Identification of the Controller
The entity responsible for processing personal data is ENSILIS, EDUCAÇÃO E FORMAÇÃO UNIPESSOAL, LDA. (hereinafter ENSILIS) with NIPC 504 669 788 and headquartered in Quinta do Bom Nome, Estr. da Correia 53, 1500-210 Lisbon.
ENSILIS has formally appointed a Data Protection Officer, with the following communication channel enabled to communicate with them: firstname.lastname@example.org.
ENSILIS seeks to apply the best market practices in terms of data protection and information security.
Likewise, it seeks to adopt the appropriate technical and organizational measures necessary to guarantee the confidentiality, integrity, availability and resilience of the Personal Data for which it is Responsible for Processing.
Without prejudice to the foregoing, applicable legislation will prevail over this Policy if – and to the extent that – it exceeds its standards, or imposes more stringent requirements and, finally, provides a greater degree of protection.
In cases where this Policy provides a greater degree of protection than applicable law or provides additional safeguards and rights for Data Subjects, this Policy will apply.
Personal Data Processing
The Portuguese National Law on the Protection of Personal Data (Law no. 58/2019, of 8 August, hereinafter referred to as “LERGPD”) and the General Regulation on Data Protection (Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, hereinafter referred to as “GDPR” or “Regulation”) ensure the protection of natural persons with regard to the processing of Personal Data and the free movement of such data.
In legal terms, personal data is considered to be any “information relating to an identified or identifiable natural person (“data subject”); An identifiable natural person is considered to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
This document describes the way in which ENSILIS defines itself internally and complies with applicable legislation on the protection of personal data, but may, however, be complemented by other procedures on Data Protection, which are defined and disclosed by ENSILIS, through the several channels available.
This Policy is intended to serve as guidance, whenever there are doubts regarding the processing of personal data in the different realities with which Data Subjects may be related.
In this sense, this Policy is intended for anyone who wants to understand how ENSILIS processes and protects the Personal Data of its Subjects, namely:
- To potential students;
- To students;
- To former students;
- To third party visitors;
- To newsletter subscribers;
- Other participants in events promoted by ENSILIS;
- Suppliers and customers;
- Academic community;
- To workers, lecturers and other providers of occasional services in the area of education.
During the collection process, only the data absolutely necessary to fulfill the purpose of the informed collection, or related purposes, will be requested and under the assumption of the basis of lawfulness explained to the Data Subjects.
Purposes for the Processing of Personal Data
Personal Data may only be processed for specific purposes – or others, but only when related – communicated to the Data Subject at the time the data was originally collected. They will be:
Operations Management Purposes:
ENSILIS, for the management and organization of the reception on its facilities, the library and the control of its facilities using video surveillance, collects and processes personal data, to:
- Provide information to students about classes/teachers: name, telephone number, email;
- Control entries outside normal opening hours of the facilities: name, entry time and exit time;
- Contact the owners in case of lost property: name, telephone number, email;
- Other session data.
- Manage and control publication reservations: name, student number, address, email, educational institution;
- Manage and control the transfer of overdue material: name, student number, address, email, educational institution, period of delay;
- Manage the Institutional Repository: name of the author, work.
Other facilities - Video surveillance
- Guarantee of protection of ENSILIS people and assets, in areas where video recordings are authorized: images of all visitors to ENSILIS facilities.
Admissions/Registration Management Purposes:
ENSILIS collects and processes personal data for the management of:
- Application/Registration for the different training offers, degrees, masters, postgraduate degrees and doctorates: name, photograph, identification document number, NIF, NISS, telephone number, email, address, amount charged, IBAN, parents' name, professional experience, academic qualifications, curriculum vitae data, nationality; school hours; emergency contact; type of admission; height; date of birth; national exam scores; gender; student number, date of enrollment, date of cancellation of enrollment, academic year, level of interest demonstrated by the student, obstacles related to enrollment and non-enrollment, important notes regarding the commercial follow-up process, enrollment, if applicable, payments made on the scope of registrations in academic programs, declarations from an employer for the purpose of granting student worker status, data and documentation necessary to activate payments by direct debit, data and documentation necessary for registration in internal scholarships, enes form/entry mode, letter of motivation, letter of recommendation, issuance/delivery of a student card, attendance conditions, documents required to carry out entrance tests for those over 23, exams taken within the scope of providing entrance tests for those over 23, courses attended within the scope provision of entrance tests for those over 23, worker-student status, documents required to apply for worker-student status, enrollment in courses to support curricular content, level of knowledge of the English language, related statements, note of prerequisites, clothing size;
- Management of the contractual relationship with the student: the other data indicated in the previous point, including the data necessary for the student's training, teaching and online assessment.
