This case study concerns a complaint the DPC received via the One Stop Shop (OSS) mechanism created by the GDPR from an individual regarding an erasure request made by them to MTCH Technology Services Limited (Tinder). As way of background, the individual’s account was the subject of a suspension by Tinder. Following this suspension, the individual submitted a request to Tinder, under Article 17 of the GDPR, seeking the erasure of all personal data held in relation to them. When contacting Tinder, the individual also raised an issue with the lack of a direct channel for contacting Tinder’s DPO. As the individual was not satisfied with the response they received from Tinder, they made a complaint to the Greek Supervisory Authority.

The individual asserted that neither their request for erasure nor their concerns about accessing the DPO channels, had been properly addressed by Tinder . As the DPC is the Lead Supervisory Authority (LSA) for Tinder, the Greek Supervisory Authority forwarded the complaint to the DPC for handling . The DPC intervened to seek a swift and informal resolution of the matter in the first instance. The DPC put the substance of the complaint to Tinder and engaged with it . In response and by way of a proposed amicable resolution, Tinder offered to conduct a fresh review of the ban at the centre of this case . Following this review, Tinder decided to lift the ban . The lifting of a ban by Tinder allows an individual to be then in a position to access their account on the platform . The individual can then decide if they wish to use the self-delete tools to erase their account from within the Tinder platform . In addition to the above, Tinder provided information for the individual in relation to its retention policies .

In relation to the matter of individuals being able to contact its DPO, on foot of the DPC’s engagement with Tinder, the platform agreed to strengthen its existing processes by posting a dedicated Frequently Asked questions (FAq) page on its platform . This page now provides enhanced information to individuals on specific issues relating to the processing of personal data and exercising those rights directly with Tinder’s DPO . Through the Greek Supervisory Authority, the DPC informed the individual of the actions taken by Tinder . In their response the individual confirmed that they were content to conclude the matter and, as such, the matter was amicably resolved pursuant to section 109(3) of the Data Protection Act 2018 (the Act), and the complaint was deemed to have been withdrawn.