Privacy Policy

​​​Privacy Notice of the Portuguese Court of Auditors


The Court of Auditors runs this website with the aim of improving public access to information about its activities, particularly its decisions.

 

Cookies

The Court of Auditors' website uses cookies and other similar technologies to improve the performance and browsing experience of its users.

These technologies make it possible to increase the speed and efficiency of response, help recognise the user's device on future visits, and supress the need to re-enter the chosen options, which are often essential for the correct and smooth operation of the site.

 

Cookies on our website can be categorised as follows:

  • Session cookies: Collect and store data of the user`s access to the page. They expire when the browser is closed by the user.

By continuing to browse you agree to the use of cookies on your device, unless you have disabled them, which will results in you not being able to access some of your areas and allow a full browsing experience (for more information on cookies see www.allaboutcookies.org).

 

Declaration on the protection of copyright and other property rights

The user may copy, import or use information on this website free of charge, for personal or public use, provided it is not for profit: the source of the information must be mentioned.

The copying, reproduction and dissemination of texts, photos, illustrations and other elements contained on this website, without the express consent of the Court of Auditors is expressly forbidden, regardless of the means used to do so, with the exception of the right to quote and use of information as defined by law.

 

Privacy and personal data protection policy

The Court of Auditors is committed to ensuring the security and privacy of the personal data of citizens who interact with it. With the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and free movement of such data, as well as the applicable national legislation, it has taken the necessary technical and organisational measures in order to comply with the GDPR and ensure that the processing of personal data is lawful, fair, transparent and limited to the authorised purposes.

 

Personal data

​The Court of Auditors processes data provided by the data subject when filling in the forms available on the website, in person, by telephone, by post and by email.

Any information provided by the data subject will only be used for the purpose described and in compliance with data protection legislation.

The data is stored and kept for a period that depends on the purpose for which the information is processed and whether there are legal requirements to keep the data for a minimum time. Where there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes for which it was collected or further processed, after which it will be eliminated.

However, some data may be kept for archiving and memory purposes in the public interest, scientific or historical research, or for statistical purposes, in which case the appropriate technical and organisational measures will be used to safeguard the rights and freedoms of the data subject.

The Court of Auditors is responsible for processing the data collected and for drawing up this privacy policy. The data subject accepts that by not providing all the requested information, he may not be able to use some of the functionalities on the website correctly.


General principles applicable to data

In terms of general principles relating to data processing, the Court of Auditors is committed to ensuring that the personal data is:

  • Processed lawfully, fairly and transparently in regard to the data subject;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • Processed in a manner that guarantees their security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, with the adoption of appropriate technical or organisational measures.

 

Technical, organisational and security measures implemented

To guarantee the security of the data subject`s data and maximum level of confidentiality, the Court of Auditors processes information in accordance with internal security and confidentiality policies and procedures, which are periodically reviewed and updated in accordance with the terms and conditions laid down by law.

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the data subject, the Court of Auditors is committed to apply, both when defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organisational measures to protect the subject´s data and comply with legal requirements. It also undertakes to ensure that, by default, only the subject´s data that is necessary for each specific purpose is processed and that this data is not made available without human intervention to an indeterminate number of people.

 

Right of access to data

The data subject has the right to obtain confirmation from the Court of Auditors as to whether data concerning him or her is being processed and, if so, the right to access his or her data and the following information:

  • The purposes of the data processing;
  • The categories of data;
  • The storage period for the data;
  • Ask the Court of Auditors to rectify or restrict the processing of your data;
  • If the data has not been collected from the data subject, the information available on the origin of that data;
  • The existence of automated decisions, including profiling and information on the underlying logic, as well as the significance and expected consequences of such processing for the data subject.

Right to rectification of data

The data subject has the right to request the rectification of its data at any time, as well as the right to have incomplete data completed. If the data is rectified, the Court of Auditors will notify each recipient to whom the data has been transmitted of the rectification.

 

To exercise these rights, the data subject should send an email to protecaodedados@tcontas.pt.