1.Commitment to data protection and privacy
Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016 (hereinafter referred to as GDPR), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, became compulsory applicable in all Member States since May 25, 2018. At MORE – Laboratório Colaborativo Montanhas de Investigação – Associação (hereinafter MORE), we attribute the utmost importance to the trust in us and guarantee that your personal data are processed in accordance with all obligations resulting from the GDPR. In fact, privacy, confidentiality and transparency are three key elements in the various relationships of trust that we have established.
For purposes of this personal data protection policy and under the terms of the respective GDPR, “Personal data” means any information relating to an identified or identifiable natural person. Within this scope, an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, identifiers electronically or to one or more specific elements of that person’s physical, physiological, genetic, mental, economic, cultural or social identity MORE, in the pursuit of its activities, collects and processes personal data, such as:
- Postal contact
- Email contact
- Telephone (fixed and mobile)
- Identification document number
- Marital status
- Medical fitness
- NIF (VAT) number
- Fotography and image
- Curriculum Vitæ
- Certificate and proof of qualification
- Payroll and financial management file
- Project assignment times sheet
- Employment contract
- Contract for services
- Registration of access and/or use of the association facilities anda equipment
- Registration of participation in events and
- Questionnaires and surveys
3. Data controller
MORE is the entity responsible for the processing of all personal data that is transferred to it, taking into account the nature, scope, context and the purposes of the data processing, as well as the risks to the rights and freedoms of natural persons, in accordance with the GDPR.
4. Data protection officer
5. Typology, collection and processing of personal data
MORE collects and processes personal data that are strictly necessary for the development of its activities, the provision of information or subscription of functionality, products or services, administrative procedures in the field of its powers and competences and the dissemination of its activities, according to the request and interaction of citizens through the different service and communication channels (in person, mediated or by remote access). The processing of personal data falls under the responsability of MORE (without prejudice to the provisions of 13.) and consists of the operation, or set of operations, performed on that personal data, by automated or non-automated means, such as:
- Recording and storage
- Adaptation or alteration
- Consultation and use
- Disclosure by transmission, or otherwise making available
- Alignment or combination
- Limitation, erasure or destruction
The data submitted by users are stored in a database established for this purpose and in no situation will be used for any purpose other than what was expressed herein.
6. Legal Principles
All data processing operations are guided by the fundamental legal principles applicable in the scope of data protection and privacy, namely as regards their circulation, lawfulness, loyalty, transparency, purpose, minimization, conservation, accuracy, integrity and confidentiality.
7. Lawfulness concerning the processing of personal data.
The processing of personal data depends on the verification of conditions of legitimacy and verification of the lawfulness of the purpose of that same treatment, as well as compliance with the principle of proportionality lato sensu. In particular, all processing of personal data at MORE will only occur as long as:
It is necessary for the pursuit of legitimate interests and if the data subject has unequivocally given his consent;
It is necessary for the performance of a contract or for the fulfillment of any legal obligation to which the controller is attached;
It is necessary for the purposes of fulfilling obligations and exercising specific rights of MORE, or the data subject in terms of labor legislation, social security and social protection, under the terms provided for in the GDPR;
It is necessary for the protection of vital interests of the data holder or of another natural person;
It is necessary for the exercise of public interest functions or the exercise of public authority of the controller, under the terms defined in the GDPR;
It is necessary for the pursuit of the legitimate interests of the controller or of a third party to whom the data is communicated, provided that the interests or rights, freedoms and guarantees of the data holder do not prevail.
8. Purposes and grounds for the processing of personal data.
Personal data will only be processed for a number of determined purposes and legal grounds that include:
- Achievements and MORE;
- Statutory purposes;
- Compliance with all legislation in force and all others statutory rules;
- Legal and statutory duties and documentation integrity;
- Precontractual procedural steps;
- Preparation of applications and projects;
- Applying contracts of which MORE is part;
- Implementation of projects;
- Report and auditing to projects and activities that are financed with public funds;
- Fulfilling quality certifications;
- Monitoring and recording the use of installations and equipment;
- Integrity and safety of facilities and equipment;
- Newsletter subscriptions;
The information collected is for the use of MORE, in accordance with the purposes indicated at the time of collection or for compliance with legal obligations. The information collected will be treated confidentially and may be accessed by a restricted set of MORE workers, in compliance with professional duties, within the precise limits and for the purposes of exercising their functions.
10. Time limits for data retention
MORE can keep personal data for as long as it may be required due to any type of responsibility derived from a legal relationship, the execution of a contract or the application of pre-contractual measures, and always in accordance with the law, guidelines and the decisions of the National Data Protection Commission, or, as the case may be, until the data subject exercises its right of opposition, right to be forgotten or withdraws consent. Whenever there is no specific legal requirement, data will be stored and preserved only for the period necessary to fulfill the purposes for which it was collected and processed or for the period of time authorized by the Control Authority, after which it will be deleted. MORE, in the case of processing for the purposes of public interest archiving, or for the purpose of scientific or historical research, or for statistical purposes, may retain the data for longer periods, without prejudice to applying the appropriate guarantees, under the terms of the legislation in force, for the rights and freedoms of the data subject. These guarantees imply the adoption of technical and organizational measures aimed at ensuring the respect of the principle of data minimization.
