Drogasil pharmacy chain has been ordered to pay almost BRL730,000 ($112,000, €95,000) by Procon in Mato Gross, Brazil, for obtaining customers’ data without proper authorisation.
The company disputes the consumer rights watchdog’s findings.
Procon inspected six of the company’s branches in the state capital Cuiaba and found information from customers was being gathered for re-registration to obtain and maintain discounts without adequate information being given.
It transpired the data collected could be used for surveys, participation in loyalty or discount programmes and shared with group companies, suppliers and partners, local media reported.
In response Drogasil said: “We are a century-old company that fully complies with the law throughout the country. Therefore, we strongly disagree with the assessment that we would have breached the LGPD in the state of Mato Grosso.”
LGPD is Brazil’s General Law for the Protection of Personal Data under which the prosecution took place.
“We advise all our employees to properly inform clients about the capture of consent …
We also emphasise that all information collected is used for the benefit of the client, as is the case with personalised promotions in relevant categories for each client.
“Drogasil and the other companies of [the] group do not, under any circumstances, trade personal information of their customers with third parties.”
Missed PrivSec Global’s livestream experience?
No problem, simply CLICK HERE to access the sessions on demand