The present Privacy and Cookies Policy reflects GDA Foundation institutional concerns regarding the safety and privacy of personal data collected through this website, regulating simultaneously such data processing.
Notwithstanding the fact that GDA Foundation option was to present a “static” website without collection and processing personal data, in order to fulfill some initiatives, it may be necessary to require data to the users.
Although rarely asked, when the user makes available personal data in the navigation context of the present site, the user recognizes that he/she is aware and expressly accepts the present Privacy and Cookies Policy conditions.
The purpose of the present Privacy and Cookies Policy is to help users to understand what type of data may be required, how and why we process such data, as well as to inform about user rights of this site.
PERSONAL DATA COLLECTION AND PROCESSING
Personal Data Controller.
Under the terms of the present Privacy and Cookies Policy, the entity acting as data controller is Fundação GDA, VAT nr 509161596, with its social seat at Av. Defensores de Chaves, 46 A/B – 1000-120 Lisboa — Portugal.
Collected data types
During the site access no automatic personal information that may allow the identification of the user or his personal data is gathered.
The information the user voluntarily allows to collect, process and retain by GDA Foundation, when he/she wants to participate in any action or initiative promoted by the foundation or that is used to contact concerning our own initiatives, is the only information GDA Foundation keeps.
When processing any personal data, GDA Foundation assures the legality of such processing. We shall not do any processing that may be incompatible with the law or best practices in place.
Depending on the punctual needs of each initiative where it is necessary to proceed with the data collection, the data requested may differ.
The mandatory information fulfillment will always include: name and email address.
GDA Foundation may also request other data that, depending on the context in which the information is requested, may be of mandatory or volunteer fulfillment: birthday (or age), telephone nr, address, VAT nr, artistic area performed, household, consent to receive information concerning GDA Foundation activities and initiatives.
GDA Foundation may process collected data to draw profiles and conceive institutional communications adapted to the user interests and preferences. The profiles are created based on the information supplied by the user and are used, always upon express consent by the users, for mailing campaigns with GDA Foundation institutional informing about its actions and initiatives, as well as about the foundation internal life and its most relevant external action.
When GDA Foundation acts as controller for the personal data processing it has collected within the use of its site, GDA Foundation accomplishes all legal requirements bearing in mind the best practices in data base management.
GDA Foundation assures the quality, accuracy, the integrity, the confidentiality of the data entrusted as well as the legitimacy for its legal processing, namely: lawfulness, safety, processing confidentiality and no further use of the personal data for other purposes than those declared in the collecting moment, unless under express consent from the user.
GDA Foundation has the technical and organizational means appropriate to the protection of its site user’s personal data against the accidental or illicit destruction, accidental lost, amendment, disclosure and/or unauthorized access.
GDA Foundation uses systems and procedures appropriate to protect and safeguard the integrity of the personal data entrusted to it, namely: physical and technic organizational safety restrictions to access its servers and the respective access control, among other, only authorized personnel may accede to the personal data as for the tasks assigned and to the purposes indicated herein.
Notwithstanding and as far as allowed by the Law, GDA Foundation cannot be found liable for attacks or any other illegal acts perpetuated by a third party.
Personal data storage
Personal data collected through GDA Foundation website is kept as long as necessary for the purpose the user made available his data. Data collected to mailing and other institutional communications purposes will be kept, upon user consent as long as interested in receiving the information sent.
In order to stop receiving such information, the user will have to revoke the consent and/or mark the option “unsubscribe” in one of our communications.
User personal data is processed by GDA Foundation employees and collaborators that, in the course of fulfilling their duties are dully authorized to undertake the respective processing, being contractual and functional obliged to treat personal data from users, according to the law and the present Privacy and Cookies Policy.Except otherwise foreseen in the law or as soon as it is required by any entity so empowered, GDA Foundation is committed in not disclosing such information to third parties without the user previous consent, except if necessary, to the Personal Data Processing Rules or to manage interactive programs with the users.
When navigating in this site, the user consents to his personal data made available, within the use of GDA Foundation site may be communicated, in case that is allowed, to other countries where the servers that support GDA Foundation site are located (including the transmission from such places to his home country), in order to operate and develop this site and the services GDA Foundation offers.
GDA Foundation may use subcontractors’ services that act within the management of the site or the data base storage. The referred subcontractors will process the data according to GDA Foundation instructions and on its behalf. Such subcontractors are not authorized to use the referred personal data for other purposes and their service fulfilment is under confidentiality obligations concerning the applicable law.
Apart from the above-mentioned entities, personal data may be communicated, when required by the applicable law, to judicial or police authorities or any other authorities that may legitimately receive such data legally.
