Last Updated: 24 May 2018.
In order for you to better understand this Policy and your rights and obligations, here are some definitions of the terms used in this Policy and in the GDPR:
- Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data subject: the natural person to whom the personal data refers.
- User: the individual using this platform, which must coincide with or be authorized by the data subject, to whom the personal data refer.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Data Controller: a natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data;
- Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
- Recipient: a natural or legal person to which the personal data are disclosed.
- Third party: a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Supervisory authority: an independent public authority established by a Member State; in the case of Portugal, is the ‘Comissão Nacional de Protecção de Dados (CNPD)’, who is endowed with the power to supervise and monitor compliance with the laws and regulations in the area of personal data protection.
- DATA CONTROLLER & CONTACT DETAILS
UCADEMICS, LDA (ZONA FRANCA DA MADEIRA), a company duly incorporated in Portugal, with head office at Edifício Marina Club, Avenida Arriaga, nº 73, 1º Andar, Sala 105, 9000-060 Funchal, Ilha da Madeira, in Portugal, registered with the Commercial Registrar under number 513339760, is the entity responsible for the collection and processing of personal data for the purposes set out below.
- DATA PROTECTION OFFICER
UCADEMICS Data Protection Officer can be contacted directly by the following email firstname.lastname@example.org.
- DATA WE MAY PROCESS
UCADEMICS may Process the following categories of Personal Information about you:
- Personal details: your name; photos; videos; username or registration and log in details; password; areas or topics of interest; number and copy of your identification document(s).
- Demographic information: gender; age/date of birth; country, country of birth, nationality, permanent residence; salutation; education, work experience and other educational and/or professional information; and language preferences.
- Contact details: postal address; telephone and/or mobile number; email address.
- Consent records: records of any consent you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Location information: location data that describes the precise geographic location of your device (“Precise Location Data”).
- Invoice and payment details: invoice records; payment records; billing address; payment method; cardholder or accountholder name; payment amount; and payment date.
- Views and opinions: any views and opinions that choose to send to us.
UCADEMICS does not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR in the ordinary course of our business. Where it becomes necessary to process sensitive personal information under GDPR, we would rely on one of the following legal bases:
- Compliance with applicable law: We may Process your Sensitive Personal Information where the Processing is required or permitted by applicable law;
- Detection and prevention of crime: We may Process your Sensitive Personal Information where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
- Establishment, exercise or defense of legal rights: We may Process your Sensitive Personal Information where the Processing is necessary for the establishment, exercise or defense of legal rights; or
- Consent: We may Process your Sensitive Personal Information where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Information. Should you transmit any information considered sensitive personal under GDPR, in particular, but not limited to, when filling any application or form corresponding to a service provided by UCADEMICS, it is considered that you have provided your express and informed consent for their processing under this Policy and UCADEMICS cannot be held liable for their processing.
All personal data collected by the website shall be directly provided by you, including by signing up to our website and any services provided herein, filling up a university application, subscribing our marketing and notification services, and no information shall be obtained via third parties.
UCADEMICS has taken every reasonable step to ensure that your personal data processed by UCADEMICS is limited to personal data reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services and/or access to the services provided by UCADEMICS.
- PURPOSES OF PERSONAL DATA PROCESSING
The main reason Personal Data is processed is to allow the data controller to provide its services to you, in particular, to fulfill the contract obligation undertaken to manage and submit your application to all universities and faculties chosen by you in your application and any other services requested by you, including, but not limited to, interaction with external social networks and platforms and managing contacts and sending messages.
The detailed information on the processing of personal data and the services used are as follows:
- Provision of the services to you: providing the services to you from UCADEMICS including, but not limited to, (i) chat areas, forums and communities; (ii) posting of your personal testimonial alongside other universities, schools, endorsements; (iii) management of your account; (iv) customer support and relationship management content to you; (v) communicating and interacting with you via the services; (vi) identifying issues with the services and planning improvements to or creating new services; (vii) notifying you of changes to any of our services; (viii) direct communicating and interacting between your and any universities, and/or schools you have submitted an application.
- Surveys: engaging with you for the purposes of obtaining your views on our services and/or any of the universities, and/or schools you have applied to.
- Communications: communicating with you via any means (including via internal communication system, email, telephone, text message, social media, post or in person) regarding news, items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required. We may provide direct marketing to you as set out below.
