Privacy policy
Since 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) has applied, setting out new rules on the protection, processing and free movement of personal data of natural persons.
Santa Casa da Misericórdia de Lisboa, insofar as it processes personal data within the activity it carries out across its various areas of work — in pursuit of the organisation’s statutory aims, set out in Decree-Law No. 235/2008 of 3 December — guarantees the protection of that data, the processing of which is carried out under the applicable legislation and this Privacy Policy.
Santa Casa’s commitment
Through this policy, the institution commits, in particular, to recognising the security of the personal data it processes and ensuring the protection of the privacy of data subjects as core dimensions of the organisation’s activity, essential to fully delivering the various mission areas in which it works.
Misericórdia de Lisboa also provides information on the rules, principles and good practices the organisation observes when processing the personal data entrusted to it, in line with the General Data Protection Regulation (GDPR) and other applicable legislation, and on the means available to data subjects for exercising their rights.
Data controller
Within the activity it carries out across its various areas of work, in line with the organisation’s statutory aims, Santa Casa da Misericórdia de Lisboa – a private-law legal entity of administrative public utility, with single legal-entity number 500 745 471 – is a data controller, and can be contacted through the following channels:
Data controller
- Largo Trindade Coelho / 1200-470 Lisbon
- +351 213 235 000
Data Protection Officer
Insofar as some of the organisation’s main activities involve the processing of a large volume of data of special categories, Santa Casa has designated a Data Protection Officer, responsible for ensuring, among other things, the compliance of personal data processing and protection activities under the institution’s responsibility, in line with the applicable legislation and this policy.
Therefore, data subjects may, if they wish, send a communication to the Data Protection Officer on matters related to personal data processing, using the following channels:
Data Protection Officer
Largo Trindade Coelho / 1200-470 Lisbon
Changes to the privacy policy
Santa Casa has the right to make adjustments or changes to this Privacy Policy at any time; such changes will be duly published on the SCML website and/or other channels considered appropriate.
Privacy policy
Personal Data is any information, of any nature and in any medium (e.g. sound or image), relating to an identified or identifiable natural person (also known as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive data is all personal data subject to specific processing conditions. This category includes:
-
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs and trade-union membership;
-
Genetic data;
-
Biometric data processed for the purpose of uniquely identifying a person;
-
Data concerning health;
Data concerning a person’s sex life or sexual orientation.
A data subject is any natural person to whom personal data relates.
In the context of SCML’s activity, data subjects include, among others:
-
The service users of its social action services (which include responses for the general population; responses for the family, childhood and youth;
-
responses for the older/dependent population; responses supporting disability; therapeutic support responses; emergency responses);
-
The service users of its health services (which include service users of the Santa Casa Health Units, the Saúde Mais Próxima Programme, the Alcoitão Rehabilitation Medicine Centre, Hospital de Sant’Ana, the Integrated Continuing Care Unit Maria José Nogueira Pinto, Obra Social do Pousal and the Calouste Gulbenkian Cerebral Palsy Rehabilitation Centre);
-
SCML’s volunteers;
-
Higher education students (Escola Superior de Saúde do Alcoitão);
-
The players and agents of Jogos Santa Casa;
SCML’s benefactors;
-
SCML’s tenants;
-
SCML’s cultural services users;
-
The organisation’s HR.
SCML processes personal data of varying nature and sensitivity, depending on each area of activity and on the purpose associated with that data processing — for example, identification data (name, civil and tax identification numbers), contact data (address, telephone, email), banking data (IBAN), financial/tax data, training and professional data, family data and, at the level of sensitive data, genetic and biometric data, health-related data, credit and solvency data and minors’ data.
In the processing of personal data, SCML commits to observing the following fundamental principles:
-
Principle of fairness, lawfulness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject;
-
Principle of purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes;
-
Principle of data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
-
Principle of accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
-
Principle of storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed;
-
Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
As controller, SCML undertakes to ensure that the processing of data subjects’ data is carried out only in compliance with the principles mentioned and that it can demonstrate compliance with them (“Principle of accountability”).
SCML will only process personal data where at least one of the following situations applies:
-
Data subject’s consent: when the data subject has given consent to the processing of their personal data for one or more specific purposes, through a positive act indicating a freely given, specific, informed and unambiguous expression of the data subject’s wishes consenting to the processing of their data — with SCML using, in obtaining that consent, clear, simple and intelligible language. Consent is obtained in writing (including by electronic means, namely by validating an option), with SCML keeping a record of the consent in order to be able to demonstrate that the data subject has given their consent to the processing of their personal data. The data subject has the right to withdraw consent at any time; the withdrawal of consent does not affect the lawfulness of processing based on consent given previously. Where consent is required for the processing of personal data of children under 16, in connection with the offer of information society services directly to such children, consent will be obtained from those holding parental responsibility. Consent is not, however, required in the context of preventive or counselling services offered directly to a child.
