25
CLIP School
Restricted area
125
CLIP
Welcoming MessageGuiding principlesGovernance and LeadershipCLIP Profile
Learning at CLIP
FundamentalsCurriculum and AssessmentWellbeingCompetencies for learning
Admissions
Why CLIPJoin us!Uniform
Community
StudentsParentsStaffAlumniExtra-Curricular ActivitiesCLIP Shop
Contacts
Job Offers
Media
Events
Schedules and Calendar
News
Downloads
CLIP School
CLIP Teams CLIP Clubs CLIP + CLIP AdvancEd CLIP Music
Restricted area
Parents Portal Students Portal Teachers Portal Dashboard Canteen CLIP Shop Chalk Sora Reading Cloud Parents' Evening School Memos
Legal information
Privacy PolicyAlternative Dispute ResolutionPermanent LicensePolicies

Privacy Policy

1. Introduction



1- Thank you very much for consulting our Privacy Policy. Please be assured that we are available to provide any clarifications and information about our services and about the protection of your personal data.



2- CLIP fully respects your privacy and the personal data whose processing you entrust to us; this is conduct we consider essential and fundamental to our activity as a responsible organisation.



3- We comply, and ensure compliance, with the personal data protection legislation in force, namely the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and Law no. 58/2019 of 8 August, which implements it within the Portuguese legal system.



4- We are fully committed to protecting your privacy and your personal data and, at the same time, providing you with the best possible user experience of our website, which we have designed and created for you.



2. Data Controller



1- The data controller is, in accordance with the GDPR, Article 4(7), “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”.



2- In the context defined above, CLIP - Colégio Luso Internacional do Porto S.A. – NIPC no. 503110175, with registered office at Rua Vila Nova 1071-1199, 4100-506, Porto, is the entity responsible for processing your personal data.



3. Collection of personal data



1- The user may access, browse and use this website without providing any personal information.



2- However, the use of certain tools on the site, namely access to the restricted area or for contact purposes, implies the provision of personal identification data (name) and contact details (telephone number, email).



3- CLIP does not collect personal data for newsletter purposes, as there is no newsletter.



4. How we operate



1- This policy reflects the way we operate when we provide our services and whenever, in any way, we interact with you and process your personal data.



2- Access to the personal information you entrust to us for processing is carried out solely by those who are duly authorised to do so.



3- Our concern for your personal data is established by design and by default; that is, it is present from the outset of our website and, thereafter, in the way we provide our services, how we operate and in all initiatives we may develop. Personal data are processed strictly on a need-to-know basis and with rigorous access controls.



4- We seek, assess and implement the most appropriate technical and organisational measures to protect personal information, with a view to continuous improvement.



5- The initial and ongoing training of all CLIP employees is regarded by us as an essential factor in the protection of personal data.



5. What you should be aware of



1- Access to our website and the provision of your personal data implies and presupposes that you are aware of the content of this privacy policy.



2- We recommend that you carefully read our Cookies Policy, a document you will find at the bottom of the home page of our website.



6. Personal data protection concepts



1- These are some of the concepts inherent to personal data protection:



  • a) What are “Personal Data”? Any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to their physical, physiological, mental, economic, cultural or social identity.


  • b) What is meant by “Processing”? An operation or set of operations performed on personal data or on sets of personal data, by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.


  • c) Who is the “Data Controller”? The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.


  • d) What is “Consent”? Consent is given by you, as the data subject and when legally applicable, and constitutes a freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you.


  • e) What is a “Personal data breach”? A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


7. Data processing



1- The personal data we process are adequate, relevant and limited to what is necessary for the purposes of the school.