- Management of enrollments, annual registrations, preparation course registrations, release of grades, release of tuition fees and fees, receipt of tuition fees and fees, validation of grades, issuance of deadlines, issuance of all types of documentation requested by the student , entry of credits: name, photograph, date of birth, identification document number, telephone number, email, address, NIF, NIB (direct debit), marital status, affiliation, curriculum vitae, professional status, academic background, education , salary, financial situation, assets; social security registration (in case of submitting a request for the award of DGES Scholarships);
- Student treasury management: name, student number, telephone number, email, address, NIF, tuition fee amount, due date, IBAN;
- Management and monitoring of students in default: name, photograph, telephone number, email, address, NIF; amount charged; billing date; IBAN; account debit authorization; treasury situation; payment history and payment arrangements;
- International mobility: name, photograph, date of birth, identification document, NIF, amount transferred (in case of Erasmus scholarship application and others), date, IBAN, emergency contact;
- Support in finding a curricular internship: name, photograph, telephone number, email, address, curriculum vitae, professional status, education;
- Support in finding an extracurricular internship: name, photograph, telephone number, email, address, curriculum vitae, professional status, education;
- Management of internship protocols: name, identification document number, address; telephone number, email, NIF, IBAN;
- Support when searching for a job: name, photograph, telephone number, email, address, curriculum vitae, professional status, education;
- Management of participation in events: name, profession, company, telephone and email contact, heading;
- Record proving consent obtained and respective elements of proof of online consent: IP, name, contact address, email, consent response, other variable data depending on the consent requested and purpose.
Management and Academic Communication Purposes
ENSILIS collects and processes personal data for the management of:
- Internal/external communication of student matters or matters in the global academic context, by email, call, SMS or postal mail: name, student number, email, address;
- Registration for events: name, telephone number, email;
- Advertising of events: photographs, videos, sound recorded at events organized by ENSILIS;
- Call recording (call-center): voice, name, any information that the Subject provides in the context of contacts made.
Advertising and Marketing Purposes:
- For the objectives and purposes related to advertising and marketing of ENSILIS and its different brands, the activities will be:
- Initial Commercial Prospecting, by email, call or text: name, telephone number, email, current education, course of interest; attended secondary school;
- Commercial prospecting through Hubspot and follow-up with a view to admission: name, telephone number, email, address, names of legal representatives, if they are minors, education, professional training, course preferences, entry modes, type of offer , Study areas;
- Dissemination of photographs and videos in newspapers, magazines, news, websites and social networks to publicize ENSILIS events, as well as publication of the University's weekly agenda: image.
This processing sees as its main data processing activities the management of:
- Any situation communication referenced/reported by students: name, student number, telephone number, email, specific details of the situation.
Guidance, Co-Guidance and Research Management Purposes:
This processing sees as its main data processing activities support in:
- Submission and preparation of students' Articles, Theses and Dissertations: name and email of the supervisor(s), data related to the academic/professional path, name, student number, telephone number, email, specific related data with the student's academic status, project number, opinion of the Data Protection Officer, opinion of the Ethics Committee, other data contained in the final document, as well as intellectual property originating from the final document.
