Understanding tracking with Cookiedatabase.org

Legal Bases

If you have a simple website with a separate contact form, you already collect personal data. Since the introduction of the GDPR, collecting personal data means that you have to meet various legal requirements. For example, under the GDPR you must have a legal basis to collect the data.

In this article, we’ll tell you more about these legal bases.

Legal Basis

Performance of a contract

Definition:

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Example:

You have bought some clothing items in a webstore. To be able to send the items to you, the webshop has to proces your delivery adres, and make it available to the postal service in order to make sure that the goods get delivered.

Source: 

 Article 6.1 b GDPR

Legal Basis

Legal obligation

Definition:

Processing is necessary for compliance with a legal obligation to which the controller is subject;

Example:

You offer cryptocurrency to customers and according to your national law you have to check and store a copy of the passport in your archive. 

Source:

Article 6.1 c GDPR

Legal Basis

Vital interest

Definition:

Processing is necessary in order to protect the vital interests of the data subject or of another natural person;

Example:

The personal data needs to be processed in order to save someones life. This legal basis usually applies to medical information that is needed in unforeseen situations.  

Source:

Art. 6.1 d GDPR

Legal Basis

Public interest

Definition:

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

Example:

Storing information about driver licenses.

Source:

Article 6.1 e GDPR

Legal Basis

Legitimate Interest

Definition:

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Example:

There are three elements to the legitimate interests basis.  Before You use this legal basis, you need to:

  • identify a legitimate interest; They can be your own (commercial) interests or the interests of third parties. 
  • show that the processing is necessary to achieve it; and
  • balance it against the individual’s interests, rights and freedoms.
Source: 

Article 6.1 f GDPR