Go to Content

Privacy Policy

Privacy Policy

DNS.PT Association, hereinafter referred to as .PT, is strongly committed to respecting and ensuring the privacy of users of our website and the security of their personal data, as well as all personal data of data subjects processed by .PT, as controller.

In addition to what is referred in the Data Protection Policy below, within the scope of its performance, .PT assumes and recognizes as fundamental a commitment to:
• Respect your privacy and the selection of content you consult on this site;
• Identify and limit the processing of any personal data collected to what is strictly necessary to successfully complete the requested action;
• In cases where it is necessary to collect your personal data, to use this information as described in the terms of this document and with respect to the applicable legislation on privacy and data protection;
• Not to use your data for any purposes other than those that have been identified and previously communicated;
• Treat your data according to the applicable legislation, considering the necessary and applicable security and protection measures.

In order to ensure a holistic, systematic and clear vision of the measures adopted by .PT in terms of privacy and data protection, the following policies are considered to be related to the .PT Privacy Policy:

Data Protection Policy

Framework
.PT is committed to ensure that the natural persons with whom it interacts while exercising of its functions have greater control over their personal data, in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other applicable legislation.

Thus, .PT discloses, to the data subjects, the general rules for the processing of personal data ensuring that their data are collected and processed in accordance with the provisions of the above-mentioned legislation. 

.PT intends to comply with the best practices in security and protection of personal data by promoting all technical and organizational measures in line with the GDPR and related legislation, ensuring that the processing of personal data is lawful, loyal, transparent and limited to duly authorized purposes.
It is under this framework, and in a logic of clarification of concepts and principles, that .PT presents its Data Protection Policy, applicable exclusively to the collection and processing of personal data for which the .PT is responsible for as controller.

Personal Data
Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (data subject).

It is considered identifiable any person that can be identified, directly or indirectly, using reasonable means, by reference to a name, identification number, location data, identifiers by electronic means or one or more specific elements of its physical, physiological, genetic, mental, economic, cultural or social identity.

Personal Data Processing
The processing of personal data consists of an operation or a set of operations carried out on personal data or personal data sets, by automated means, or not, namely the collection, registration, organization, structuring, preservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, deletion or destruction.

Controller
.PT is the data controller as it is the entity responsible to determine the purposes and means of the personal data processing.

Purpose of Data Processing
.PT process personal data for a set of purposes related to the pursuit of its activity and its operation as a legal entity.

Currently, the purposes of treatment are as follows:
•    Registration of domain names management;
•    Human resource management;
•    Financial management;
•    Infrastructure and system management;
•    Legal management.

Lawfulness of the Processing
.PT processes personal data based on the following grounds of lawfulness:

•  In the scope of pre-contractual procedures requested by the data subject or for the performance of the contract arising from the registration of a .pt domain name and the management of this contractual relationship, which include, among others, the contacts via web platform, email and/or telephone for notifications, clarification of questions or conducting surveys of satisfaction and evaluation of the services provided;
•  If you have obtained your consent, as data subject, to process them based on specific, explicit and legitimate purposes, including to allow registration at our events, trainings and other initiatives;
•  When it is necessary for the fulfilment of legal obligations, which includes, in particular, the need to develop and maintain the site ww.pt.pt with the quality and security intended, contribute to the prevention and detection of fraud, allow the notification of situations or events associated to the security of .PT, its networks or information (in particular through the mechanism of contact via email abuse@pt.pt).

Data Subject’s Rights
As data subject, and within certain limits resulting from the law, you have the following rights:
•    Right to access your personal data;
•    Right to rectification of any personal data that is inaccurate or incomplete;
•    Right to erasure your personal data;
•    Right to restrict the processing of your personal data;
•    Right to portability of your personal data;
•    Right to object to the processing of your personal data;
•   Right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (www.cnpd.pt), should you believe that any of the above rights has been breached.

Processors and Recipients
Your personal data may be disclosed or transferred to entities that provide services of registration and management of domain names, duly accredited by .PT, court authorities, ARBITRARE - Centro de Arbitragem para a Propriedade Industrial, Nomes de Domínio, Firmas e Denominações and to any entity to which the law assigns powers in respect of criminal investigation or whose mission is to oversee or ensure compliance with the legislation applicable, namely, to the protection of consumer rights, intellectual property, communications, security, public health and trade practices in general.

