Legal basis under to German data protection law

Processing for secondary purposes

Under Section 24 BDSG, private bodies are sometimes allowed to process personal data for a purpose other than the one for which the data was collected. This is permitted if the processing is either necessary for (1) prevention of threats to public security, (2) prosecution of criminal offences or (3) the establishment, exercise or defense of legal claims. However, this is allowed only if data subjects do not have an overriding interest in not having the data processed.