Lawful Basis for Processing Personal Data

The lawful bases for processing personal data

There are six lawful bases for processing data. CAREFUL processes different data using four different lawful bases:

1. The individual has given clear consent for the organisation to process their personal data for a specific purpose. Example: agreement to receive ongoing marketing; specific access to the patient's own clinical record.
2. It is necessary for the performance of a contract or to take steps to enter into a contract with the data subject. Example: contracts with clients to provide a service using data supplied by them as data controller.
3. It is necessary for compliance with a legal obligation. Example: information from accident reports required for health and safety records under Health and Safety law.
4. It is necessary for the purposes of legitimate interests. Example: web analytics to assess visitor numbers, page views and other metrics in order to optimise future communications.

We only process the personal data that we need for our purposes, and we only use the data for those purposes.

For more information, please email privacy@careful.online.