Skip to content
Find file Normal view History Permalink
legal-basis.rst 1.32 KiB
Newer Older
Bengfort's avatar
add section for legal basis
Bengfort committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 
.. _legal-basis:

Legal basis
===========

GDPR only allows processing of personal data if there is at least one legal
basis. The available legal bases are defined in Art. 6, Art. 9 GDPR. In the
context of Castellum, we consider a very limited set. Except for recruitment
consent, the legal basis is deduced from available information.

-   **Recruitment consent**: The subject has given explicit consent for being
    contacted for future studies. See :ref:`subject-consent`.

-   **Study consent**: This applies if the subject either participates in a
    study or is currently in the process of being recruited for one. This is
    valid until the study has been deleted or the subject drops out of the
    study.

-   **Legal representative**: As long as a subject is the legal representative
    for another subject it is assumed that the legal basis for the other
    subject extends to this one.

-   **Subject blocked**: In order to guarantee that a subject who has shown
    inappropriate behavior will not be invited to studies again, the fact
    *that* they are blocked can be stored without further consent.

If a subject does not have any legal basis for being in the database they will
appear in the :ref:`data protection dashboard <data-protection-dashboard>` so
their case can be reviewed and their data can be deleted from the system.