Privacy policy and personal data protection

UPAJE- União para a Acção Cultural e Juvenil Educativa, values ​​the relationship it maintains with its Beneficiaries and has committed its best efforts to the implementation of technical and organizational measures aimed at guaranteeing data protection, privacy and respect for the rights and freedoms with regard to the processing of personal data.
This Data Protection and Privacy Policy aims to make known how UPAJE treats Personal Data and guarantees their privacy, security and integrity in the development and performance of its activities.

1. Responsible for the processing of Personal Data
The Responsible for the Processing of Personal Data is UPAJE, which provides services by determining for this purpose and without limiting:
The Personal Data that must be processed in the context of the provision of services;
The Purposes for which Personal Data are processed; and,
The means to be applied for the processing of Personal Data.

2. Principles applicable to the processing of Personal Data
The Processing of Personal Data is carried out in accordance with the general principles set out in the General Regulation on Data Protection (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016) and other legislation regarding data protection, namely:
In the context of the relationship with the Data Subject, UPAJE ensures that Personal Data will be processed in a lawful, fair and transparent manner («Principle of lawfulness, loyalty and transparency») ;
UPAJE collects Personal Data for specified, explicit and legitimate purposes and does not subsequently process the same Data in a way that is incompatible with those purposes («Purpose limitation principle»);
UPAJE ensures that only Personal Data that is adequate, relevant and limited to what is strictly necessary for the purposes for which they are processed is processed («Principle of data minimization»);
UPAJE adopts appropriate measures so that Personal Data classified as inaccurate, taking into account the purposes of treatment, are erased or rectified without delay (“Principle of accuracy”);
UPAJE retains Personal Data in a way that allows its identification only for the period necessary for the purposes for which they are processed («Principle of conservation»);
UPAJE ensures that Personal Data is treated in a way that guarantees its security, including protection against unauthorized or unlawful processing and against its accidental loss, destruction or damage, adopting the appropriate technical or organizational measures (“Principle of integrity and confidentiality”).

3. Personal Data, Processing of Personal Data and Data Subject
“Personal data” means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, email address, mobile phone number, date of birth, NIF, identification document number , profession, place of work, address, educational qualifications of that natural person. “Processing” of personal data means an operation or a set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, broadcast or any other form of making available, comparison or interconnection, limitation, erasure or destruction. In the context of the activities carried out by UPAJE, the concept “Data Subject” may include, without limitation: current, past and future customers, partners, volunteers, job candidates, employees and former employees, employees of partners, employees of subcontractors , suppliers and service providers and their collaborators, applicants and claimants, visitors and all those individuals who maintain a relationship with UPAJE and to whom the Personal Data concern. UPAJE may collect personal data relating to minors under 18 years of age and not attributable, when provided by parents or a legal guardian, when expressly consenting to such collection.

4. Category of Personal Data processed by UPAJE
In the development of its activities, UPAJE processes the Personal Data of a significant number of categories of Data Subjects.
The Personal Data that UPAJE collects always depend on the nature of the interaction, but may include the following Data Categories:
Identification data;
Personal contact details;
Bank identification data;
Payment data;
Website access data;
Security credentials data;
Data about preferences;
Information technology usage data;
Health data;
Business data for the provision of services.

5. Lawful Grounds
By reference to the «Legality Principle» enshrined in the current data protection laws, in the development and carrying out of its activities, UPAJE only processes Personal Data when there is a lawful ground that legitimizes the treatment.
The grounds of Lawfulness are:
Consent: When the Data Subject has given his consent, through a free, specific, informed and explicit expression of will, by which he accepts, by means of a declaration (in writing or orally) or unequivocal positive act ( by filling in an option), that the Personal Data are processed.
Pre-contractual steps or performance of a contract: When processing is necessary for the performance of a contract to which the Data Subject is a party or for pre-contractual steps at his request.
Compliance with a legal obligation: When the processing of Personal Data is necessary to ensure and guarantee compliance with legal obligations to which the Controller is subject under the legislation of a Member State and/or the European Union.
Defense of vital interests of the Data Subject: When Data Processing is necessary to ensure the defense of vital interests of the Data Subject or another natural person.
Legitimate Interests: When the treatment is necessary for the purposes of legitimate interests pursued by the Controller, other Controllers or Third Parties, provided that the interests or fundamental rights and freedoms of the data subject do not prevail over this treatment.

6. Period of conservation of Personal Data
UPAJE only keeps Personal Data for the period of time necessary to carry out the specific purposes for which they were collected. However, UPAJE may be obliged to keep some Personal Data for a longer period, taking into account factors such as:
Legal obligations, under the laws in force, to keep Personal Data for a certain period;
Limitation periods, under the laws in force;
Judicial and Administrative Processes and Procedures; and,
Guidelines issued by supervisory authorities on data protection.
During the period of Personal Data Processing, UPAJE guarantees that they are treated in accordance with this Data Protection and Privacy Policy. As soon as the Data is no longer necessary, UPAJE will proceed to its safe elimination.

