Privacy Policy

Introduction

The protection of privacy and personal data is a fundamental commitment of Imprensa Nacional-Casa da Moeda, S. A. (INCM), to the data subject.

With the entry into force of the new General Data Protection Regulation (GDPR) INCM remains committed to and complies with personal data protection, privacy and information security legislation in order to protect the personal data and privacy of data subjects.

We will be clear and transparent about the information we are collecting and what we will do with that information.

This Policy sets out the following:

  • What personal data we collect and process about you and your relationship with us as a data subject;
  • From where we get the data;
  • What we do with that data;
  • How we store the data;
  • To whom we transfer/to whom we disclose the data;
  • How we handle your data protection rights;
  • And how we comply with data protection rules.

Person responsible for processing personal data

Imprensa Nacional-Casa da Moeda, S. A. (INCM), with head office at Avenida de António José de Almeida, Edifício Casa da Moeda, in Lisbon, sole number of legal entity and registry at the Commercial Registry 500792887, with the share capital of € 30 000 000.00 is responsible for collecting and processing the personal data of the data subjects, under the terms and for the purposes indicated in this document, in compliance with the legal obligations applicable in this matter. The data may be processed directly by INCM or by entities subcontracted for this purpose.

Principles of personal data protection

Within the scope of the activity carried out by the INCM personal data is processed. The collection of such personal data is carried out through the provision of our services, customer engagements, marketing activities or other ancillary and support activities. Data may be received directly from a data subject, for example, in person, by post, email, telephone or from other sources.

All employees and partners should only collect personal data that is relevant and necessary to perform their duties.

The INCM is committed to adhering to the data protection principles set out by the GDPR, which are:

  • Lawful, fair and transparent processing - this means that we must have a legitimate basis for which we are processing personal data, for example a contractual relationship with the data subject, or the processing is necessary for compliance with a legal obligation to which we are subject. It also means that we must inform the data subject about the processing in an accessible and easily understandable way;
  • Purpose - we must only collect personal data for specific, explicit and legitimate purposes and not process data beyond the purpose for which it was collected;
  • Data minimisation - adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accuracy - we have an obligation to ensure that personal data is accurate and to keep personal data up to date;
  • Limitation of retention - we must not retain personal data for longer than is necessary for the purposes for which it was collected, although we may retain certain data for historical and statistical purposes;
  • Integrity and confidentiality - handled in a manner that ensures its security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, adopting appropriate technical or organisational measures;
  • Lawful transfer to third countries or international organisations - we only transfer personal data to third countries or an international organisation where the EU Commission has confirmed that they ensure an adequate level of protection or, if not, that there are adequate safeguards in place;
  • Data subjects' rights - data subjects have various rights that we must respond to, for example, the right to access a copy of the data we hold.

What personal data we collect

Personal data refers to any information relating to the data subject that makes it possible to identify him or her.

What are the purposes of data processing, why and for how long

Your personal data will only be processed in cases where there is a basis for lawfulness. The basis of lawfulness will depend on the reasons why the personal data was collected and the need for its use.

We present the possible bases of lawfulness for the processing of your personal data:

  • Performance of a contract - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Legal obligation - processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Protection of the vital interests of the personal data subject - processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Legitimate interests of the enterprise - processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject require protection of personal data, in particular where the data subject is a child;
  • Consent of the data subject - the data subject has given consent to the processing of their personal data for one or more specific purposes.

Only minors aged 16 or over may give valid consent to the processing of personal data, otherwise it is only considered lawful if and insofar as it is given or authorised by the holders of parental responsibilities of the minor.
Personal data will not be kept longer than necessary to fulfil the purpose for which it was collected. In determining the appropriate retention period, the amount, nature and sensitivity of the personal data and the purposes of processing have been considered.
Periods during which there is a need to retain personal data due to legal obligations or to respond to complaints have been taken into account.
Personal data will be securely deleted after the defined retention period. Consideration will be given over time to minimising the personal data being processed and to assessing the possibility of anonymising them so that they cannot be associated with the data subject or identified, in which case it will be possible to use this information without further notification.

If you wish to know in more detail about the purposes of processing, grounds for lawfulness and/or retention periods for the personal data collected clique aqui.

Security of the data subject's personal data

A INCM undertakes to guarantee the security of the information it holds title to, as well as all resources associated with it, whether procedural, technological or human. The protection of information is fundamental for the strategic success of the organisation and for the sustainability of the business.

The management of information security and the systems that support it is carried out ensuring, through an approach based on risk management and continuous improvement, the confidentiality, integrity and availability of information. Safeguarding these three pillars of information security guarantees the image, reputation and credibility of the organisation and its production processes among employees, partners and customers.

Sharing of the data subject's personal data

The sharing of the data subject's personal data may only be carried out in the situations provided for in the RGPD and other applicable legislation.

Your data protection rights

By law, the data subject has the right to:

  • Request information about whether we hold personal data about you and, if so, what that data is and why we hold it;
  • Request access to personal data, receiving a copy of the personal data we hold about you and verifying that we are processing it legitimately;
  • Request the rectification of the personal data we hold about you and you can rectify at any time the incomplete or inaccurate data we hold about you;
  • Request the deletion of your personal data, and you may delete or remove your personal data at any time when a retention period is reached or the data processing is no longer lawful. You will also have the right to ask us to delete or remove your personal data where you have exercised your right to object to the processing (see below);
  • Oppose the processing of personal data in cases where we rely on a legitimate interest (or those of a third party) and there is a valid reason to object. You also have the right to object where we are processing your personal data for the purposes of marketing direct;
  • Opposition to automatic decision-making, including profiling;
  • Request the limitation of data processing, forcing the suspension of personal data processing;
  • Request the portability of personal data in a structured, electronic form to you or another entity;
  • Withdrawing consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific reason, the data subject has the right to withdraw their consent to that specific processing at any time.

If you wish to exercise any of these rights, please contact us at dpo@incm.pt or send your request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisboa.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly excessive or unfounded. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to ask you for specific information to help us confirm your identity and to help us secure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who is not entitled to receive it.

Cookies

Cookies are small text files transferred to your computer's hard drive via your browser web to allow us to recognise the browser and help us track visitors on our site.

The institucional  website (incm.pt) only uses cookies to get the user's session information, this allows the user to continue with the session started on the website while browsing.

Changes to the privacy policy

A INCM reserves the right, at any time, to make readjustments or changes to this Privacy Policy under the terms legally applicable, and these changes will be duly publicised in the appropriate places designated for this purpose by INCM.

Talk to us

The data subject may contact INCM for all matters relating to the processing of their data and the exercise of the rights conferred on them at the following address email: dpo@incm.pt or send your request by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisboa.