Decorative page image

General Data Protection Regulation

Application of the General Data Protection Regulation (GDPR) in SASULisboa

Page last update on 2023-10-10

The Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April, new General Regulation on Data Protection (RGPD) of the European Union (EU), establishes the rules concerning the processing, by a person, of a company or an organisation, of personal data relating to persons in the EU. In addition to strengthening the legal protection of data subjects' rights, the RGPD defines standards and procedures from a technological point of view.

What is personal data?

Personal Data is any information, of any nature and on any medium (eg, sound or image), relating to an identified or identifiable natural person (referred to as “data subject”).
An identifiable person is a person who can be identified directly or indirectly, namely through a name, an identification number, a location data, an electronic identifier or other specific elements of physical, physiological, genetic identity, mental, economic, cultural or social status of that natural person.

Who is responsible for data processing?

The Serviços de Ação Social da Universidade de Lisboa recognize the importance of the security of the personal data they process and ensure the protection of the privacy of the respective holders without harming the object and the full realization of the different areas in which they operate.
Within the scope of the activity it develops in its different areas of activity, Serviços de Ação Social da Universidade de Lisboa are the entity responsible for the processing of personal data, and can be contacted through the following e-mail address:

Who is the Data Protection Officer?

In view of the legal obligation resulting from paragraph a) of paragraph 1 of article 37 of the RGPD, the Universidade de Lisboa has appointed a Data Protection Officer, responsible for ensuring, among other aspects, the compliance of the processing activities and protection of personal data under its responsibility, in accordance with applicable legislation and the Privacy Policy of the Universidade de Lisboa.

Among other functions, it is his responsibility:

  • Monitor the compliance of data processing with the applicable standards;
  • To serve as a contact point for clarifying issues related to data processing;
  • Cooperate with CNPD, in its capacity as a supervisory authority;
  • Provide information and advise the University of Lisbon, or the subcontracted entities, on their obligations in terms of privacy and data protection.

Thus, the holders of personal data, if they so wish, can address a communication to the Data Protection Officer, regarding matters related to the processing of personal data, using, for this purpose, the following email:

Invocation of Data Subjects' Rights

To invoke the Rights referred to in Regulation (EU) 2016/679 of the European Parliament and of the Council of 17 April 2016, please fill in the form “Request to invoke the rights of Data Subjects” clearly and in its full.
This form will only be considered fully completed after the applicant's signature and proof of the suitability of the data/documents presented.
The form, and the respective annexes (when applicable), should be sent to the Data Processing Officer, via the email address or by mail to the following address:

Serviços de Ação Social da Universidade de Lisboa
Edifício “Cantina Velha” – Cidade Universitária Av. Professor Gama Pinto
1600-192 Lisboa