11. Rights of the holder of personal data
The data subject has the right, at all times and free of charge, to request in writing to MORE: Access to your personal data; The rectification or correction of your personal data; The deletion of your data (without prejudice to the provisions of 10. on the period of retention of data); The limitation of the processing of your personal data (ditto); Opposition to the processing of your data; The portability of your data to the entity indicated by you, although it is personal data stored in electronic support. In all cases, if there is a rule or legally imposed obligation that overrides these rights, MORE reserves the right not to execute the request (or subject this request to restrictions or conditions, if and when applicable), always indicating cases the respective grounds to the interested holder. The holder of the personal data may submit any complaint to the National Data Protection Commission (www.cnpd.pt), as a Control Authority in Portugal, as defined in numbers 21 and 22 of article 4 and in article 51 of the GDPR.
12. Security measures
MORE will guarantee the implementation of all formal and operational procedures for the protection of personal data subject to treatment, as well as for the current and updated registration of all treatment activities, as well as to carry out the competent prior study of the treatment activities of personal data to be released in the future, ensuring its compatibility with the GDPR.
MORE will work to ensure and maintain in operation all the technical means at its disposal to avoid the loss, misuse, alteration, unauthorized access and improper appropriation of the personal data provided by the holders, subject to the fallibility of Internet security measures.
MORE declines any responsibility for the damage suffered by users and caused, or not, by third parties, through illegitimate access to data transmitted by those users through its Internet portal and / or its computer infrastructure.
MORE is obliged to notify the National Data Protection Commission under the terms and deadlines set out in article 33 of the GDPR, if it becomes aware of any personal data breach event, as defined in number 12 of article 4. Of the GDPR.
13.Transmission of individual-related data to third party’s intervention by subcontractors
Data transmission to third parties
MORE, in the course of its activity, may transmit personal data in its possession to third parties, as defined in number 10 of article 4 of the GDPR, in compliance with legal, regulatory, pre-contractual or contractual duties, namely to authorities of a public nature responsible for control and audit duties and / or to partners in activities, projects or services, as long as this is imposed by law or regulation or indispensable for the pursuit of their activities.
For this purpose, MORE will require competent and prior consent from the holders of personal data subject to this type of treatment, respecting all the requirements set out in the GDPR for this purpose.
The intervention of subcontractors
MORE, in the course of its activity, may subcontract third parties (as defined in number 8 of article 4 of the GDPR) to process personal data on its behalf. If this happens, MORE will require the prior informed consent from the holders of personal data subject to this type of treatment, respecting all the requirements set out in the GDPR for this purpose.
14. transferring personal data outside Portugal
The pursuit of certain assignments by MORE may involve the transfer of your data outside Portugal.
In these cases, MORE verifies in advance that the country or territory to which the data is transferred guarantees an adequate level of data protection or has been subject to an adequacy decision by the European Union. If so, MORE will strictly comply with the applicable legal provisions, as well as the relevant guidelines.
15. MORE online portals
MORE respects the right to privacy and does not store any personal information on the sites without the consent of the data subjects or in an unlawful manner.
Only technical information related to visits to this website is recorded on the MORE servers and may be used only for statistical purposes.
The registered technical information is limited to the following items:
The visitor’s Internet Protocol (IP) address;
The type of Internet browser (browser) used by the website visitor and the respective operating system used;
The date and time of the visit;
The pages visited on the website and the downloaded documents.
The collection and processing of personal data by MORE in the context of using the features of:
Subscription to newsletters on websites is intended exclusively for sending, upon express request by the user, informative and marketing newsletters through e-mail and information communications within the scope of the activities developed on the websites,
Requests for information, suggestions or requests for contact through forms on the websites are intended exclusively to provide requested information, to establish contact according to the completion of the form corresponding to each of the aforementioned purpose.
The completion of the referred forms and the provision of the requested data with the corresponding confirmation corresponds to the prior and express consent to the processing of the transmitted personal data.
“Cookies” are small text files that are stored on the device (computer, tablet, mobile phone) through the internet browser (“browser”) and that are usually used to retain information about the visit to the site between different sessions (eg, preferences, pages visited). Cookies are used by most sites on the internet with the goal of improving the user experience. On MORE websites you can find the following types of Cookies: Strictly necessary cookies: allow you to browse the website and use the applications and services provided. Without these cookies, services cannot be provided; Analytical cookies: allow you to obtain aggregated data for statistical analysis and website improvement; Functional cookies: allow easy and individualized navigation, as they keep the user’s preferences regarding the use of the website, so that it is not necessary to re-configure each visit; Third-party cookies: are found in components of our website that are made available by third parties; Advertising cookies: allow you to target advertising according to the interests of each user, by collecting internet browsing habits. In this way, the advertising provided will correspond to your needs. Some cookies used on the website will be deleted from the equipment automatically when the browser session ends (called “session cookies”). Other types of Cookies will remain on your computer and allow you to identify them on your next visit to the website (called “permanent cookies”). Your browser allows you to manage cookies in the configuration options, and you can even block all MORE cookies. However, by blocking all Cookies, it may affect your experience as a user.
No part of MORE’s online portals may be reproduced without prior permission from MORE. All contents of any nature contained in the portals are protected by law, and any copying, reproduction, dissemination, transmission, use, modification, sale, publication, distribution or any other use, by any means is prohibited, except in cases specified by law. To make citations and mention the source, an annotation identifying the MORE and the web address of the specific contents visited, indicating the dates of consultation and updating of the same contents should be used.
19. The waiver of the liability in the context of social webs
MORE sees the participation of members of its community in social webs as a means of promoting interactions between the community of the Association and the vast community of audiences with which it shares interests. However, MORE cannot be responsible for the contents placed there, which are the sole responsibility of its promoters.
20. Changes to the personal data protection policy
MORE may, at any time and without the need for prior notice, change this Personal Data Protection Policy, namely due to the need to adapt it to possible legislative changes or to recommendations of the National Data Protection Commission, in which case MORE will make the changes introduced available in an area accessible to all its users.