We let you know how we protect your data
Serviços de Ação Social da Universidade de Lisboa are a legal person of public law, with administrative and financial autonomy, in accordance with the law and the Statutes of the Universidade de Lisboa.
In the exercise of their functions, this platform provides a set of relative information to the areas of expertise activity, in order to disseminate the university community and other interested parties’ information. Privacy and protection of personal data represent a firm commitment to Serviços de Ação Social da Universidade de Lisboa operating in compliance with its legal obligations, in particular those resulting from the application of the new Data Protection General Regulation (RGPD) Regulation 2016/679 of 27 April 2016 and the Data Protection Act, Law 58/2019, of August 8.
The protection of Personal Data is a fundamental right, so your privacy is important for Serviços de Ação Social da Universidade de Lisboa. That is why we clarify the Personal Data we collect, for what purposes, the principles that guide this use and what rights the holders of those data have.
It is for the purpose of safeguarding data protection that, the Responsible for Data Processing:
• Ensures that the processing of Personal Data is carried out within the scope(s) for which it was collected or for purposes compatible with the initial purpose(s) for which it was collected;
• Assumes the commitment to implement a culture of data minimization, in which only the collection, use and preservation of Personal Data is strictly necessary for the development of its activity.
In summary, we believe that the reading of this document is recommended to all our employees and users so that they can become aware of the conditions under which their personal data are processed, as well as their rights are safeguarded, within the scope of our Policy of Privacy.
Through this policy, Serviços de Ação Social da Universidade de Lisboa recognizes the importance of personal data security, dealing and guaranteeing the privacy protection of their respective holders without harming the object and full realization of the different areas in which it operates.
This Policy provides further information about the rules, principles and good practices observed in the processing of personal data entrusted to it in accordance with the General Regulation on Data Protection (RGPD) and other applicable law, and on means that the data subjects have at their disposal to exercise the respective rights.
Within the scope of the activity it develops in its different areas of activity, Serviços de Ação Social da Universidade de Lisboa are the entity responsible for the processing of personal data, and can be contacted through the following e-mail address: firstname.lastname@example.org
In view of the legal obligation resulting from paragraph a) of paragraph 1 of article 37 of the GDPR, the Universidade de Lisboa has appointed a Data Protection Officer, responsible for ensuring, among other aspects, the compliance of the processing activities and protection of personal data under your responsibility, in accordance with applicable legislation and this Policy.
Among other functions, it is his responsibility:
• Monitor the compliance of data processing with the applicable standards;
• To serve as a contact point for clarifying issues related to data processing;
• Cooperate with National Comission of Data Protection (CNPD), in its capacity as a supervisory authority;
• Provide information and advise the University of Lisbon, or the subcontracted entities, on their obligations in terms of privacy and data protection.
Thus, the holders of personal data, if they so wish, can address a communication to the Data Protection Officer, regarding matters related to the processing of personal data, using, for this purpose, the following email: email@example.com
Cookies are used on the institutional website, just to analyze traffic patterns on the web or to identify problems and provide a better browsing experience. All browsers allow the user to accept, refuse or delete cookies, namely by selecting the appropriate settings in the respective browser. Cookies can be configured in the "options" or "preferences" menu of the user's browser. Note, however, that by disabling cookies, the user may prevent some web services from functioning correctly, affecting, partially or totally, the navigation on the website. To learn more about cookies, including how to see what cookies were created and how to manage or delete them, visit www.allaboutcookies.org which includes information on how to manage your settings for the various browser providers.
Personal Data is any information, of any nature and on any medium (eg, sound or image), relating to an identified or identifiable natural person (referred to as “data subject”). An identifiable person is a person who can be identified directly or indirectly, namely through a name, an identification number, a location data, an electronic identifier or other specific elements of physical, physiological, genetic identity, mental, economic, cultural or social status of that natural person.
Sensitive Data is all personal data that is subject to specific processing conditions. It falls into this universe:
The data holder is any natural person to whom the personal data concern. In the context of the activities developed by the Social Action Services of the University of Lisbon, data holders are:
Members of university bodies, teachers, researchers, employees, employees regardless of their contractual relationship, and other service providers, users of the university stadium, elements that collaborate directly or indirectly with the Serviços Sociais da Universidade de Lisboa, as well as all natural persons who send their data or authorize Serviços Sociais da Universidade de Lisboa to use them.
