The processing of personal data should be lawful and fair, for specified, specific and explicit purposes.
The personal data processed must be adequate, relevant and limited to what is necessary for the specified purposes, these requirements apply to the amount of data, the extent of processing, accessibility of the data and the period of storage. Personal data should not be processed if the purpose of the processing can be reasonably fulfilled by other means.
Anyone with access to personal data under the responsibility of the University of Minho are bound by a duty of confidentiality with regard to this data, limiting themselves to processing it in the course of their duties and ensuring its security.
The data must be protected from unauthorized access and from accidental or unlawful disclosure, loss, destruction or alteration, in accordance with the risk that the processing presents to the data subjects.
The data subjects have the
right to receive concise and transparent information, in clear and plain language, about the processing of their personal data, in particular the specific purposes of the processing.
To exercise their
rights for the processing of their personal data, data subjects should preferably contact the Service or Body to whom they gave their data. If contact with that Body or Service proves to be ineffective or inconvenient, University of Minho has a
Data Protection Officer who will assist data subjects in the exercise of their rights.
The data subjects have the right to file a complaint with a
Supervisor Authority, whenever they find that the processing of personal data concerning them violates the personal data protection regime.
The
Subcontracting of the processing of personal data does not diminish the obligations of the Controller, and must be formalized in a document that determines the object, the duration, the nature and purpose of the processing, the categories of personal data and the categories of data subjects, and the obligations and rights of the Controller. The use of online services, which are not contracted, is not suitable for the processing of personal data due to the lack of the necessary guarantees.
Data Protection Officer of the University of Minho:
Address: Protecao de Dados, Universidade do Minho, Edifício 10, sala 0.17 - Campus de Gualtar - 4710 - 057 Braga - Portugal
National Supervisor Authority for the Protection of Personal Data:
Comissão Nacional de Proteção de Dados (CNPD), http://www.cnpd.pt