The ISEG – Lisbon School of Economics and Management, Universidade de Lisboa s committed to protecting and respecting the privacy of the holders of personal data, guaranteeing the confidentiality and integrity of the information, in compliance with the General Regulation for the Protection of Personal Data (GRPD) and the Portuguese Data Protection Law 58/2019 that is in force.
The processing of holders’ personal data is carried out by ISEG, within the scope of its mission as a higher education institution, with the following legitimacy and purposes:
Category of the holders of personal data | Legitimacy or legal foundation | Purpose | Categories of those who have access to personal data |
Visitors to the website | Consent | Information in accordance with the policy of Cookies | Not applicable |
Student Applicants, Alumni, and Other Visitors | Consent | Information and Communication | Entities associated with events |
ISEG Students | Study Agreement; Specific consent (image and employability activities); Legal obligations; Defense of vital interests; ISEG's legitimate interests (security identification) | Teaching – learning; Student satisfaction assessment; emergency response | Guardianship and legal and official entities (including auditors and inspectors) Insurers ISEG card via banking entities Employability Partners emergency response authorities |
Faculty and Non Faculty Staff | Employment Contract Service provision contract legal obligations Defense of vital interests of the data subject Public interest | Implementation of the mission, organizational objectives and legal obligations | Guardianship and legal and official entities (including auditors, inspectors, solicitors) Insurance and Occupational Medicine ISEG card via banking entities |
HEEs and Partners | Contract / partnership agreements | Communication and joint participation in activities inherent to the mission | guardianship Entities associated with events Insurers |
Suppliers | Contract legal obligations | Communication within the scope of services provided | Guardianship and legal and official entities (including auditors and inspectors) |
To carry out the different purposes, the ISEG may process different types of personal data:
· identification data (such as name, date of birth, identification document number); contact data (such as mobile phone, address or e-mail);
· qualification data and professional status (such as schooling, performance);
· banking, financial and transaction data (such as IBAN, tax identification number);
· special data (health, administrative offenses or criminal offenses);
· event recording images;
· images collected through video surveillance systems.
According to the retention policy of the ISEG, personal data will be destroyed as soon as its legality and purpose ends, that is, within the period considered adequate and/or necessary to fulfill the objectives that motivated its collection, in accordance with the applicable laws.
The ISEG periodically assesses the risks of breach of privacy for its holders and implements the technical and organizational measures considered appropriate within the reach of the organization to prevent loss, misuse, alteration, unauthorized access and misappropriation of personal data provided or transmitted.
When the processing of data is carried out by third party subcontractors (processors), a contract is established between the parties with respect for the stipulations in the RGPD, in order to obtain sufficient guarantees to ensure that the treatment meets the requirements and ensures the defense of the rights of the personal data holders.
As the holder of personal data, you have the following rights:
1. Right to get confirmation that the data concerning you are being processed and, if applicable, to access your personal data and access the information provided for by law;
2. Right to which the Services of the ISEG, without undue delay, rectify inaccurate or incomplete data concerning you;
3. Right to request the erasure of your data, without undue delay, when the personal data are no longer necessary for the purpose for which they were collected or processed;
4. Right to request the limitation of the processing of your data in certain cases, namely, if the processing is unlawful and if you oppose the deletion of the data, requesting, in return, the limitation of its use;
5. Right to portability your personal data that you have provided to the ISEG, in a structured, commonly used and machine-readable format, including the right to transmit this data to another controller;
6. If treatment depends on your consent, is entitled to take it off;
7. Right to submit a complaint to the Data Protection Officer (DPO) of the ISEG and Universidade de Lisboa via rgpd@ulisboa.pt and/or the Control Authority which in Portugal is the CNPD.
To exercise your rights, you must request in writing via rgpd@ulisboa.pt or official email addresses published on the ISEG website. For your security and whenever deemed necessary, the Services will request additional information to confirm your identity.
The ISEG reserves the right to periodically review the current policy, so we recommend that you periodically consult the Privacy Policy available on the website of the ISEG.
The Dean of ISEG
V02 of 07.22.2020