Go to Content

We are the flag of Portugal on the internet

Privacy and Personal Data Protection Policy

Privacy and Personal Data Protection Policy

The DNS.PT Association, hereinafter referred to as .PT, as an entity subject to high principles of transparency and publicity in the pursuit of its purposes, is committed to ensure respect for the principles applicable to the protection of personal data and privacy of data subjects.

For this purpose, .PT provides adequate mechanisms for the exercise of the rights of personal data subjects in strict compliance with applicable legislation, specifically, the provisions of Article 35 of the Constitution of the Portuguese Republic, Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR), Law No. 58/2019, of August 8, which ensures the execution in the national legal order of the GDPR and Law 59/2019, of August 8, which approved the rules relating to the processing of personal data for the purposes of prevention, detection, investigation or repression of criminal offenses or execution of criminal sanctions.

In this context, this Privacy and Personal Data Protection Policy applies to the processing of personal data by .PT by fully or partially automated means, as well as by non-automated means contained in files or intended for them.

In the context of this Policy, "personal data" is considered any and all information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person, being considered identifiable a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In turn, "processing of personal data" is considered an operation or set of operations carried out on personal data or sets of personal data, by automated means or not, namely the collection, registration, organization, structuring, conservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, erasure or destruction.
 
In order to ensure a holistic, systematized and clear view of the policies adopted by .PT in terms of privacy and personal data protection, the following are considered linked to this Privacy Policy:


Data Controller

.PT is the entity responsible for the processing of personal data, its headquarters are located at Rua Eça de Queiroz 29, 1050-095 Lisbon.

As data controller, .PT intends to ensure the compliance of the best practices in the security and protection fields of personal data, from the concept ("Privacy by Design") and by default ("Privacy by Default") ensuring that:

  • Before starting any personal data processing, it ensures that the latter is carried out within the purposes for which the personal data will be collected or for purposes compatible with those;
  • The collection, use and conservation is restricted only to the personal data necessary for the purpose in question;
  • It does not proceed to any transmission of personal data for commercial or advertising purposes;
  • The processing is carried out for legally provided purposes.

.PT follows technical and organizational measures aligned with the compliance of the GDPR and applicable legislation regarding privacy and personal data protection, ensuring that the processing of these data is lawful, fair, transparent and limited to duly authorized purposes.


Data Protection Officers
.PT has appointed a Data Protection Officer whose contact should be made directly through the email address epd@pt.pt for all questions related to the processing of personal data and the exercise of their rights by their holders.

Among other functions, the Data Protection Officer monitoring the compliance of data processing with the applicable standards, ensuring compliance with privacy and data protection policies, being one of the points of contact for clarification of questions related to the processing of personal data.


Purpose of Processing
.PT processes personal data for a set of purposes, related to the pursuit of its activity and, as well, to its functioning as a legal entity.

Currently, the purposes of processing are the following:
  • Management of domain name registry;
  • Human resources management;
  • Financial management;• Infrastructure and system management;
  • Legal management;
  • Management of the security of people, goods and facilities.

Grounds for Lawful Processing
.PT processes personal data based on the following lawfulness:

  • Within the scope of pre-contractual procedures requested or already within the contractual relationship, resulting from the registration of a .pt domain name, and the management of this relationship, which includes, among others, web platform contacts, email and/or telephone for notifications, clarification of questions or conducting satisfaction surveys and evaluation of the services provided;
  • If your consent was given, as a data subject, to process the data based on specific, unequivocal and legitimate purposes, including to allow registration for our events, training and other initiatives;
  • For the pursuit of .PT's legitimate interests, which includes, namely, the guarantee of the security of people, goods and facilities and, also, the development of studies and statistical procedures;
  • When necessary for the purposes of compliance with legal obligations applicable to it, which includes, namely, obligations in fiscal matters and human resources and also the need to develop and maintain the www.pt.pt site with the desired quality and security, contribute to the prevention and detection of fraud, allow the notification of situations or events associated with the security of .PT, networks or information (namely through the email contact abuse@pt.pt).

Processing lawfulness bases
As holders of personal data, they may exercise the following rights, within the limits of the law:

right of access: the data subject has the right to obtain from .PT (data controller) the confirmation of the processing of their personal data, as well as an access to these data and request information about their processing.
right of rectification: the data subject has the right to obtain the rectification of inaccurate personal data and to complete those that are incomplete.
right to erasure: the data subject has the right to obtain the erasure of their personal data, without prejudice to the established conservation periods.
right to restriction of processing: the data subject has the right to obtain the restriction of processing.
right to portability: the data subject has the right to receive the personal data concerning him or her, in a structured, commonly used and machine- readable format. He or she also has the right to have personal data transmitted directly to other controllers.
right to object: the data subject has the right to object at any time, for reasons related to his or her particular situation, to the processing of personal data concerning him or her, including profiling. .PT ceases the processing of personal data, unless it presents compelling and legitimate reasons for this processing that prevail over the interests, rights and freedoms of the data subject, or for the purposes of declaration, exercise or defence of a right in a judicial process.
right to withdraw consent: the data subject has the right to withdraw consent at any time, provided that the processing of the data is based on consent and that there is no other legal basis that allows this processing.
right to lodge a complaint with the National Commission for the Protection of Personal Data (www.cnpd.pt), if you consider that any of the listed rights are being violated.


