In this context, our aim is to explain the general rules for the processing of personal data collected in strict respect and compliance with the rules contained in the personal data protection legislation in effect, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
COMMITMENT OF THE PORTUGUESE ENGINEERS ASSOCIATION
The Portuguese Engineers Association respects the best practices in the field of data security and protection. Thus, it has taken the necessary technical and organisational measures in order to comply with the GDPR and ensure the protection and confidentiality of any personal data to which it has access in the fulfilment of its statutory obligations, ensuring that the processing of such data is lawful and transparent.
The contents of this Guide are merely informative, providing guidance and do not dismiss the guidelines of the applicable legislation.
WHAT IS PERSONAL DATA?
Personal data is any information, of any nature and regardless of the media, including sound and image, concerning an identified or identifiable individual.
An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, electronic identifiers or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
WHAT IS PERSONAL DATA PROCESSING AT OE?
Personal data processing consists of an operation or set of operations, which is performed upon personal data, whether or not by automated means, including collection, recording, organisation, structuring, preservation, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, restriction, erasure or destruction.
WHO IS THE DATA CONTROLLER?
The entity responsible for processing your personal data is the Portuguese Engineers Association, which determines data processing purposes and means.
WHO IS THE DATA PROTECTION OFFICER?
The Data Protection Officer is also responsible for the contact between the OE and the Portuguese Data Protection Authority (CNPD), as well as between the OE and its Members in matters concerning the processing of personal data.
Hence, should the personal data owner need to contact the OE data controller, they may do so as indicated below:
- Through written communication addressed to the data controller (OE) – Data Protection Officer, Av. António Augusto de Aguiar, 3 D – 1069-030 Lisbon;
- or by email –
PERSONAL DATA COLLECTION AND USE
The Portuguese Engineers Association continuously works to guarantee the security and confidentiality of data supplied by the respective owners, processing such information according to law. A Member may be asked to provide personal information whenever they contact the Portuguese Engineers Association. The Member is not obliged to supply any personal information requested, but if they choose to do so, they may not be able to access the services offered by the Portuguese Engineers Association, namely to access the electronic one-stop shop (Balcão Único Eletrónico) and the reserved area at the Engineers’ Portal, or have any questions they may have answered.
WHAT ARE THE PURPOSES AND RESPECTIVE LEGAL GROUNDS FOR PROCESSING PERSONAL DATA?
As a rule, any personal data collected is based on how the relationship with our Members is managed, services provided, as well as compliance with these services for the needs and interests of data owners. This is namely in order to access to specific functionalities of the services provided, content suggestions, training actions, events and workshops related to the areas of expertise and specialisation of the Portuguese Engineers Association. In addition, personal data may also be processed for compliance with legal obligations and for disciplinary purposes, investigation, detection and prosecution of serious crimes.
TYPES OF PERSONAL DATA WE COLLECT
As for applications for OE Membership, some information is collected from the applicants, namely name, taxpayer number, telephone number, e-mail, tax domicile, citizen card and/or identity card number.
Data is also collected regarding their academic and professional background, i.e.:
- Course, Educational Establishment and date of completion,
- Names and dates of all actions attended.
When an applicant becomes a Member, their signature is scanned and saved. This also includes the submission of a recent photograph.
For those Members who choose to have their membership fees paid by direct debit, the following data is also collected: IBAN code, Bank name and SWIFT code.
PERSONAL DATA PROTECTION
The Portuguese Engineers Association sees data security as a very serious matter, especially the personal data of its Members. Our online services made available to Members, such as the Electronic One-Stop Shop, ensure the protection of their personal data during the exchange of information through encryption, such as Transport Layer Security (TLS). Concomitantly, data is stored using computer systems with limited access and located in facilities that are subject to physical protection measures.
PERSONAL DATA INTEGRITY AND RETENTION
ACCESS TO PERSONAL DATA
Members can help ensure that their contact information and preferences are correct, complete and up to date by logging into their account on the Electronic One-Stop Shop:
Requests that are not legitimate or are offensive, endanger the privacy of others, are extremely difficult to fulfil or for which access is not otherwise required by law may be refused.
