Privacy Policy
Scope
University Fernando Pessoa (UFP), established by the Foundation Teaching and Culture “Fernando Pessoa” (FFP) and recognized of public interest by the Decree-Law nr. 107/96 of July 31, has as its objectives the teaching, research, community extension and the provision of services in the fields of the training offered by its faculties, in accordance with their scientific-pedagogical structure. The Fernando Pessoa Higher School of Health (HSH-FP), also instituted by the FFP and recognized as being of public interest by Decree-Law No. 45/2020 of 23 July, is a polytechnic education establishment dedicated to teaching and research, oriented and the provision of services in the area of health. To carry out its activity and also comply with the legal obligations to which it is subject to other State or Private Bodies, personal information of UFP Students, Employees and Student Applicants is filed. In view of the above described, it is urgent to disclose its “Privacy Policy”, which will be described in this document in an accessible and clear manner, in full compliance with the legal regime of the new General Data Protection Regulation published in the Official Journal of the European Union. Regulation (EU) 2016/679, of April 27 and which will be hereinafter referred to as GDPR only.
This Privacy Policy aims to answer the following questions: • What information is collected, why is it collected and how long is it stored? • How is the information used and how much of it is transferred to third parties? • What policy is implemented for data management and data protection? • Which options exist for accessing and updating information?
For the purposes of this document is used the definition of “Personal Data” presented in Article 4, nr. 1 of the GDPR, namely: any information, of whatever nature and regardless of its support, including sound and image, related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more specific elements of his or her physical, physiological, psychic, economic, cultural or social identity;
FFP reserves the right to change its Privacy Policy, so we advise you to consult this document regularly, which may change to comply with current legislation, adjust to new technologies, introduce new services, clarify some aspects, or improve its writing. Any changes or modifications to this Privacy Policy will be posted on our website and will, therefore, be available to all users.
This document may contain technical terms and abbreviations, which will be explained in due course in the glossary at the end of this document.
Data Processing Controller
The Foundation Teaching and Culture “Fernando Pessoa”, VAT nr. 502057602, with headquarters in Praça 9 de Abril, 349 – 4249-004 Porto, Portugal, is a private foundation, of a legal nature as a public utility corporation, hereafter referred to as FFP, is the Data Processing Controller.
Data Protection Officer
FFP’s Data Protection Officer is responsible for ensuring the proper implementation of the GDPR, all in accordance with Article 39 of the GDPR.
To clarify any questions related to the application of the GDPR, UFP’s Data Protection Officer can be contacted by the following means: • Postal address: Praça 9 de Abril, 349 – 4249-004 Porto, Portugal • Telephone: +351 22 507 13 00 • Email: dpo@fundacaofernandopessoa.pt
For the purpose, the question should be described and the contact identified.
Information collected, the reason for doing so and for how long
By making the personal data available to UFP/HSH-FP, the personal data subject agrees that they will be processed in accordance with this Privacy Policy.
UFP/HSH-FP deals with and keeps the personal data according to its intended purpose and only for the strictly necessary time to fulfill the purposes that motivated its collection and storage. Always in accordance with the applicable legal regime, the guidelines and decisions of the CNPD, and until one exercises the right to object, right to be forgotten or withdraw one’s consent.
After the storage period has elapsed, FFP will delete or turn the data anonymous, where it should not be kept for any other purpose that may remain.
The information is collected according to the relationship established with the person who contact us and can be placed into five categories: • The Visitor: a person who visits our facilities or our website to collect information and to know the Institution. • The Student applicant: a person who demonstrates an interest in attending a course by completing an application. • The Student: a person admitted to attend a course. • The Employee: a person who provides a service to UFP/HSH-FP. • The Employee applicant: a person who applies for any role at UFP/HSH-FP.
Since FFP is an institution in which teaching and research are part of its purpose, there is the possibility of using audiovisual and photographic means as a teaching tool, so it is possible that during the teaching activities, video and audio recordings may be made at UFP/HSH-FP facilities. For this purpose, it is hereby considered that the use of such data in the aforementioned manner is authorized and consented. Anyone on our premises who does not wish to be filmed should express this will to anyone who is currently conducting that activity; or, alternatively, request that he/she is deleted from the recording already made, if applicable.