The data subject’s consent will be obtained by SCML, for instance, prior to sending marketing communications.
-
Performance of a contract or pre-contractual steps: when processing is necessary for the performance of a contract to which the data subject is party, or for pre-contractual steps at the data subject’s request.
This situation covers, for example, the processing of personal data of SCML’s employees as part of managing the employment relationship with SCML.
-
Compliance with a legal obligation: when processing is necessary for compliance with a legal/statutory obligation to which SCML is subject.
This situation covers, for example, the processing of personal data in compliance with the duty of identification and due diligence to which SCML is subject under the legislation on the prevention of money laundering and the financing of terrorism (Law No. 83/2017 of 18 August).
-
Vital interests: when processing is necessary in order to protect the vital interests of the data subject or of another natural person.
In the context of SCML’s activity, this situation may arise as part of providing care to a user of SCML’s health services, where they are physically or legally incapable of giving consent.
-
Public interest/public authority: when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in SCML.
This situation covers, for example, the processing of administrative offences within the remit of SCML’s Games Department, under Law No. 30/2006 of 11 July.
-
Legitimate interests: when processing is necessary for the purposes of the legitimate interests pursued by SCML or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
This situation covers, for example, the processing of data needed to ensure the network and information security of SCML’s IT systems.
SCML may also process sensitive data under the following conditions:
-
If the data subject has given explicit consent to the processing of those personal data for one or more specific purposes;
-
Where, under European Union law, national law or a collective agreement, processing is necessary for the purposes of carrying out the obligations and exercising specific rights of SCML or of the data subject in the field of employment, social security and social protection law;
-
Where processing is necessary to protect the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent;
-
Where the processing relates to personal data which have been manifestly made public by the data subject;
-
Where processing is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity;
-
Where processing is necessary for reasons of substantial public interest, on the basis of European Union or national law;
-
Where processing is necessary for the purposes of preventive or occupational medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of healthcare or social welfare services or treatment, or the management of healthcare or social welfare systems and services, on the basis of European Union or national law or under a contract with a health professional;
-
Where processing is necessary for reasons of public interest in the area of public health, on the basis of European Union or national law;
-
Where processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, on the basis of European Union or national law.
Under the GDPR, national law may impose further conditions on the processing of genetic data, biometric data or data concerning health.
Given the diversity of its areas of work, SCML processes personal data namely for the following purposes:
Social Action
Examples of purposes (non-exhaustive)
-
Triage and registration of service users for social support reception;
-
Management of applications/registrations for social responses;
-
Management of awarding of financial benefits;
-
Receipt and processing of applications for vocational training for service users;
-
Awarding of assistive products;
-
Management of complaints and compliments.
Health
Examples of purposes (non-exhaustive)
-
Registration of service users;
-
Booking of consultations/diagnostic and therapeutic complementary tests;
-
Prescription of medicines and assistive products;
-
Pharmacovigilance;
-
Running clinical/scientific studies;
-
Management of complaints and compliments.
Social Games
Examples of purposes (non-exhaustive)
-
Recording of bets in the State Social Games;
-
Payment of prizes;
-
Management of interactions and of complaints and compliments;
-
Selection of agents for the State Social Games.
Quality and Innovation
Examples of purposes (non-exhaustive)
-
Receipt and processing of applications for funding of scientific research projects;
-
Registration of participants in social responsibility initiatives.
Social Economy and Entrepreneurship
Examples of purposes (non-exhaustive)
-
Receipt and processing of applications to social entrepreneurship programmes.
Culture
Examples of purposes (non-exhaustive)
-
Promotion of cultural activities/programming;
-
Registration of Library and Historical Archive users.
Education and Teaching
Examples of purposes (non-exhaustive)
-
Receipt and processing of student applications to higher education courses and postgraduate programmes.
Cross-cutting
Examples of purposes (non-exhaustive)
-
HR: recruitment and selection; HR management (attendance, scheduling, etc.); payroll processing; performance appraisal; promotion of occupational safety and health; allocation of social benefits to employees;
-
Procurement: receipt and processing of bids in procurement procedures; performance of contracts with suppliers;
-
Financial Management: management of collections/invoicing; management of payments;
-
Communication and Marketing: internal and external communications; sending of newsletters;
-
IT: receipt and processing of IT support requests;
-
Physical security: physical access control; CCTV of premises;
-
Transport: vehicle fleet management;
-
Studies, planning and management support: customer/service user satisfaction assessment; statistical data processing for activity monitoring;
-
Legal: litigation; administrative offences; legal support to organisational units;
-
Audit: carrying out internal audits;
-
Volunteering: receipt and selection of volunteer applications.
