Imprensa Nacional-Casa da Moeda, S. A. (hereinafter “INCM”) undertakes to ensure the protection of privacy and personal data of the data subject.
With the entry into force of the General Data Protection Regulation (GDPR), INCM remains committed to comply with the legislation for the protection of personal data, of privacy and of information security, in order to protect the personal data and privacy of the data subjects.
We will be clear and transparent about the information we are collecting and what we will do with this information.
This Policy defines the following:
- Which personal data we collect and process about you and about your relationship with us as the data subject;
- From where we obtain the data;
- What we do with those data;
- How we store the data;
- To whom we transfer / to whom we disclosure the data;
- How we process your data protection rights;
- And how we comply with the rules of data protection.
Personal data controller
Imprensa Nacional-Casa da Moeda, S. A. (INCM), with registered office at Avenida António José de Almeida, Edifício Casa da Moeda, in Lisbon, registered with the Commercial Registry Office, holder of registry number and tax number 500792887, with the share capital of € 30,000,000.00 is responsible for the collection and processing of personal data of the data subjects, under the terms and for the purposes of the present document, in compliance with the applicable legal obligations. The data may be processed directly by INCM of by entities sub-contracted for that purpose.
Principles of protection of personal data
Within the scope of the activity developed by INCM, personal data are processed. The collection of these personal data is carried out through the provision of our services, commitments to clients, marketing activities or other ancillary activities or of support. Data can be received directly from the data subject, for instance, in person, by mail, by email, by telephone of by means of other sources.
All collaborators and partners should only collect personal data that are relevant and necessary to the performance of their duties.
INCM undertakes to adhere to the data protection principles laid out by the GDPR, which are as follows:
- Lawful, fair and transparent processing – this means we should have a lawful basis to the processing of personal data, for instance, a contractual relation with the data subject or data processing is necessary to the fulfilment of a legal obligation we are subject to. That also means we should inform the data subject about the data processing in an accessible, easily comprehensible fashion;
- Purpose – we should only collect personal data for specific, explicit and legitimate purposes. And we should not process data beyond the purpose for which they were collected;
- Data minimisation – adequate, pertinent and limited to what is necessary concerning the purposes for which they are processed;
- Accuracy – we are required to guarantee that personal data are accurate and to maintain up-to-date personal data;
- Storage limitation – we should not store personal data for a longer period than what is necessary for the purposes for which they were collected, although we can store certain data for historic and statistical purposes;
- Integrity and confidentiality – processed in a manner that ensures their safety, including protection against unauthorised or unlawful processing and against their accidental loss, destruction and damage, adopting the adequate technical and organisational techniques;
- Transfer to third party countries or international organisations – we only transfer personal data to third party countries or to an international organisation if the European Commission has confirmed that they ensure an adequate level of protection or, otherwise, if there are appropriate safeguards in force;
- DData subjects’ rights – the data subjects have several rights to which we should address. For instance, the right of access to a copy of the data we possess.
Which personal data we collect
Personal data refer to any information concerning the data subject which allow his or her identification.
Purposes of data treatment, why and for how long
Your personal data will only be subject to processing in case there is a lawful basis. The lawful basis will depend on the reasons for which the personal data were collected and the need for their use.
We hereby present the possible lawful basis for the processing of your personal data:
- Performance of a contract – if data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Legal obligation – if data processing is necessary for compliance with a legal obligation to which the controller is subject;
- Protection of data subject’s vital interests – if data processing is necessary to protect vital interests of the data subject or of another natural person;
- Performance of a task carried out in the public interest or in the exercise of official authority – if data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Legitimate business interests – if data processing is for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
- Data subject’s consent – if data subject has given his or her consent to the processing of personal data for one or more specific purposes.
Personal data will be maintained for no longer than the time necessary to the fulfilment of the purpose for which they were collected. In order to determine the appropriate retention period, quantity, nature and sensitivity of the personal data and purposes of processing were taken into consideration.
Click here for more details about the purposes of data treatment, lawful basis and / or retention period of the personal data collected.
Security of personal data of the data subject
INCM undertakes to ensure the security of the information it holds, as well as all associated resources, whether procedural, technological or human. Protection of information is key to the strategic success of the organisation and to the sustainability of the business.
Management of the security of information and of the systems that support it is carried out by ensuring, through an approach based on risk management and continuous improvement, confidentiality, integrity and availability of all information. The safeguard of these three pillars of information security constitutes a guarantor of image, reputation and credibility of the organisation and of its production processes to collaborators, partners and clients.
Sharing of personal data of the data subject
Personal data of the data subject may be shared in the situations laid out by the GDPR and other applicable legislation.
Your data protection rights
By law, the data subject is entitled to:
- Enquire if we hold personal data about her or him and, if so, which data are those and why we hold them;
- Request access to personal data, receiving a copy of the personal data we hold, and verify if we are processing them lawfully;
- Request the rectification of personal data, being able to, at any moment, rectify incomplete or imprecise data we may hold;
- Request the erasure of personal data, being allowed to delete or remove personal data, at any moment, whenever a period for which the personal data were stored has expired, or data processing is no longer lawful. Data subject also has the right to request us to erase or remove their personal data when he or she has exercised his or her right to object to processing (see below).
- Objection to data processing in such cases when we depend on a legitimate interest (or those of a third-party) and there is a valid reason for this objection. The data subject also has the right to object in cases when we are conducting the processing of personal data for direct marketing purposes;
- Objection to automatic decisions, including the creation of profiles;
- Request the restriction of data processing, forcing the suspension of the processing of personal data;
- Request the portability of personal data in a structured and electronic form for him or her or for another entity.
- Withdraw consent. In limited circumstances in which he or she may have given consent to the collection, processing and transferal of their personal data for a specific purposes, the data subjects have the right to withdraw consent to that specific treatment at any time.
If you wish to exercise any of these rights, contact us through the email firstname.lastname@example.org or send us your request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisbon.
You will not have to pay a fee to access your personal information (nor to exercise any other right). However, we may charge a reasonable fee in case your access request is clearly excessive or manifestly unfounded. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to ask you specific information to help us confirm your identity and guarantee your right of access to this information (or to exercise any other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person whom is not entitled to receive it.
Cookies are small text files transferred to the hard disk of your computed through your web browser to allow us to recognise the browser and help us keep track of the visitors of our site.
Talk to us
The data subjects may contact INCM concerning all issues related to the processing of their data and to the exercise of their rights through the following email address: email@example.com or send their request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisbon.