8. Requirements for Legitimate Processing of Personal Data*

8.1 The conditions for processing Personal Data are set out in the Data Protection Regulations. At least one of the following conditions must be met whenever the Data Controller processes Personal Data:
a) The Data Subject has given his written consent to the Processing of that Personal Data;
b) Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
c) Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
d) Processing is necessary in order to protect the vital interests of the Data Subject;
e) Processing is necessary for the performance of a task carried out in the interests of the ADGM or in the exercise of the Board's, the Court's, the Registrar's or the Regulator's functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclosed; or
f) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by the Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation.

* Section 2 of the ADGM Data Protection Regulations 2015.