1. INTRODUCTION

The protection of personal data is a priority of Ágora – Cultura e Desporto do Porto, EM., S.A. (hereinafter referred to as Ágora). The adopted privacy and personal data protection policy clarifies which personal data are collected, for what purposes they are used, which principles guide the use of such data and the rights that their holders enjoy.

Ágora is a local company of a municipal nature, endowed with statutory, administrative and financial autonomy, incorporated on September 29, 2006 (then as Porto Lazer E.M.), whose share capital is fully owned by the Municipality of Porto, under the terms of the Legal of Local Business Activity and Local Participations.

Its corporate purpose is the promotion and development of culture, physical activity and sport, other entertainment activities in the City, as well as the promotion and development of brands associated with the City of Porto, in addition to activities determined by the management of the spaces and equipment that are under its management.

2. CONTEXT

This policy applies to all those who, in any way, have a relationship with Ágora.

3. RESPONSIBLE FOR DATA PROCESSING

As the person responsible for processing the data entrusted to it, Ágora:

– Ensures that the processing of personal data is carried out within the scope of the purposes for which they were collected or for purposes compatible with the initial purposes;

– Assumes the commitment to implement a data minimization culture in which it only collects, uses and conserves necessary personal data;

– Does not disclose or share personal data for commercial or advertising purposes.

4. HOW PERSONAL DATA ARE USED

Ágora uses the personal data provided in an application, communication, complaint, participation or on the website, to respond to requests received, as well as for statistical purposes, continuity of service and participation in events.

In addition, it collects the information provided by its interlocutors, such as comments, suggestions and criticisms/complaints, with a view to constant improvement.

5. PERSONAL DATA COLLECTED

The personal data collected depends on the context of interactions with Ágora, within the scope of its activity.

The data collected may include the following items:

Identification:

– Name

– Age

– Tax identification number

– Citizen Card/Identity Card Number

– Social Security number

Financial/Payment Data:

– Bank identification number

Institutional data:

– Institutional email

Contacts:

– Household

– Email address

– Phone/mobile number

Image:

– Image of security cameras

6. PERSONAL DATA OF MINORS

The personal data of minors, the collection and processing of which does not result from a legal basis or from the exercise of public interest/public authority functions, will only be collected and processed with the express consent of the holders of parental responsibilities or guardians. Holders of parental responsibilities or guardians have the prerogative to exercise their rights over the personal data of minors under similar conditions to those of data subjects.

7. COLLECTION AND PROCESSING OF SPECIAL DATA

Personal data may be of a more sensitive nature in certain situations, classified by the General Data Protection Regulation (GDPR) as "special categories of data", which include, among others, health data.

The processing associated with special categories of data deserves increased protection in the GDPR and is subject to specific technical and organizational safeguards. In this sense, the addition of documentation that incorporates special categories of data should only be carried out when such data appear as instructive or optional documents in the forms made available and advertised by Ágora.

8. REASONS WHY DATA IS SHARED

Ágora only shares personal data with third parties in the exercise of public interest/public authority functions, in strict compliance with legal obligations, or with the prior consent of the holder.

9. SECURITY OF PERSONAL DATA

Ágora uses a set of technologies, tools and security procedures, making the best efforts to protect personal data from unauthorized access, use or disclosure.

10. HOW TO ACCESS AND CONTROL PERSONAL DATA

Ágora allows, at the request of its holder, access, rectification, limitation of treatment and erasure of personal data. The data subject also has the right to object to the processing of his/her personal data.

If the use of personal data is based on consent, the data subject has the right to withdraw it, without compromising the validity of the data processing carried out until that moment.

Ágora's Data Protection Officer (dpo@agoraporto.pt) can always be contacted to clarify all questions related to the processing of personal data and exercise of rights as a holder of personal data.

11. RIGHTS OF THE DATA HOLDER

The data subject has the following rights:

Right to be informed – right to be informed, in a clear, simple and transparent way, about the processing of your personal data by Ágora.

Right of access – right to access personal data concerning you and which are processed by Ágora.

Right of rectification – if you find that Ágora has incorrect, incomplete or inaccurate personal data that you own, you have the right to request its correction or rectification.

Right of opposition – right to oppose the processing of data by Ágora. However, legal or public interest grounds may prevail over the right of opposition.

Right of limitation – right to request the limitation of the processing of your personal data by Ágora, to certain categories of data or purposes of treatment. However, legal or public interest grounds may prevail over this right.

Right to erasure of personal data or "right to be forgotten" – right to request the erasure of your personal data, if there are no legal grounds or public interest that justify the conservation of that personal data.

Right to withdraw consent – whenever the processing of your personal data is carried out on the basis of your consent, you have the right to ask Ágora to stop carrying out this treatment.

Right to portability – right to receive personal data concerning you, in a commonly used and machine-readable digital format, or to request the direct transmission of your data to another entity, but in this case only if technically possible.

12. PERSONAL DATA RETENTION

Ágora retains personal data for the necessary and reasonable period and within the scope of the purpose(s) for which they are collected.

Conservation periods may change significantly when archival purposes of public interest or historical, scientific or statistical reasons justify it, and Ágora is committed to adopting appropriate conservation and security measures.

In order to determine the appropriate retention period, Ágora takes into account the various deliberations of the European data protection control authorities, namely the CNPD, and the Archival Regulation for Local Authorities (Portaria nº 412/2001, of 17 April and 1253/2009, of October 14).

The data will be deleted as soon as they are no longer necessary for the defined purpose(s) or when consent is withdrawn.

13. COOKIES AND SIMILAR TECHNOLOGIES

Ágora uses cookies (small text files that a website, when visited by the user, places on their computer or mobile device through the internet browser) to provide online services, assist in data collection and save settings, taking into account to improve performance and user experience.

14. SOCIAL NETWORKS

Facebook

Instagram

Youtube

Linkedin

15. CONTACT INFORMATION

For more information about Ágora's privacy practices and personal data protection, you can send an email to: dpo@agoraporto.pt.

16. CHANGES TO THIS PRIVACY POLICY

This privacy and personal data protection policy will be updated regularly, whenever justified.

When changes to this policy are published, the respective update date will be changed at the same time.

It is recommended to periodically consult the privacy policy and protection of personal data to obtain information on how Ágora protects personal data and to update the information and rights of data subjects.

Suggestions for improvement can be made via email dpo@agoraporto.pt.

Last update date: May 11, 2022