Purposes of Human Resources Management
ENSILIS collects and processes personal data for the management of:
- Management of the contractual relationship: name, civil identification number, NISS, telephone number, email, address, others that apply;
- Provision and administration of compensation, benefits and incentive plans, and carrying out the relevant tax and social security deductions and contributions: name, identification document number, NISS, NIF, address, email, IBAN, marital status, household, professional category, educational qualifications, career progression, salary and salary supplements;
- Reimbursement of professional costs and expenses: name, IBAN;
- Identification and effective communication with employees: name, telephone number, email, address;
- Training, development, promotion, career planning: name, telephone number, email, address, career progression, professional training, department, performance evaluation, salary;
- In cases where legislation allows and when applicable, the processing of information about absences or medical information about health or physical or mental state, in order to assess eligibility for integration into the disability or remuneration scheme or related benefits with permanent incapacity, determine fitness to work, facilitate return to work, make adjustments to duties or the workplace, make management decisions about the employment or service provision relationship, or about the continuation of that relationship, or about the reassignment, and conduct the associated management processes: name, NISS, telephone number, email, address, aptitude record;
- Plan, manage and implement restructuring or dismissals due to the elimination of jobs or other change plans, including carrying out consultations, selection processes, research into employment alternatives and making associated management decisions (in the case of relationships employment status): name, civil identification number, address, professional category, salary;
- Fulfillment of reference requests, in cases where the applicant in question designates ENSILIS for this purpose: name, email;
- Planning, prior audit and implementation of a commercial operation or a transfer of services involving ENSILIS that affects the employee's relationship with ENSILIS, such as mergers and acquisitions or the transfer of the employee's job in accordance with the applicable standards in automatic transfer matter: name, civil identification number;
- Organizational restructuring with an impact on the employees' workplace, resulting in the change of residence of employees and dependents (if applicable): name, civil identification number, address, others that are applicable;
- Management of the exercise of rights and compliance with ENSILIS' obligations, and for any purposes related to legal actions brought by or against the employee, or which otherwise involve him or her, including the management of attachments to which the employee's consideration is subject: name, civil identification number, NISS, telephone number, email, address, NIF, IBAN, professional category, others that are applicable;
- Manage the employee's union membership and ensure respect for their rights in relation to any union membership, as necessary to allow ENSILIS to fulfill its labor obligations: name, union membership;
- Management of disciplinary sanctions: name, civil identification number, telephone number, email, address, others that may be applicable;
- Attendance control: ID, institutional email, attendance, faculty to which you belong, department.
In no case will Personal Data of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data relating to health and sexual life, genetic or biometric data be directly requested, except when, at the times in which the request occurs, the User Data Subject freely expresses their will and consent, or this is a legal obligation of ENSILIS.
Only fields marked with * will be mandatory fields, either arising from an existing legal obligation for that purpose, or in compliance with pre-contractual and contractual obligations.
Basis of Lawfulness/Purposes:
The legal basis for this processing of Personal Data is:
- If the processing of these Personal Data is necessary for the execution of the contract or for carrying out applicable pre-contractual measures, in accordance with article 6, paragraph 1, al. b) GDPR;
- In the need to comply with legal obligations related to ENSILIS's activity, in accordance with article 6, paragraph 1, al. c) GDPR;
- In the legitimate interests pursued by ENSILIS, as controller, in accordance with article 6, paragraph 1, al. f) GDPR;
- In the consent provided by Subjects, for the most diverse purposes, freely, expressly and embodied in a clear and unequivocal positive act, in accordance with article 6, paragraph 1, al. a) and article 7 of the GDPR.
- Even so, upon request, we will seek to ensure that the ease with which it is provided is similar to that of its withdrawal, if intended by the Data Subject, and you can consult how to do so in this Policy.
Recipients of Personal Data:
ENSILIS may share data with entities in the group of companies that make up ENSILIS.
ENSILIS will use companies that provide services, namely cloud storage, email management, systems management and IT security, website development and maintenance, network security, hygiene and safety, among others.
Likewise, ENSILIS may share data with public entities that have legal legitimacy to process the data in question, such as DGES, Public Administration, Trade Union Entities, Banking Institutions, Insurance Companies, Travel Agencies, Training Entities, as well as auditors internal and external ENSILIS.
In any of the cases mentioned, ENSILIS declares that it has signed the respective Personal Data Processing Agreements with each service provider with access to personal data, in order to guarantee that the data will be processed in accordance with current legislation on protection. of Personal Data.
ENSILIS may also have to transmit Personal Data to entities that have legal legitimacy to process the data in question, when legally applicable.
The Data Subject declares and guarantees that he or she is at least 18 years of age.
If the student is a minor, they must be accompanied by their parental guardians to make informed decisions related to the contractual relationship with ENSILIS.
If consent is requested for any processing activity of a minor student, the minor student must ask their parental guardians to read and competently sign/manage the requested consent.
