GDPR requires that at least one of the following six ‘lawful basis’ apply, in order for us to process your data: Consent – As a Data subject you must provide clear consent to process personal data for a specific purpose. For the purposes of documentation, your declaration of consent must be obtained in writing, electronically or through a recorded oral statement. Contract – Processing your data is necessary to fulfil the obligations of a contract. Legal obligation – Processing your data is necessary to comply with a legal obligation. Vital interests – Processing your data is necessary to protect someone’s life. Public task – Processing your data is necessary to perform a task in the public interest or for official functions. In this scenario the task or function must have a clear basis in law. Legitimate interests – Processing your data is necessary for the legitimate interests of an individual or the legitimate interests of a third-party, unless there is good reason to protect the individual’s personal data which overrides those legitimate interests.