The Visitor
The Visitor has access to the public areas of the Institution’s website and to its physical facilities.
When he/she visits our website he/she are associated with a cookie to support his/her browsing. This cookie does not allow the identification of the Visitor and does not store, directly or indirectly, any personal information. The Visitor may, through his/her browser, choose to block cookies, however, the site may not work properly due to the lack of this navigation support. The Visitor may choose to know our Facilities and gather information directly from our services. In this option, personal information is not usually collected, except with the explicit consent of the Visitor and in order to provide him/her later with the requested information. Being the collected information deleted when it fulfills its purpose.
Our facilities are protected by a closed surveillance circuit. Images are stored for one month in accordance with the Portuguese applicable law. Please note that images recording illegal acts may be retained for evidence purposes in Court.
The Student applicant
The rules of the Visitor regarding access to the public areas of UFP/HSH-FP’s facilities and the navigation of our public website are also applied to the Student applicant.
In order to be able to continue his/her application, we keep some personal data such as: • The name: for the Applicant’s identification. • Date of birth: to screen for possible namesakes. • The phone: to allow a quick contact. • Personal email: to send the necessary elements for the application. • The taxpayer identification number: to comply with Portuguese tax obligations, namely for issuing invoices/receipts. • The identification document: to struggle against duplication of the person in the database.
Other personal elements may be requested depending on the application’s regime, such as the curriculum vitae, the previous diplomas, the institution where he/she comes from, the secondary school grade average, specific grades and other vouchers. Except for name, date of birth and tax documents, all other information is deleted at the end of one year if the Applicant does not formally enroll in a course. If the Student enrolls, the information will be stored indefinitely to prove that the Applicant met the conditions to be in higher education for future inspections made by the Portuguese Ministry holding the Higher Education.
The Student
The rules of the Visitor regarding access to the public areas of UFP/HSH-FP’s facilities and the navigation of our public website are also applied to the Student.
The Student will also have access to the reserved areas of UFP’s facilities, and must observe and respect the rules of each place. These places may be subject to video surveillance, and images are stored for a period of one month in accordance with the Portuguese applicable law. Images recording unlawful acts may be kept for evidence purposes in Court.
The Student will also have access to our e-learning platform, to his/her email, to our network and to the Virtual Students’ Office through login and password authentication.
The stored personal data are: • Student’s full name: used for his/her identification and in documents issued to the Student. This information is mandatory and can be corrected, but never deleted. • Date of birth: used in documents issued to the Student. This information is mandatory and can be corrected, but never deleted. • Personal email: used to contact the Student. This information is not mandatory, as UFP/HSH-FP assigns an institutional mailbox which will be the preferred vehicle of communication. The personal email may be deleted or corrected at the Student’s request. • Telephone: used to contact the Student. This information is not mandatory and may be deleted or corrected at the Student’s request. • Student’s Address: used for sending documents and accounting documents issued to the Student. This information will be mandatory for the issuance of accounting documents over 1000 € (one thousand Euros), as required by the Portuguese VAT Code. The information may be deleted or updated by the Student, but will never be deleted or corrected from an already issued tax document. • Taxpayer identification number: used to comply with tax obligations set forth by the Portuguese law. This information is mandatory and can be corrected, but never deleted. • Student’s identification document: used to avoid the Student’s duplication in the database and to answer to the commitments with the Portuguese Ministry holding the Higher Education. This information is mandatory and can be corrected, but never deleted. • Student’s Photography: used on Students issued cards and as a support to the teacher in the Student assessment process. The photo is not mandatory (except for issuance of the Library Card according to its own Regulation) and may be updated, corrected or deleted at the Student’s request. • Worker-Student Status: a declaration of Portuguese Social Security discounts for the last six months will be required or, if he/she has recently started the activity, a declaration from the employer will be required. This document will be mandatory for the Student who wishes to benefit from the Worker-Student Status. These documents will be asked annually and will be eliminated after two years. • Bank Account Number/IBAN/SWIFT: mandatory information for the Student benefiting from any kind of benefit or grant awarded by UFP/HSH-FP. These documents will be asked annually and will be deleted after two years. • Vaccines: Their regularization must be proven by presenting the respective Vaccine Bulletin in accordance with the Portuguese law. The information is mandatory and will be deleted after five years of completion of the course or of the non-renewal of enrollment. • Socio-economic data: within this topic, data may be stored to carry out socioeconomic studies, answer questions raised by the Portuguese Ministry holding the Higher Education, help the Student to submit Scholarship applications, among other possibilities. Due to the unpredictability of the elements that may be requested, this document may not go into detail; however, if the data subject is confronted with the need to provide additional information, he/she will be informed about the reason, the destination of the information and the time it will be kept.