User personal data may be communicated, namely, to administrative or judicial entities in the context of proceedings for violation of Personal Data Processing rules to determine eventual civil, administrative or criminal liability.
Personal data collection mode
Currently, GDA Foundation collects personal data, when a user fills forms in its site, created through the Formsite and MailChimp platforms in its site. Even when GDA Foundation uses such services, only GDA Foundation has access to the data collected in these forms. As far as the collection, use, storage and processing of personal data is concerned, both digital platforms strictly apply the rules from the General Data Protection Regulation of the European Union, as it may be confirmed in the privacy policies from Formsite and MailChimp.
Traffic data and cookies
In its Site, GDA Foundation uses software and informatic systems that collect, during its normal operation, some personal data (designated by registry files), whose transmission is implicit in the use of Internet communication protocols.
Such information is not collected to be associated with concrete persons. However, due to its nature, it is possible to allow the person identification through the integration with data held by a third party.
GDA Foundation reserves the right to monitor and analyze traffic and clickstream flux, that is to say, the way and the time to leap from one page to another, only to statistic purposes, to understand the similarities, differences and user habits in order to personalize and to enhance the site navigation experience.
Other information may also be placed in the user computer to enhance the site performance and the Personal Data Processing Rules. Such information is usually designated as cookies. Cookies are small files stored in the user hard disk. Although anonymous, cookies allow the collection of certain information about the computer acceding the site, including the Internet protocol address (IP), the operative system and the type of browser used.
Cookies are a useful tool to analyze traffic in the site and to draw the demographic profile of the user’s community.
As the majority of the existing sites, GDA Foundation site uses its own- and third-party cookies, that not only help in the traffic analysis as they allow to enhance the user navigation experience – for example, reduced page loading time.
If the user does not wish to receive cookies it is possible to set your browser to such effect. However, to deactivate cookies may interfere in the navigation experience, causing difficulties or even stop viewing certain content.
Every time someone accesses GDA Foundation site our server registers automatically the IP (Internet Protocol) address, a number automatically assigned to the user computer by the Internet service Provider (ISP).
IP addresses collected by GDA Foundation will only be used in order to organize aggregated and impersonal information concerning the number of site visits, or in order to deny access to a certain visitor. In general, this data is also used to verify if the site is running properly.
GDA Foundation cookies list used in its site
Cookies defined by the library’s gtag.js and analytics.js Cookie Validity What is it for _ga 2 years To distinguish users _gid 24 hours To distinguish users _gat 1 minute To control the demand tax. If Google Analytics is implemented by the Google tag Manager, such cookie will be designated _dc_gtm_<property-id> AMP_TOKEN 30 seconds to 1 year Includes a token that may be used to recover a Client-ID of the AMP service. Other possible values indicate deactivation, ongoing request or error in recovering Client-ID in this service. _gac_<property-id> Includes information concerning campaigns directed to users. If the owner of the site linked his accounts with Google Analytics and Google Ads, the cookie will be analyzed by the conversion tags in the Google Ads site unless it has been deactivated. Other cookies used in GDA Foundation site Cookie Validity What is it for ads/ga-audiences Session Used by Google AdWords to involve again visitors that probably will be converted to client, based in the on-line behavior of the site visitors. r/collect Session Used to send to Google Analytics information about the device of the user (desktop or mobile) and his behavior, registering his path thorough marketing channels.
Link to third party sites
GDA Foundation site may include hyperlinks to third entity websites, where the GDA Foundation Privacy and Cookies Policy is not applicable. Therefore, we recommend a consultation to these sites privacy policies.
Right to revoke consent
According to the General Data Protection Regulation (GDPR), the user has the right to revoke, at any given moment, his consent to the storage and processing of his personal data. He may do so:
- by selecting the option “unsubscribe” in one of our communications via email;
- in writing to the address email@example.com
- in writing to the address: GDA Foundation, Av. Defensores de Chaves, 46 A/B – 1000-120 Lisboa – Portugal.
The written communication revoking the consent should mention the following data: given name and surname; email address and postal address (to eventually send notifications).
Data access right
The user has the right to be informed if his personal data is processed or not as well as to accede to the following personal information:
- processing objectives;
- personal data categories processed;
- if the data was not collected within the user, the origin of the available data;
- entities that act in the name and on behalf GDA Foundation;
- third entities to whom the data is communicated;
- data retention period or criteria to set up the period;
Data correction right
The user has the right to require and obtain his personal data correction when these are inaccurate or outdated.
