Legal Basis
Modern privacy and data protection laws require that you identify valid grounds for processing personal data. To be lawful, processing must meet the criteria (usually itemized) set out under the law. These are considered legal bases or lawful grounds for processing and will depend on your specific purposes and the context of processing. We recommend considering why you want to process the data, and apply which legal basis best fits the circumstances.
Here are the legal bases you can select from depending on whether you need to comply to European or US guidelines.
European Union & UK
The lawful grounds for processing personal data as itemized under the EU GDPR and UK GDPR.
| Legal Basis | Description |
|---|---|
| Contract | Where the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. |
| Legal Obligation | Where the processing is necessary to comply with the law, including a lawful request from a court or another public authority (not including contractual obligations). |
| Vital Interests | Where the processing is necessary to ensure the life or safety of the individual. |
| Public Interest | Where the processing is necessary to fulfill an official task or is for the public good. |
| Legitimate Interests | Where the processing is necessary to fulfill reasonable business / commercial interests and these interests are not overridden by the privacy rights and freedoms. (This cannot apply if you are a public authority processing data to perform your official tasks.) |
| Consent | Where the individual has freely given their specific, informed and unambiguous consent for a specific purpose or closely related set of purposes. |
US & California
The lawful grounds for processing personal data as itemized under the California Consumer Privacy and Privacy Rights Acts.
| Legal Basis | Description |
|---|---|
| Business Purpose | Where the processing of personal information is for one or more of the business’s or a service provider’s reasonable operational purposes, or other notified purposes. |
| Auditing Interactions with Consumers | Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. |
| Security | Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes. |
| Debugging/Repair | Debugging to identify and repair errors that impair existing intended functionality. |
| Certain Short-term Uses | Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business. |
| Performing Services | Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business |
| Internal Research for Tech Development | Undertaking internal research for technological development and demonstration. |
| Quality and Safety Maintenance and Verification | Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business. |
| Commercial Purpose | Where the processing of personal data is for a commercial or economic interest, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction. |
| Consent | Where the individual has freely given their specific, informed and unambiguous consent for a specific purpose or closely related set of purposes.Consent means any freely given, specific, informed, and unambiguous indication of the consumer’s wishes by which the consumer, or the consumer’s legal guardian, a person who has power of attorney, or a person acting as a conservator for the consumer, including by a statement or by a clear affirmative action, signifies agreement to the processing of personal information relating to the consumer for a narrowly defined particular purpose. |
Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.