The processing of personal data should be lawful and fair, for specified, specific and explicit purposes.
The personal data processed must be adequate, relevant and limited to what is necessary for the specified purposes, these requirements apply to the amount of data, the extent of processing, accessibility of the data and the period of storage. Personal data should not be processed if the purpose of the processing can be reasonably fulfilled by other means.
The data must be protected from unauthorized access and from accidental or unlawful disclosure, loss, destruction or alteration, in accordance with the risk that the processing presents to the data subjects.
The data subjects have the
right to receive concise and transparent information, in clear and plain language, about the processing of their personal data, in particular the specific purposes of the processing.
The data subjects have the right to file a complaint with a
Supervisor Authority, whenever they find that the processing of personal data concerning them violates the personal data protection regime.
The
subcontracting of the processing of personal data does not diminish the obligations of the Controller, and must be formalized in a document that determines the object, the duration, the nature and purpose of the processing, the categories of personal data and the categories of data subjects, and the obligations and rights of the Controller.
Data Protection Officer of the University of Minho:
Address: Protecao de Dados, Universidade do Minho, Edifício 10, sala 0.17 - Campus de Gualtar - 4710 - 057 Braga - Portugal
National Supervisor Authority for the Protection of Personal Data:
Comissão Nacional de Proteção de Dados (CNPD), http://www.cnpd.pt