Processors and Recipients
Your personal data may be communicated or transferred to entities that provide domain name registration and management services, duly accredited by .PT, to the judicial authorities, to ARBITRARE - Arbitration Center for Industrial Property, Domain Names, Firms and Denominations, to entities to which the law assigns powers in terms of criminal investigation, or whose mission is to monitor or prevent compliance with legislation in the field of, in particular, the protection of consumer rights, intellectual property, communications, safety, public health and commercial practices in general. Only strictly necessary personal data will be communicated and transferred.

Only strictly necessary personal data will be communicated and transferred. In any case, .PT will remain in charge of processing the personal data made available to it.

The processors that process personal data on behalf of .PT are bound to present, in writing, sufficient guarantees of the execution of the technical and organizational measures appropriate to comply with the legislation in force regarding privacy and protection of personal data and that ensure the defense of the rights of the data subject.


Data transfer
For the providing of certain services by .PT, it may be necessary to transfer personal data outside Portugal, including outside the European Union and/or to international organizations.
In such circumstances, .PT commits to strictly comply with the applicable legal provisions regarding the suitability of the destination country(ies) with regard to the protection of personal data and the requirements imposed on such transfers, including, when required, the conclusion of appropriate contractual instruments that guarantee and respect the legal requirements in force.


Which data are collected
In addition to the necessary data for the pursuit of its activity, held by employees and suppliers, .PT processes the personal data necessary for the provision of the
.pt domain name registration service, duly identified in the respective registration process.

In addition, .PT may process personal data resulting from browsing the www.pt.pt website, in accordance with the Cookies Policy which can be consulted on the same website. www.pt.pt/

Finally, .PT processes the personal data voluntarily provided, namely by using the website www.pt.pt, filling in contact forms or sending e-mails.

Personal data are collected [in writing, by telephone, through forms available on the website] from its owners. If personal data is collected from third parties, the owner of the personal data will be duly informed of the collection and their rights.

Within the scope of its activity, .PT collects and processes personal data relating to the following categories: identification data, contact data, education data, professional data, banking data, image and voice data, and biometric data. The collected and processed data relates to the personal data of employees, company members, service providers and clients related to. PT’s activity.

Conservation period

Personal data are kept in a form allowing the identification of data subjects for no longer than necessary for the purposes for which it is processed, without prejudice, among other things, to comply with legal obligations imposing a certain conservation period or the exercise of rights and legitimate interests of the controller.

.PT will keep the subject’s personal data for the necessary period, for the purposes for which it was collected, plus the legal time limits for preserving the information arising from national legislation and the limitation and expiry periods for the exercise of rights that may apply.

Data processed during the conservation period may be reused by the same subject when the registration of a new domain name is made or when reactivating an expired domain name.


Measures adopted to guarantee the security of personal data

Since 2015, .PT has implemented an integrated quality and information security management system, certified to ISO 9001 and ISO/IEC 27001 standards, which brings together the best practices used to strengthen quality and information security. .PT is also certified with the Digital Cybersecurity Maturity Seal - Gold level - fulfilling the requirements of the DNP TS 4475-1 standard.

To ensure the protection of personal data, .PT implements strict, internationally recognized rules that apply to all those who legally process personal data.

Technical and organizational security measures are implemented to protect the personal data that is made available to .PT, such as encryption of the communication channels between clients, partners and .PT, thus protecting the confidentiality, integrity and authenticity of the data exchanged. Personal data stored by .PT is encrypted and anonymized whenever possible, and subject to access control based on the principle of least privilege.

.PT continuously reviews the quality and information security practices it adopts in order to ensure, on the one hand, their continuous improvement and, on the other hand, to monitor new cyber threats and implements the necessary countermeasures.


Responsibility of personal data subjects

Data subjects are responsible for providing .PT with accurate information and for using .PT's services with respect for the respective rules of use and the rights of third parties.
 
Data subjects are also responsible for the use of usernames, passwords, access codes and any other elements used to access the services provided by .PT, which are personal and non-transferable, and they must ensure their confidentiality and prevent their use by third parties.

Data subjects should adopt additional security measures, namely, ensure that they use a PC and browser updated in terms of security patches properly configured, with active firewall, antivirus and antispyware.


Notification and complaint

Without prejudice to sending direct notification to .PT, through the contacts indicated below, you can complain directly to the National Commission for the Protection of Personal Data (www.cnpd.pt), using the contacts provided by this entity for this purpose.

Contacts

Media and .pt website issues: rp@pt.pt;
Processing of personal data issues: epd@pt.pt;
.pt Domain Registration issues: request@pt.pt;
Security issues: abuse@pt.pt
Questions related to illegal digital content: legal@pt.pt.


Associação DNS.PT
Rua Eça de Queiroz, n.º 29
1050-095 Lisboa - Portugal

This policy can be reviewed and changed at any time in accordance with the law, a judicial decision, or a recommendation of the competent administrative authority. At any case, the information will be updated as soon as possible.


Last update: January 23, 2024