7. International Data Transfers
Personal Data may only be transferred to another entity outside the European Economic Area (EEA), if this transfer is in accordance with the principles of Data Protection and the other rules established in this policy and in the applicable laws and deliberations in matters of Protection. of Data.
As such, such a transfer can only occur if it is in accordance with the purpose for which the data was collected and if the transfer is necessary for that purpose.
When implementing this policy, ENSILIS will respect legal requirements that will impose specific conditions on International Transfers of Personal Data.
Therefore, Personal Data can only be transferred from an EEA country to countries outside the EEA (“third countries”) when the European Commission considers that they guarantee an adequate level of protection.
If the third country does not offer this level of protection, Personal Data may, as a general rule, only be transferred to that country if the data exporter and importer implement any of the appropriate guarantees set out in article 46, paragraph 2 and 3 GDPR.
Even so, the probability of ENSILIS making these transfers will be residual and, if it exists, it will do so by applying additional requirements.
Personal Data Rights Exercise
Data Subjects have the prerogative to exercise the following rights:
- Right to information: to be informed, prior to the processing of Personal Data, about aspects related to its processing and, also, to request additional information about the use of your Personal Data at all times;
- Right of Access: obtain confirmation that the Personal Data concerning you are being processed or not and to access the Personal Data that you have provided to ENSILIS and that ENSILIS has;
- Right to Data Portability: request the transmission of the Personal Data you provided to ENSILIS, if technically applicable;
- Right to Rectification: request the correction or update of your Personal Data;
- Right to Erasure: request the erasure of your Personal Data, when the law or contract allows;
- Right of Limitation: request the restriction of how ENSILIS uses your Personal Data, correcting or clarifying any doubts about its content or processing thereof;
- Right to Oppose: Object to the continued processing of this data;
- Right not to be subject to automated individual decisions;
- Right to lodge a complaint with the competent supervisory authority: the National Data Protection Commission.
- Data Subjects also have the right to withdraw or change, at any time, the consent they gave to ENSILIS for the use of their Personal Data, when this has been the legal basis for processing them.
- To this end, you may exercise your rights directly and free of charge, with rare exceptions, to:
- The email address email@example.com indicating in the subject "EXERCISE OF RIGHTS".
- Your request must include date, name and surname, applicable mobile contact/email address and the specific request.
Personal Data is processed with the level of protection legally required to guarantee its security and prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology.
Access to the Personal Data of Data Subjects will always be carried out under the commitment of:
- Taking legally required security measures, of a technical and organizational nature, that guarantee your safety;
- Process them exclusively for previously defined purposes, or purposes related to them.
Conservation of Personal Data
Personal Data will only be stored and processed for the period that is necessary or mandatory to fulfill the purposes described above, applying appropriate conservation criteria to each processing and in accordance with applicable legal and regulatory provisions and even the prescription of civil and criminal liability.
After the respective data retention period has elapsed, they will be deleted or made anonymous, when they should not be kept for a separate purpose that may prevail.
ENSILIS is not responsible for any acts or omissions of third parties, particularly regarding links to third-party websites/applications and their contents.
In the event of a merger, split, transformation, dissolution or insolvency of ENSILIS, Personal Data may be transmitted to third parties, as a commercial asset, always in compliance with applicable law and maintaining Data Subjects their rights, particularly regarding consent provided and the rights of opposition, access, rectification, erasure, limitation and portability.
In case of possible legislative changes, ENSILIS reserves the right to change this Policy at any time, so you should consult it whenever you use this application.
The Data Subject has the right to submit a complaint, if they consider there is a basis for doing so, in matters of Personal Data Protection, to the competent Supervisory Authority.
Changes to this Policy
ENSILIS will update this document periodically, this being version 2.0.
The updates will be carried out as appropriate, seeking to respond to legislative changes, business needs and the development of the state of the art and technology, in order to keep the Data subject informed, so you should consult it regularly, if you want to know more information about how your data will be processed
However, if others are configured other than those mentioned above, the Data Subjects' prior consent will always be requested to do so. Whether for the installation of First-Party Cookies or Third-Party Cookies, whether Session or Persistent Cookies.
You can find out more about the Cookies Policy here.
Terms & Conditions
You can find out more about the Terms and Conditions here.