In particular, personal data processing carried out by FLAD is governed by the following principles: lawfulness, loyalty and transparency in data processing; purpose limitation; data minimization; accuracy; storage limitation; integrity, confidentiality and responsibility.
With the aim of ensuring its commitment towards the privacy of its users, FLAD has adopted the best personal data security and protection practices under the terms set out below.
It is essential that you read and give your express consent to the storage and processing of your personal data so that the sending of communications be authorized in accordance with the rules defined herein.
It is important to point out, moreover, that simply accessing FLAD’s website does not necessarily imply collecting personal data.
I. Which data is processed and how is it collected?
FLAD only collects adequate, relevant data that are limited to what is strictly necessary for the purposes for which FLAD processes such data.
As regards applicants, suppliers, partners, employees and workers , FLAD shall only collect the following personal data: Identification data, professional data, professional activity data, accountancy data, own personal data in the case of natural persons, or data of their representatives in the case of legal persons, such as the name, nationality, contact details, citizen card details, position, duties, professional contacts as well as any other personal data whose processing is strictly necessary for the performance of a contract or compliance with legal obligations;
With regard to contact requests, FLAD collects the following personal data: identification data such as name, address, email address, telephone or mobile number;
Regarding subscription to its Newsletter, FLAD collects the following personal data: identification data such as an email address;
Where applications are concerned, FLAD collects the following personal data: Identification data such as name, email address, as well as any data contained in the curriculum vitae.
Personal data are collected by various means, namely, by filling out forms available on FLAD’s website, the sending of messages by email, telephone contact details, the handing over of a personal card, the call for applications, the sending of professional applications, the hiring of services by or for FLAD.
FLAD may only process health data if duly appointed for that purpose and only with the consent of the data subjects.
II. Entity responsible for personal data processing
In order to contact the person responsible for matters relating to data protection at FLAD, please send an email to: firstname.lastname@example.org.
III. What is the lawful basis and the purposes for processing personal data?
The legal basis for processing the personal data of applicants, suppliers, employees and workers, is the performance of a contract or compliance with a legal obligation, as provided for in Article 6 (1) (a) and (b) of GDPR.
The processing of personal data of applicants, suppliers, partners, employees and workers is intended for any purpose directly related to the performance of the contract concerned or compliance with legal obligations, namely, recruitment, hiring, contract management, work management, accountancy, commercial activity, applicant management, communications, receipt of applications, and service provision.
Personal data processing for purposes other than those mentioned above, namely, personal data collected through the FLAD website or following the sending of email messages with contact requests, cannot be carried out without the consent of the data subjects as laid down in Article 6(a) of GDPR.
Processing of personal data collected through FLAD’s website or email address is intended to provided a reply to contact requests, namely the sending of proposals/budgets and other information on the promotion of scientific, technical, cultural, educational, commercial, and business cooperation, the sending of marketing communications such as newsletters, information on events or other related activities and recruitment.
IV. Personal data storage
FLAD only keeps personal data in a form which permits the identification of the data subjects for as long as it is strictly necessary for the purpose for which the data is processed, without prejudice to the need for storing the data for longer periods to meet legal compliance obligations.
Thus, it should be made clear that personal data regarding the recruitment and selection of applicants may be kept for as long as necessary for fulfilling its purpose (for example, should an applicant be involved in FLAD projects, their personal data will be processed in accordance with the human resource management purpose; otherwise, such data may be kept in reserve for future recruitment processes for a year, without prejudice to the data subject’s right to request the erasure of his data at any time).
In the case of requests made using the contact form, the personal data shall be erased after a reply to the contact request, and, at all events, always six months after submission of the contact request.
In the case of personal data collected from the Newsletter subscription, the data shall be erased after six months from the date of the request for subscription erasure.
However, for compliance with legal obligations regarding the storage of books, accounting records and supporting documentation thereof, the personal data may be kept for archiving purposes during a 12-year period under the terms of Article 123 (4) of the Portuguese Corporate Income Tax Code.
V. Data subject rights
FLAD guarantees every user, at any time, the right of access to personal data, as well as their rectification, erasure, portability, limitation and, or, the right to object to processing.
To that end, you may exercise any of these rights by writing to FLAD at the address of its head office or at the following email address email@example.com.
Additionally, the user may lodge whatever complaints they may deem necessary with the competent authority for that purpose.
VI. Right to be forgotten
The data subject has the right to obtain from the controller the erasure of his or her personal data who, in turn, has an obligation to erase such data whenever one of the following grounds apply:
(i) the data are no longer needed for their original collection or processing purpose;
(ii) the data subject has withdrawn his or her consent, when consent forms the legal basis or the data subject objects to processing and there are no longer any overriding legitimate interests that justify their retention.
