Privacy policy
1. Objective
RELOP aims to inform users that it ensures proper management of personal data complying with the law and best practices. To that end, it develops tools and implements actions to guarantee and monitor the effectiveness of personal data protection.
2. General Principles
RELOP collects and processes personal data in accordance with the following principles:
- Lawfulness, fairness and transparency – Lawfulness is associated with the subsumption of each process to a listed lawfulness cause and entails compliance with the General Data Protection Regulation and other applicable legislation. Fairness is essentially related to the development of personal data processing, in a balanced relationship between the people responsible/subcontractors and the data subjects. Transparency requires that the information/communications related to these personal data be of easy access and comprehension, formulated in a clear and accessible language;
- Purpose limitation – personal data are collected for specific, explicit and legitimate purposes and may not be further processed in an incompatible with those purposes;
- Data minimisation – the data collected must be adequate, pertinent and limited to what is necessary as regards the purposes for which they are processed;
- Accuracy – personal data must be accurate and kept up to date where necessary; suitable measures must be taken to ensure that inaccurate data are immediately deleted or rectified, considering the aim for which they are processed;
- Storage limitation – personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed;
- Responsibility – the person responsible for the data processing is also responsible for compliance with the principles listed here and has to be able to prove it;
- Security – personal data must be processed to ensure safety, including protection against unauthorized or illicit processing and its loss, destruction or accidental damage, through appropriate technical or administrative measures. Security consists of three pillars: integrity, confidentiality and availability.
3. Data subject rights
Right of access – The data subject has the right to obtain confirmation about the processing of their personal data and the right to access these data and ask for information about its processing. The data subject can also obtain a copy of the data subject to processing.
Right of rectification – The data subject has the right to obtain and rectify inaccurate personal data and to complete the incomplete ones. The data subject must strive to keep their data updated in their interest.
Right to be forgotten – The data subject has the right to delete their personal data in certain situations. There are some cases when this right can be limited, for example, during a legal action or when the data is necessary to comply with legal obligations.
Right to limit the processing – The data subject has the right to obtain a limitation to processing their personal data. For example: when the processing is illicit, and the data subject is opposed to deleting their data, the subject can ask, in return, to limit the data usage.
Right of portability – The data subject has the right to receive their personal data provided in a structured, automatic reading, current use format. The data subject also has the right for their personal data to be transmitted directly to others responsible for its processing.
Right of opposition – The data subject has the right, at any moment, to oppose processing their personal data, including profiling, due to motives related to their particular situation.
Right of not being subject to individualised, automated decisions – RELOP does not adopt individualised, automated decisions, including profiling, which affects the legal sphere of the data subject or that similarly affects them.
Right to withdraw consent – The data subject has the right to withdraw their consent at any moment, provided that the data processing is made based on this consent, and there is no other legal basis that allows its processing.
4. Exercising the rights
The exercising of rights is free of charge and can take place through the following email address: secretariado@relop.org or by registered letter with acknowledgement of receipt to: RELOP, Rua Dom Cristóvão da Gama nº1, 3º andar, 1400-113 Lisboa.
5. Processing of personal data
RELOP only collects and processes personal data if:
- It obtained permission to process the personal data; or
- The processing is required to comply with a legal obligation to which RELOP is subject.
6. Personal data retention period
RELOP never maintains personal data beyond the necessary time frame, in accordance with the purposes for which the data was collected and processed.
7. Personal data transmission
RELOP guarantees that:
- Personal data is not shared with third parties without the previous consent of the data subject;
- Personal data is transferred to third parties only if requested by a judicial or public authority with powers to do so, in accordance with the rules in force.
8. Security Measures
RELOP will keep personal data secure, protecting its confidentiality, integrity and availability.
Confidentiality – only authorised personnel can access data;
Integrity – personal data must be exact and adequate for the purposes of the processing;
Availability – it must be possible to access the data for authorised purposes.
For this purpose, technical and organisational security measures were adopted to protect the diffusion, loss, inadequate use, change, processing or unauthorised access to data, as well as any other illicit ways of processing. Any RELOP employee with access to personal data during their job must keep it strictly confidential.
9. Privacy Policy Updates
The present policy may be subject to updates, therefore, its regular consultation is recommended.
Approval: 22 July 2022