Introduction

Imprensa Nacional-Casa da Moeda, S. A. (hereinafter "INCM") undertakes to ensure the protection of privacy and personal data of the data subject who uses the website and other INCM services.

With the entry into force of the General Data Protection Regulation (GDPR), INCM remains committed to comply with the legislation for the protection of personal data, of privacy and of information security, in order to protect the personal data and privacy of the data subjects.

We will be clear and transparent about the information we are collecting and what we will do with this information.

This Policy defines the following:

  • Which personal data we collect and process about you and about your relationship with us as the data subject and through your use of our website;
  • From where we obtain the data;
  • What we do with those data;
  • How we store the data;
  • To whom we transfer / to whom we disclosure the data;
  • How we process your data protection rights;
  • And how we comply with the rules of data protection.

Personal data controller

Imprensa Nacional-Casa da Moeda, S. A. (INCM), with registered office at Avenida António José de Almeida, Edifício Casa da Moeda, in Lisbon, registered with the Commercial Registry Office, holder of registry number and tax number 500792887, with the share capital of ¤ 30,000,000.00 is responsible for the collection and processing of personal data of the data subjects, under the terms and for the purposes of the present document, in compliance with the applicable legal obligations. The data may be processed directly by INCM of by entities sub-contracted for that purpose.

Principles of protection of personal data

Within the scope of the activity developed by INCM, personal data are processed. The collection of these personal data is carried out through the provision of our services, commitments to clients, marketing activities or other ancillary activities or of support. Data can be received directly from the data subject, for instance, in person, by mail, by email, by telephone of by means of other sources.

All collaborators and partners should only collect personal data that are relevant and necessary to the performance of their duties.

INCM undertakes to adhere to the data protection principles laid out by the GDPR, which are as follows:

  • Lawful, fair and transparent processing - this means we should have a lawful basis to the processing of personal data, for instance, a contractual relation with the data subject or data processing is necessary to the fulfilment of a legal obligation we are subject to. That also means we should inform the data subject about the data processing in an accessible, easily comprehensible fashion;
  • Purpose - we should only collect personal data for specific, explicit and legitimate purposes. And we should not process data beyond the purpose for which they were collected;
  • Data minimisation - adequate, pertinent and limited to what is necessary concerning the purposes for which they are processed;
  • Accuracy - we are required to guarantee that personal data are accurate and to maintain up-to-date personal data;
  • Storage limitation - we should not store personal data for a longer period than what is necessary for the purposes for which they were collected, although we can store certain data for historic and statistical purposes;
  • Integrity and confidentiality - processed in a manner that ensures their safety, including protection against unauthorised or unlawful processing and against their accidental loss, destruction and damage, adopting the adequate technical and organisational techniques;
  • Transfer to third party countries or international organisations - we only transfer personal data to third party countries or to an international organisation if the European Commission has confirmed that they ensure an adequate level of protection or, otherwise, if there are appropriate safeguards in force;
  • Data subjects' rights - the data subjects have several rights to which we should address. For instance, the right of access to a copy of the data we possess.

Which personal data we collect

Personal data refer to any information concerning the data subject which allow his or her identification, such as name, contact information, payment details and information concerning data subject's access to our website.

We can collect personal data from the data subject when he or she registers as a user of our website, intends to request professional qualifications, activity permits or brands of responsibility via online forms, or when intends to send or request information via the forms present on the website.

Depending on the forms, the following personal data may be collected:

  1. Name;
  2. Address;
  3. Tax number;
  4. Citizen Card / expiry date;
  5. Birth date;
  6. Nationality;
  7. Birth place;
  8. Phone contact;
  9. Email;
  10. Academic qualifications;
  11. Profession;
  12. Criminal record;
  13. Ophthalmologist's statement;
  14. User code;
  15. Photo;
  16. Sex;

Purposes of data treatment, why and for how long

The subject's data will be processed for the following purposes:

  • Management of marking activity;
  • Management of activities with professional qualification;
  • Approval of brands of responsibility;
  • Management of online store
  • Client management;
  • Newsletter publication;
  • Management of subscriptions of the Diário da República Eletrónico [Eletronic Official Gazette];
  • Management of publications acts of the Diário da República [Official Gazette]

Your personal data will only be subject to processing in case there is a lawful basis. The lawful basis will depend on the reasons for which the personal data were collected and the need for their use.