Personal data is kept only for the period of time necessary to achieve the purposes for which it is processed, with SCML complying, where applicable, with the legally established retention periods.
Without prejudice to the foregoing, data may be kept for longer periods to meet other ongoing purposes, such as the exercise of a right in legal proceedings, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes — with SCML applying the appropriate technical and organisational measures.
SCML may collect data directly (i.e. directly from the data subject) or indirectly (i.e. through third parties). Collection may take place through the following channels:
-
Direct collection: in person, by telephone, by email, through its websites and through customer areas;
-
Indirect collection: through partners and other third parties, including official entities.
SCML safeguards data subjects’ exercise of their rights, in accordance with the applicable legislation on the protection of personal data. SCML safeguards data subjects’ exercise of their rights, in accordance with the applicable legislation on the protection of personal data.
Right to Information
The data subject has the right to be informed by SCML, prior to the processing of their data, of:
-
The identity and contact details of SCML and, where applicable, its representative;
-
The contact details of the Data Protection Officer;
-
The purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;
-
The legitimate interests pursued by SCML or by a third party, where the processing is based on those legitimate interests;
-
The recipients or categories of recipients of the personal data, where applicable;
-
The transfer of personal data to a third country or an international organisation, and the existence or absence of an adequacy decision adopted by the European Commission, or reference to the appropriate or suitable transfer safeguards and the means by which to obtain a copy of them, where applicable;
-
The retention period of the personal data or, where this is not possible, the criteria used to determine that period;
-
The right to request from SCML access to the personal data that concerns them, as well as their rectification, erasure or restriction, the right to object to processing and the right to data portability;
-
The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given previously, where the processing is based on the data subject’s consent;
-
The right to lodge a complaint with the national supervisory authority or another supervisory authority;
-
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data;
-
The existence of automated decision-making, including profiling, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject, where applicable.
Where the data subject’s data are not collected directly by SCML from the data subject, in addition to the information referred to above, the data subject is also informed of the categories of personal data being processed, as well as the source of the data (in particular where they come from publicly accessible sources). In these situations, the information is provided:
-
Within a reasonable period after obtaining the personal data, not exceeding one month;
-
At the latest at the time of the first communication with the data subject, if the personal data are to be used for communication with the data subject;
-
At the latest at the time when the personal data are first disclosed to another recipient, if such disclosure is envisaged.
Whether or not the data are collected from the data subject, and in accordance with the applicable legislation, SCML is not obliged to provide the information where and to the extent that the data subject already has it.
Right of Access
The data subject has the right to obtain confirmation from SCML as to whether or not personal data concerning them are being processed and, where that is the case, the right to access their personal data and the information set out under the Right to Information.
Upon request by the data subject, SCML will provide, free of charge, a copy of the data subject’s data being processed. The provision of further copies requested by the data subject may incur a reasonable fee, taking into account the related administrative costs.
Right to Rectification
The data subject has the right to obtain from SCML, on request, the rectification of their personal data and to have incomplete personal data completed, including by means of providing a supplementary statement.
In the event of rectification of the data, SCML communicates the rectification to each recipient to whom the data have been disclosed, unless this proves impossible or involves disproportionate effort for SCML. If the data subject so requests, SCML provides information about those recipients.
Right to Erasure of personal data (“Right to be forgotten”)
The data subject has the right to obtain from SCML the erasure of their data where one of the following grounds applies:
-
The data subject’s data are no longer necessary in relation to the purposes for which they were collected or processed;
-
The data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
-
The data subject objects to the processing under the right to object and there are no overriding legitimate grounds for the processing;
-
Where the data subject’s data have been unlawfully processed;
-
Where the data subject’s data have to be erased to comply with a legal obligation to which SCML is subject;
-
Where the data subject’s data have been collected in the context of the offer of information society services to children.
In accordance with the applicable legislation, SCML is not obliged to erase the data subject’s data to the extent that processing is necessary:
-
For exercising the right of freedom of expression and information;
-
For compliance with a legal obligation which requires processing by Union or Member State law to which SCML is subject, for the performance of a task carried out in the public interest or in the exercise of official authority vested in SCML;
-
For reasons of public interest in the area of public health;
-
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
-
For the establishment, exercise or defence of legal claims.
In the event of erasure of data, SCML communicates the erasure to each recipient/entity to whom the data have been disclosed, unless this proves impossible or involves disproportionate effort for SCML. If the data subject so requests, SCML provides information about those recipients.
