1 – Security Practices
In the strict compliance with the law, and with the constant concern of transparency and impartiality, IPCA is implementing new security procedures and defining ways to improve the procedures with the goal of pursuing the public interest in the scoop of its field of action.
Citizens and more specifically IPCA’s community protection, when it comes to the processing of Personal Data, is a fundamental right, hence your privacy is important and, it is vital to clarify which Personal Data are collected, for which purposes are used, which principals steer that used and which are the rights of the holders of such Data.
2 – Therefore, IPCA as Responsible for the Data Management:
– Assures that the management of the Personal Data is done in the scope in which they were collected or for purposes compatible with the intention for which they were collected.
– Adopts the commitment of implementing a Data minimization culture, in which only collects, uses and keeps Personal Data strictly necessary to the development of its activity and to the satisfaction of the interests of its community.
– Does not share or makes available the Personal Data for advertising or commercial purposes.
3 – How we use the Personal Data
IPCA uses Personal Data to provide information to requests made by its community, suppliers and collaborators; to instruct its processes and provide information about topics of its vested interest. These data may be provided through request, communication, complaint, participation, orally or on the website. IPCA also collects information provided by its community and the content of the received messages.
4 – Personal Data we collect
The Personal Data IPCA collects depends on the type of interaction of the community with the Institution, in the scope of its activities that are framed within its legally defined attributions, namely the Judicial Regime of the Higher Education Institutions, the Education System Basic Law, the Judicial Regime of Higher Education Degrees and Diplomas, the General Law of Labour in Public Function and the Labour Code, IPCA’s statues and the respective Organic Units.
– The collected data may include the following:
- Personal Identification Number;
- Academic information, such as, study cycle in which the student is enrolled and courses; student number; absences from class; grades;
- Information regarding social support awarded by social services: information regarding the socioeconomic situation as defined in the Regulation of the Allocation of Scholarships;
Telephone and Mobile Number.
- Institutional Data:
- Payment Data:
in the case any service that requires payment of a fee is requested, the necessary data to operate the payment is collected.
If you visit IPCA your image may be collected by our security cameras.
When you contact us, the telephone conversations with our employees might be recorded.
5. Reasons why we share the Data
We only share the Data with third parties, with the explicit consent of the holder of the personal data, in the strict compliance with the legal obligations entrusted to IPCA, or in the performance of duties of public interest/public authority.
6. Security of the Personal Data
We use an array of technologies, tools and security procedures to help us protect the Personal Data from any access, use or unauthorised disclosure.
7. How to access and control Personal Data
We enable, at the request of the holder of the personal data, the right to access, correct, treatment limitation and deletion of their Personal Data, as well as, the right to oppose its processing.
In case the using of the personal data is based on the consent, the holder as the right to revoke it, at any time, without compromising the validity of the data managed up to that point.
The holder of the personal data can always contact IPCA’s Data Protection Officer (firstname.lastname@example.org) to clarify all questions related to the management of the Personal Data and the exercise of their rights.
8. Withholding of Personal Data
We keep the Personal Data for the needed period of time and in the scope of the purpose we collected them for.
The periods of conservation of the data may change significantly when matters of archive of public interest, historical, scientific or statistic reasons are concerned, with IPCA committing to adopt all he conservation and security appropriate actions.
9. Cookies and similar technologies
DPO – Data Protection Officer
The Polytechnic Institute of Cávado and Ave Data Protection Officer (DPO), is João Pedro Barbosa da Silva, appointed by the Dispatch nº. 40/2018.
The DPO has the mission of informing and advising IPCA about the obligations ensuing from the General Data Protection Regulation and to verify the applicability of IPCA’s Data Protection Policy, making sure that its community and other holders of data are aware of how their personal data are managed and what are the rights they have regarding this topic, as well as being the IPCA´s contact person with the Supervisory Authority (National Data Protection Commission).
The holders of personal data can contact the Data Protection Officer to clarify all questions, related to the management of their personal data and their rights, deemed pertinent.
For further information regarding IPCA’s privacy practices, your rights or to contact the DPO: email@example.com
How may I exert my rights?
At IPCA, holders of personal data may exert their rights, in writing, providing proof of identity, through the following channels:
– Through the email address: firstname.lastname@example.org;
– Through postal mail to the address: Encarregado de Proteção de Dados do IPCA, 4750-810 Vila Frescaínha S. Martinho, Barcelos;
– In person: at the above mentioned address.
The exert of the rights is free. The information is provided in writing.
Response to requests should happen within 30 days at most, unless it is an especially complex request.
Which rights may be exerted by the holder of the data?
1. Right to be informed
The right to be informed, in a clear, simple and transparent manner about how the personal data are managed or are going to be managed by IPCA, its Units and Services. At the time of the personal data collection information is relayed regarding the following:
– To which purpose the data are going to be used;
– The legal basis for the management of your data;
– For how long the data will be stored;
– With whom will the data be shared;
– Which are your rights regarding personal data protection;
– How can consent be withdrawn, in case it has been given;
– The contact of the Data Protection Officer.
- Access right
The holder of the personal data has the right to access their own personal data being managed by IPCA and the information regarding them, namely, which are the purposes of the management, which is the storing period, which categories of personal data are managed and if the data was shared with other entities. The holder also has the right to receive a copy of the personal data in an accessible format.
- Right to correction
In the event of becoming aware that IPCA has incorrect, incomplete or inaccurate information regarding your personal data, you can request its correction.
- Right to objection
You have the right to object to IPCA’s management of data. However, the legal or public interest basis may prevail over your right to object.
- Right of limitation
You have the prerogative of requesting the limitation of IPCA’s management of your personal data, to certain data categories or purposes of management.
- Right to deleting the personal data or “right to be forgotten”
You can request the deletion of your personal data, if there are no legal or public interest basis which justify the maintenance of such personal data.
- Right to withdraw consent
Every time the management of the personal data is done based on consent, the holder of the data can request IPCA to halt said management. IPCA will comply with the request in a simple and swift manner.
- Right to portability
You also have the right to receive the personal data, for which the automatized management is based on consent of contract, that concerns yourself in a digital format of automatic reading or to request the direct transfer of your data to another entity, in this case only if it is technically possible.
FAQ’s and GDPR Guidelines