GI-DEC-DS-208/03


Mr X has lodged with the Inspector General for Personal Data Protection, hereinafter called the Inspector General, a complaint concerning disclosure of his personal data by a Building Cooperative to unauthorised persons. As a result of filing by Mr X an appeal against the resolution, which was issued in the first instance by a Supervisory Board, the Management Board of the Cooperative convened the Assembly of Representatives of Cooperative Members notifying the representatives of cooperative members on the agenda and sending them correspondence carried out with Mr X, in which his personal data were placed. The Assembly of Representatives of Cooperative Members is a cooperative body which is solely responsible for reconsidering in the internal proceedings of the cooperative the appeals against resolutions issued in the first instance by the Supervisory Board. In the light of the above processing of personal data of the cooperative members who filed an appeal against a resolution issued in the first instance by the Supervisory Board carried out by the Assembly of Representatives takes place on a basis of law provisions. This body is legitimated and is simultaneously obliged to process personal data of the aforesaid persons in order to identify the party to the proceedings properly. Furthermore, members of the Assembly of Representatives of Cooperative Members are legitimated to inspect the register of cooperative members, which contains their personal data, kept by the Management Board.

Following the above, in the case in question the Inspector General has not recognised any breach of the provisions of the Act on the Protection of Personal Data.