VII. Security of personal data processing
FLAD is committed to implementing all precautions necessary for preserving the confidentiality and security of the personal data collected and processed. With this in mind, technical and organizational security measures have been developed, particularly with regard to information systems.
FLAD would like to inform you that the said security measures shall be reviewed according to the needs and requirements of these matters.
In the event, for whatever reason, of a breach of security which either accidentally or unlawfully causes unauthorized destruction, loss, alteration, or disclosure of, or access to, personal data, FLAD shall undertake, under the provisions of applicable legislation, to communicate such breach to the National Data Protection Authority, without undue delay, whenever possible, but not later than 72 hours after becoming aware of the occurrence. FLAD shall undertake further to communicate the breach of personal data to the data subject concerned, in compliance with applicable legislation.
In addition, notwithstanding the security measures adopted by FLAD, it is important to stress and be aware that users should also adopt additional security measures, namely, by ensuring that an active firewall is in place, as well as updated anti-virus and anti-spyware software.
VIII. Transmission and communication of personal data to third parties
FLAD shall only transmit personal data to third parties in cases where this becomes necessary for scientific, technical, cultural, educational, commercial or business cooperation, or for legal compliance obligations to which FLAD is subject, such third parties being chosen upon meeting high requirements and bound to comply with legal standards applicable in matters of personal data protection.
Such transmission, when required to fulfil its social purpose, or for compliance with legal obligations to which FLAD is subject, or as a result of the data subject’s consent, is carried out while limiting the data transmitted to what is strictly necessary for the fulfilment of such obligations and by means of appropriate security measures. Personal data shall not be transmitted in any other case without permission from the data subject.
In the course of its business, FLAD may make use of third parties in order to promote scientific, technical, cultural, educational, commercial and business cooperation (located, for example, in Portugal or in the United States), which might imply, in some situations, access by those entities to personal data of users.
Thus, FLAD undertakes to take the necessary and appropriate measures in order to ensure that the entities that have access to such personal data are reputed and offer high guarantees in disregard, which shall be duly provided for and safeguarded in writing in the agreement to be entered into between FLAD and the third party/parties.
Therefore, any entity subcontracted by FLAD will process the data of users on its own behalf and for its own account, undertaking to take the necessary technical and organizational measures to protect the personal data against accidental or unlawful destruction, accidental loss; unauthorized alteration or disclosure of, or access to personal data and against any other form of unlawful processing.
In any case, FLAD remains responsible for the processing of personal data.
Whenever necessary, and within the scope of hiring third parties by FLAD, personal data may be transferred outside the European Union, under the terms and conditions permitted by the applicable legislation.
IX. Access to the third party websites
Cookies shall be understood as computer files which contain a sequence of numbers and letters which permits to uniquely identify the user’s Internet access device, although they may also contain other information such the user’s browsing preferences on a particular site. Cookies are downloaded through the browser to the user’s Internet access device (computer, mobile phone, tablet, etc.) when accessing particular sites.
The storage of cookies is performed by access equipment through the browser which only retains information relating to preferences, not including personal data as such.
II. Cookie use
You should not continue to access our website after receiving a warning message about the cookies, if you do not agree with their use.
III. Types of cookies
There are two types of cookies that can be used:
Permanent cookies – are cookies which remain stored on the browser of your access equipment (PC, mobile and tablet) and which are used whenever you make a new visit to one of FLAD’s websites. Generally, these cookies are used to direct navigation according to users’ interests, allowing us to provide a more personalized service.
Session cookies – are temporary cookies which remain on the browser’s cookies archives until you leave the website. The information obtained by these cookies serve to analyze web traffic patterns, enabling to identify problems and afford a better navigation experience.
IV. Purposes of cookie use
Strictly necessary cookies – Allow surfing the website and using the apps, as well as accessing secure area of the website. Without these cookies services you have asked for cannot be provided.
Analytical cookies – Are used anonymously to create statistical analysis aimed at improving the functioning of the website.
Functionality cookies – Keep the user’s preferences on website use so that it is not necessary to configure the site again each time you visit it.
Third-party cookies – Measures the success of the apps and the effectiveness of third-party advertisements. They may be used for personalized advertising with user data.
Advertising cookies – Target advertising in accordance with the interests of each user so as to target the advertising campaigns taking account of user tastes, while, at the same time, limiting how often the advert is viewed, thus helping to measure advertising effectiveness and the success of website organization.
V. Cookie management
Every browser allows the user to accept, refuse or delete cookies and further to inform the user whenever a cookie is received, namely, through the selection of appropriate definitions on the browser concerned. The user may configure the cookies on his or her browser menu (e.g. “options” or “preferences”).
Disabling cookies may, however, prevent some web services from working correctly thus affecting website surfing partly or wholly.