Protection of privacy and personal data is a fundamental commitment of the National Press-Casa da Moeda, S.A. (INCM), to the data subject.
With the entry into force of the new General Data Protection Regulation (GDPR), INCM remains committed and committed to complying with legislation on the protection of personal data, privacy and information security, in order to protect personal data and the privacy of its owners.
We will be clear and transparent about the information we are collecting and what we will do with that information.
This Policy defines the following:
- What personal data we collect and process about you and your relationship with us as the data subject;
- Where we get the data from;
- What we do with this data;
- How we store the data;
- To whom we transfer/to whom we disclose the data;
- How we treat your data protection rights;
- And how we comply with data protection rules.
Entity responsible for processing personal data
The National Press-Casa da Moeda, SA (INCM), headquartered at Avenida de António José de Almeida, Edifício Casa da Moeda, in Lisbon, unique legal person number and registered at the Commercial Registry Office 500792887, with share capital € 30,000,000.00 is responsible for the collection and processing of personal data of data subjects, under the terms and for the purposes indicated in this document, in compliance with the legal obligations applicable in this matter. The data may be processed directly by INCM or by subcontracted entities for this purpose.
Principles of protection of personal data
Within the scope of the activity carried out by INCM, the processing of personal data is carried out. The collection of such personal data is done through the provision of our services, commitments made to customers, marketing activities or other ancillary and support activities. Data can be received directly from a data subject, for example, in person, by letter, email, telephone or other sources.
All employees and partners must collect only personal data that is relevant and necessary to perform their duties.
INCM is committed to adhering to the data protection principles established by the GDPR, which are:
- Lawful, fair and transparent treatment – this means that we must have a legitimate basis for which we are processing personal data, for example, a contractual relationship with the data subject, or the processing is necessary to fulfill a legal obligation to which we are subject. This also means that we must inform the data subject about the treatment in an accessible and easy to understand manner;
- Purpose – we should only collect personal data for specific, explicit and legitimate purposes and not process data beyond the purpose for which it was collected;
- Data minimization – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accuracy – we have an obligation to ensure that personal data is accurate and to keep personal data up to date;
- Conservation limitation – we must not keep personal data for a period longer than necessary for the purposes for which they were collected, although we may retain certain data for historical and statistical purposes;
- Integrity and confidentiality – treated in a way that guarantees your security, including protection against its unauthorized or illicit treatment and against its accidental loss, destruction or damage, adopting the appropriate technical or organizational measures;
- Legal transfer to third countries or international organizations – we only transfer personal data to third countries or to an international organization where the EU Commission has confirmed that they provide an adequate level of protection or, if not, that there are adequate safeguards in place;
- Rights of data subjects – data subjects have several rights that we must respond to, for example, the right of access to a copy of the data that we have.
What personal data we collect
Personal data refers to any information relating to the data subject that makes it possible to identify them.
What are the purposes of data processing, why and for how long
Your personal data will only be processed in cases where there is a legal basis. The basis for lawfulness will depend on the reasons why personal data were collected and the need to use them.
We present the possible lawfulness bases for the treatment of your personal data;
- Performance of a contract – processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual steps at the request of the data subject;
- Legal obligation – processing is necessary to comply with a legal obligation to which the controller is subject;
- Defense of the vital interests of the data subject – processing is necessary to defend the vital interests of the data subject or another natural person;
- Exercise of functions of interest or public authority – processing is necessary for the exercise of functions of public interest or the exercise of public authority of which the controller is vested;
- Legitimate interests of the company – processing is necessary for the purposes of the legitimate interests pursued by the controller or by third parties, unless the holder’s fundamental interests or rights and freedoms that require the protection of personal data prevail, especially if the holder is an child;
- Consent of the data subject – the data subject has given his consent for the processing of his personal data for one or more specific purposes.
Only minors aged 16 or over can give valid consent for the processing of personal data, otherwise it is only considered lawful if and to the extent that it is given or authorized by the holders of parental responsibilities of the minor.
Personal data will not be kept for longer than is necessary to fulfill the purpose for which it was collected. To determine the appropriate retention period, the amount, nature and sensitivity of personal data and the purposes of processing were considered.
The periods during which there is a need to retain personal data due to legal obligations or to respond to complaints were considered.
Personal data will be securely deleted after the defined retention period. Actions will be taken over time to minimize the personal data subject to treatment and to evaluate the possibility of anonymizing them so that they cannot be associated with the data subject, nor can it be identified, being that, in that case, it is possible to use that information without being notified again.
If you want to know in more detail the purposes of treatment, legal bases and/or deadlines for retaining the personal data collected, click here.
Security of personal data of the data subject
INCM is committed to ensuring the security of the information it holds, as well as all the resources associated with it, whether they are procedural, technological or human. The protection of information is fundamental for the strategic success of the organization and for the sustainability of the business.
The management of information security and the systems that support it is carried out by ensuring, through an approach based on risk management and continuous improvement, confidentiality, integrity and availability of information. Safeguarding these three pillars of information security is a guarantee of the image, reputation and credibility of the organization and its production processes with employees, partners and customers.
Sharing of personal data of the data subject
The sharing of personal data of the data subject can only be done in the situations provided for in the GDPR and other applicable legislation.
Your data protection rights
By law, the data subject has the right to:
- Ask for information about whether we hold personal data about you and, if so, what data it is and why we hold it;
- Request access to personal data, receiving a copy of the personal data we hold about you and verify that we are treating them legitimately;
- Request rectification of the personal data we hold about you, and you can rectify any incomplete or inaccurate data we hold about you at any time;
- Request the deletion of your personal data, being able to delete or remove personal data at any time when a retention period is reached or the processing of data is no longer legal. You will also have the right to ask us to delete or remove your personal data in cases where you have exercised your right to object to the treatment (see below);
- Opposition to the processing of personal data in cases where we depend on a legitimate interest (or those of a third party) and there is a valid reason to object. You also have the right to object when we are processing personal data for direct marketing purposes;
- Opposition to automatic decision making, including profiling;
- Request the limitation of data processing, forcing the suspension of the processing of personal data;
- Request the portability of personal data in a structured and electronic form for you or for another entity;
- Withdraw consent. In the limited circumstances in which you may have provided your consent for the collection, processing and transfer of your personal data for a specific reason, the data subject has the right to withdraw his consent for that specific treatment at any time./li>
If you want to exercise any of these rights, contact us at firstname.lastname@example.org or send your request by letter to Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisboa.
You do not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly excessive or unfounded. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to ask you for specific information to help us confirm your identity and ensure your right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone who is not entitled to receive it.
Cookies are small text files transferred to your computer’s hard drive through your web browser to allow us to recognize the browser and help us track visitors on our site.
Talk with us
The data subject can contact the INCM for all matters related to the processing of his data and the exercise of the rights conferred to them through the following email address: email@example.com or send your order by letter to the address Avenida de António José de Almeida, Edifício Casa da Moeda, 1000-042 Lisboa.