The General Data Protection Regulation (GDPR) legislation which applies across Europe, and the UK Data Protection Act (2018), only allow the processing of personal data if one or more conditions are met; this is known as a lawful basis for processing.
There are six lawful bases provided, which are included in the Glossary section. Triodos will only process your personal data for the reasons it was provided for, and only where there is a lawful basis for processing allowing this.
Special categories of personal data
Some personal data is classified as more sensitive under data privacy legislation. This includes information relating to health, racial or ethnic origin, religious or philosophical beliefs, political opinions, genetic and biometric data, sex life, sexual orientation and trade union membership. As this data is more sensitive, we need to have further justification for collecting, storing and using this type of personal data which means an additional lawful basis for processing (which are also included in the Glossary section).
We may process special categories of personal data in the following circumstances:
- In limited circumstances with your explicit consent, in which case we will explain the purpose for which the personal data will be used at the point where we ask for your consent;
- We will use information about your physical and mental health or disability status to comply with our legal and regulatory obligations, including to ensure you receive appropriate adjustments to any of our services where necessary.
Triodos and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Triodos processes your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.