Search button

Personal Data Protection Policy

ISEG – Lisbon School of Economics and Management, Universidade de Lisboais committed to protecting and respecting the privacy of the holders of personal data, guaranteeing the confidentiality and integrity of the information, in compliance with the General Regulation for the Protection of Personal Data (GRPD) and the Portuguese Data Protection Law 58/2019 that is in force.

The processing of holders’ personal data is carried out by ISEG, within the scope of its mission as a higher education institution, with the following legitimacy and purposes:

Category of the holders of personal dataLegitimacy or legal foundationPurposeCategories of those who have access to personal data
Visitors to the websiteConsentInformation in accordance with the cookie policyNot applicable
Student Applicants, Alumni, and Other VisitorsConsentInformation and communicationEvents organisers
ISEG StudentsStudy Contract; Specific consent (for image and employability activities); Legal obligations; Defence of vital interests; Legitimate interests of ISEG (identification for security purposes)Teaching – learning; Student satisfaction evaluation; Emergency responseGuardians and legal and official entities (including auditors and inspectors); Insurance companies; Banks (for ISEG card holders); Employability partners; Emergency Services
Faculty and Non Faculty StaffEmployment contract; Service provision contract; Legal obligations; Defence of the vital interests of the data holder; Public interestImplementation of the mission, organisational objectives, and legal obligationsGuardians and legal and official entities (including auditors, inspectors, solicitors); Insurance companies, and Company doctors; Banks (for ISEG card holders)
HEEs and PartnersContract/Partner agreementsCommunication and joint participation in mission-related activitiesGuardians and Event Organisers, Insurance companies
SuppliersContract; Legal obligationsCommunication as part of the Provision of ServicesTutela e entidades legais e oficiais (incluindo auditores e inspetores)

ISEG can process different types of personal data for various purposes, namely:

· Identification data (such as name, date of birth, identification document number), contact details (such as mobile phone, address, or e-mail);
· Qualification and professional status data (such as education, performance appraisal);
· Bank, financial, and transaction details (such as IBAN, tax identification number);
· Specific data (health, infractions, or criminal offences);
· Recorded images at events;
· CTTV surveillance images.

In accordance with ISEG‘s data retention policy, personal data will be destroyed as soon as its legitimacy and purpose ends, that is to say, within the period considered adequate and/or necessary to fulfil the objectives for its collection, in accordance with the applicable laws.

ISEG periodically evaluates the risks of breach of privacy for its holders and implements the technical and organisational measures which are considered appropriate within the organisation’s ability to prevent loss, misuse, alteration, unauthorised access, and misappropriation of the personal data which has been provided or transmitted.

When data processing is carried out by third party subcontractors (processors), a contract is established between the parties regarding GDPR compliance, in order to guarantee that the data processing meets the agreed requirements and that it ensures the defence of the rights of personal data holders.

As a holder of personal data, you are entitled to the following rights:

1.  The right to obtain confirmation that your personal data are subject being processed, and, if applicable, the right to access your personal data and access the information provided for by law;

2. The right of the ISEG Services to rectify inaccurate or incomplete data about yourself, without undue delay;

3.  The right to request the deletion of your data when personal data are no longer necessary for the purpose for which they were collected, without undue delay;

4. The right to request the limitation of the processing of your data in certain cases, namely, if the processing is unlawful and if you oppose the deletion of the data, whilst equally requesting the limitation of its use;

4.   The right to the portability of your personal data which you provided to ISEG, in a structured format for common use and automatic reading, which also includes the right to transmit this data to another processing entity;

6. If the processing depends on your consent, you have the right to withdraw it;

7.  The right to file a complaint with ISEG’s Data Protection Officer (DPO) and Universidade de Lisboa, by sending an email to rgpd@ulisboa.pt and/or the Controlling Authority — the CNPD.

In order to exercise your rights, you must submit a request in writing by email to rgpd@ulisboa.pt or to the official email addresses published on the ISEG website. For your security and whenever deemed necessary, the Services will request additional information to confirm your identity.

ISEG reserves the right to periodically review the current policy, and we therefore recommend that you periodically consult the Privacy Policy which is displayed on the ISEG website.

The Dean of ISEG

Professor Clara Raposo, PhD
V02 of the 22.07.2020