![português [Beta]](https://www.cartasocial.pt/cartasocial-theme/images/language/pt_PT.png "português [Beta]")
Introduction
This policy aims to define the general principles and rules to be applied by the Strategy and Planning Office (GEP) as Data Controller and the Institute of Informatics, IP as processor, to the Personal Data collected by you within the scope of the GEP Portal Social Charter.
This policy considers the standards, standards and legal requirements applicable, including a specific, explicit and informed notification about the processing of the data to its holders.
The Privacy Policy of GEP it shall apply effectively from 5 June 2019.
The Privacy Policy applies to all Personal Data collected and processed belonging to users of the the Social Charter Portal.
The Privacy Policy has as audience the users of the the Social Charter Portal, the Personal Data Subjects, or GEP and the Institute of Informatics, IP.
Description:
O GEP and Instituto de Informática, I.P. process Personal Data in accordance with the following principles, set out in Article 5(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation (GDPR):
- Lawfulness, Loyalty and Transparency
- Purpose limitation
- Data Minimisation
- Accuracy
- Limitation of Conservation
- Integrity and Confidentiality
O GEP and the Institute of Informatics, I.P. define appropriate technical and organizational security measures to effectively implement the principles of protection of Personal Data, complying with the legislation in force, and protecting the rights, freedoms and guarantees of Data Subjects.
O GEP and the Instituto de Informática, I.P. imposes the same level of protection of Personal Data on all its suppliers or providers through appropriate contracts.
O GEP and the Institute of Informatics, I.P. have an internal organization of Personal Data Protection to ensure compliance with the rules of protection of Personal Data, supported by Data Protection Officers.
General principles
O GEP and the Instituto de Informática, I.P. undertake to process Personal Data in accordance with the applicable rules and legislation. Therefore, they develop tools and implement actions with the aim of ensuring and monitoring the effectiveness of the protection of Personal Data.
O GEP and Instituto de Informática, I.P. have several internal policies and procedures that make its employees aware of the importance of the protection of Personal Data, providing them with operational guidance on how to comply with Data Protection legislation and monitor compliance with the protection of Personal Data.
O GEP and the Instituto de Informática, I.P. establish, in this document, a Privacy Notice to the holders of Personal Data that complies with the requirements of the legislation in force and guarantees a specific, explicit and informed communication about the processing of your data. Responsibilities to notify any breach of Personal Data to the competent supervisory authorities are also defined.
O GEP and the Institute of Informatics, I.P. undertake to carry out a training/communication program that raises awareness among its employees in the area of information security and privacy of Personal Data.
Privacy Notice
O GEP and Instituto de Informática, I.P. process Personal Data lawfully, pursuant to paragraph 1 of article 6 of the RGPD.
The holders of Personal Data may exercise, at any time, the right to information, access, rectification, erasure, updating, restriction of processing, portability, as well as opposition and non-subjection to automated individual decisions regarding their personal data, including the revocation of consent, in accordance with the GDPR or applicable law. To do so, they should refer to the “Contact” chapter of this document.
Data Subjects have the right to lodge a complaint with the competent Supervisory Authority in case of violation of the applicable rules in relation to the protection of Personal Data.
In the event of a breach of Personal Data, the Data Protection Officer of the GEP notify it to the competent supervisory authorities and communicate it to the data subject where appropriate, in accordance with Articles 33 and 34 of the GDPR.
Collection and Processing of Personal Data
Within the framework of the Social Charter Portal, the GEP and the Institute of Informatics, I.P. process the Personal Data related to the fulfillment of its duties.
The collection is made by interconnection, communication or with the Data Subject.
O GEP and the Instituto de Informática, I.P. only process Personal Data if the lawful processing situations provided for in the GDPR occur.
O GEP and the Instituto de Informática, I.P. retain Personal Data in accordance with the periods imposed by the legislation in force, in particular taking into account their missions and attributions.
O GEP and Instituto de Informática, I.P. never retain Personal Data for longer than necessary, in accordance with the purposes for which they were collected and are being processed, namely, compliance with legal obligations (e.g.: archiving, auditing, public procurement, accounting and tax obligations), and the resolution of legal disputes. Circumstances may vary depending on the context and type of Personal Data.
O GEP and the Institute of Informatics, I.P. ensure that:
- Personal Data is not made available to third parties without the prior consent of its holders whenever this is legally necessary;
- Personal Data is not made available, free of charge or for cost, for purposes such as direct marketing, including mailing lists for advertising products and/or services.
- The processing of aggregated data (such as locality, age and others) for purposes considered to be in the public interest, namely in the context of statistical production, is carried out lawfully, in accordance with Article 89 of the GDPR. In this context, personal identification elements, such as the Name, BI Number, Citizen Card or Tax Identification, or information of a private nature are not made available.
- Personal Data will only be made available upon request by a judicial authority or public authority with legal powers to do so, in accordance with the legislation in force.
- Ensures the confidentiality and security of Personal Data while making it available to the aforementioned recipients.
Security measures
O GEP and the Institute of Informatics, I.P. follow organizational and technological security standards, and effective practices in information security management, to protect the confidentiality, integrity and availability of information, and to provide confidence in inter-organizational exchanges.
The Institute of Informatics, I.P. applies the international standard ISO/IEC 27001, Community standards, legislation, as well as specific national recommendations on information security.
O GEP and Instituto de Informática, I.P. have all the necessary technical and organizational measures to ensure a level of security of Personal Data appropriate to the risk and, in particular, to protect Personal Data against destruction, loss, alteration, unauthorized disclosure or accidental or illegal access.
Within the framework of the Social Charter Portal, the GEP and the Instituto de Informática, I.P. have the appropriate technical and organizational measures to ensure the security of Personal Data.
The same level of protection is imposed contractually by the GEP and Instituto de Informática I.P. to its suppliers and suppliers.
Any employee of the GEP or the Instituto de Informática, I.P. that, during its work, has access to Personal Data agrees to keep them in the strictest confidentiality under the confidentiality agreements signed.
Rights of the Data Subject
In accordance with the applicable rules regarding the protection of Personal Data, the Data Subject may exercise, at any time, his or her right to obtain access, rectify, forget and transfer, pursuant to Article 20 of the GDPR, his or her Personal Data and also to restrict and oppose the Processing of his or her Personal Data.
The exercise of the rights of the Data Subject must be carried out with the GEP, using the “Contact” chapter of this document.
When the Treatment is based on the authorization of the Holder, he has the right to withdraw his authorization at any time.
In its own interest, the Data Subject should seek to keep his or her data up-to-date. GEP, using the “Contact” chapter of this document.
Data Subjects have the right to complain to the competent Supervisory Authority in case of violation of the applicable rules regarding the protection of Personal Data.
The Data Protection Officer
The Data Protection Officer informs and advises on the applicable requirements for the protection of Personal Data, monitors compliance with these requirements at Instituto de Informática, IP.
The Data Protection Officer shall cooperate and act as a contact point with the competent Supervisory Authorities and data subjects.
Changes to the Privacy Policy
The Personal Data Protection Policy may be amended whenever there is a need or change in the regulatory framework, and a notice of such changes is published in a revised version of the current Policy, with entry into force at the time of its publication or on a date set therein.
Contact
In case of questions related to the rights and guarantees in the field of data protection, you may contact the Data Protection Officer of the GEP, the Data Protection Officer of the GEP, via the following e-mail address:
GEP-EncarregadoProtecaoDados@gep.mtsss.pt