Skip to content

Política de Privacidade e Cookies

ntroduction

The Privacy Policy has been developed to support COIMBRA ITEC – ASSOCIAÇÃO PARA A INOVAÇÃO E TECNOLOGIA DA REGIÃO DE COIMBRA, entity with tax identification number 517035936, headquartered at RUA DA MISERICÓRDIA, 3045-093 Coimbra – hereinafter referred to as COIMBRA ITEC, in adapting its activities to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (“GDPR”).

This policy is complemented by others related to security, which are relevant to the company’s business, collectively describing COIMBRA ITEC’s approach to information security and privacy.

This policy applies to all Professionals and Partners of COIMBRA ITEC and, when identified, to third parties accessing the company’s assets.

The terms ‘Privacy,’ ‘Data Privacy,’ and ‘Data Protection’ can be used interchangeably as they are associated with a complex set of legal requirements that apply to Personal Data, going beyond data security and confidentiality. For example, it includes requirements regarding transparency of data usage and its retention.

Compliance with this policy is mandatory, and therefore, all Professionals and Partners have an individual responsibility to ensure their compliance with it and, if necessary, should seek clarification from the leaders of their respective teams.

It is the responsibility of COIMBRA ITEC to define appropriate mechanisms to achieve compliance with this policy, with operational implementation being the responsibility of the teams, supported by the Privacy Officer.

Compliance with this policy may be monitored through inspections, audits, and/or written confirmation requests of compliance, with all areas responsible for regularly assessing their compliance within their area of responsibility.

Any employee found to have violated this policy is subject to disciplinary action.

This policy is based on the principles established in the GDPR. However, there are national differences in the applicability of data protection and privacy by COIMBRA ITEC when processing personal data outside the EU, receiving personal data from outside the EU, or processing personal data of non-EU citizens.

In case of doubt, contact COIMBRA ITEC through the provided contacts.

Data Protection Principles

In the scope of our activities, we process Personal Data: whether we receive personal data in the course of our business opportunities, our commitments to clients, marketing activities, or a range of other related and supportive activities. Data can be received directly from a Data Subject (for example, in person, via mail, email, telephone, or other sources), notably from our clients, partners, subcontractors, joint controllers for Processing, support service providers, and credit reference agencies.

All professionals and partners must only request personal data from a Data Subject that are relevant and necessary to fulfill a specific purpose and business task.

COIMBRA ITEC is committed to complying with the data protection principles defined by the GDPR, namely:

  • Lawfulness, fairness, and transparency: We must have a legitimate reason for processing Personal Data, for example, the Data Subject’s consent or compliance with a legal obligation. We must also inform the Data Subject clearly about the processing.
  • Purpose limitation: We must only request Personal Data for specific, explicit, and legitimate purposes and not process them for purposes beyond the one they were requested for.
  • Data minimization: The Personal Data subject to processing must be adequate, relevant, and limited to what is necessary.
  • Accuracy: We have an obligation to ensure that Personal Data is accurate and to update it whenever necessary.
  • Storage limitation: We must not retain Personal Data for longer than necessary for the purposes they are processed, although some data may be retained for historical and statistical purposes.
  • Integrity and confidentiality: We must have appropriate security controls in place to protect data against unauthorized and unlawful processing, loss, destruction, or damage, including technical and organizational measures such as defined processes, training, and awareness.
  • Legal transfer outside the European Economic Area (EEA): We only transfer Personal Data outside the EEA if there are adequate safeguards in place, such as a contractual basis.
  • Data Subject rights: Data Subjects have various rights that we must respect (for example, the right to access a copy of the data we hold and the right to withdraw consent given for direct marketing purposes).

Legality and Fair Treatment in Data Handling

Whenever Personal Data is collected, a legal basis for the inherent processing is necessary. According to the GDPR, we must identify at least one of the following reasons for processing Personal Data:

Consent: The Data Subject has given consent for their data to be processed for one or more specific purposes;

Contractual: Processing is necessary for the performance of a contract in which the Data Subject is a party or for pre-contractual measures;

Legal: Processing is necessary for compliance with a legal obligation to which the Data Controller is subject;

Vital Interests: Processing is necessary to protect the vital interests of the Data Subject;

Public Interest: Processing is necessary for the performance of a task carried out in the public interest;

Legitimate Interests: Processing is necessary for the legitimate interests pursued by the Data Controller, except where overridden by the Data Subject’s fundamental rights and freedoms.

When acting as the Data Controller, we must ensure that we have a legitimate basis for collecting and processing Personal Data. In some situations, we may act as a Data Processor on behalf of our client, in which case it’s their responsibility to ensure a proper reason for processing Personal Data, which they should share with us. However, we should take steps to ensure that our contract is clear about our responsibilities in this regard and that if we collect Personal Data directly from Data Subjects on behalf of the client, we have legitimate grounds to do so.

