Personal Data Privacy Policy
UAc Personal Data Privacy Policy
This explains the terms under which the University of the Azores (UAc) handles the personal data of the university community or external people it interacts with in the course of its activities, as well as the rights that data subjects can exercise, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
1. General Concepts
Personal data - information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing of personal data - an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Controller - a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Data Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
Supervisory Authority - an independent public authority responsible for monitoring the correct application of legislation on the protection of personal data. In the case of Portugal, this is the National Data Protection Commission (CNPD).
2. Data Processed
UAc processes the personal data it collects within the scope of its relationship with members of the academic community or with external individuals, with a view to fulfilling its mission and legal obligations.
3. Entity Responsible for Data Processing
The entity responsible for data processing is UAc.
4. Principles relating to the processing of personal data
In processing data, UAc respects:
- Lawfulness, fairness and transparency: personal data is processed lawfully, fairly and transparently in relation to the data subject;
- Purpose limitation: personal data is collected for specified, explicit and legitimate purposes;
- Data minimization: the personal data collected is adequate and relevant and limited to what is necessary in relation to the purpose of the processing;
- Accuracy: personal data must be accurate and kept up to date whenever necessary;
- Retention limit: personal data will only be kept for as long as is necessary for the purposes for which they were collected;
- Integrity and confidentiality: personal data will be processed in a way that ensures its security and protection, including protection against unauthorized or unlawful processing;
- Accountability: the data controller has an obligation to guarantee the principles set out and must be able to demonstrate this guarantee.
5. Data Retention
Personal data is retained indefinitely by UAc, within the context of its academic information management activities, without prejudice to the provisions of the law.
6. Data Transfer
To fulfill its mission and in compliance with its legal obligations, UAc may need to transfer personal data to other entities, provided that its confidentiality is guaranteed.
7. Data Subject Rights
UAc ensures that data subjects can exercise their rights of access, rectification, objection, erasure, and restriction of processing.
8. Exercising Rights
The exercise of any of the data subjects' rights is done by filling out a specific form available on the institutional service portals.
9. Subcontractors
UAc may process personal data directly and/or through subcontracted entities for this purpose, safeguarding data protection through the signing of confidentiality agreements with these entities or the inclusion of a specific clause in the contracts signed with them, under the terms and with the content provided for in applicable legislation.
10. Data Protection Officer (DPO)
UAc has a Data Protection Officer to whom clarifications regarding the processing of personal data may be requested or any complaint may be submitted via the email address reitoria.rgpd@uac.pt.