7. Sharing of Personal Data
UPAJE, within the scope of its activity, may share data with third parties, however, it will only do so under the terms set out in this section of the Data Protection and Privacy Policy.
Subcontractors: Personal Data may be shared with companies providing services to UPAJE. Service providers are bound by a written contract to UPAJE, only being able to process Personal Data for the purposes specifically established and are not authorized to process Personal Data, directly or indirectly, for any other purpose, for their own benefit or that of a third party.
Other Persons Responsible and/or Third Parties: Personal Data may be shared internally with other UPAJE associated entities that will comply with the
data protection rules applicable according to the purposes assigned to the treatment carried out.
Upon request and/or with the consent of the Data Subject, Personal Data may be shared with other entities.
In compliance with legal and/or contractual obligations, Personal Data may also be transmitted to judicial, administrative, supervisory or regulatory authorities and also to entities that lawfully carry out data compilation actions, actions to prevent and combat fraud, market or statistical studies.

8. Rights and Exercise of Rights
The Holder of Personal Data processed by UPAJE has the right of access, rectification, limitation, portability, erasure and the right to object to the Processing of Personal Data, without prejudice to restrictions on the exercise of such rights arising of national or European Union legislation on the processing of personal data for the purposes of holiday camps, training and other services related to the UPAJE, which may be exercised under the terms of this section of the Data Protection and Privacy Policy:
Right to provide information: The Data Holder has the right to obtain clear, transparent and easily understandable information about how UPAJE uses their Personal Data and what their rights are.
Right of access: The Data Subject has the right to obtain information about the Personal Data that UPAJE processes (if it actually processes them) and certain information about how such Data is treated. This right allows you to be aware of and confirm the processing of the Data in accordance with data protection laws. UPAJE may, however, refuse to provide the requested information whenever, in order to do so, it has to disclose Personal Data of another person or the requested information harms the rights of another person.
Right of rectification: The Data Holder has the right to ask UPAJE to take reasonable measures to correct their Personal Data that are incorrect or incomplete.
Right to delete data: This right allows the Data Holder to request the erasure or elimination of their data, provided that there are no valid legal grounds for UPAJE to continue using them or, when their use is unlawful.
Right to limitation of treatment: The Data Subject has the right to “block” or prevent the future use of his Data while UPAJE evaluates a request for rectification or as an alternative to erasure.
Right to data portability: The Data Subject has the right to obtain and reuse certain Personal Data for their own purposes. This right only applies to your own Data that you have provided to UPAJE and that UPAJE processes with your consent and those that are processed by automated means.
Right of opposition: Under the terms expressly provided for in the Personal Data Protection Act and other applicable legislation, the Data Holder has the right to oppose certain types of treatment, for reasons related to their particular situation, at any time in which carry out this Treatment.  Right to lodge a complaint: The Data Subject has the right to lodge a complaint with the competent supervisory authority, the National Data Protection Commission – CNPD, if he considers that the Processing carried out on Personal Data violates his rights and/or the applicable data protection laws.
The Data Holder may, at any time, in writing, using the form available on the UPAJE website, exercise the rights enshrined in the Personal Data Protection Law and other applicable legislation through the email geral@UPAJE.pt, face-to-face contact or registered letter, and it is always necessary to present proof of your identity to follow up on the respective request.

9. Security and Integrity
Personal Data will be processed by UPAJE, only in the context of the purposes identified in this Policy, in accordance with UPAJE’s internal policies and using technical and organizational measures designed in accordance with the risks associated with the specific treatment of data. Personal data. The technical and organizational measures designed ensure, to the maximum extent possible, the security and integrity of Personal Data, namely in relation to unauthorized or unlawful processing and the respective loss, destruction or accidental damage. Whenever there is a lawful sharing of data over the internet, UPAJE will ensure the transmission in a secure way, using secure protocols, whenever this is technically possible. However, it may not guarantee subsequent sharing by the
of the third parties to whom this information has been transferred, in a lawful and substantiated manner.

10. Confidentiality
UPAJE recognizes that the information it provides may be of a confidential nature. Within the scope of its activity, UPAJE does not sell, rent, distribute, or make Personal Data commercially or otherwise available to any third party, except in cases where it needs to share information with Service Providers for the purposes established in this Policy or the Third parties for the purpose of fulfilling their legal obligations.
UPAJE preserves the confidentiality and integrity of your Data and protects them in accordance with this Data Protection and Privacy Policy and all applicable laws.

11. Cookies
UPAJE uses cookies to collect information about the use of its internet pages. On each visit to the internet pages, UPAJE treats the Personal Data collected through the use of cookies in accordance with the published cookie policy. For more information on the use of cookies, we advise you to read and analyze the Cookies Policy and regularly consult it to check for the most up-to-date versions.

12. Changes to this Data Protection and Privacy Policy
UPAJE will periodically update this Data Protection and Privacy Policy. Whenever you do, the new version will be published on the website and will take effect immediately, so we advise you to consult it regularly.

Updated May 13, 2021