Privacy Policy

Privacy Policy

This policy aims to define the general principles and rules to be applied by the National Commission for the Promotion of the Rights and Protection of Children and Youth (CNPDPCJ) as Data Controller, and the Institute of Informatics, IP as processor, to the Personal Data collected by you in the context of the Communications of Children and Youth in Danger the Commissions for the Protection of Children and Youth (CPCJ) No CNPDPCJ Portal.

A CNPDPCJ in the fulfilment of its mission and attributions, provided for in Article 3 of Decree-Law No 159/2015 in its current wording, allows through its CNPDPCJ portal, compliance with Article 66 - Communication of situations of danger by any person, of Law No. 147/99, of September 1, in its current wording, forwarding communications to the CPCJ territorially competent.

This policy considers the standards, standards and applicable legal requirements, including a specific, explicit and informed notification of data processing to data subjects.

The Privacy Policy of CNPDPCJ effective from 1 June 2020

The Privacy Policy applies to all Personal Data collected and processed belonging to users of the CNPDPCJ portal.

The Privacy Policy has as audience the users of the CNPDPCJ Portal, the Holders of Personal Data, the CNPDPCJ and the Institute of Informatics, IP.

A CNPDPCJ and the Instituto de Informática, I.P. process Personal Data in accordance with the following principles, set out in Article 5(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation (GDPR):

• Lawfulness, Loyalty and Transparency
• Purpose limitation
• Data Minimisation
• Accuracy
• Limitation of Conservation
• Integrity and Confidentiality

A CNPDPCJ and the Institute of Informatics, I.P. define appropriate technical and organizational security measures to effectively implement the principles of protection of Personal Data, complying with the legislation in force, and protecting the rights, freedoms and guarantees of Data Subjects.

A CNPDPCJ and the Instituto de Informática, I.P. imposes the same level of protection of Personal Data on all its suppliers or providers through appropriate contracts.

A CNPDPCJ and the Instituto de Informática, I.P. have an internal Organization for the Protection of Personal Data to ensure compliance with the rules on the protection of Personal Data, supported by Data Protection Officers.

A CNPDPCJ and the Instituto de Informática, I.P. undertake to process Personal Data in accordance with the applicable rules and legislation. Therefore, they develop tools and implement actions with the aim of ensuring and monitoring the effectiveness of the protection of Personal Data.

A CNPDPCJ and Instituto de Informática, I.P. have several internal policies and procedures that make its employees aware of the importance of the protection of Personal Data, providing them with operational guidance on how to comply with Data Protection legislation and monitor compliance with the protection of Personal Data.

A CNPDPCJ and the Instituto de Informática, I.P. establish, in this document, a Privacy Notice to the holders of Personal Data that complies with the requirements of the legislation in force and guarantees a specific, explicit and informed communication about the processing of your data. Responsibilities to notify any breach of Personal Data to the competent supervisory authorities are also defined.

A CNPDPCJ and the Institute of Informatics, I.P. undertake to carry out a training/communication program that raises awareness among its employees in the area of information security and privacy of Personal Data.

A CNPDPCJ and Instituto de Informática, I.P. process Personal Data lawfully, pursuant to Article 6(1) of the GDPR.

The holders of Personal Data may exercise, at any time, the right to information, access, rectification, erasure, updating, restriction of processing, portability, as well as opposition and non-subjection to automated individual decisions regarding their personal data, including the revocation of consent, in accordance with the GDPR or applicable law. To do so, they should refer to the “Contact” chapter of this document.

Data Subjects have the right to lodge a complaint with the competent Supervisory Authority in case of violation of the applicable rules in relation to the protection of Personal Data.

In the event of a breach of Personal Data, the Data Protection Officer of the CNPDPCJ notify it to the competent supervisory authorities and communicate it to the data subject where appropriate, in accordance with Articles 33 and 34 of the GDPR.

Within the framework of CNPDPCJ Portal, a CNPDPCJ and the Institute of Informatics, I.P. process the Personal Data related to the fulfillment of its duties.