Data deletion right
The user has the right to obtain his personal data deletion only in the following circumstances:
- the data is no longer necessary for the purpose it was collected and there is no legal rule imposing its further retention;
- the consent that legitimized the processing was withdrawn;
- the personal data is processed illegally;
- when the user opposes to data processing for marketing purposes, including the profile definition that may be associated with it;
- when the user opposes to data processing, according to article 21st, nr 1of the GDPR and there are no GDA Foundation legal prevailing interests;
- when the data must be deleted according to a legal obligation;
- the consent for data processing was given by his legal representatives under article 8th of the GDPR;
Data processing limitation right
This right allows the user to “freeze” his data processing for a certain period, and can not be communicated to a third party, internationally transferred or deleted.
This right may be exercised in the following situations:
- when the user contests the data accuracy until the processing controller verifies the respective quality;
- when the user opposes to the data processing until the legitimate interests prevailing are verified;
- when the data is required by the user in order to exercise a right in a judicial procedure, even when the data is not necessary to GDA Foundation;
- when the data is illegally processed and the holder does not pretend the respective deletion but wants limitations in the respective use.
The user has the right to be informed by GDA Foundation before the processing limitation request is revoked.
While the processing is limited, the data may only be used with the consent of the holder, to exercise a right in a judicial procedure, or a single person or company rights pleading due to ponderous public interest reasons.
Data portability right
The user has the right to receive from GDA Foundation his personal data, in a structured format, of current use and with automatic reading, as well as the right to transfer such data to another entity, only if the data processing in question is based on the consent or on a contract performed automatically.
The user may request GDA Foundation that his data may be transmitted to another processing controller if it is technically possible.
The right to data portability includes only data supplied by the user.
The user has the right to oppose, in any given moment, to his personal data Processing due to his particular situation:
- a necessary processing relating the fulfillment of public interest functions or the fulfillment of public authority;
- The prosecution of GDA Foundation or third-party legitimate interests;
- A data reuse for a different end than that of the initial collection, including profile definition.
In such cases GDA Foundation ceases the processing, unless in case of legitimate and compelling reasons that prevail over the rights and freedom of the holder, or for effects of a right exercise in a judicial procedure.
The user has the right to complain within the Comissão Nacional de Protecção de Dados (CNPD) (Data Protection National Commission) or within another control authority in data protection. CNPD contact details are as follows: Rua de São Bento n.º 148-3º 1200-821 Lisboa – Tel: +351 213928400 – email: firstname.lastname@example.org .
Rights exercise is free of charge.
Rights should be exercised within GDA Foundation, in writing to the email email@example.com; or to the postal address: Fundação GDA, Av. Defensores de Chaves, 46 A/B; 1000-120 Lisboa; Portugal.
In order to exercise his rights, the user should identify himself accurately and prove his identity, even if other personal data has to be made available beyond the data already processed by GDA Foundation.
The user should keep evidence that a request for the exercise of his rights has been presented.
GDA Foundation facilitates the user rights exercise, and its answers should be available with a simple and clear language, within one month as from the date the request is received.
Should it be needed, this period can be extended for a further two-month period. In such cases, GDA Foundation will inform the holder about the period extension, justifying the delay of the original period deadline.
When exercising his rights, the user may not undermine third parties’ rights and freedom.
GDA Foundation reserves the right to refuse the request, in case this is groundless or excessive, namely due to its recurring character. In such case, GDA Foundation may demand the payment of a fee to cover the respective administrative costs.
GDA Foundation is obliged to maintain the user’s personal data updated, providing its update when necessary and taking the adequate measures to assure that inaccurate or incomplete data are deleted or corrected.
GDA Foundation is driven by the actual legislation and it is bound to the accomplishment of the present Privacy and Cookies Policy. Any amendment in the Privacy and Cookies Policy will be published in this site, and therefore the regular reading of the present document is suggested.
The version published herein is the version in force.
GDA Foundation may change the present Privacy and Cookies Policy or amend, modify or cancel the access to this site without any previous or further notice, and therefore we recommend to read the present document and review the same every time our site is accessed so that you may be aware of any changes.
GDA Foundation has the right to review safety policies and the data protection safeguard rules as appropriate.
More detailed information about data protection may be obtained trough the consultation of the applicable law, namely the GDPR and Law nr 58/2019, of the 8th August, about GDPR execution in Portugal.
DATA PROTECTION OFFICER
GDA Foundation appointed Dr. Pedro Simões Dias as Data Protection Officer, with the following contacts: firstname.lastname@example.org and professional address at Edifício Europa, Avenida José Malhoa, 16, Piso 2 – B2 1070-159 Lisboa, Portugal.
The Privacy and Cookies Policy of the site was made available and in force as from January 2020.