Privacy Policy
The data collected is essential for the establishment of the contract between the institution and the holder.
In addition to the personal data collected, the holder’s academic registries are recorded, including registrations, cancellations, grades, credits, applications made, payments and amounts owed and their regularization, disciplinary proceedings, and other elements arising from academic life and are subject to registration as a legal or regulatory rule.
Privacy and Personal Data Protection Policy | Lusófona University
1. The collection and storage of personal data of the Universidade Lusófona, ISLA - Santarém, ISDOM- Instituto Superior Dom Dinis, ISLA Gaia, IPLUSO - Instituto Politécnico da Lusofonia, ETACADEMY - Executive Training Academy and ISMAT- Instituto Superior Manuel Teixeira Gomes is carried out by the founding body of the educational establishment that is responsible for data processing, ensuring the security of the databases, through appropriate policies and measures to avoid access and misuse and to respond to possible intrusions, minimizing possible effects.
2. In the context of applications and in the student/institution relationship, and by virtue of a legal obligation, the competent departments and bodies shall collect, process, and archive the personal data necessary for the files and documents submitted, either in physical or digital format.
2.1. In the context of information subscription, data are collected and processed for the purpose of communicating with stakeholders, according to their preferences, and stored on a digital basis.
3. Data treatment and the right of the data change:
3.1. Applications:
3.1.1. The data collected shall be processed in the context of the application procedure and shall be valid during the review and decision period, never exceeding one year, being:
3.1.1.1. in the case of validated and accepted applications, the data transferred and archived in the individual student file, will be permanently archived (not deleted);
3.1.1.2. In the case of non-admitted applications, the information shall be archived for a maximum period of 5 years and the data shall not be altered or deleted before that period;
3.1.1.3. In other cases, in particular unvalidated applications, the data shall be stored for a maximum period of 1 year, after which they shall be deleted.
3.2. Enrollment/Enrollment (Individual Student Process)
3.2.1. The data collected are processed in the context of the school process, and the information is stored permanently, in physical and digital media, with no place for its destruction (or forgetfulness).
3.2.2. Validated and accepted application data, whose holders register, are transferred to the student process and cannot be changed and/or deleted.
3.3. Communication and information subscription / Interested parties
3.3.1. For communication purposes, duly authorized by the subscribers, the name and email address are collected, and may also be indicated preferential areas adapting the offer of information to interested parties.
3.3.2. The processing of data for communication purposes is carried out in a digital database, for a period of 5 years, and the authorization may be renewed for an equal period.
4. Data included in files of students, teachers, and employees:
4.1. The data collected and recorded shall not be forgotten/erased due to the responsibility and need to maintain the records for the purposes of certification and compliance with legal obligations, and shall be used exclusively for official purposes, including contact within academic life and for necessary notices and for the fulfillment of contractual obligations;
4.2. Contact data, not being forgotten, shall be used for procedural management purposes during:
4.2.1. the period during which the application is valid and forgotten at a later time and at the latest after one year of registration;
4.2.2. For the period in which the registration/registration is maintained and for a period of 4 years following the last interaction of the holder with the institution.
4.3. The data subject shall, within the scope of his or her obligations, keep the data register up to date, in particular as regards contact details and/or changes that matter to the management of the file.
4.4. Within the framework of legal requirements, the institution shall promote contact with the student or graduate for the purpose of surveys, both academic and labor integration.
5. Data collected and generated in the context of the pedagogical activity:
5.1. The personal data of students, strictly necessary for the performance of teaching activities, such as name, number, and contact details, shall be made available to teachers for exclusive use in the context of the activities;
5.2. Contacts with students are preferably made digitally, either through a pedagogical platform or through institutional e-mail contact;
5.3. The work and tests carried out in continuous evaluation, after correction and classification, may be returned to the students or kept by the teachers or in the institution’s archive for the regulated period (1 year), being destroyed after this period;
5.4. The work and tests carried out at the time of examination, after correction and classification, shall be kept in the archive of the institution for the regulated period (3 years) after its destruction.
5.5. The classification of the work and tests carried out shall be kept on the agenda, in accordance with the regulations, indicating the name and number of the student and their classification;
5.6. The guidelines with the classifications of the works and tests performed are only available to interested parties, namely, in addition to the data subjects, the remaining students who took the test, and the teachers.