2- The categories and types of personal data we process, in order to provide our services, are as follows:



a) Identification



  • i) name
  • ii) date of birth
  • iii) Citizen Card details
  • iv) nationality


b) Contact details:



  • i) address
  • ii) telephone number
  • iii) email


c) Academic qualifications



  • i) education
  • ii) performance
  • iii) profession
  • iv) employer


d) Tax



  • i) tax identification number
  • ii) billing address


e) Special categories of



  • i) health
  • ii) criminal record certificate


f) Image



  • i) photographic
  • ii) video, with or without sound


3- Personal data are processed electronically and stored in databases.



8. Processing by processors (subcontracting)



1- In the course of our activity, we may use processors who process personal data on our behalf, as provided for in the GDPR.



2- Whenever this occurs, we adopt the following procedure:



  • a) We carefully select our processors and assess them in advance, determining whether they demonstrate compliance with the GDPR and other applicable legislation; this assessment supports our selection in the contracting process and is documented.
  • b) We verify that they provide sufficient and appropriate guarantees for the implementation of technical and organisational measures to protect your personal data and that they will act only in accordance with our instructions, which will be documented.
  • c) We enter into a written contract with our processors, which reflects all the legal requirements of Article 28 of the GDPR.


9. International transfers of personal data



1- As a rule, your data will always be processed within the European Economic Area, and, where necessary, we preferentially choose service providers located within this area.



2- If we disclose personal data to third countries or international organisations outside the European Economic Area, we will strictly comply with the applicable legal provisions and will not carry out international transfers of personal data to entities that do not provide guarantees of maintaining the level of protection required by the GDPR without appropriate legal safeguards, namely by using contractual clauses published by the European Commission.



10. Purposes of processing personal data



1- With regard to the purposes of processing, we want you to be aware of them in advance, and therefore they are set out explicitly here. They are determined and legitimate, in accordance with the principle of purpose limitation.



2- We process your personal data for the following purposes:



  • a) to identify you as a user of our website;
  • b) to provide educational services and extracurricular activities;
  • c) to communicate matters inherent to pedagogical activity;
  • d) to organise trips, school transport and exchanges;
  • e) for marketing purposes (only with your consent or in accordance with our legitimate interest, duly assessed and justified);
  • f) to inform you of changes to the terms and conditions of the contracted services;
  • g) for communications via platforms relevant to the school journey/school life;
  • h) to assess satisfaction with our services;
  • i) to organise the parents’ and students’ council;
  • j) to manage the library, lost property and lockers;
  • k) to optimise the visit and the usability of our website;
  • l) to manage and perform the contractual relationship;
  • m) for invoicing and collection;
  • n) to organise events and publicise them;
  • o) for recruitment and selection processes;
  • p) to arrange school insurance;
  • q) for the processing of image and video;
  • r) for archiving purposes.


11. Processing your personal data for different purposes



1- It is our firm intention that you, as the data subject, are always duly and in advance informed about the processing we carry out of your personal data, so that you can exercise real and effective control over them, without surprises.



2- If we intend to further process your personal data for a purpose other than those indicated here, we will take the initiative to inform you and will provide the necessary information, as well as any other information that, in the circumstances, is relevant and appropriate, thereby fostering transparent and fair processing.



12. Legal basis for processing personal data



1- Depending on the circumstances, the processing of your personal data may be carried out on the following legal bases:



  • a) necessity of processing for the purposes of pre-contractual steps at the request of the data subject or performance of a contract to which the data subject is party;
  • b) compliance with legal obligations to which we are subject;
  • c) consent, which we will ensure is given by you freely, specifically, informed and unambiguously;
  • d) our legitimate interests, ensuring that they do not override your interests, rights and freedoms; otherwise, we will not rely on them.


