3. (c) The transfer is necessary for one of the reasons set out in the Act or the GDPR, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
- (d) The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
- (e) The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
13.2 Subject to the requirements in clause 12.1 above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. That staff maybe engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
14. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
- 14.1 We may share personal data we hold with any member of our group, as defined in section 1159 of the UK Companies Act 2006.
- 14.2 We may also disclose personal data we hold to third parties:
- (a) In the event that all or part of the personal data held in the Services is licensed or sold to a public relations agency, a corporate press office or another third party;
- (b) In the event that we sell or buy any business or assets, in which case we may disclose personal data we hold to the prospective seller or buyer of such business or assets.
- (c) If all or substantially all of our assets are acquired by a third party, in which case the personal data we hold in the Services will be one of the transferred assets.
- 14.3 If we are under a duty to disclose or share a data subject’s personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- 14.4 We may also share personal data we hold with selected third parties for the purposes set out in the Schedule.
15. DEALING WITH SUBJECT ACCESS REQUESTS
15.1 Data subjects must make a formal request for information we hold about them. This should be made in writing and we have a dedicated email address for this purpose which is: firstname.lastname@example.org