Personal Data Protection
The University of Porto is a public foundation regulated by private law, whose mission includes the production of scientific, cultural and artistic knowledge, higher education strongly anchored in research, the social and economic valorisation of knowledge, and active participation in the progress of the communities to which it belongs. To best achieve these goals and to comply with all the requirements imposed on us as a public higher education institution, we will need to process some of your personal data.
What will my data be used for?
- Academic Management
- Social support services
- Scientific Research
- Community services
- Former students
- Events and other iniciatives
- Institutional communication
- U.Porto Card
- Technological infrastructures
- Administrative management
What information may be collected and processed about me?
The data we process will depend on the context of your interaction with U.Porto, and may include, namely:
- Identification data [e.g.: name; student number; photograph; parents’ names; nationality; place of birth; date of birth; sex; marital status; tax identification number; identification document number];
- Contact details [e.g.: address; e-mail; telephone contact];
- Academic data [e.g.: study cycle; course; year of enrolment; type of attendance; number of enrolled/approved ECTS and respective ratings; higher education admission regime; previous educational establishments; academic qualifications; number of times a student required course extensions; professional situation];
- Payment details [e.g.: regularized and unregularized values; bank identification number; scholarship status; receipt for tuition fees and charges];
- Sound and image data [e.g.: photographs; videos];
- Health data [e.g.: clinical history; medicine consumption; medical certificates; allergies and other intolerances];
- Biometric data [e.g.: fingerprint matrix];
- Technical data [e.g.: IP address; visit date and time; cookies]
Will my data be shared with third parties?
U.Porto will only share your data with:
- other Public Administration bodies (Ministry of Education; Tax Authority; Social Security, among others) to fulfil legal obligations to which it is bound;
- institutions in the banking sector and insurance companies for the management of payments and conclusion of insurance contracts;
- institutions with which it has signed contracts or other cooperation instruments (e.g. Banco Santander for the issuance of the U.Porto Card; other higher education institutions within the framework of exchange programmes, etc.), as strictly necessary for their execution;
- other institutions or natural persons if we have your consent to do so.
You will be informed of any other data transfer before it is performed.
How long will my data be kept?
U.Porto will keep your personal data for the period deemed necessary to fulfil the purposes for which they were collected or for others that are duly and substantially related to them within the framework of our institutional mission.
We may also preserve your data for a longer period whenever there is a legal obligation to do so (as is the case, for example, with the individual student process) or when there are strong reasons of public interest that justify it (such as archiving purposes in the public interest, scientific or historical research, or statistics).
What security measures will my data be subject to?
U.Porto protects the information of all those who have a relationship with the institution, through the implementation of technical and organisational measures that allow for the mitigation of the risks, of variable geometry and intensity, that could affect the fundamental rights and freedoms of the data subjects affected, in the event of a data breach.
The implementation of these measures is done while taking into consideration the most advanced techniques, application costs, nature, scope, context and purposes of each processing of personal data carried out under the responsibility of the institution.
In particular, the following measures are implemented to ensure the confidentiality, integrity and availability of any information qualified as personal data:
- implementation of “institutional authentication” mechanisms;
- definition of access control schemes based on the “need to know” criterion;
- use of encrypted communication channels for the transfer of personal data;
- protection of technological infrastructures against unauthorized access;
- storage of data of a particularly sensitive nature and respective backups in encrypted form;
- monitoring of the technological infrastructures for the prevention and detection of practices contrary to those permitted by the U.Porto’s Policy on their Acceptable Use.
Can I request access, rectification or erasure of my data?
You may request access to additional information regarding the way your data are being processed, as well as to rectify them whenever you consider that they are outdated or inaccurate, via e-mail to [email protected].
Within certain limits – such as the need to keep data for the fulfilment of legal obligations to which U.Porto is bound – you may also request the erasure of your data, by sending your request to the same e-mail address.
When the data is being processed based on your consent, you can withdraw that consent at any time and request the erasure of the data. This will not compromise the lawfulness of the data processing carried out until that moment.
Who can I contact, should I have questions related to these matters?
If you need further clarification, you can contact the Data Protection Officer of the University of Porto, at [email protected].