- Advertising: providing advertising based on your prior applications, interests and interactions with the services and channels, including using user information to serve you advertisements on the services, channels and universities and/or schools.
- Legal Proceedings: establishing, exercising and defending legal rights.
UCADEMICS shall obtain you express consent before using any personal information for any other purpose other than those expressly mentioned in this Policy.
UCADEMICS may Process your user information to contact you via email, telephone, direct mail, SMS or other methods of communication to provide you with information regarding the services that may be of interest to you. We may send information to you regarding the services and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law. You may unsubscribe from our newsletter lists at any time by following the unsubscribe instructions included in every email we send. We will not send you any emails from a list you have selected to be unsubscribed from, but we may continue to contact you to the extent necessary for the purposes of any other services you have requested or for additional emails you have signed up for. You may opt out of any marketing by contacting us at the contact details set out in Section 3 above. You may opt out of SMS messages by texting STOP to the received SMS. You will not be charged by us for receiving or sending SMS messages, however, we make no representations, warranties or guarantees that your telecommunications service provider will or will not charge you for receiving or sending SMS messages.
The filling of any form corresponding to each of the purposes and/or submission of an application for any services provided by UCADEMICS corresponds to prior and express consent of the processing of the personal data transmitted by you.
- LEGAL BASIS FOR PERSONAL DATA PROCESSING
In processing your information in connection with the purposes set out in this Policy, UCADEMICS may rely on one or more of the following legal bases, depending on the circumstances:
- Consent: UCADEMICS may process your information where we have obtained your prior, express, informed, specific and indisputable consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way, including, but not limited to, any personal data provided pursuant to the filling-out of any university, school and/or faculty application and voluntary subscription of any other services provided by UCADEMICS); the consent can be given in written, orally or in any other way that makes it clear that the consent is express and informed;
Should you be under 16 (sixteen) years old, consent shall be given or authorised, in written, by the holder of parental responsibility over you. UCADEMICS reserves the right to request any element, including identification document, to verify that the consent or authorization is legally given.
- Contractual necessity: UCADEMICS may process your personal data where the processing is necessary in connection with any contract that you may enter into with us, in particular, but without limitation, by submitting any application for any university, schools and/or faculties, by signing to UCADEMICS website, newsletter, advisement and marketing services;
- Compliance with applicable law: UCADEMICS may process your personal data where the processing is required by applicable law to which the UCADEMICS is subject;
- Vital interests: UCADEMICS may process your personal data where the processing is necessary to protect the vital interests of the data subject or any individual; or
- Legitimate interests: UCADEMICS may process your personal data where UCADEMICS have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms which require protection of personal data;
Kindly take note that in order to register in UCADEMICS website and to submit an application to any university and/or schools it is strictly necessary for you to provide the personal data contained in the forms and/or applications to be filled-out by you. Should you refuse to provided such personal data and/or object in any way to the processing of your personal data, UCADEMICS shall not be liable in any way for the impossibility of fulfilling the contract and you will be liable for any damages incurred by UCADEMICS in respect to its inability to fulfill the contract and any other contract directly dependent on the processing of your personal data pursuant to the execution of the contract entered between you and UCADEMICS.
- COMMUNICATION OF PERSONAL DATA TO THIRD PARTIES
In the course of its business, UCADEMICS may use third parties to provide certain services (located inside or outside the European Union), which may imply, in some cases, access by such entities to personal data you have provided to UCADEMICS. In such situation, UCADEMICS undertakes to take the necessary and appropriate measures, in order to ensure that entities that have access to such personal data are reputed and offer high guarantees in this regard, which shall be duly provided for and safeguarded in writing in the agreement to be entered into between UCADEMICS and the third party/parties. Whenever UCADEMICS uses third parties to provide services, UCADEMICS shall remain responsible for the processing of personal data.
Kindly take note that in order to submit an application to any university, schools and/or faculties it is strictly necessary that the personal data you provided in the forms and/or applications be transferred to university, schools and/or faculties you chosen for the for the purpose of application. A copy of your personal identification documents, including, but not limited to, passport, identification card, tax information, may be transferred to university or schools you have chosen for the for the purpose of application at the time of submitting your application to such university or schools. By applying for submission for any university, school and/or faculty you thereby expressly consent that UCADEMICS transfer any personal data you have provided to such purpose, including, but not limited to, copy of any identification document you might have provided and/or might be requested by the relevant entity.
