The Privacy Policy establishes the commitment of CCDR LVT with the Website Users in the protections of their personal datae, intending to contribute to strengthening and consolidating the relationship of trust and proximity that it has with them, thorugh clear and transparente communication of what it does with such data and what rights it recognises to the respective holders, as well as how to exercise them.
CCDR LVT acts in strict compliance with the principles described in this policy, Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “GDPR”) and applicable data protection legislation, in all personal data processing activities under its responsibility. The Privacy Policy is framed in the regulatory body of personal data protection of CCDR LVT, which includes standards and procedures for the management of security and privacy of personal data.
General Conditions
- The party responsible for processing the personal data collected and processed in connection with the website, in accordance with the General Regulation on the Protection of Personal Data and the complementary national legislation on the protection of personal data (referred to as the “Regulation”), is CCDR LVT, with Tax ID number 600076849, with its registered office at Rua Alexandre Herculano, n.º 37, Lisbon (referred to as the “Responsible Party”).
- The contact details of the Responsible Party are:
- e – mail: privacidade@ccdr-lvt.pt;
- phone: 21 383 7100.
What is Personal Data?
Personal data is any information relation to a person and which identifies them or makes them identifiable.
Origin of Personal Data
The Person Responsible for processing will collect your personal data by means of your filling in the forms present on the website, but also through the normal functioning of the website and the communication it makes with your equipment, namely, through your browser, the use of cookies, pixel tags and/or other similar technologies.
What are Cookies?
- Cookies are little archives of information which helps to identify your browser and that can store information, for example, settings and user preferences.
- The responsible party will store cookies on its equipment to personalize and facilitate navigation as much as possible, but also, for troubleshooting, statistics, quality assurance, and to monitor system security.
- With the exception of cookies specifically necessary for the performance of the website, the storage of other cookies will always depend on the User’s acceptance and consent, and this consent may be withdrawn at any time through specific browser tools.
- To find out more about the cookies we use you should consult our Cookies Policy.
What are the purposes and grounds for processing the personal data we collect?
- The personal data that the Person Responsible collects and processes have specific grounds, depending on the purposes for which they are intended.
- The following table shows the grounds and purposes pursued:
Purpose | Consent given |
To analyse and respond to your messages and enquiries. | Consent for that specific purpose |
To keep a record of your contact details. | Consent for that specific purpose |
For WEBSITE management operations. | Consent to thar specific purpose (cookies); Legitimate interests pursued by the Reponsible Party. |
Data analysis, audits. | Consent to thar specific purpose (cookies); Legitimate interests pursued by the Reponsible Party. |
For fraud precention and security information systems. | Legitimate interests pursued by the Reponsible Party. |
For the adaption, improvement and modification of services, namely by identifiying usage trends, or, to determine the effectiveness of CCDR LVT communications. |
Consent to thar specific purpose (cookies); Legitimate interests pursued by the Reponsible Party. |
What Personal Data do we collect?
- The personal data that the Responsible Party collects and processes is only that which is necessary and appropriate for the purposes indicated above.
- The Responsible Person will collect and process the following personal data:
Purpose | Data collected |
To analyse and respond to your messages and enquiries. | Name, e-mail, contact (telephone). |
To keep a record of your contact details. | Name, e-mail, contact (telephone). |
For WEBSITE management operations. | Cookies, IP address. |
Data analysis, audits. | Cookies, IP address. |
For fraud precention and security information systems. | Cookies, IP address. |
For the adaption, improvement and modification of services, namely by identifiying usage trends, or, to determine the effectiveness of CCDR LVT communications. |
Cookies, IP address. |
Data Storage Period
- Your personal data will be kept for as long as necessary for the purposes for which it is intended, as listed in this Privacy Policy. Thus:
Purpose | Data collected |
To analyse and respond to your messages and enquiries. | 1 year |
To keep a record of your contact details. | 1 year |
For WEBSITE management operations. | 2 years |
Data analysis, audits. | 2 years |
For fraud precention and security information systems. | 2 years |
For the adaption, improvement and modification of services, namely by identifiying usage trends, or, to determine the effectiveness of CCDR LVT communications. |
2 years |
- If the law provides for a specific or mandatory period, the data will be kept for that period. In all other cases, personal data will be kept for a maximum of the times indicated above, periods that the Person Responsible considers sufficient to fulfil the purposes.