13. Retention of personal data



1- We follow the legal rule that data must be retained only for the time necessary for the purposes that prompted their processing, after which they will be deleted or anonymised;



2- Please note that there are legal requirements that oblige us to retain data for a minimum period of time and, in these circumstances, we are obliged to comply with those time limits for as long as they are legally established;



3- Where processing is based on your consent, we will retain the data until you withdraw that consent or where the purpose we pursue no longer applies;



14. Principles of data processing



1- The processing of personal data carried out by CLIP is governed by the following principles:



a) Lawfulness (Article 5(1)(a) GDPR)



b) Fairness/Transparency (Article 5(1)(a) GDPR)



c) Purpose specification and limitation (Article 5(1)(b) GDPR)



d) Data minimisation (Article 5(1)(c) GDPR)



e) Accuracy (Article 5(1)(d) GDPR)



f) Storage limitation (Article 5(1)(e) GDPR)



g) Integrity and confidentiality (Article 5(1)(f) GDPR)



h) Accountability (Article 5(2) GDPR)



15. Data subjects’ rights



1- As a data subject, you have the following rights:



  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to object (Article 21 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to withdraw consent (Article 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR) — in Portugal, the CNPD (www.cnpd.pt)
  • Right to compensation and liability (Article 82 GDPR)
  • Right to mandate a body/organisation/association (Article 80 GDPR)
  • Right not to be subject to automated decision-making (Article 22 GDPR)


2- To exercise these rights with us, please refer below to the section “Contacts”.



16. Time limits for responding to data subjects



1- We respond to your requests regarding the processing of personal data promptly and in a concise, transparent, intelligible and easily accessible manner, using clear and simple language, within a period of 30 calendar days (which may extend to 60 days in case of complexity or depending on the number of requests).



2- The information is provided in writing or by other means, including, where appropriate, by electronic means.



3- If you request it, the information may be provided orally, provided that your identity is duly proven; if identification is not provided, we may refuse, under the law, to respond.



17. Security measures



1- At CLIP we have adopted appropriate technical and organisational measures to ensure a level of security we consider appropriate to the risk associated with processing your personal data, taking into account the measures provided for in Article 32 of the GDPR.



2- In view of ongoing technological developments, we periodically review and improve the measures implemented, which ensure increasingly better and more efficient security, ensuring that your data are protected using the best possible technology, taking into account the risk.



3- In this way, by implementing and periodically reviewing security measures, we seek to ensure the availability, authenticity, integrity and confidentiality of your data, and to prevent their loss, alteration, unauthorised processing or access, and their misuse, as well as any other form of unlawful processing that may occur.



4- We invest decisively and regularly in training our people, ensuring that they have the legal and technical knowledge necessary whenever they handle your personal information, promoting compliance with applicable legal rules and best practices, as well as internal procedures defined and implemented.



18. Communication of data



Within the scope of the services we provide, the communication of data is a requirement for us to be able to enter into a service contract or to send you communications; the absence of such information naturally constitutes an obstacle to entering into such a contract or sending such communications.



19. Links to other websites



1- CLIP’s website contains links to other websites of interest or partners and is not responsible for the privacy policy, cookies policy or terms of use of those websites.



2- When accessing other websites, we recommend that you consult all the information and conditions mentioned above.



20. Information about cookies



1- CLIP’s Cookies Policy can be consulted here: [insert link]



2- If you have any questions regarding how the cookies used by CLIP operate, you may contact us by email: dpo@clip.pt



21. Data Protection Officer



1- CLIP has appointed and notified the CNPD – Comissão Nacional de Proteção de Dados of a Data Protection Officer, who performs the duties provided for in Article 39 of the GDPR.



2- For communications with the Data Protection Officer on matters related to personal data protection, the contacts indicated in the following section should be used.



22. Contacts



1- The User may contact CLIP regarding all matters related to the processing of their personal data and the exercise of the rights conferred by applicable legislation, using the following contacts:





23. Review of the Privacy Policy



1- For various reasons, whether related to legal or technological matters, we may have to change the content of this privacy policy without prior notice.



2- If this happens, and because we want you to remain permanently well informed, we will highlight any changes on our website so that you can consult them.



3- After the change is communicated and published, all users of our website will thereafter be bound by the new terms whenever they browse our website.



24. Approval of the Privacy Policy



1- Our privacy policy was approved by CLIP’s Board of Directors.