

Alicja Szyrner

Attorney at Law

+48 58 582 62 83

Invia richiesta

 RÖDL & PARTNER POLAND
​Discover more about our offices in Poland. Read more »
Deutschland Weltweit Search Menu