The Employee
The rules of the Visitor regarding access to the public areas of UFP/HSH-FP’s facilities and the navigation of our public website are also applied to the Employee.
Access to restricted places shall be authorized for the performance of his/her duties. These places may be subject to video surveillance so the same rules described above apply.
The UFP/HSH-FP Employee, except for staff with a teaching category, must be submitted to the biometric attendance and punctuality control system, in compliance with the applicable legal regime; for this purpose, the respective biometric data will be stored for the specific purpose of attendance and punctuality control.
The stored personal data are: • Full name: used for his/her identification. This information is mandatory and can be corrected, but never deleted. • Date of birth: used in documents issued to the employee. This information is mandatory and can be corrected, but never deleted. • Personal Email: used as an alternative to institutional email. This information is not mandatory, as UFP/HSH-FP assigns an institutional mailbox which will be the preferred vehicle of communication. The personal email may be deleted or corrected at the Employee’s request. • Telephone: used to contact the Employee. This information is not mandatory and may be deleted or corrected at the Employee’s request. • Employee’s address: used for formal correspondence. This information is mandatory and can be corrected at the Employee’s request. It will be eliminated at the end of five years from the end of the collaboration with the Institution. • Taxpayer identification number: used to comply with tax obligations established by the Portuguese law. This information is mandatory and can be corrected, but never deleted. • Social Security Number: used to fulfill the obligations established by law. This information is mandatory and can be corrected, but never deleted. • Identification document: used to struggle against the Employee’s duplication in the database and to answer to Portuguese legal commitments. This information is mandatory and can be corrected, but never deleted. • Bank Account Number/IBAN/SWIFT: mandatory information for salary processing purposes. These documents will be asked annually and will be deleted after two years. • Photo: used on internal identification cards. The photo is not mandatory and may be updated or deleted at the Employee’s request. • Vaccines: may be recommended for the performance of duties in accordance with the Portuguese law. This information should be updated at least annually within the scope of the Occupational Medicine consultation, provided that it is justified by any legal change. The information is essential and will be deleted at the end of five years from the end of collaboration with the Institution. • Diplomas and qualification certificates: a certified photocopy will be made by our services.
The Employee applicant
The rules of the Visitor regarding access to the public areas of UFP/HSH-FP’s facilities and the navigation of our public website are also applied to the Employee applicant.
In this case, there may be two different situations resulting from the fact that the application was submitted spontaneously, or as a result of FFP’s market search.
Being a spontaneous application, that is, the applicant presented on his/her own initiative his/her application, namely through the existing email address for this purpose (bolsadeemprego@fundacaofernandopessoa.pt), the following will be done:
• Being a spontaneous application, the applicant’s Curriculum Vitae (CV) may, with his/her consent, be considered for all open opportunities in the future. Applicant’s Personal Data are kept for one year, after which they will be deleted or, if it is in FFP’s interest, turn the data anonymous in such a way that the Applicant is not, or can no longer be, identified. The Applicant must submit a new application after this period if he/she wishes to continue to appear in FFP’s recruitment archives or, as an alternative, send us his/her written consent, on paper, or electronically by email, so that he/she can continue appearing in the recruitment file after the mentioned period of one year. In this case, he/she must expressly point out if the previously delivered CV is up to date, and if not, he/she undertakes to deliver a new one duly updated, otherwise his/her intention cannot be taken into account. The recipients or categories of recipients of his/her Personal Data are the following entities: Human Resources Department, the Administration and other Directorates and/or relevant roles to the analysis of the application which is being evaluated. The personal data may also be shared with other entities when required by law, or in response to a legal process, and also in situations involving the protection of lives, the security of services and the protection of FFP property rights.