When processing Special Categories of Data, additional conditions must be met. Please contact COIMBRA ITEC for further guidance.

The GDPR requires that Data Subjects be provided with information about the processing to ensure fair and transparent treatment. Whenever we collect Personal Data, we must ensure that we adequately explain the reasons for needing the information and how we will process it. When information is collected through our website, this information is provided through a ‘Privacy Notice’.

Any other information to be provided when collecting Personal Data should also be available on the internet. Please refer to our Privacy Policy and Cookie Policy for more information.

Processing Only for Specific Purposes

Whenever we collect and process Personal Data, we must ensure that we only use it for the specific purposes communicated to the respective Data Subject. COIMBRA ITEC should never process Personal Data for additional purposes that have not been communicated to the Data Subject. This ensures clarity about the purpose of processing and allows us to understand why our clients may have collected the Personal Data or to contact the Privacy Officer.

Appropriate, Relevant, and Limited Processing

When collecting and processing Personal Data, we must adhere to the principle of data minimization. This means that we should collect only the minimum Personal Data necessary to perform a specific task. Additionally, we should ensure that we have an appropriate amount of Personal Data to perform a specific task effectively. For example, collecting only the necessary data to identify a person.

This also applies to any sharing and other processing activities. It’s important to minimize the data held and processed; when sharing data internally or externally or using it in activities such as testing, we should only use/share the minimum amount in each case.

Accuracy of Personal Data

We are obligated to ensure that Personal Data is kept accurate and up-to-date. We must have appropriate processes in place to maintain accurate data whenever necessary (e.g., data of current and potential professionals or clients held by relevant departments).

When acting as the Data Controller in relation to a client, we are not obligated to implement mechanisms to keep this data updated; that responsibility lies with the Data Controller, i.e., our client.

Retention of Personal Data

Personal Data should not be retained longer than necessary. This means that we must define and apply maximum retention periods for the Personal Data we process and implement processes to delete them at the end of their term. Therefore, the following retention periods can be applied:

(i) For as long as necessary for the relevant activity or services;

(ii) Any retention period required by law;

(iii) At the end of the period during which disputes or investigations may arise regarding the services; or

(iv) For the minimum period specified in the contract.

Rights of Data Subjects

The GDPR requires us to inform individuals about the Personal Data we collect, the purposes and means for processing it. This information is provided in the form of a ‘Privacy Notice’.

a) Right of Access

Data Subjects have the right to request to see the Personal Data we hold about them, the purpose of processing, and the categories of data involved. We must notify Data Subjects of recipients with whom we will share their data, especially if the recipient is in another country or belongs to an international organization. Whenever possible, we will set a data retention period to meet business objectives. We must inform Data Subjects of their right to object to processing and their right to rectification and erasure. We must inform Data Subjects of their right to lodge a complaint with a Supervisory Authority. When data is collected from someone other than the Data Subject, we must inform the Data Subject of the source of that data. We must ensure that processes are in place to identify and respond to access requests from Data Subjects promptly and within a maximum of one month.

b) Right to Rectification

Data Subjects have the right to rectify inaccurate data, and COIMBRA ITEC must make all efforts to do so immediately.

c) Right to Erasure

Data Subjects have the right to obtain from the Data Controller the erasure of their data (‘right to be forgotten’). COIMBRA ITEC must make efforts to erase stored data immediately, except when there is a legal requirement for its retention. If we receive a request from a Data Subject, we should first contact the Privacy Officer before deleting any data.

d) Rights of Children

All individuals, including children, are protected by the GDPR. For children under 13 years old, we must not process their Personal Data based on their consent unless authorized by their legal guardians.

e) Marketing

We may sometimes send marketing materials to our customers and partners to inform them about services, future events, or other activities of interest. In such cases, we must indicate the right to withdraw consent at any time if they no longer wish to be contacted in these terms. We must also ensure that processes are in place to record and respect all participation preferences.

Security of Retained Data

COIMBRA ITEC will maintain data security by protecting the Confidentiality, Integrity, and Availability of Personal Data, as follows:

Confidentiality means only authorized individuals can access the data;

Integrity means Personal Data must be accurate and suitable for the purposes of processing;

Availability means authorized users must be able to access data if needed for authorized purposes.

Disclosure of Data

All professionals and partners must avoid inappropriate disclosure of Personal Data and comply with our general confidentiality duties. It is allowed to:

a) Disclose Personal Data to third parties only under instruction or when a legitimate basis exists, and no restrictions are in place.

b) Disclose Personal Data to third parties in the event of selling or buying any business or assets, or when we are Joint Data Controllers as part of a joint venture.

c) Share Personal Data with a third party processing data on our behalf, which may include transferring data to a third country.

Personal Data can generally be disclosed:

a) To Professionals or agents for them to perform their duties as such.

b) In cases where non-disclosure could harm crime prevention or detection, bringing charges against offenders, or assessing or collecting taxes or fees. COIMBRA ITEC must have valid reasons to disclose data under this category to avoid criminal proceedings. All disclosures must be justified and documented.