- RIGHTS OF THE DATA SUBJECT
The data subject has the right to information, to obtain access, to rectification, to erasure, to restriction of processing, to data portability, to object to processing as well as the right to lodge complaints.
- Right to information and to obtain access: obtaining information about the personal data that UCADEMICS held about the data subject and the respective processing;
- Right to rectification: correction of incorrect, inaccurate or incomplete personal data;
- Right to erasure (right to be forgotten): erasure of the personal data when it is no longer needed or when the processing is unlawful;
- Right to restriction of processing: suspension of processing in specific cases prescribed by the Law, in particular, if the data subject considers that the personal data is inaccurate, if the data subject requests that the personal data is not erased, etc.;
- Right to data portability: receive the personal data in a machine-readable format and send it to another controller, where technically feasible;
- Right to object to processing: objection to the processing of the data subject’s personal data for marketing purposes or on grounds relating to his or her particular situation; kindly note that objecting to processing of your personal data might imply the impossibility of UCADEMICS to provide you the services your have applied for and/or to fulfill any contract entered between UCADEMICS and yourself;
- Right to lodge complaint: complaints can be made to supervisory authority if the data subject thinks that the data protection rights have been breached. In case of Portugal the supervisory authority is “Comissão Nacional de Protecção de Dados”. You are also entitled to, alternatively, submit a complaint to the supervisory authority of your country of residence.
When the processing is based on consent given by the data subject, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent might imply the impossibility of UCADEMICS providing you the services you have applied for and/or impossibility of UCADEMICS fulfilling any contract entered between yourself and UCADEMICS, in which case UCADEMICS shall not be liable in any way for any damages you might incur pursuant to UCADEMICS impossibility to provide the services you have applied for and/or impossibility of fulfilling any contract entered between yourself and UCADEMICS, and you will be liable for any damages incurred by UCADEMICS in respect to its inability to fulfill the contract and any other contract directly dependent on the processing of your personal data pursuant to the execution of the contract entered between you and UCADEMICS.
The data subject can exercise his or her rights through a written communication to the data controller as set out in Section 3 above.
- STORAGE OF PERSONAL DATA
The personal data is stored for the time necessary to provide the service requested by the data subject, or stated by the purposes outlined in this document.
As such, personal data provided by the data subject will be stored for a period of ten (10) years after the personal data is provided by the data subject or, in case of contractual relation, of ten (10) years after the end of the contractual relation, without prejudice to the fact that longer periods may be applied whenever the situation justifies it (provided that the storage period is proportional to such situation), in particular to safeguard any rights of UCADEMICS and/or the data subject.
Without prejudice of the period established in the previous paragraph, any personal data provided in the subscription of any newsletter, advertisement and or publicity services shall be kept by UCADEMICS for the entire duration of the subscription.
- PERSONAL DATA PROCESSING SECURITY MEASURES
UCADEMICS has implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with the law. However, UCADEMICS cannot guarantee there will not be a breach, and UCADEMICS is not responsible for any breach of security or for the actions of any third parties.
Because the internet is an open system, the transmission of information via the internet is not completely secure.
Although UCADEMICS has implemented reasonable measures to protect your personal data submitted through the website, having adopted the appropriate measures necessary for this purposes, in particular, (i) password protection, (ii) use of digital certificates, (iii) firewalls, (iv) antivirus, (v) secure communication via https protocol, UCADEMICS cannot guarantee the absolute security of your personal data transmitted to UCADEMICS using the internet.
UCADEMICS informs that security measures shall be reviewed and updated according to the needs and requirements on the matter.
If, for any reason, there is a breach of security that causes, accidently or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data, UCADEMICS undertakes, in accordance with the applicable law, to notify the competent authorities, without undue delay and, whenever possible, within 72 hours of becoming aware of such occurrence. UCADEMICS further undertakes to report the violation of personal data to the respective data subject, in accordance with the applicable law.
Notwithstanding the security measures adopted by UCADEMICS, In order to guarantee a higher level of security, it is important that you install and/or maintain up-to-date your operating system, antivirus, firewalls and antispyware as well as guarantying that your password is not known to any other person than yourself.
- ACCESS TO THIRD PARTY WEBSITES
Last updated on Saturday, 26 May 2018