Bases for processing

Each time you process personal data, it is a breach of privacy for the people whose data it is. For that reason, you can only process personal data when you absolutely have to. In other words: if you cannot reach your goal without these data.

Personal use

You are allowed to use personal data for purely personal use. Such as a birthday calendar, or a file with the addresses of family and friends.

That means that your organisation should have a good reason for processing personal data. The privacy and data protection law of the EU, the General Data Protection Regulation (GDPR), mentions 6 reasons. The legal name for these reasons are bases. You need a base to be allowed to process personal data.

Legitimate basis

To process data, you always need a legitimate basis from the GDPR. This could be consent, but also a (marketing) agreement or legitimate interest from an organisation.

The conditions under which you can send emails pursuant to these data are recorded in the GDPR.

There are two main conditions for sending emails to a person or an organisation with an offer:

• You either have unambiguous consent from the data subject, through a declaration or active action. (So not just a line in the terms and conditions that says the person agrees to receive the newsletter, or an already-checked box in the form).
• Or you have an existing customer relationship with the data subject. The condition is then that it is clear in every email how someone can unsubscribe. (This is automatically done in Laposta).