Data Protection
Privacy Policy
- Privacy and personal data protection policy
With the entry into force of the General Data Protection Regulation (GDPR), the IPCA has reviewed the privacy and protection of personal data policy applicable to all those who interact with the Institute, its units and services, and approves its policy in the following terms:
1 – Security practices
In strict compliance with the law and with a constant concern for transparency and impartiality, IPCA is implementing new security practices and identifying ways to improve procedures with the aim of pursuing the public interest within its areas of activity.
The protection of all citizens, and in particular of the IPCA community, with regard to the processing of personal data is a fundamental right, so their privacy is important. It is therefore essential to clarify: what personal data is collected; for what purposes it is used; what principles guide this use; what rights the holders of this data have.
2 – Data collection and processing
As part of its data protection policy, IPCA is responsible for complying with the following rules when collecting and processing data:
– Ensure that the processing of personal data it carries out is within the scope of the purpose(s) for which it was collected or for purposes compatible with the original purpose(s) for which it was collected.
– It is committed to implementing a culture of data minimisation, in which it collects, uses and retains only the personal data that is strictly necessary for the development of its activity and the satisfaction of the interests of its users and employees.
– It does not disclose or share personal data for commercial or advertising purposes.
3 – Use of personal data
IPCA uses personal data to respond to requests from its community, including students, teachers, employees and other stakeholders; to study its processes and provide information on matters of interest to them; for legitimate purposes, namely to fulfil its mission in the context of teaching, research and interaction with other institutions in the context of academic and scientific projects, and within the scope of legal attributions. Such data may be provided through a request, communication, complaint, participation, orally or on a website. IPCA also collects the information provided by users and the content of the messages they send.
4 – Personal data collected
The personal data that IPCA collects is within the scope of the exercise of its activities and its legal attributions, namely in the legal regime of higher education institutions, in the basic law of the educational system, in the legal regime of degrees and diplomas in higher education, in the general law of employment in public functions and in the Labour Code, in the statutes of IPCA and of the respective organic units.
– The data we collect may include the following
– Identification:
– Name;
– Age
– NIF;
– Citizen Card Number;
– Identity Card Number;
– Academic information, i.e. study cycles in which you are enrolled, corresponding curricular units; student number; absences; recording of grades;
– Information on the allocation of social assistance within the framework of social action: Information on the socio-economic situation as defined in the Scholarship Allocation Regulations;
– Contact person:
Address;
E-mail address;
Telephone and/or mobile number
– Institutional details:
Institutional email
– Payment details:
If you request a service that involves the payment of a fee or price, we will collect the information necessary to process that payment.
– Video:
If you visit IPCA premises, your image may be captured by our security cameras.
– Voice:
When you contact us, telephone conversations with our staff may be recorded.
5. Data sharing
We only share personal data with third parties with the express consent of the data subject, in strict compliance with the legal obligations entrusted to IPCA in the exercise of its mission, as well as in the context of joint activities with other national or foreign institutions, namely academic cooperation networks, joint programmes and mobility programmes, in the fulfilment of its academic and scientific purposes or in the exercise of functions of public interest/public authority.
6. Security of Personal Information
We use a range of security technologies, tools and procedures to help protect personal information from unauthorised access, use or disclosure.
7. Access and control of personal information
At the request of the holder of the personal data, we provide the right of access, rectification, restriction of processing and deletion of their personal data, as well as the right to object to its processing.If the use of personal data is based on consent, the data subject has the right to withdraw his or her consent at any time without jeopardising the validity of the data processing carried out up to that point.
The holder of the personal data may at any time contact the IPCA Data Protection Officer (rgpd@ipca.pt) to clarify any issue relating to the processing of personal data and to exercise his rights.
8. Retention of Personal Data
We will only retain personal information for as long as necessary and within the scope of the purpose(s) for which we collected it.Retention periods may vary significantly where data is retained for archiving purposes in the public interest, or for historical, scientific or statistical reasons, and IPCA undertakes to take appropriate conservation and security measures and to comply with applicable legislation.
9. Cookies and similar technologies
IPCA uses cookies (small text files that a website places on your computer or mobile device through your internet browser when you visit it) to provide our websites and online services, to help you collect data and to store your preferences in order to improve our performance and your user experience.
The Privacy Policy will be updated to reflect the input of our users and employees and whenever warranted.Therefore, we encourage you to periodically review our Privacy Policy to stay informed about how we are protecting your personal information and to keep up to date with the information and rights you have.
DPO/Data Protection Officer
The DATA PROTECTION OFFICER (DPO) of the Polytechnic Institute of Cávado and Ave and the entity DATTA PRIVACY+, UNIPESSOAL, LDA., legally represented by Patrícia Manuela Macedo Alves, appointed by ORDER (PR) No. 127/2022 of 27 October.
The Data Protection Officer’s role is to inform and advise IPCA on its obligations under the General Data Protection Regulation and to verify the applicability of IPCA’s Data Protection Policy, ensuring that its users and other data subjects are aware of how their personal data is processed and what rights they have in this regard, as well as being IPCA’s point of contact with the supervisory authority (National Data Protection Commission).Data subjects can contact the DPO at any time to clarify any questions they may have regarding the processing of their personal data and the exercise of their rights.
To contact the DPO and for more information about IPCA’s privacy practices and rights, please visit rgpd@ipca.pt.
How can I exercise my rights?
Data subjects of IPCA may exercise their rights in writing, providing proof of their identity, through the following channels:
– By e-mail to the following address: rgpd@ipca.pt;
– By post to the following address: IPCA Data Protection Officer, IPCA Campus, 4750-810 Vila Frescainha S. Martinho, Barcelos;
– In person: at the above address.
The exercise of these rights is free of charge. Information will be provided in writing.
Requests must be answered within a maximum of 30 days, unless the request is particularly complex.
What rights can the interested party exercise?
1. Right to be informed
You have the right to be informed in a clear, simple and transparent manner about the processing of personal data carried out or to be carried out by IPCA, its units and services.
When personal data is collected, information will be provided on
– The purpose for which the data will be used;
– The legal basis for processing your data;
– How long your data will be kept;
– Who we will share your information with;
– What your rights are in relation to the protection of your personal data;
– How you can withdraw your consent if you have given it;
– The contact details of the data controller.
2. Right of access
The holder of personal data has the right to access the personal data relating to him or her that is processed by IPCA and to be informed about it, namely the purposes for which it is processed, the retention periods, the categories of personal data being processed and whether it has been disclosed to other entities. You also have the right to obtain a copy of your personal data in an accessible format.
3.Right of rectification
If you find that IPCA holds incorrect, incomplete or inaccurate personal data about you, you may request that it be corrected or rectified.
4. Right to object
You also have the right to object to the processing of your data by IPCA. However, legal or public interest grounds may override your right to object.
5. Right to restriction
You also have the right to request IPCA to restrict the processing of your personal data to certain categories of data or for certain purposes.
6. Right to erasure of personal data or “right to be forgotten“
You may request that your personal data be erased if there are no legal or public interest grounds justifying the retention of such personal data.
7. Right to withdraw consent
Whenever personal data is processed on the basis of consent, the data subject may ask IPCA to stop processing the data. IPCA will respond to your request in a simple and expeditious manner.
8. Right to portability
You also have the right to receive personal data relating to you, the automated processing of which is based on consent or contract, in a commonly used and machine-readable digital format or to request the direct transmission of your data to another entity, but in this case only if technically possible.
[/accordion-item]
FAQs and guidance on GDPR