The collection is made by interconnection, communication or with the Data Subject.

A CNPDPCJ and the Instituto de Informática, I.P. only process Personal Data if the lawful processing situations provided for in the GDPR occur.

A CNPDPCJ and the Instituto de Informática, I.P. retain Personal Data in accordance with the periods imposed by the legislation in force, in particular taking into account their missions and attributions.

A CNPDPCJ and the Instituto de Informática, I.P. never retain Personal Data for longer than necessary, in accordance with the purposes for which they were collected and are being processed, namely for the initiation and review of the process of promotion and protection that begins or runs in a CPCJ.

A CNPDPCJ and the Institute of Informatics, I.P. ensure that:

• Personal Data will only be made available to the CPCJ territorially competent, and will not be made available to third parties without the prior consent of their holders whenever this is legally necessary;
• Personal Data is not made available, free of charge or for cost, for purposes such as direct marketing, including mailing lists for advertising products and/or services.
• The processing of aggregated data (such as locality, age and others) for purposes considered to be in the public interest, namely in the context of statistical production, is carried out lawfully, in accordance with Article 89 of the GDPR. In this context, personal identification elements, such as the Name, BI Number, Citizen Card or Tax Identification, or information of a private nature are not made available.
• Personal Data will only be made available upon request by a judicial authority or public authority with legal powers to do so, in accordance with the legislation in force.
• Ensures the confidentiality and security of Personal Data while making it available to the aforementioned recipients.

A CNPDPCJ and the Institute of Informatics, I.P. follow organizational and technological security standards, and effective practices in information security management, to protect the confidentiality, integrity and availability of information, and to provide confidence in inter-organizational exchanges.

The Institute of Informatics, I.P. applies the standard international ISO/IEC 27001, Community standards, legislation as well as specific national recommendations on information security.

A CNPDPCJ and Instituto de Informática, I.P. have all the necessary technical and organizational measures to ensure a level of security of Personal Data appropriate to the risk and, in particular, to protect Personal Data against destruction, loss, alteration, unauthorized disclosure or accidental or illegal access.

Within the framework of CNPDPCJ Portal, a CNPDPCJ and the Instituto de Informática, I.P. have the appropriate technical and organizational measures to ensure the security of Personal Data.

The same level of protection is imposed contractually by the CNPDPCJ and Institute of Informatics, I.P. to their suppliers and suppliers.

Any employee of the CNPDPCJ or the Institute of Informatics, I.P. that, during your work, you have access to Personal Data you agree to keep it in the strictest confidentiality within the framework of the confidentiality agreements entered into.

In accordance with the applicable rules regarding the protection of Personal Data, if required, the Data Subject may exercise, at any time, his or her right to obtain access, rectify, forget and transfer pursuant to Article 20 of the GDPR, his or her Personal Data and also to restrict and oppose the Processing of his or her Personal Data.

The exercise of the rights of the Data Subject must be carried out with the CNPDPCJ, using the “Contact” chapter of this document.

When the Treatment is based on the authorization of the Holder, he has the right to withdraw his authorization at any time.

In its own interest, the Data Subject should seek to keep their data updated, and for this purpose, may contact the CNPDPCJ, using the “Contact” chapter of this document.

Data Subjects have the right to complain to the competent Supervisory Authority in case of violation of the applicable rules regarding the protection of Personal Data.

The Data Protection Officer informs and advises on the applicable requirements for the protection of Personal Data, monitors compliance with these requirements at Instituto de Informática, IP.

The Data Protection Officer shall cooperate and act as a contact point with the competent Supervisory Authorities and data subjects.

The Personal Data Protection Policy may be amended whenever there is a need or change in the regulatory framework, and a notice of such changes is published in a revised version of the current Policy, with entry into force at the time of its publication or on a date set therein.

In case of questions related to the rights and guarantees in the field of data protection, you may contact the Data Protection Officer of the CNPDPCJ, via e-mail dpo.cpcj@cnpdpcj.pt