Skip to main content
search close

Internal reporting channel privacy policy

The Foundation for Science and Technology, I. P., abbreviated as FCT, as an administrative entity with significant commitments in the area of research in science, technology, and innovation in all areas of knowledge, is committed to respecting the principles applicable to data protection and strengthening the legal protection of personal data subjects in strict compliance with applicable legislation, namely the provisions of Article 35 of the Constitution of the Portuguese Republic, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – General Data Protection Regulation (GDPR) – Law No. 58/2019 of August 8, which ensures the implementation of the GDPR in the national legal system, and Law No. 59/2019 of August 8, which approved the rules on the processing of personal data for the purposes of prevention, detection, investigation, or prosecution of criminal offenses or the execution of criminal penalties.

In turn, FCT implemented an Internal Reporting Channel, in strict compliance with Law 93/2021 of December 20, which establishes the general regime for the protection of whistleblowers (RGPDI), transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report breaches of Union law.

This Privacy Policy aims to inform the owners of personal data who interact with FCT through its Internal Reporting Channel regarding compliance with privacy and data protection practices, without prejudice to reading and understanding the reporting form and the FCT Internal Reporting Channel Regulations.

Data Controller

FCT is responsible for the processing of personal data, with headquarters at Av. D. Carlos I, 126, 1249-074 Lisbon, telephone: +351 21 3924300.

Data Protection Officer

FCT has appointed a Personal Data Protection Officer, who should be contacted directly via email at dpo@fct.pt for all matters relating to the processing of personal data under this Privacy Policy.

Categories of Data and Data Recipients

The personal data processed by FCT in connection with complaints submitted fall into the following categories: identification data, contact details, professional category, academic and professional activity, profile, physical characteristics, health, criminal convictions or offenses, tracking, authentication, and browsing.

Personal data may be communicated to the competent national and international authorities to investigate the reported infringement, to the extent that this is necessary to follow up on the complaint and is permitted by law.

Purpose of Personal Data Processing

Data is collected for specific, explicit, and legitimate purposes and cannot be further processed in a manner incompatible with those purposes.

The personal data processed is intended exclusively for the purpose of managing the Internal Reporting Channel.

Legal Basis for Processing

The processing of personal data relating to the FCT Internal Reporting Channel complies with the principles of lawfulness, fairness, transparency, and limited retention period, and is based on the provisions of Article 6(c) of the GDPR: because it is necessary for compliance with the legal obligations of the FCT.

Rights of Personal Data Subjects

Data subjects have the right to be informed about the processing of their data, and have the right to demand the correction of any inaccuracies, the deletion of improperly recorded data, and the integration of omissions, in accordance with the GDPR and other applicable legislation.

Specifically, they may exercise, within the limits and exceptions provided for by law, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to portability, the right to object, and the right to withdraw consent.

Transfer of data to third countries

Exceptionally, and when strictly necessary for the purposes of processing described above, FCT may transfer the personal data collected to international organizations located in countries outside the European Economic Area or to countries for which there is no adequacy decision by the European Commission and, in such cases, it will ensure additional measures to guarantee that personal data enjoy a level of protection essentially equivalent to that existing in the European Union and will enter into data processing agreements using standard contractual clauses for the transfer of personal data. In cases where these international organizations are located in the EEA or in a country subject to an adequacy decision, the FCT will enter into data processing agreements in accordance with the applicable laws on the protection of personal data.

Shelf life

The retention period for personal data processed for Internal Reporting Channel Management is that established by law, specifically in Article 20(1) of the RGPDI, i.e., five (5) years from the date of receipt of the report and, regardless of this period, during the pendency of judicial or administrative proceedings relating to the report.

General measures adopted to ensure the security of personal data

To ensure privacy and the protection of personal data, FCT implements strict and internationally recognized rules. In this regard, FCT has implemented technical and organizational security measures to protect the personal data it collects, as well as its confidentiality, integrity, and authenticity. Personal data stored by FCT is encrypted and anonymized whenever possible and subject to access control.

Notification and complaint

Without prejudice to sending a direct notification to FCT, through the contacts available at https://www.fct.pt/contactos, you can complain directly to the National Data Protection Commission (www.cnpd.pt), using the contacts provided by this entity for this purpose.

Changes to the privacy policy

This Privacy Policy may be subject to updates, so we recommend that you consult it regularly. Changes are considered to take effect from the date they are posted on this website, with express reference to the date of the update.

Updated on July 13, 2024