PERSONAL DATA USE
Personal data that the OE collects allows it to keep an updated record of its Members, with all the information on statements issued, professional licences and cards issued, events attended and fees paid.
Personal data is also used to help create, develop, use, make available and improve the services provided by the OE, namely the promotion of conferences, meetings, training sessions, events, workshops and other initiatives.
Their photograph and signature are used in the printing of professional licences, as well as on membership cards.
When Members register on the SIGOE platform, six pieces of information are used to identify the Member and, thus, give them access to their reserved area where they can check all their data, as well as interacting with the different services of the Portuguese Engineers Association.
The OE may use personal data for internal purposes such as audits, data analysis, etc.
Any personal data collected may be processed by computer in an automated or non-automated form. In all cases, this ensures strict compliance with the legislation regarding the protection of personal data, being stored in specific databases created for such purpose. Under no circumstances, shall any data collected be used for any purpose other than that which it was collected for or given consent by the data owner.
HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?
There are legal requirements that require data to be retained for a minimum period. Therefore, whenever there is no specific legal requirement, the data will be stored and preserved only for the minimum period necessary for the pursuit of the purposes that led to their collection or their subsequent processing, under the terms defined by law.
WHAT ARE YOUR RIGHTS AS A DATA OWNER?
As personal data owners, Members are ensured, at any time, the right to access, rectify, update, restrict processing and erasure of their personal data (except when the data is critical for the fulfilment of statutory duties and other legal obligations of the OE, and which is duly identified as being of compulsory submission), without this compromising the lawfulness of any data processing conducted under such consent.
HOW CAN YOU ACCESS, RECTIFY, UPDATE, RESTRICT, ERASE, OBJECT THE PROCESSING OF YOUR PERSONAL DATA, OR WITHDRAW CONSENT?
Notwithstanding the GDPR, personal data owners may do so, directly or by written request, addressed to the respective DPO, through the contacts made available in this document, as well as other contacts made available by the Portuguese Engineers Association.
HOW CAN YOU OBJECT TO BEING CONTACTED FOR PROMOTIONAL PURPOSES?
The Portuguese Engineers Association can promote new products, services, events and training actions to its Members, namely by phone, post, email, SMS, MMS or any other electronic communication service.
If personal data owners no longer wish to receive these communications, they may withdraw their consent to the use of their data at any time.
HOW CAN YOU COMPLAIN?
In addition to lodging complaints directly to the Portuguese Engineers Association through the contacts made available in this document, Data Owners may lodge a complaint directly to the Portuguese Data Protection Authority (CNPD), using the contacts provided by this entity for such purpose.
UNDER WHAT CIRCUMSTANCES WILL YOUR PERSONAL DATA BE SHARED?
Certain services provided by the Portuguese Engineers Association may involve the temporary transfer of your data outside Portugal, including outside the European Union or to International Organisations.
In such a case, the Portuguese Engineers Association will strictly comply with the applicable legal requirements, namely as regards the determination of the suitability of the recipient countries in respect of personal data protection and the requirements applicable to such transfers, including, where applicable, the signing of proper agreements that guarantee and respect the legal requirements in effect.
HOW YOU CAN FIND OUT ABOUT ANY CHANGES TO THE PERSONAL DATA PROTECTION POLICY OF THE OE?
DISCLOSURE TO THIRD PARTIES
Occasionally, the Portuguese Engineers Association may provide certain personal information to strategic partners, namely in the promotion of Congresses, Regional Engineer Days, events, training sessions and workshops. In this case, the only personal data made available will be very limited, namely name, email and mailing address.
The Portuguese Engineers Association may also be obliged to disclose personal data about its Members in accordance with the law, legal process, and settlement of disputes and/or requests by public or governmental authorities, either within or outside the Member’s country of residence. Information about a Member may be disclosed if such disclosure is deemed necessary or important, whether for national security, law enforcement or other purposes of public interest.
The OE may have to disclose information about its Members in order to comply with the statutory duties to which it is bound.
GLOBAL COMMITMENT OF THE PORTUGUESE ENGINEERS ASSOCIATION TO THE PRIVACY OF ITS MEMBERS AND EMPLOYEES
Approved by the National Directive Council on 18th May 2018