• Being an application resulting from FFP’s market search to fulfill any role, the procedure will be as follows: The purpose of processing the Personal Data provided with the Applicant’s consent is to enable the implementation of the application process for the role or area to which he/she applies. If the Applicant does not include himself/herself in the vacancy to which he/she applied, but would like to have his/her CV reviewed in other opportunities open in the future, he/she must send us in writing, on paper, or electronically by email, his/her specified consent also allowing his/her personal data to be transferred to other department(s) within the FFP’s structure, when it is required to respond to other employment opportunities that may arise in the meantime. The Applicant’s Personal Data are retained for one year, after which they will be eliminated or, if in FFP’s interest, may be turned anonymous in such a way that the Applicant is no longer, or can no longer, be identified. The Applicant must submit a new application after this period if he/she wishes to continue to appear in FFP’s recruitment archives by giving us written, on paper or electronically, the consent to continue to be included in the recruitment archives after the mentioned period of one year. In this case, the applicant will need to update his/her CV, delivering a new version, without which this intention cannot be taken into account. The recipients, or categories of recipients, of his/her Personal Data are the Human Resources Department, the Administration and other Directorates and/or roles relevant to the analysis of the application which is being evaluated. The applicant’s personal data may also be shared with other entities when required by the Portuguese law, or in response to a legal process, and in situations involving the protection of lives, the security of services and the protection of the property rights of Foundation Fernando Pessoa.
Research Grants
During the process of awarding research grants, we may collect and process applicant’s personal data. Personal data are those that appear in the publication of the competition, as well as any data that someone spontaneously decide to give us including name, surname, city, country, contact details, education and language information, employment history, and other that may be considered relevant.
Academic Juries Dissemination
UFP advertises on its website information regarding academic assessments, which includes the name of the applicant and of the members of the jury.
Use of information and the share that is transferred to third parties
UFP/HSH-FP may, within the scope of its tasks, use third parties, subcontracted, to provide certain services. Therefore, UFP/HSH-FP must ensure that the subcontractor or the third party to whom it is transmitting data, has sufficient implementing guarantees, whether technical or organizational, so that the processing meets the requirements of the legislation in force and ensures the defense of the rights of the data subject, in compliance with the General Data Protection Regulation. Accordingly, data processing is governed by a contract or other regulation, which binds the subcontractor or third party to the rules established by UFP/HSH-FP as the data controller and defines the object and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects as well as the obligations and rights of the controller.
Personal data processing operations are based on the provisions of Article 6 (Lawfulness of Processing) of the GDPR. This document seeks to clarify the use of personal data, even in situations where one would not need to obtain the consent foreseen in Article 6, nr. 1 (a) of the GDPR. This option aims at the transparency of the processing performed.
UFP/HSH-FP does the following processing and use of personal data: ● The Applicant: • The name, the date of birth and the identification document are used to identify the Applicant. The other elements required in the competition are used in the selection of the Applicants. All these elements are available to the Admissions’ team. • The applications’ general regime, due to its rules, can be and is processed by the computer, the result being made available to the head of the Admissions Office, to the Directorate of the respective Faculties and the to Rectory. • For the other regimes, committees are appointed to be in charge of analyzing the application file in order to make the selection. The committee is made up of UFP/HSH-FP teachers. ● The Student: • The name, the photograph and the Student number are the elements used to identify him/her, and this information is available for consultation to the teacher of the curricular unit in which the Student is enrolled. • The name, the photograph, the Student number, the telephone, the personal email and the address are available for consultation at the Secretariats, Coordinations and Directorates. • The name, the photograph, the Student number, the telephone, the personal email, the vaccines, the identification number, the taxpayer identification number and the address are available for consultation/rectification at the Students’ Office. This office can also consult Students’ grades and schedules. • The Student number, name and taxpayer identification number are provided to the insurer for School Insurance. • The Student name and number are sent to the email service provider to create the Institutional email account. • The name, Student number, identification number, course enrolled or completed, qualifications, socio-economic data, ECTS enrolled, ECTS completed, admission’s regime and admission’s grade (where appropriate) are provided to the Directorate General for Statistics of Education and Science, whose mission is to ensure the production and statistical analysis of education and science – See Article 6, nr. 1 (e) of GDPR. • The name, the taxpayer identification number and address are provided as elements of the tax document sent monthly to the Portuguese Tax Authority – See Article 6, nr. 1 (c) of GDPR. • The full name, the date of birth, the nationality, the Country of residence, the taxpayer identification number, the identification document number, the Higher Education Institution, the course, the student number, the curricular year, the degree of education and the photo are sent to a banking institution for the purpose of issuing and using the University Identification Card.
