We access, analyse or otherwise use data for the purposes consistent with law.
We access, analyze or otherwise use data that has been obtained by lawful and fair means, including, where appropriate, with the knowledge or consent of the individual whose data is used.
We ensure to the extent possible, that all of the data we use for project purposes is adequate, relevant, and not excessive in relation to the legitimate and fair purposes for which the data was obtained.
We do not access, analyse or otherwise use the content of private communications without the knowledge or proper consent of the individual.
We do not knowingly or purposefully access, analyse, or otherwise use personal data, which was shared by an individual with a reasonable expectation of privacy without the knowledge or consent of the individual.
We do not attempt to knowingly and purposefully re-identify de-identified data, and we make all reasonable efforts to prevent any unlawful and unjustified re-identification.
We ensure reasonable and appropriate technical and organisational safeguards are in place to prevent unauthorised disclosure or breach of data.
We perform a risk assessment and implement appropriate mitigation processes before any new or substantially changed project is based.
We take into consideration the impact that data use can have not only on individuals but also on groups of individuals.
We ensure that the risks and harms are not excessive in relation to the positive impact of the project.
We employ stricter standards of care while conducting research among vulnerable populations and persons at risk, children and young people, and any other sensitive data.
We ensure the data use is limited to the minimum necessary.
We ensure that the data used for a project is being stored only for the necessary duration and that any retention of it is justified.
We design, carry out, report and document our activities with adequate accuracy and openness.
We require that our collaborators are acting in compliance with relevant law, data privacy, and data protection standards.