Search button

Personal Data Protection Policy

The ISEG – Lisbon School of Economics and Management, Universidade de Lisboa s committed to protecting and respecting the privacy of the holders of personal data, guaranteeing the confidentiality and integrity of the information, in compliance with the General Regulation for the Protection of Personal Data (GRPD) and the Portuguese Data Protection Law 58/2019 that is in force.

The processing of holders’ personal data is carried out by ISEG, within the scope of its mission as a higher education institution, with the following legitimacy and purposes:

Category of the holders of personal dataLegitimacy or legal foundationPurposeCategories of those who have access to personal data
Visitors to the websiteConsentInformation in accordance with the policy of CookiesNot applicable
Student Applicants, Alumni, and Other VisitorsConsentInformation and CommunicationEntities associated with events
ISEG StudentsStudy Agreement;
Specific consent (image and employability activities);
Legal obligations;
Defense of vital interests;
ISEG's legitimate interests (security identification)
Teaching – learning;
Student satisfaction assessment;
emergency response
Guardianship and legal and official entities (including auditors and inspectors)
Insurers
ISEG card via banking entities
Employability Partners
emergency response authorities
Faculty and Non Faculty StaffEmployment Contract
Service provision contract
legal obligations
Defense of vital interests of the data subject
Public interest
Implementation of the mission, organizational objectives and legal obligationsGuardianship and legal and official entities (including auditors, inspectors, solicitors)
Insurance and Occupational Medicine
ISEG card via banking entities
HEEs and PartnersContract / partnership agreementsCommunication and joint participation in activities inherent to the missionguardianship
Entities associated with events
Insurers
SuppliersContract
legal obligations
Communication within the scope of services providedGuardianship and legal and official entities (including auditors and inspectors)

To carry out the different purposes, the ISEG may process different types of personal data:

· identification data (such as name, date of birth, identification document number); contact data (such as mobile phone, address or e-mail);
· qualification data and professional status (such as schooling, performance);
· banking, financial and transaction data (such as IBAN, tax identification number);
· special data (health, administrative offenses or criminal offenses);
· event recording images;
· images collected through video surveillance systems.

According to the retention policy of the ISEG, personal data will be destroyed as soon as its legality and purpose ends, that is, within the period considered adequate and/or necessary to fulfill the objectives that motivated its collection, in accordance with the applicable laws.

The ISEG periodically assesses the risks of breach of privacy for its holders and implements the technical and organizational measures considered appropriate within the reach of the organization to prevent loss, misuse, alteration, unauthorized access and misappropriation of personal data provided or transmitted.

When the processing of data is carried out by third party subcontractors (processors), a contract is established between the parties with respect for the stipulations in the RGPD, in order to obtain sufficient guarantees to ensure that the treatment meets the requirements and ensures the defense of the rights of the personal data holders.

As the holder of personal data, you have the following rights:

1. Right to get confirmation that the data concerning you are being processed and, if applicable, to access your personal data and access the information provided for by law;

2. Right to which the Services of the ISEG, without undue delay, rectify inaccurate or incomplete data concerning you;

3. Right to request the erasure of your data, without undue delay, when the personal data are no longer necessary for the purpose for which they were collected or processed;

4. Right to request the limitation of the processing of your data in certain cases, namely, if the processing is unlawful and if you oppose the deletion of the data, requesting, in return, the limitation of its use;

5. Right to portability your personal data that you have provided to the ISEG, in a structured, commonly used and machine-readable format, including the right to transmit this data to another controller;

6. If treatment depends on your consent, is entitled to take it off;

7. Right to submit a complaint to the Data Protection Officer (DPO) of the ISEG and the Universidade de Lisboa via rgpd@ulisboa.pt and/or the Control Authority which in Portugal is the CNPD.

To exercise your rights, you must request in writing via rgpd@ulisboa.pt or official email addresses published on the ISEG website. For your security and whenever deemed necessary, the Services will request additional information to confirm your identity.

The ISEG reserves the right to periodically review the current policy, so we recommend that you periodically consult the Privacy Policy available on the website of the ISEG.

The Dean of ISEG

V02 of 07.22.2020