UFP/HSH-FP profiles the individual profile of the Applicant for selection and the Employee hired for career progression. UFP/HSH-FP does not profile individual Visitor and Student profiles from available personal data. However, can study certain characteristics of its community such as age distribution, school achievement, socio-economic indicators, always trying to make the data impersonal.
What is the basis for processing personal data
In order to provide certain services and thereby operate, FFP may have to make personal information available to third parties. This will only happen, however, in the specific circumstances specified below: a) With the express consent of the personal data subject; b) When in good faith we believe to be required by the Portuguese law; c) When in good faith we believe it comes from contractual stipulation; d) When in good faith we believe it is necessary to protect our rights or property.
The consent of the personal data subject will not be required for dissemination in the situations referred to in points (b) to (d). In any event, we will endeavor to inform him/her to the extent authorized by law.
Consent
The consent must be expressed – in writing, orally or through the validation of an option – and prior, freely, informed, specific and unambiguous; or
Specifically: consent by minors (18 years old)
In the case of processing personal data of minors, which may be subject to prior consent, FFP will require consent from the holder of parental responsibility, including for the purpose of participation in the Olimpíadas do Conhecimento [Knowledge Olympics].
Implementing the contract and pre-contractual steps
When the processing of personal data is necessary for the conclusion, implementation and management of a contract; or
Compliance with legal obligation
When the processing of personal data is necessary to fulfill a legal obligation to which FFP is subject, such as the dissemination of identification or other data to law enforcement, judicial, tax or regulatory entities; or
Legitimate interest
The processing of personal data by FFP may be justified on grounds of legitimate interest related to the implementation of tasks related to its activity, such as data processing to improve the quality of service, fraud detection and revenue protection, and when our reasons for using them should prevail over its data protection rights.
In exceptional cases and to protect the data subject’s vital interests, as provided in Article 6, nr. 1 (d) of the GDPR, UFP/HSH-FP may give personal information to a healthcare professional, hospital entities, as well as to other entities with legitimacy, legal and judicial, to request them.
Personal data may be transmitted to processors for processing them on behalf of FFP. In this case, FFP will take the necessary contract measures to ensure that processors respect and protect the subject personal data.
Policy implemented for data management and protection
At the physical level, our files are restricted to only a group of properly authorized and identified employees. Any document that leaves the archive is recorded, and its path is controlled in the protocol books until it returns to the archive. The document is only accessed by the authorized employee in compliance with his/her duties. An employee’s contract contains a confidentiality clause. This confidentiality clause binds the employee not to disclose nor use to his/her own or any third-party advantage, any FFP’s restricted information to which he/she had access, incurring civil and/or criminal liability before the Foundation, with respect to the damages caused, in case of breach of that obligation.
At the digital level, our network is subdivided and the access to each part is authorized depending on the user’s role. UFP/HSH-FP computers are protected by regularly updated antivirus. Computers also regularly receive operating system and application security updates. The servers are also protected by security updates and by the antivirus. The content of servers, namely databases, is protected by routine backups stored on magnetic tapes. The servers are distributed in three data centers with different physical locations. The servers with webpages, in terms of sensitive data, are minimalistic, i.e., do not have all the Institutional information, but only the one intended to serve the community. The complete information resides on separate servers, on their own networks, and are accessed internally. The information is accessed through applications that record, in case of personal data, the access date and the employee who accessed it. The only exception to this rule is the consultation of the Student’s name, photograph and number enrolled in a Curricular Unit (CU) by the teacher of that CU.
UFP/HSH-FP instructs its employees to use good security practices, such as not sharing passwords, shutting down or locking up the computer in their absence, foreseen in the manual of good practices of information security. UFP seeks to stay updated on new security strategies.
What is the basis for processing personal data
In order to provide certain services and thereby operate, FFP may have to make personal information available to third parties. This will only happen, however, in the specific circumstances specified below: a) With the express consent of the personal data subject; b) When in good faith we believe to be required by the Portuguese law; c) When in good faith we believe it comes from contractual stipulation; d) When in good faith we believe it is necessary to protect our rights or property.