Only the personal data necessary will be disclosed and transferred. In any case, the .PT will remain as controller of the personal data that has been made available to it.

Processors which process personal data on behalf of .PT are obliged to submit in writing sufficient guarantees for the execution of technical and organizational measures appropriate to compliance with the data protection legislation and to ensure the protection of the rights of the data subject.

Personal data transfers

For the provision of some services by .PT, it may be necessary to transfer personal data outside Portugal, including outside the European Union and / or to international organizations.

In these circumstances, .PT undertakes to strictly comply with the applicable legal provisions regarding the adequacy of the destination country (ies) concerning the protection of personal data and the safeguards imposed on such transfers, including, whenever required, the signing of appropriate contractual instruments that guarantee and respect the legal requirements in force.

What Data is Collected

In addition to the data necessary for performing its activity, which includes employees and suppliers data, the .PT processes the personal data necessary for the provision of the .pt domain names registration service, duly identified in the registration process.

Additionally, .PT may process personal data resulting from browsing the site www.pt.pt, in accordance with the Cookies Policy.

Finally, .PT processes the personal data voluntarily provided through the site www.pt.pt, such as filling out contact forms or sending electronic mail.

The personal data are collected [in writing, by phone, through forms made available on the website], directly from their data subject. If personal data are collected from third parties, the data subject will be duly informed about the processing of their data and their rights.

In the scope of its activity, .PT collects and processes personal data related to the following categories: identification data, contact data, qualification data, professional data, bank data, image data and biometric data. 

The data collected and processed refers to the personal data of employees, corporate members, service providers and customers that are related to the .PT activity.

Period for which the personal data will be stored

The personal data shall be stored in a way that enables the data subjects to be identified only for the period necessary for the purposes for which their data is being processed, without prejudice, inter alia, to the fulfilment of legal obligations that impose a specific period of time for the exercise of certain rights and legitimate interests of the controller.

.PT will keep the personal data for the period necessary for the purposes that led to its processing, plus the legal periods applicable for preserving the information and for exercising certain rights as resulting from national law.

The personal data that are being processed during the storage period may be reused by the same data subjects as soon as a new domain name registration is initiated or for the purpose of reactivating an expired domain name.

Measures taken to ensure the security of personal data

Since 2015, .PT has an integrated management system for quality and information security, certified in ISO 9001: 2015 and ISO / IEC 27001: 2013, which integrates a set of best practices for enhancing the quality and security of information.

To ensure the protection of personal data, .PT implements strict rules, in line with the best international practices, which apply to those who legally handle personal data.

Technical and organizational security measures are implemented in order to protect the personal data that are made available to .PT, such as the encryption of communication channels between clients, partners and .PT, which ensure the integrity, confidentiality and authenticity of the data exchanged. The personal data stored by .PT are encrypted and anonymized, whenever possible, and subject to access control based on the principle of minimum privilege.

.PT continuously reviews its security measures in order to ensure the improvement of the practices adopted and to track the new cyber threats and implement the necessary countermeasures.

Responsibility of Data Subjects

Data subjects are responsible for providing reliable information to .PT and for using its services according to the rules established and the rights of third parties.

Data subjects are also responsible for the use of their usernames, passwords, access codes and any other elements used to access the services provided by .PT, which are personal and non-transferable, and it is up to the data subjects to ensure the confidentiality of this information and prevent its use by third parties. 

Moreover, data subjects should take the additional security measures, including the use of an updated PC and browser in terms of properly configured security patches with active firewall, antivirus, and antispyware.

Data Protection Officer
.PT has appointed a Data Protection Officer that may be contacted directly, using the contact details below, to clarify any issues related to the processing of personal data and the exercise of rights.

Contact details: epd@pt.pt.

Notification and Complaint
You can send a direct notification to .PT, through the contacts indicated below, or you can complain directly to Comissão Nacional de Proteção de Dados (www.cnpd.pt), using the contacts made available by this entity for this purpose.

Contacts

Media and .pt website issues: rp@pt.pt;
Processing of personal data issues: epd@pt.pt;
.pt Domain Registration issues: request@pt.pt;
Security issues: abuse@pt.pt

Associação DNS.PT
Rua Eça de Queiroz, n.º 29
1050-095 Lisboa - Portugal

This policy can be reviewed and changed at any time in accordance with the law, a judicial decision, or a recommendation of the competent administrative authority. At any case, the information will be updated as soon as possible.


Last update: August 2, 2022