The privacy and protection of personal data of all partners, employees and other stakeholders of the services provided or rendered by ICA govern the way everyone acts within the ICA.
ICA's efforts in the protection of personal data aim at ensuring at all times that the security of its data is at the highest level and that good national and international practices are followed, as well as compliance with legislation in force.
Rights of data subjects
EXERCISE OF RIGHTS
Under the data protection legislation in force in Portugal and in the European area, users designated as data owners may exercise their rights enshrined in the legislation.
The data subject may exercise the rights of access, correction, elimination and authorization or opposition to the processing of personal data.
Collection and treatment
It is the responsibility of ICA to keep safe and integrate any and all information collected or treated by the company in the course of its functions, respecting and implementing data protection measures in accordance with current legislation.
RESPONSIBILITY OF CUSTOMERS AND USERS
In order to guarantee the security of the data of the partners and clients, ICA has the right to condition the access to the equipment and services available by means of passwords or access codes. It is the responsibility of the client to keep in a safe and non-transferable way the accesses provided by ICA, in order not to allow the loss or harmful use of these by third parties.
As the Internet is considered to be a means of transmitting data that is not secure and is liable to cause loss or violation of the information contained therein, it is the Customer's responsibility to safeguard any sensitive information (passwords, access codes, etc.) provided by ICA or not.
ICA is not responsible for damages caused by third parties or natural causes, so the client is responsible for taking adequate protection measures to its infrastructure.
DATA RESPONSIBILITY REPORTED TO THIRD PARTIES
The responsibility for communicating data to third parties is always with ICA and must be carried out with the knowledge or consent (when applicable) of the data holders.
Currently ICA does not make any communication of personal data with third parties.
The ICA only treats personal data for the purposes defined in the contract, bylaws or internal regulations with its partners or clients and applies the principle of minimization in the collection of personal data, and collected only what is essential for the performance of the functions of the association. All processing of personal data beyond what is defined in the documents, is the object of collection of direct consent of the users through the partners that contract the services of ICA.
CONDITIONS OF COLLECTION
ICA collects personal data directly with users who have business relationships with the association, or through their customers when collection concerns the performance of functions within a particular entity. When the collection of personal data is carried out by the clients, the responsibility for the quality of the data and the information of the users resides in that entity, and these data may be essential for the performance of functions and may lead to the impossibility of performing the provision or rendering of services.
All personal data processed by ICA comply with the best security standards in the market and are stored in encrypted form, transferred on secure connections and never shared with external service providers.
All personal data processed by ICA comply with the principle of conservation for as long as the purpose of collection is maintained, after that period the data is destroyed. Users are duly informed of the period of retention of the data within the scope of its purpose. The preservation of personal data beyond the period specified in the provision of service or supply is possible, but will be defined at the time of collection or through the collection of user consent.
DATA PROTECTION MANAGEMENT SYSTEM (DPMS)
ICA has implemented a data protection management system that is a governance model for this sector in order to guarantee the existence of the ideal conditions for the protection of the personal data of its clients and users. This model involves technical, procedural and physical measures to ensure data security at high levels.
This system involves the implementation of physical and logical access control measures, secure data storage, safeguarding in case of accidental destruction or disaster recovery, confidentiality measures with employees and service providers, restriction of access to data strictly and audit process and verification of conformity.
In addition to the legal and technical restrictions implemented within the organization, all systems are subject to automatic auditing of all relevant operations, ensuring traceability in case of violation of personal data.
Cookies are files stored on the devices of clients who visit certain pages on the internet, and the purpose of using these files is varied, but generally serve to optimize the experience of using pages, save browsing history, etc.
This is a common practice and used by many pages and browsers on the Internet and refusal to use these files may lead to the impediment of access to a certain page on the Internet or service.