Serviços de Ação Social da Universidade de Lisboa treats personal data of different nature and sensitivity, such as:
Serviços de Ação Social da Universidade de Lisboa has data processing registers, under the terms of article 30 of the RGPD, in which are identified:
Within the scope of the processing of personal data, Serviços de Ação Social da Universidade de Lisboa observes the following fundamental principles:
While responsible for the treatment, Serviços de Ação Social da Universidade de Lisboa are undertake to ensure strict observance to the mentioned principles ensuring the conditions to prove compliance with them.
Serviços de Ação Social da Universidade de Lisboa only process personal data whenever there is at least one of the following situations:
Serviços de Ação Social da Universidade de Lisboa can handle sensitive data under the following conditions:
Considering the diversity of its areas of activity, Serviços de Ação Social da Universidade de Lisboa processes personal data for the following purposes:
Personal data is kept only for as long as necessary for the purposes for which it is processed.
Serviços de Ação Social da Universidade de Lisboa complies with the maximum conservation periods legally established. However, data may be kept for longer periods, for purposes of public interest, for the fulfillment of different purposes that may persist, such as, for example, the exercise of a right in a judicial process, purposes of archiving the public interest, purposes of scientific or historical research or statistical purposes, applying - in this case - all appropriate technical and organizational measures to safeguard personal data.
These guarantees imply the adoption of technical and organizational measures aimed at ensuring, in particular, respect for the principle of data minimization and for the pseudonymisation of the same.
Serviços de Ação Social da Universidade de Lisboa may collect data directly (i.e., directly from the data subject) or indirectly (i.e., through third parties). Collection can be done through the following channels:
Serviços de Ação Social da Universidade de Lisboa assure data subjects the exercise of their respective rights, under the terms of the applicable legislation in the scope of the protection of personal data, namely:
The exercise of rights can be exercised by the holder by contacting Serviços de Ação Social da Universidade de Lisboa through the following means:
Serviços de Ação Social da Universidade de Lisboa will respond in writing (including by electronic means) to the request of the holder within a maximum period of one month after receiving the request, except in cases of special complexity and high number of requests, in which this period may be extended up to two months.
The data subject can complain directly to the National Personal Data Control Authority, the National Data Protection Commission (CNPD), using the contacts made available by this entity for this purpose (at www.cnpd.pt).
Taking into account the principle of proportionality and suitability, safety, application costs and the nature, scope, context and purposes of the treatment, as well as the probability risks, the Universidade de Lisboa applies safety, technical and appropriate organizational measures to ensure a level of security of personal data appropriate to the risk, such as, for example:
Subcontractors: Serviços de Ação Social da Universidade de Lisboa may use other entities contracted by them (subcontractors), to, in the name of the services, and in accordance with the instructions given by them, proceed with the processing of the data of the holder, in strict compliance with the provisions of the GDPR, the national legislation on the protection of personal data and this Policy.
Third parties: Serviços de Ação Social da Universidade de Lisboa are bound by the Law and compliance with administrative procedures and, to that extent, obliged to transmit data, including personal data to other entities, namely, among others, to:
Whenever the sharing of personal information with one of these entities occurs, Serviços de Ação Social da Universidade de Lisboa will assess the need to obtain, when necessary, the respective consent and will take all necessary measures and / or actions, to confirm that they will carry out its functions in accordance with the RGPD principles.
In the event of a personal data breach, and insofar as such breach is likely to result in a high risk to the holder's rights and freedoms, the Data Protection Officer will notify the national supervisory authority of that breach, and report the breach. to the data subject, up to 72 hours after being informed of it.
Under the terms of the GDPR, communication to the holder is not required in the following cases:
If the communication to the holder will imply a disproportionate effort for the Services, in which case they will make a public communication or take a similar measure through which the holder will be informed.Any violation of personal data, the treatment of which is the responsibility of Serviços de Ação Social da Universidade de Lisboa, can be reported via email to be sent to firstname.lastname@example.org
Law 46/2012 (cookies law) (PDF)
General data protection regulation (PDF)
Corrigendum to regulation (eu) 2016/679 (PDF)