Skip to main content

Privacy Policy

(EU) Regulation 2016/679, the General Data Protection Regulation (GDPR), in force since 25 May 2018, sets the applicable rules on processing personal data by companies and public bodies with a view to ensure protection of the data subjects’ fundamental rights and freedoms and, especially, protection of their personal data.

Under what situations are data processed?

To fulfil its activities, the SGPCM processes personal data under the terms set in the GDPR when such is necessary to:

  • Implement contracts to which it is a party;
  • Meet the legal duties to which it is bound;
  • Exercise public interest duties;
  • Pursue a legitimate interest that does not superimpose over the fundamental rights and freedoms of the subject that require data personal data protection.

Outside the abovementioned situations, the SGPCM will ask for you consent to process your personal data.

How are personal data processed?

Processing personal data by the SGPCM abides by the principles of transparency and loyalty with the data subject.

Personal data are collected for specific purposes that will be determined, explicit, and legitimate and communicated to the data subject and they shall not be used for purposes incompatible with that for which the collection was authorised.

Only the personal data that are suited and relevant for the purposes of processing will be requested.

The personal data are precise and updated whenever necessary; the suitable measures for the imprecise data to be deleted or amended as quickly as possible, given the purposes for their processing, will be adopted.

The personal data are retained for the time necessary to fulfil the purpose for which they are collected.

The SGPCM will adopt the technical and organisational measures to ensure the personal data are secure and thwart their loss, destruction, or accidental damage, as well as any unlawful or unauthorised processing.

Confidentiality and personal data privacy

The SGPCM is committed to process the data in a loyal and transparent manner, ensuring confidentiality and security of the information requested and ensuring that it shall only be used for the purposes duly indicated and authorised.

Access and security procedures

The SGPCM undertakes to ensure the security and protection of the personal data it collects and for this end it adopted a series of technical and organisational measures. All the data are collected through forms that are protected via security procedures protecting them from undue access and disclosure.

Personal data retention

All the data collected are retained for the period that is strictly necessary for their processing, according to the intended purpose. The retention periods may however change if the associated public interest, historical, scientific, or statistical reasons so warrant.

Revoking consent

Whenever the personal data collection and processing is done based on the data subject’s consent, they may revoke their consent at any time.

For this, simply inform the SGPCM that you have withdrawn your consent by writing to the person in charge of Data Protection via email to or by post.

Data subject’s holders

The data subject has the right

  • to be informed of any relevant aspects relating to processing;
  • to access their data;
  • to amend their data;
  • to limit their data’s processing;
  • to suppress/delete their data;
  • to data portability (when this is technically possible);
  • to oppose processing. To exercise these rights, the data subject must simply request this by writing to the person in charge of Data Protection via email to or by post.

By supplying their personal data to the SGPCM, the data subject acknowledges and accepts that their processing is done according to what is set in this document.

Person charged with data protection

The person in charge with data protection is tasked with, among others, ensuring the relations between the SGPCM and the data subjects in the matters covered by the GDPR and related legislation.

The person charged with data protection at the SGPCM will provide any clarifications requested from them on personal data protection, they will receive the data subjects’ requests on exercising rights, as well as any complaints made under this matter.


Portuguese Data Protection Authority

The Portuguese Data Protection Authority is charged with overseeing the GDPR’s implementation in order to uphold the data subjects’ fundamental rights and freedoms on processing and easing the free circulation of data within the European Union.

The data subjects may make any complaints on our privacy policy and personal data processing within the SGPCM with the Portuguese Data Protection Authority.

Last update: 21 de November, 2023