Instituto Pedro Nunes is fully aware that the treatment of your personal data requires your trust. We are compliant with high privacy standards and we guarantee that the use of your personal data will be strictly directed to our identified purposes and always in respect of your data protection rights.
The confidentiality and integrity of your data is one of our utmost concerns.
Accordingly, it is approved and disseminated the Instituto Pedro Nunes´ Data Protection and Privacy Policy.
Instituto Pedro Nunes, Associação para a Inovação e Desenvolvimento em Ciência e Tecnologia, with headquarters in Rua Pedro Nunes, 3030-199 Coimbra, Portugal, VAT 502 790 610 (hereinafter IPN), within the framework of its activities collects and treats personal data, such as:
Personal data processing is performed by IPN through automated and/or analogical means (without prejudice of the provisions of chapter VIII), such as:
IPN requires to the data subject, in all cases, the freely given, specific, informed and unambiguous consent for the processing of his/her personal data, using formal templates designed case by case, considering the type, scope and extension of said personal data processing.
Conditions applicable to child´s consent
According to Article 8 of the GDPR, all personal data belonging to children can only be processed under an express consent observing the rules of Article 6, number 1, point a) of the GDPR related to information society services when said children complete 13 years old.
For children with less than 13 years old, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child, preferably through the use of electronic certification means, such as Citizen Card or Digital Authentication Key.
IPN is fully compliant with EU rules concerning personal data protection, approved by the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR), as well as with the full body of internal legislation if force.
IPN is responsible for the personal data processing, under automated and analogical means, since its collection, through its organization and storage, up to its deletion.
IPN keeps a continuous and thorough registry of all its personal data processing activities.
Personal data shall be processed only according to a bundle of lawful purposes, which include:
Personal data will be stored for the period defined by legal rules or, in their absence, for the strict time needed for the fulfilment of the processing purpose, taking in consideration the legal basis for said processing, as well as all the remaining requisites and time periods determined by law, namely the lapse terms for legal actions based on the correlated rights.
Accordingly, in all cases where a mandatory storage period is determined by law, the right to erasure of personal data as stated in Article 17 of the GDPR can only be exercised by the data subject after said period is lapsed.
IPN shall store the personal data for the strict period of time needed for the fulfilment of the data processing purpose, as well as its erasure (or anonymization, if and when applicable/needed) immediately after said period and/or upon the data subject´s request, always considering the above-cited exceptions and all legally defined terms.
The data subject has the right, at all time, to require to IPN, free of charge:
In every case, if a legal rule or legal obligation is in force which supersedes these data subject rights, IPN reserves the right of denial of the data subject request (and/or to determine restrictions to said request, if and when applicable), duly communicating to the data subject the respective grounds of said decision.
The data subject is entitled to file complaints to Comissão Nacional de Proteção de Dados (hereinafter, CNPD), the Portuguese Controller Authority, according to the definitions duly stated in numbers 21 and 22 of article 4 and article 51 of the GDPR.
Third-party intervention
IPN, while conducting its undertakings, may authorise third parties (as defined in number 10 of article 4 of the GDPR) to process personal data which are under IPN´s domain, in order to comply with legal duties, pre-contractual or contractual obligations and/or as indispensable means of performance of IPN´s statutory goals. Said third parties can be public authorities, namely in charge of auditing tasks, project, activity or service partners.
In order to comply with the GDPR requisites, IPN shall require the previous and mandatory consent to the data subject for this specific processing.
Processor intervention
IPN, while conducting its undertakings, may subcontract third entities (as defined in number 8 of article 4 of the GDPR) to process personal data on IPN´s behalf. In order to comply with the GDPR requisites, IPN shall require the previous and mandatory consent to the data subject for this specific processing.
Without prejudice of all the remaining data collection means used by IPN, the collection of anonymous information is performed by IPN through its website, namely related with the type of browser, operative systems and time and date of access to IPN´s website, using cookies. IPN´s full cookie policy is available in the following link: www.ipn.pt/cookies
IPN complies with the drafting, approval and implementation of all formal and technical proceedings needed for the security of data processing, as well as to assure the accurate and timely record of all processing activities. In addition, a prior assessment will be made with regard to all future data processing activities to be launched by IPN in the future, assuring that they will be fully RGPD compliant.
IPN will perform its best efforts to assure the proper operation of all available technical means to avoid the loss, improper use, unauthorized access and unlawful appropriation of personal data, regardless of the likelihood of failure of part of the Internet security measures in force.
IPN assumes no liability for any damages and losses suffered by any individuals due to illegitimate access to personal data transmitted by any data subject through IPN´s Internet portal and/or through IPN´s remaining informatic infrastructure.
Nevertheless, IPN shall notify CNPD according to the rules defined in article 33º of the GDPR, if and when acknowledges any event which constitutes a violation of personal data, as defined in number 12 of article 4 of the GDPR.
Data subject can exercise his/her rights of rectification, modification or cancelling of his/her personal data or request any information related with said data under written form, directed to IPN to the address indicated above in I. or through the following specific email address: rgpd-ipn@ipn.pt.
IPN is entitled to change this Policy without any prior notice, namely due to the need of its compliance with new legislation or CNPD recommendations. In the event of any change to thus Policy, IPN will immediately publicize said changes through its public Internet portal.