1. Privacy and security
1.1 OMIP is committed to make every effort to ensure the privacy and protection of personal data transmitted to it.
1.2 Where personal data are required by OMIP, the purpose, processing and retention of such data shall be described in this policy and performed in accordance with the applicable legislation on the protection of personal data.
1.3 OMIP shall adopt the proper physical, logical, technical and organisational security measures to protect personal data from being disseminated, changed, lost, misused, processed and accessed without authorisation or stolen, as well as to protect it against any other form of illicit processing.
2. Entity responsible for data processing
2.1 OMIP – Pólo Português, SGMR, SA shall be the entity responsible for the processing of personal data.
2.2 Any communication made under this policy shall be addressed in writing to:
OMIP – Pólo Português, SGMR, SA
C/O GDPR OMIP
Avenida Casal Ribeiro, 14 – 8.º Piso
1000 - 092 Lisboa
Portugal
or to the e-mail address: gdpr@omip.pt.
2.3 In the course of its activities, OMIP resorts to external service providers who may have access to personal data for which OMIP is responsible.
2.4 In the cases identified in the preceding paragraph, OMIP shall adopt the appropriate technical and organisational measures to ensure that the subcontracted entities comply with the applicable legislation on privacy and personal data protection, including the exercise of data subjects’ rights.
3. Purpose of data processing
3.1 Personal data collected by OMIP shall be processed for the following purposes:
I. Compliance with legal and contractual obligations to which OMIP is subject;
II. Exercise of legal and contractual rights in the applicable cases;
III. Establishment and development of commercial relations;
IV. Sending of information and marketing communication related with the services provided by OMIP;
V. Allow access to the information available in OMIP’s information systems.
3.2 OMIP undertakes to use personal data only for the purpose for which they were collected.
4. Processing of personal data
4.1 Personal data processing at OMIP is limited to the collection, record, organisation, consultation and retention of information, in strict compliance with the legal obligations to which OMIP is subject.
4.2 OMIP undertakes to observe the following principles in any operation involving personal data:
I. Lawfulness, fairness and transparency;
II. Purpose limitation; III. Data minimisation;
IV. Accuracy;
V. Storage limitation;
VI. Integrity and confidentiality.
5. Retention of personal data
5.1 Personal data shall be processed for no longer than necessary for complying with the purposes described in paragraph 3.1 of this policy.
5.2 Personal data shall be retained by OMIP for the mandatory legal period of time.
6. Rights of personal data subjects
6.1 Personal data subjects may, at any given time, exercise their rights of access, rectification, erasure, objection, portability and restriction of data processing, under the terms set out in the legislation in force, without prejudice, however, to ensuring compliance with the legal obligations to which OMIP is subject.
6.2 Personal data subjects shall request the exercise of their rights to OMIP, in writing, to the contacts mentioned in paragraph 2.2 of this policy.
6.3 In exercising their rights, personal data subjects may be required to prove to OMIP that they own the personal data.
6.4 Personal data subjects may also file a claim with the Portuguese Data Protection Authority (CNPD), if they consider that the processing of their personal data breaches the applicable legislation.
7. Breach of personal data
7.1 OMIP undertakes to notify the competent authorities, under the legal terms, of any breach of personal data likely to be a high threat for the rights and freedoms of personal data subjects.
7.2 OMIP undertakes to notify the personal data subject, under the legal terms, of any breach of their personal data likely to be a high threat for their rights and freedoms.
8. Cookies
8.1 Cookies are small data files that store relevant information about the User’s activity in websites and are stored on the access devices (computer or mobile equipment) through the Internet browser.
8.2 The information obtained allows the website to manage sessions, identify problems and offer a better performance and navigation experience.
8.3 OMIP’s website uses the following cookies:
I. _gat, _ga e _gid: used by Google analytics, and it expires at the end of the session;
II. cookie-agreed: used to confirm that the User accepts the use of cookies, and it expires after 10 days;
III. has_js: used to check if the User has the Javascript enabled on its browser and it expires at the end of the session;
IV. SESS<+ 32 variable characters>: created only when the User logs in the portal and is valid for maintaining the session for a period of 23 days.
8.4 Users may block or delete cookies stored on their devices through the functionalities of web browsers or any other application suitable for that purpose.
8.5 Refusing cookies may disable important features in OMIP’s corporate website, including the access to the portal.
8.6 The information collected by cookies may be used by OMIP and its subcontractors.
9. Final provisions
9.1 OMIP reserves the right to change its privacy policy at any time for the purpose of adapting to legal amendments and compliance thereto.
9.2 OMIP’s privacy policy is available on its corporate website at OMIP.