Data Protection Principles


Our commitment
The content of this page reflects our commitment to (i) communicate in a transparent manner about the personal data we process and under which conditions; (ii) protect the security and privacy of personal data; (iii) make available appropriate mechanisms for exercising the rights of personal data subjects; (iv) comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - General Data Protection Regulation (GDPR) - and other applicable legislation, including national legislation complementing the GDPR. If you are a user of OI's digital platforms, we recommend that you read this information, consult the website page dedicated to privacy and protection of personal data and read the Terms and Conditions of our products and services. The OI only processes personal data duly authorized and subject to prior information to the respective holders. Any additional secondary data processing is only performed if (i) it is compatible with the authorized purposes and communicated to the data owners or (ii) it is subject to specific and explicit consent of the data owners.
 
About us
The Orient Institute (OI) is a research center of the Institute of Social and Political Sciences of the University of Lisbon (ISCSP/ULisboa). It is a unit funded by National Funds through FCT - Fundação para a Ciência e a Tecnologia.
Address: Campus Universitário do Alto da Ajuda, Rua Almerindo Lessa, 1300-663, Lisbon. Contacts: Tel:[+351] 213 600 487; e-mail: ioriente@iscsp.ulisboa.pt.
 
What personal data we collect and how we handle it
Essentially, personal data is any information that (regardless of its nature or support), either directly or in combination with other data, can identify a specific individual. The accuracy of all data entered will be your responsibility. Thus, at the points of contact with the OI we collect data relating to:
- Identification and contacts;
- Biographical data;
- Opinions and preferences;
- Content;
- Access accounts;
- Use of websites and applications.
 
Obligation to provide personal data
In the scope of its mission and attributions, it is mandatory to present and collect the personal data of users and potential users necessary to comply with the obligations and diligences arising from the legislation and regulations in force.
 
Means of collection
- Data provided by the owners;
- Persistent cookies;
- Data obtained from third parties.
 
Lawfulness and purpose of the processing
The data processing operations carried out by the OI fall within the scope of one or more specific purposes, the grounds for legitimacy being the consent of the data owner and the processing being considered necessary for:
Seriation and its dissemination;
Communication to partner entities for the purpose of recruitment and selection processes for internship or beginning of employment relationship;
Marketing and institutional communication actions of the OI and its mission and/or development units;
Effect of legitimate interests pursued by the user or third parties;
Defense of the vital interests of the data owner or other individual.
 
The personal data collected may also, eventually, be processed for statistical purposes, for actions to disseminate information or promotional and for communication actions, through direct communication, whether by correspondence, email, messages or any other electronic communications service, being, however, always ensured the prior information and the collection of the express authorization for these latter purposes, and users may, at any time, exercise their right to object to the use of their personal data for other purposes beyond the management of the relationship with the OI.
 
Data processing
The OI is the entity responsible for the processing of all personal data provided to it for the provision of the services requested by the holder of the same or his/her legal representative. At any time, you may request the OI, through its Data Protection Officer (rgpd@ulisboa.pt), any action regarding your personal data, under the terms defined in art. 17 of the General Data Protection Regulation.
The OI keeps and processes personal data for as long as necessary and as long as the legitimate purposes for which the data are processed subsist, for compliance with contractual, legal and regulatory obligations, or for the protection of the legitimate interests of the educational institution.
 
Your rights as a data subject
The OI guarantees the exercise of the rights of data subjects in relation to their processing. The rights of the data subject are: access, rectification, opposition, withdrawal of consent, forgetfulness, limitation, portability, not to be subject to exclusively automated decisions and to complain to the National Commission for Data Protection (CNPD).

The formalization of contacts in this regard is governed by the applicable legislation and the rules of the Administrative Procedure Code, unless exceptions are legally considered. Any request for the exercise of data protection and privacy rights should be addressed to ULisboa, written by the respective data subject, according to the procedure and contact described below.
 
Complaints and suggestions
The OI users have the right to file complaints, either by registering in the Complaints Book or by filing a complaint with the regulatory authorities. They may also make suggestions by sending an e-mail to the following address: rgpd@ulisboa.pt.
 
Sharing of personal data
The OI only processes personal data duly authorized and subject to prior information to the respective data subjects and for the stated purposes. Any additional secondary data processing will only be carried out if (i) they are compatible with the authorized purposes communicated to the data subjects or (ii) they are subject to specific and explicit new consent of the data subjects.
 
The OI, within the scope of its attributions, may use subcontracted third parties for the provision of certain services, or be subject, within the scope of the University of Lisbon, to the use of subcontracted third parties for the provision of specific services, namely for the provision of insurance services within the scope of the Mandatory School Insurance, for the issue of the Student Card, for the maintenance of the student and employee databases, for the management and maintenance of the Professional Exit Platform database and for the maintenance of the OI computer network access management database. When the data processing is performed by a subcontractor or third party to whom the data is transmitted, the OI (or the University of Lisbon, in the case of common services) shall verify that the latter provides sufficient guarantees to implement appropriate technical and organizational measures so that the processing will meet the requirements of the legislation in force and ensure the defense of the rights of the data subject. Processing under these terms is regulated by a contract or other normative act, which binds the processor or third party to the guidelines established by the IO or the University of Lisbon, as the entity responsible for data treatment, and defines the object and duration of such treatment, its nature and purpose, the type of personal data and categories of data subjects, and the obligations and rights of the controller.
 
Except in the framework of the fulfillment of legal obligations, in no case will personal data of users be communicated to third parties that are not (sub)contracted entities or legitimate beneficiaries, nor will any communication be made for purposes other than those mentioned above.
 
How we protect personal data
The protection of confidentiality and data integrity has long been considered by the OI as one of the fundamental pillars in building relationships of trust with our students, candidates, faculty, staff and partners. As part of its commitment to the consolidation and affirmation of the OI Quality Policy, it has implemented the appropriate organizational measures, procedures and security systems to protect your personal data against destruction, alteration and unauthorized access, including: (i) mechanisms for controlling access to information systems and data; (ii) specialized security systems (e.g. firewalls, antivirus, intrusion detection systems); (iii) mechanisms for recording actions taken by employees, clients and other users of information systems (e.g. access, change, elimination of personal data); (iv) mechanisms for encryption, pseudonymization and anonymization of data; (v) encryption measures for equipment and mobile devices; (vi) physical security measures to protect the facilities (e.g. physical access control, video surveillance, various alarms); and (vii) an awareness and training program for OI employees and partners on information security and protection of personal data.
 
Usage of Cookies
 
The cookie usage policy is available here.
 
Privacy Policy Changes
 
The OI reserves the right to make changes to this document at any time to bring it into line with best practice or future legislative or regulatory changes. The updated version will always be available for consultation at any OI service or online.
 
In situations where the changes are relevant and substantive, the OI will make appropriate and reasonable efforts to inform you, using the normal channels and mechanisms for contact between the institution and users.