SCOPE
The Foundation will protect the personal data of individuals associated with the Foundation, including sex, age, image, voice, gender, identity, gender identity, sexual orientation, skin color, ethnic, national, and territorial origin, immigration status and classification, disability status, religious beliefs, political affiliation, marital status, address, medical or health data, economic-financial, academic and training data, professional and employment data, judicial and administrative data, and any information related to this data that may lead to the identification of a specific individual, collected from records, files, archives, and databases, as established by law.
RESPONSIBILITY
The responsibility for this activity falls upon the governing body, as records, files, archives, and/or databases will be created, whether electronic or not, to maintain the organized set of personal data that is subject to processing (regardless of the method of their creation, storage, organization, and access).
Personal data processing consists of systematic operations and procedures, whether electronic or not, that allow for the collection, preservation, organization, storage, modification, correlation, evaluation, blocking, destruction, and, in general, the processing of personal data, as well as its transfer to third parties through communications, queries, interconnections, and transfers.
PRINCIPLE AND DEFINITIONS
In accordance with the aforementioned Law 149/2022, the Foundation's Personal Data Privacy Policy is governed by the following principles:
a) Collection limitation: the collection and storage of information that may lead to the identification of a specific person must be limited to what is relevant and strictly necessary for the required purpose, adjusted to a specific, lawful, and explicit objective, and retained only for the time required in accordance with that purpose;
b) data quality: the personal data obtained, stored, and processed must be truthful, accurate, complete, correct, and up-to-date, provided by the data subject, without using unfair or fraudulent means to obtain it. The data must be maintained until the data subject indicates and proves the need for rectification, modification, updating, or deletion;
c) specification of purposes: the specific purposes for obtaining, storing, and technically processing any type of personal data must be accurately, understandably, and appropriately disclosed to the data subject in advance;
d) limitation of use: the personal data obtained, stored, and processed may only be used for the specific and lawful purpose informed to the data subject, and by natural or legal persons, or other entities authorized by them;
e) Legitimacy: Only bodies, agencies, entities, and natural or legal persons are authorized to obtain, store, and process personal data when they are authorized to create files, in accordance with their functions or the activities they carry out, as regulated by the legislation in force for such purposes;
f) Safeguarding security: Natural or legal persons responsible for files containing personal data are obliged to safeguard their security and to guarantee, through the appropriate technological, administrative, material, or physical measures, that only they or authorized personnel, where applicable, access or process them using established procedures;
g) Transparency of information: The person responsible for and in charge of personal data files guarantees the owner the right to access their personal data for the purpose of verifying, rectifying, updating, deleting, or objecting to such data; the files must also be suitable for inspection or review by the competent authority;
h) Individual participation: Personal data may only be obtained with the individual participation of its owner, as an expression of respect for their right to identity, privacy, honor, image, and voice;
i) Responsibility: Natural or legal persons in charge of obtaining, storing, and processing personal data in registries, files, archives, and databases are responsible for their lawful use for the purposes informed to the owner, with a guarantee of their security;
j) Legality: The possession and processing of personal data is exclusively for lawful purposes; those responsible for registries, files, archives, and databases comply with the provisions of the corresponding regulatory provisions in their actions;
k) Degree of confidentiality of information: Personal data provided to registries, files, archives, and databases are confidential and may only be used by