HOPEX Aquila EN

PRIVACY - Privacy Management > Describing Processing Activities > Describing Processing Activities > Processing Activities Legal Basis

Processing Activities Legal Basis

You need to specify the legal basis of the processing activity and provide as attachment any relevant document. This is the legal ground stating the legitimacy of the processing activity.

To specify the legal basis:

In the processing activity properties, select the Legal Basis page.

You must have a valid lawful basis in order to process personal data.

The legal basis is what gives you permission to carry out the processing activities.

There are different lawful bases for a processing activity. In the GDPR, these are set out in Article 6. At least one of these must apply when you process personal data.

• Specific consent: the data subject has freely given clear consent for you to process his/her personal data for a specific purpose.

Consent is a freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data.

Example: processing of personal data for email marketing

• Contractual necessity: the processing is necessary due to the fulfillment of a contract

Example: processing of employees data for payroll management

• Law enforcement: the processing is necessary for you to comply with the law (this does not include contractual obligations).

Example: Bank processing of clients data to prevent money-laundering

• Vital interest: the processing is necessary to save or protect an individual's life.

Example: processing of patients data for medical treatment

• Public: the processing is necessary for you to perform a task of public interest or within your official functions (the task or function having a clear legal basis).

Example: processing of personal data related to potential criminal convictions or offences for investigation purposes

• Legitimate interests the processing activity is strictly connected to the service provided by the business mission. The business could not exist without this processing activity.

Example: processing of visitors personal data for security reasons

If you select Legitimate interest as a legal basis, it may be useful to provide additional information in the comment field provided. This legal basis generally requires detailed evidence to justify the legitimacy of the processing activity.

The Privacy team can later assess the Legal basis based on the check boxes previously selected by the processing activity owner.