6. The legal basis for processing personal data We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of: a person’s consent (for example, to send you direct marketing by email or to allow us to advocate on your behalf to external services) a contractual relationship (for example, applications from Glass Door recruitment prospects or current and former employees of Glass Door) processing that is necessary for compliance with a legal obligation (for example to process a Gift Aid declaration, for Health & Safety of volunteers in the night shelters and carrying out due diligence on large donations) Glass Door’s legitimate interests (please see below for more information) Glass Door will ask for written explicit consent when recording sensitive personal data (see sub-section on ‘Sensitive Personal Data’ within the What information we collect drop-down menu.) Legitimate Interests Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include: Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes. Administration and operational management: including responding to enquires, providing information and Glass Door services, research, events management, the administration of volunteers, and recruitment requirements Fundraising and Campaigning: including administering campaigns and donations, and sending direct marketing by post, sending thank you letters, analysis, targeting and segmentation to develop communication strategies, and maintaining communication suppressions If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.