The consent of the personal data subject will not be required for dissemination in the situations referred to in points (b) to (d). In any event, we will endeavor to inform him/her to the extent authorized by law.
Consent
The consent must be expressed – in writing, orally or through the validation of an option – and prior, freely, informed, specific and unambiguous; or
Specifically: consent by minors (18 years old)
In the case of processing personal data of minors, which may be subject to prior consent, FFP will require consent from the holder of parental responsibility, including for the purpose of participation in the Olimpíadas do Conhecimento [Knowledge Olympics].
Implementing the contract and pre-contractual steps
When the processing of personal data is necessary for the conclusion, implementation and management of a contract; or
Compliance with legal obligation
When the processing of personal data is necessary to fulfill a legal obligation to which FFP is subject, such as the dissemination of identification or other data to law enforcement, judicial, tax or regulatory entities; or
Legitimate interest
The processing of personal data by FFP may be justified on grounds of legitimate interest related to the implementation of tasks related to its activity, such as data processing to improve the quality of service, fraud detection and revenue protection, and when our reasons for using them should prevail over its data protection rights.
In exceptional cases and to protect the data subject’s vital interests, as provided in Article 6, nr. 1 (d) of the GDPR, UFP/HSH-FP may give personal information to a healthcare professional, hospital entities, as well as to other entities with legitimacy, legal and judicial, to request them.
Personal data may be transmitted to processors for processing them on behalf of FFP. In this case, FFP will take the necessary contract measures to ensure that processors respect and protect the subject personal data.
Policy implemented for data management and protection
At the physical level, our files are restricted to only a group of properly authorized and identified employees. Any document that leaves the archive is recorded, and its path is controlled in the protocol books until it returns to the archive. The document is only accessed by the authorized employee in compliance with his/her duties. An employee’s contract contains a confidentiality clause. This confidentiality clause binds the employee not to disclose nor use to his/her own or any third-party advantage, any FFP’s restricted information to which he/she had access, incurring civil and/or criminal liability before the Foundation, with respect to the damages caused, in case of breach of that obligation.
At the digital level, our network is subdivided and the access to each part is authorized depending on the user’s role. UFP/HSH-FP computers are protected by regularly updated antivirus. Computers also regularly receive operating system and application security updates. The servers are also protected by security updates and by the antivirus. The content of servers, namely databases, is protected by routine backups stored on magnetic tapes. The servers are distributed in three data centers with different physical locations. The servers with webpages, in terms of sensitive data, are minimalistic, i.e., do not have all the Institutional information, but only the one intended to serve the community. The complete information resides on separate servers, on their own networks, and are accessed internally. The information is accessed through applications that record, in case of personal data, the access date and the employee who accessed it. The only exception to this rule is the consultation of the Student’s name, photograph and number enrolled in a Curricular Unit (CU) by the teacher of that CU.
UFP/HSH-FP instructs its employees to use good security practices, such as not sharing passwords, shutting down or locking up the computer in their absence, foreseen in the manual of good practices of information security. UFP seeks to stay updated on new security strategies.
Policy implemented for data management and protection
At the physical level, our files are restricted to only a group of properly authorized and identified employees. Any document that leaves the archive is recorded, and its path is controlled in the protocol books until it returns to the archive. The document is only accessed by the authorized employee in compliance with his/her duties. An employee’s contract contains a confidentiality clause. This confidentiality clause binds the employee not to disclose nor use to his/her own or any third-party advantage, any FFP’s restricted information to which he/she had access, incurring civil and/or criminal liability before the Foundation, with respect to the damages caused, in case of breach of that obligation.
At the digital level, our network is subdivided and the access to each part is authorized depending on the user’s role. UFP/HSH-FP computers are protected by regularly updated antivirus. Computers also regularly receive operating system and application security updates. The servers are also protected by security updates and by the antivirus. The content of servers, namely databases, is protected by routine backups stored on magnetic tapes. The servers are distributed in three data centers with different physical locations. The servers with webpages, in terms of sensitive data, are minimalistic, i.e., do not have all the Institutional information, but only the one intended to serve the community. The complete information resides on separate servers, on their own networks, and are accessed internally. The information is accessed through applications that record, in case of personal data, the access date and the employee who accessed it. The only exception to this rule is the consultation of the Student’s name, photograph and number enrolled in a Curricular Unit (CU) by the teacher of that CU.
