Skip to content
Find file Normal view History Permalink
legal-basis.rst 1.4 KiB
Newer Older
Bengfort's avatar
add section for legal basis
Bengfort committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 
.. _legal-basis:

Legal basis
===========

GDPR only allows processing of personal data if there is at least one legal
basis. The available legal bases are defined in Art. 6, Art. 9 GDPR. In the
context of Castellum, we consider a very limited set. Except for recruitment
consent, the legal basis is deduced from available information.

-   **Recruitment consent**: The subject has given explicit consent for being
    contacted for future studies. See :ref:`subject-consent`.

-   **Study consent**: This applies if the subject either participates in a
    study or is currently in the process of being recruited for one. This is
Bengfort's avatar
legal basis now consideres pseudonym domains and news interest for study consent  
Bengfort committed
16 17 18 
    valid until all pseudonym domains for the study have been deleted or (for
    subjects who are interested in news about the study) until the study is
    deleted.
Bengfort's avatar
add section for legal basis
Bengfort committed
19 20 21 22 23 24 25 26 27 28 29 30 

-   **Legal representative**: As long as a subject is the legal representative
    for another subject it is assumed that the legal basis for the other
    subject extends to this one.

-   **Subject blocked**: In order to guarantee that a subject who has shown
    inappropriate behavior will not be invited to studies again, the fact
    *that* they are blocked can be stored without further consent.

If a subject does not have any legal basis for being in the database they will
appear in the :ref:`data protection dashboard <data-protection-dashboard>` so
their case can be reviewed and their data can be deleted from the system.