For legal purposes, data can be disclosed if:

a) Required by law, statute, or court order.

b) For the purpose of obtaining legal advice;

c) Within or for the purposes of legal proceedings or when necessary for the defense of a legal right.

d) For the safeguarding of national security.

International Transfer of Personal Data

COIMBRA ITEC may transfer any Personal Data to a third country or international organization. Personal Data we possess may also be processed by employees operating in a third country or by one of our suppliers. We must ensure that at least one of the following conditions applies:

a) The country to which Personal Data is transferred guarantees an adequate level of protection for the rights and freedoms of Data Subjects, as decided by the EU Commission.

b) Appropriate safeguards are provided (e.g., standard data protection clauses).

c) The Data Subject has given explicit consent for the transfer after being informed of the potential risks.

d) The transfer is necessary for one of the reasons established in the GDPR, including the performance of a contract between COIMBRA ITEC and the Data Subject, or the protection of the vital interests of the Data Subject.

e) The transfer is legally required for important reasons of public interest or for the initiation of legal actions or defense in the same context.

Log Information, Cookies, and Web Beacons

COIMBRA ITEC’s website uses cookies to enhance user experience and ensure the site’s proper functioning. This Cookie Policy is part of our Privacy Policy, which you should refer to for more information about us and how we protect user information. To provide personalized and efficient service, it’s necessary to store and remember how this website should be used. For this purpose, we use small text files called cookies that contain minimal amounts of information downloaded to users’ computers or devices via a server. Subsequently, users’ web browsers send these cookies back to the website on each subsequent visit, allowing recognition and identification of visitors, including users’ preferences. You can find more detailed information about cookies and their functioning at aboutcookies.org. By using this site, you accept the use of cookies as described in this Cookie Notice.

What types of cookies are used and why?

Some of the cookies we use are necessary to allow navigation on this website and to take advantage of its features, such as accessing secure areas and exclusive content for registered users. Our website also uses functional cookies to record user preferences and customize the site according to their needs; for example, remembering the original language or region, or that a user has completed a survey. The recorded information is anonymous and only intended for the above purposes. We may use web analytics services, directly or indirectly, to assess the effectiveness of our content and user preferences, contributing to optimizing the website’s operation. Additionally, we use web beacons or tracking pixels to count visitors and performance cookies to monitor individual user access to our website and how often. This information is used only for statistical purposes without identifying any specific user. However, for registered users who are logged into the website, we may combine this information with data collected via web analytics services and cookies to analyze how visitors use this website in more detail. This website does not use targeting cookies to promote targeted advertising to our visitors. Whenever you need detailed information about the cookies used on our website, please contact us via email.

How to control cookies?

Users of the website accept the placement of cookies on their computers or devices as specified above, without prejudice to available control and management. We inform users that removing or blocking cookies may affect their user experience and limit access to certain areas of the website.

Browser Controls

The vast majority of browsers allow our users to view and delete cookies individually, or alternatively, block cookies on a specific website or all websites in general. Please note that defined preferences, including opt-outs, are lost whenever cookies are deleted. For more clarification, you should refer to the websites or cookiecentral.com.

Analytics Cookie Management

Our users can choose to make their browsing activity anonymous on websites monitored by analytics cookies. We use the following service providers, where you can obtain more information about their privacy policies and how to exclude their cookies by clicking on the following links:

Google Analytics: google.com/analytics/learn/privacy.html

Facebook Pixel: facebook.com/business/help/742478679120153

Management of Local Shared Objects or Flash Cookies

A local shared object or flash cookie resembles other browser cookies but can store more types of information. These cookies cannot be controlled through the mechanisms identified above. Some areas of our website use this type of cookie to store user preferences for media player functionality, and without them, the content of some videos may not be appropriately viewed. These cookies can be manually controlled by visiting the Adobe website.

Social Buttons

We use social buttons to allow our users to share or bookmark pages. These buttons relate to social networks that may obtain information about visitors’ activities on the Internet, including our website. Understanding how this information is used and how users can opt out of its collection should be obtained by reviewing the respective Terms of Use and Privacy Policies of these websites.

Email Communications

To assess the relevance of our communications, we may use tracking technologies to determine whether our visitors have read, clicked on links, or forwarded certain email communications sent by us. If users disagree with this approach, they should unsubscribe from our communications, as it’s not possible to send these emails without these active tracking mechanisms. Registered subscribers can update their communication preferences at any time by contacting us via email or they can unsubscribe by following the instructions in the email communication sent to their email address.

This Cookie Policy may be reviewed at any time at our discretion. When such changes occur, the revision date at the top of the page will be updated. The revised Cookie Policy will take effect from the revision date. We recommend that users of our website review the Cookie Policy periodically to stay informed about how we manage cookies.

Updated on August 9, 2023