UFP/HSH-FP instructs its employees to use good security practices, such as not sharing passwords, shutting down or locking up the computer in their absence, foreseen in the manual of good practices of information security. UFP seeks to stay updated on new security strategies.
Rights of the personal data subject
The personal data subject has rights of information, access, rectification, erasure of personal data, data portability, restriction or objection to processing his/her data, within the scope and under the GDPR terms and other applicable law.
The subject may, at any time, withdraw the consent he/she has given for processing his/her personal data within the framework of the GDPR. The withdrawal of the consent will not affect the legality of the processing of personal data that has been carried out based on the consent previously provided.
Has also the right to complain about the processing of his/her data to the CNPD.
Any request to exercise the above data protection and privacy rights shall be made in writing by the respective data subjects, and addressed to the Data protection officer.
The exercise of the rights is free of charge, unless it is a clearly unfounded, or excessive, or unjustifiably repeated claim, in which case a reasonable fee may be charged for the associated costs.
The answer to the requests shall be given without undue delay, within a period of one month from the date the request was received, unless it is a particularly complex request or occurs under exceptional circumstances. This period may be extended to two months, when necessary, taking into account the complexity of the request and the number of requests received.
As part of the request, may be required to provide proof of the identity to ensure that the sharing of personal data is only with the data subject.
Regarding personal data use and processing on FFP’s digital platforms, please refer to FFP’s Cookie Policy.
Options for accessing and updating information
The data subject has the right to request UFP/HSH-FP the updating and/or rectification of his/her data, which shall act accordingly without undue delay. The UFP/HSH-FP Applicant may request this update at the Admissions’ Office. The UFP/HSH-FP Student may request the update of his/her data at the Students’ Office or in the form available on the Student portal. The UFP/HSH-FP Employee may request the updating of his/her data at the Human Resources Office.
The data subject has the right to receive his/her personal data and that he/she has provided in a structured, commonly used and readable format. Has also the right to transmit these data to third parties – See Article 20 of the GDPR. any time.
Glossary
Browser: Computer application that allows its user to view web pages, download or upload files, submit information by filling out forms and navigate from one page to another or even from one website to another through hyperlinks. Cookie: Information retained by the browser at the request of the website which provides the page being visited. This information may be read and modified by the website. The browser user can configure it not to accept cookies. In this situation, it will be difficult to the website to track its Visitor’s navigation and may not work properly. For example, if visiting a supermarket website, the shopping cart may always be empty. Curriculum vitae: Document containing biographical data and information on a person’s education, knowledge and career path. Data Center: Space reserved for hosting telecommunications equipment and computer systems, such as servers and information storage systems. These spaces are usually air conditioned and protected against power cuts. ECTS: Acronym for “Europen Credit Transfer System” which is a Student-centered system that allows him/her to transfer academic credits based on the competence acquired during the learning process. Hyperlink: Link to another document or to the document itself which aims to provide more details and guide the reader to look for information in another source. Internet: Global computer network that provides a wide range of information and services. Login: Unique key associated with the user that allows him/her to access a computer system by entering this identification and a password. Password: Word associated with a login that allows to authenticate the identity of a computer system user. Server: Computer that provides services to the network. Website: Address where public or private pages of an entity are housed where the browser can navigate according to the client’s authorization.
Abbreviations
CNPD: [Portuguese] National Committee of Data Protection. CV: Curriculum Vitae. ECTS: European Credit Transfer System. FFP: Foundation Teaching and Culture “Fernando Pessoa”. GDPR: General Data Protection Regulation published in the Official Journal of the European Union. Regulation (EU) 2016/679, of April 27. Regulation (EU): European Union Regulation. CU: Curricular Unit. UFP: University Fernando Pessoa. HSH-FP: Higher School of Health-Fernando Pessoa
This Privacy Policy is available on UFP/HSH-FP’s website and the user may consult it at any time.
Change History
Date | Version | Criated by | Change Description |
04/11/2019 | 0.1 | DPO | |
21/06/2021 | 0.2 | DPO | – The School of Health-Fernando Pessoa was added as an autonomous entity.– Fixed minor spelling mistakes.– Update email addresses. |