We hereby present the possible lawful basis for the processing of your personal data:

  • Performance of a contract - if data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Legal obligation - if data processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Protection of data subject's vital interests - if data processing is necessary to protect vital interests of the data subject or of another natural person;
  • Performance of a task carried out in the public interest or in the exercise of official authority - if data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Legitimate business interests - if data processing is for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
  • Data subject's consent - if data subject has given his or her consent to the processing of personal data for one or more specific purposes.

Only minors of 16 or older can give valid consent to the processing of personal data, otherwise this is only considered lawful if authorised by the holders of parental responsibility of the minor.
Personal data will be maintained for no longer than the time necessary to the fulfilment of the purpose for which they were collected. In order to determine the appropriate retention period, quantity, nature and sensitivity of the personal data and purposes of processing were taken into consideration.
The periods during which there is a need to retain personal data due to legal obligations or to reply to complaints were considered.
Personal data will be erased safely after the defined retention period. Through time, actions of minimisation of personal data subject to processing will be considered, as well as the possibility of render processed data anonymous so it may not be associated to the data subject, nor it may be possible to identify him/her. In such cases, this information may be used again without previous notice1.

Click here for more details about the purposes of data treatment, lawful basis and / or retention period of the personal data collected at incm.pt

Security of personal data of the data subject

INCM undertakes to ensure the security of the information it holds, as well as all associated resources, whether procedural, technological or human. Protection of information is key to the strategic success of the organisation and to the sustainability of the business.
Management of the security of information and of the systems that support it is carried out by ensuring, through an approach based on risk management and continuous improvement, confidentiality, integrity and availability of all information. The safeguard of these three pillars of information security constitutes a guarantor of image, reputation and credibility of the organisation and of its production processes to collaborators, partners and clients.

Sharing of personal data of the data subject

Personal data of the data subject may be shared in the situations laid out by the GDPR and other applicable legislation.

Your data protection rights

By law, the data subject is entitled to:

  • Enquire if we hold personal data about her or him and, if so, which data are those and why we hold them;
  • Request access to personal data, receiving a copy of the personal data we hold, and verify if we are processing them lawfully;
  • Request the rectification of personal data, being able to, at any moment, rectify incomplete or imprecise data we may hold;
  • Request the erasure of personal data, being allowed to delete or remove personal data, at any moment, whenever a period for which the personal data were stored has expired, or data processing is no longer lawful. Data subject also has the right to request us to erase or remove their personal data when he or she has exercised his or her right to object to processing (see below);
  • Objection to data processing in such cases when we depend on a legitimate interest (or those of a third-party) and there is a valid reason for this objection. The data subject also has the right to object in cases when we are conducting the processing of personal data for direct marketing purposes;
  • Objection to automatic decisions, including the creation of profiles;
  • Request the restriction of data processing, forcing the suspension of the processing of personal data;
  • Request the portability of personal data in a structured and electronic form for him or her or for another entity.
  • Withdraw consent. In limited circumstances in which he or she may have given consent to the collection, processing and transferal of their personal data for a specific purposes, the data subjects have the right to withdraw consent to that specific treatment at any time.

If you wish to exercise any of these rights, contact us through the email address dpo@incm.pt or send us your request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisbon.

You will not have to pay a fee to access your personal information (nor to exercise any other right). However, we may charge a reasonable fee in case your access request is clearly excessive or manifestly unfounded. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to ask you specific information to help us confirm your identity and guarantee your right of access to this information (or to exercise any other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person whom is not entitled to receive it.

Cookies

Cookies are small text files transferred to the hard disk of your computed through your web browser to allow us to recognise the browser and help us keep track of the visitors of our site.

The institutional website(incm.pt) only uses cookies to obtain session information of the user, which allows the user to keep a session open on the website while he or she navigates.

Changes to privacy policy

INCM reserves the right at any time to make readjustments or changes to the present Privacy Policy in the legally applicable terms. Those changes will be duly published on the website of INCM.

Talk to us

The data subjects may contact INCM concerning all issues related to the processing of their data and to the exercise of their rights through the following email address: dpo@incm.pt or send their request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisbon.

Disclaimers

The Imprensa Nacional-Casa da Moeda, SA cannot guarantee that the operation of this website will be completely error-free or without periods of downtime. The website cannot guarantee that any files that are downloaded will be completely free of errors or any risks associated with computer viruses. The Imprensa Nacional-Casa da Moeda, SA will not be liable for any damages resulting from the use of this website, regardless of their nature.

Due notice of any alterations to this domain will be given in this space, as well as by email to the users. For more information about this websites information privacy policy, please contact us at the following email address: info@incm.pt