Lawful processing of personal data

1. Criteria for Lawful Processing of Personal Information.

Processing of personal information is allowed, unless prohibited by law.

For processing to be lawful, any of the following conditions must be complied with:

1) The data subject must have given his or her consent prior to the collection, or as soon as practicable and reasonable;

2) The processing involves the personal information of a data subject who is a party to a contractual agreement, in order to fulfill obligations under the contract or to take steps at the request of the data subject prior to entering the said agreement;

3) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;

4) The processing is necessary to protect vitally important interests of the data subject, including his or her life and health;

5) The processing of personal information is necessary to respond to national emergency or to comply with the requirements of public order and safety, as prescribed by law;

6) The processing of personal information is necessary for the fulfillment of the constitutional or statutory mandate of a public authority; or

7) The processing is necessary to pursue the legitimate interests of the personal information controller, or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject, which require protection under the Phili...