5.7. In the context of the teaching activity, and in the courses where it is necessary, the recording of audio and video records that will be maintained in accordance with the preceding paragraphs may be carried out.
5.8. The recording and use of images and sounds of students, or other elements of the academic community, in other areas, including the recording of classes and their public availability (not reserved), can only occur with the authorization of the participants.
6. Data collected in the context of academic work and research activity.
6.1. Surveys and other data collection and processing tools within research projects, either within curricular units or research projects, are the responsibility of researchers and lack the information necessary to understand the work to be done and the use to be made of the data to be collected in particular:
6.1.1. Presentation of the project/work and its objectives, justifying the use of the data to be collected;
6.1.2. the manner, place, and duration of the storage of the data collected, including personal data that may be generated by information processing, as well as how the holder has access to it and request its modification or deletion;
6.1.3. identification and contact details of the person or persons responsible for the work and ensuring data security, including the supervisor(s) (s) in the case of practical work carried out within the course units, dissertations, or theses;
6.1.4. identification and contact details of the Data Protection Officer;
6.1.5. information on the possibility of recourse to the CNPD, with the respective contact.
6.1.6. the express and informed consent of the data subject, which includes the information referred to in the previous points, for the use/processing of the data.
6.2. in research activities that includes personal data treatment, a record sheet must be completed, to be made available by the DPO, and which accompanies the work, being available on archive at least during the maintenance of the data and may / should be made available to holders and entities that request it.
7. The data subject may not request forgetfulness/erasure of academic data, in particular the results of the assessments obtained and the school journey, including enrolments, cancellations and other records of the school journey, being stored in compliance with current legislation and regulatory standards, being maintained the guarantee of protection of stored data.
8. The Institution does not provide, in any way, the data collected and stored to third parties and is limited to using the personal data in accordance with the purpose for which they were collected and authorized to use them. However, and as a result of the status of public utility, official guardianship or judicial entities that, within the scope of their powers, will require, or are due to them by legal or regulatory force, access to personal data, cases in which they are transmitted, ensuring the registration of that act.
8.1. In case of non-compliance with the contract, the institution reserves the right to transmit the necessary data to a legal representative for the purposes of judicial proceedings, registering this availability and ensuring the transmission of only the necessary information for the process;
8.2. In compliance with legal obligations, personal and registration data may be transmitted to the judicial authority or state entity officially authorized, upon request, by registering this availability and ensuring only the information necessary for the process.
9. The data access policy within the institution shall ensure that each user, in the performance of his or her duties, only accesses the data strictly necessary for the performance of his or her function by keeping records of access authorizations and by making use of whenever possible, to pseudonymize the data, through candidate or student code, minimizing the risks of privacy violation.
9.1. Employees, employees, and teachers are covered by the professional privacy policy.
9.2. The data collected and recorded may be processed anonymously for statistical analysis.
10. In compliance with the General Data Protection Regulation, data subjects have guaranteed access to the data made available and may consult, request correction, or update of all or part of the data at any time, including forgetfulness with regard to data not protected and required to be stored under legal terms.
10.1. Access to data shall be provided to the data subject through the use of the online registry and contact details may be amended.
10.1.1. Where, due to the impossibility of access, the data subject is unable to change the data in the system, he must request the change to the services by proving the ownership of the data. This request can be made with the services or the Data Protection Officer through the email dpo@ulusofona.pt.
10.2. The modification of other data requires an application by the data subject to the academic services and the submission of proof to ensure the modification of the uploaded data.
11. Where applicable, after the period of authorization granted for the use of personal data are the same deleted from the system, not applying to legal exceptions that require the retention of data, being guaranteed access to them in legal and regulatory terms.
12. The institution has a Data Protection Officer, duly registered with the National Data Protection Commission (Comissão Nacional de Proteção de Dados), who can be contacted by e-mail: dpo@ulusofona.pt or through Telf. 21 751 55 00.
13. In case of doubt or conflict, not resolved by the Data Protection Officer or the Data Controller, the competent authority is the National Data Protection Commission - Comissão Nacional de Proteção de Dados (CNPD), Rua de São Bento 148, 1200-031 Lisboa, Telef. 21 392 84 00, e-mail: general@cnpd.pt, accessible online at https://www.cnpd.pt.
Generic
