The Controller may only collect Personal Data directly from the Data Subject and may only process Personal Data for the purposes for which they have been collected. However, the Controller may collect Personal Data from a source other that the Data Subject and may process Personal Data for purposes other than the ones for which they have been collected in the following situations:

1. The Data Subject gives their consent in accordance with the provisions of this Law.
   
   
2. Personal Data is publicly available or was collected from a publicly available source.
   
   
3. The Controller is a Public Entity, and the Collection or Processing of the Personal Data is required for public interest or security purposes, or to implement another law, or to fulfill judicial requirements.
   
   
4. Complying with this may harm the Data Subject or affect their vital interests
   
   
5. Personal Data Collection or Processing is necessary to protect public health, public safety, or to protect the life or health of specific individuals
6. Personal Data is not to be recorded or stored in a form that makes it possible to directly or indirectly identify the Data Subject.
   
   
7. Personal Data Collection is necessary to achieve legitimate interests of the Controller, without prejudice to the rights and interests of the Data Subject, and provided that no Sensitive Data is to be processed.