Skip to main content
search close

Privacy policy of the internal whistleblowing channel

The Foundation for Science and Technology, I. P., abbreviated as FCT, as an administrative entity with high commitments in the area of research in science, technology and innovation in all areas of knowledge, is committed to respecting the principles applicable to data protection and strengthening the legal protection of the holders of personal data in strict compliance with the applicable legislation, namely the provisions of Article 35 of the Constitution of the Portuguese Republic, Regulation (EU) 2016/679, of the European Parliament and of the Council of April 2016, on the protection of individuals with regard to the processing of personal data.º of the Constitution of the Portuguese Republic, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR) -, Law no.58/2019, of August 8, which ensures the implementation of the GDPR in the national legal order, and Law 59/2019, of August 8, which approved the rules on the processing of personal data for the purposes of the prevention, detection, investigation or prosecution of criminal offenses or the execution of criminal penalties.

In turn, the FCT has implemented an Internal Whistleblowing Channel, in strict compliance with Law 93/2021, of December 20, which establishes the general regime for the protection of whistleblowers (GDPR), transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report breaches of Union law.

This Privacy Policy is intended to inform the holders of personal data who interact with FCT through its Internal Whistleblowing Channel of compliance with privacy and data protection practices, without prejudice to reading and understanding the complaint form and the FCT Internal Whistleblowing Channel Regulations.

Data Controller

The FCT is responsible for the processing of personal data, with headquarters at Av. D. Carlos I, 126, 1249-074 Lisboa, telephone: +351 21 3924300

Data Protection Officer

FCT has appointed a Personal Data Protection Officer, whose contact should be made directly through the e-mail dpo@fct.pt for all questions related to the processing of personal data processed under this Privacy Policy.

Categories of Data and Data Recipients

The personal data processed by the FCT in the context of the complaints submitted fall into the following categories: identification data, contact, professional category, academic and professional activity, profile, physical, health, criminal convictions or offenses, tracking, authentication, navigation.

Personal data may be communicated to the national and international authorities competent to investigate the reported infringement, insofar as this is necessary to follow up the complaint and is permitted by law.

Purpose of processing personal data

Data is collected for specific, explicit and legitimate purposes and may not be further processed in a way that is incompatible with those purposes.

The personal data processed is exclusively for the purpose of managing the Internal Whistleblowing Channel.

Legal grounds for treatment

The processing of personal data relating to the FCT Internal Whistleblowing Channel complies with the principles of lawfulness, fairness, transparency and the limitation of the retention period, and is based on the provisions of Article 6 of the GDPR, point c): because it is necessary to comply with FCT's legal obligations.

Rights of Data Subjects

Data subjects have the right to be informed about the processing of their data, and have the right to demand the correction of any inaccuracies, the deletion of unduly recorded data and the integration of omissions, under the terms of the GDPR and other applicable legislation.

Specifically, they may exercise, within the limits and exceptions provided for by law, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to portability, the right to object and the right to withdraw consent.

Transfer of data to third countries

Exceptionally, and when strictly necessary for the pursuit of the processing purposes described above, the FCT may transfer the personal data collected to international organizations located in countries outside the European Economic Area or to countries for which there is no adequacy decision by the European Commission and, in such cases, will ensure that additional measures are taken to guarantee that the personal data enjoy a level of protection essentially equivalent to that existing in the European Union and will carry out data processing agreements using standard contractual clauses for the transfer of personal data. In cases where these international organizations are located in the EEA or in a country subject to an adequacy decision, the FCT will carry out data processing agreements in accordance with the applicable laws on the protection of personal data.

Shelf life

The retention period for personal data processed for the Management of the Internal Whistleblowing Channel is that established by law, specifically in Article 20(1) of the GDPR, i.e. 5 (five) years from the date of receipt of the complaint and, regardless of this period, during the pendency of judicial or administrative proceedings relating to the complaint.

General measures adopted to guarantee the security of personal data

In order to guarantee the privacy and protection of personal data, FCT implements strict, internationally recognized rules. To this end, FCT has implemented technical and organizational security measures to protect the personal data it collects, as well as its confidentiality, integrity and authenticity. Personal data stored by the FCT is encrypted and anonymized whenever possible, and subject to access control.

Notification and complaint

Without prejudice to sending a direct notification to the FCT, through the contacts available at https://www.fct.pt/contactos, you can complain directly to the National Data Protection Commission(www.cnpd.pt), using the contacts provided by this entity for this purpose.

Changes to the privacy policy

This Privacy Policy may be subject to updates, so regular consultation is advised. Changes are deemed to take effect from the date they are posted on this website, with express reference to the date of the update.

Updated on 13 July 2024