- At the end of the conservation period, all personal data collected will be deleted.
When will we communicate Personal Data to Third Parties?
- The Responsible Party may use third parties to provide certain services, such as website maintenance, database hosting, technical support and marketing, which may have access to some of the personal data, particularly those necessary for the contracted purposes.
- The third parties that process the User’s personal data are subcontractors, hired by the Responsible Entity. The services of subcontractors are essential for the normal operation of the website.
- For example, for the purpose of providing website analytics services, the Responsible party has Google Analytics as a subcontractor.
- The party responsible ensures that the entities that have access to the data are credible and offer protection guarantees, never having any data transmitted to them beyond what is necessary to provide the contracted service; however, the party responsible remains responsible for the personal data provided.
Data Transfers outside the European Union
- In the event that data transfers may occur to third countries that do not belong to the European Union, the Responsible Party shall comply with the legal rules, namely with regard to the suitability of the destination country in relation to the protection of personal data and the requirements, which are applicable to these transfers, and personal data shall not be transferred to jurisdictions that do not offer guarantees of security and protection.
Third Party Websites
- The website may contain links to other websites, which may collect and process your personal data, this processing being the sole responsibility of the owners of these websites, with the Responsible Party having no responsibility for their policies and/or practices.
- Examples of these third parties are Facebook, Twitter or Youtube, which are available through the buttons that are present on the website.
What are your Rights and how you can exercise them
- Before we explain how you can exercise your rights, you should know what they are. Thus, the legislation grants you the right to request us to exercise the following rights:
- Access: the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, the right to access your personal data and request further information about how we process that personal data;
- Rectification: the right to obtain the rectification of inaccurate or outdated personal data concerning you and to have incomplete personal data completed;
- Erasure: the right to obtain the erasure of your personal data when one of the grounds listed in the legislation applies, in particular when: the data is no longer necessary, the data subject has withdrawn consent, the data subject objects to its processing, the data is unlawfully processed, erasure is necessary in order to comply with a legal obligation or when the data has been collected in connection with the provision of information society services;
- Limitation of processing: the right to obtain the restriction of processing, if one of the situations listed in the law applies, namely contesting the accuracy of the data, where the processing is unlawful but the data subject opposes erasure and requests limitation of use, where the controller no longer needs the data but the data are necessary for the establishment, exercise or defence of legal claims or where the data subject has objected to the processing;
- Opposition: the right to object at any time to the processing of personal data concerning him or her;
- Portability: the right to receive personal data concerning you in a structured, commonly used and machine-readable format.
- You also have the right to withdraw or change, at any time, the consent you have given us to process your personal data, in cases where such consent has been requested.
- If you request us to delete some or all of your personal data, some of the services requested may not be provided to you and the Responsible Officer will retain only the personal data necessary to comply with the legal obligations to which it is bound.
- To exercise your personal data protection rights or to ask any questions about the processing of your personal data, you should contact the Responsible Officer at privacidade@ccdr-lvt.pt.
- f you are dissatisfied with how we use your personal data or with our response to your request to exercise your rights, you may lodge a complaint with the National Commission for Data Protection (CNPD) – https://www.cnpd.pt.
Security of Personal Data
- Your personal data is kept secure by adopting various security measures, of a technical and organisational nature, considered necessary and appropriate for the protection of personal data.
- The Responsible Party has taken technical precautions to protect the spaces where the data is stored, in particular by protecting computer access with a password, using antivirus software and regularly maintaining the computer. Furthermore, the Manager ensures that only those employees who are required to have access to personal data are granted access to such data, in accordance with the rules created for this purpose. Likewise, when you browse the website, we protect your data with encryption, such as Transport Layer Security (TLS, is a security protocol that protects telecommunications over the internet).
- Although we take the care and precautions we consider appropriate to protect the personal data you provide and collect from us, you should be aware that no security system is impenetrable.
Final Provisions
- The Responsible Party reserves the right to adjust or amend this Privacy Policy at any time, and these changes will be publicised.
Date of last privacy policy update: June 07, 2021