Where SCML has made the data subject’s data public and is obliged to erase them under the right to erasure, SCML undertakes to take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform the controllers actually processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data.
Right to Restriction of Processing
The data subject has the right to obtain from SCML restriction of processing of the data subject’s data where one of the following applies:
-
If the accuracy of the personal data is contested, for a period enabling SCML to verify the accuracy;
-
Where the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
-
Where SCML no longer needs the data subject’s data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
-
Where the data subject has objected to processing, pending the verification of whether the legitimate grounds of SCML override those of the data subject.
Where the data subject’s data are subject to restriction, they may, except for storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of public interest provided for by law.
A data subject who has obtained the restriction of processing in the cases referred to above will be informed by SCML before the restriction of processing is lifted.
In the event of restriction of data processing, SCML will communicate the restriction to each recipient to whom the data have been disclosed, unless this proves impossible or involves disproportionate effort for SCML. If the data subject so requests, SCML provides information about those recipients.
Right to Data Portability
The data subject has the right to receive the personal data concerning them which they have provided to SCML, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller, where:
-
The processing is based on consent or on a contract to which the data subject is party; and
-
The processing is carried out by automated means.
-
The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right to data portability is without prejudice to the right to erasure; it does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in SCML, and shall not, in any case, affect the rights and freedoms of others.
Right to Object and not to be subject to automated individual decision-making
The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on the legitimate interests pursued by SCML, or where the processing is for purposes other than those for which the personal data were collected, including profiling, or where the personal data are processed for statistical purposes.
SCML will cease processing the data subject’s data, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where the data subject’s data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing — which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to the processing of their data for direct marketing purposes, SCML ceases the processing of the data for that purpose.
The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision:
-
Is necessary for entering into, or performance of, a contract between the data subject and SCML;
-
Is authorised by law to which SCML is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
-
Is based on the data subject’s explicit consent.
In cases where automated decision-making is necessary for entering into or performance of a contract with the data subject or is based on their explicit consent, SCML will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, ensuring the right to obtain human intervention in the decision on SCML’s part, to express their point of view and to contest the decision.
Where the data subject has given explicit consent to the processing of special or sensitive data for one or more specific purposes, or where the processing of such data is necessary for reasons of substantial public interest and suitable measures are in place to safeguard the data subject’s rights and freedoms and legitimate interests, SCML’s automated decisions may be based on those special or sensitive data.
SCML will provide information and communicate with the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, particularly where the information is specifically addressed to children.
The right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability and the right to object and not to be subject to automated individual decision-making may be exercised before SCML through the following means:
-
In person, at any SCML establishment, by completing the dedicated form available there;
-
Through the following Contact form;
-
By post, to the address Largo Trindade Coelho, 1200-470 Lisbon.
If the data subject submits the request by electronic means, the information is, where possible, provided by the same means, unless otherwise requested by the data subject.
SCML will respond in writing (including by electronic means) to data subjects’ requests within a maximum period of one month from the date of receipt; this period may be extended by up to a further two months where necessary, taking into account the complexity and number of requests, with SCML being responsible for informing data subjects of any such extension and the reasons for the delay within one month of the date of receipt of the request.
If, for any reason, SCML does not act on the data subject’s request, it informs the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and of the possibility of lodging a complaint with the national supervisory authority or another supervisory authority and seeking a judicial remedy.
In the context of exercising the right to information and at the data subject’s request, SCML may respond orally, provided that the data subject’s identity is proven by other means.
Where SCML has reasonable doubts concerning the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the data subject’s identity.
Information is provided by SCML free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character, in which case SCML reserves the right either to charge a reasonable fee — taking into account the administrative costs of providing the information or communication, or of taking the action requested — or refuse to act on the requests; SCML bears the burden of demonstrating the manifestly unfounded or excessive character of the requests.
Without prejudice to the exercise of the rights referred to above, the data subject may complain directly to the national supervisory authority – the Comissão Nacional de Proteção de Dados (CNPD) – using the contact details made available by that authority for this purpose (at www.cnpd.pt).
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity, SCML applies appropriate security measures (technical and organisational) to ensure a level of security of personal data appropriate to the risk, such as:
-
Use of firewalls and intrusion detection systems on its information systems;
-
Application of access control procedures, using differentiated access profiles based on the need-to-know principle;
-
Logging of actions performed on the information systems containing personal data;
-
Implementation of a structured backup plan;
-
Encryption of portable devices and external storage;
-
Management of critical and security patches and updates for the operating systems of SCML’s computers;
-
Anti-spam protection on the receipt and sending of corporate emails;
-
Protection against malicious links and attachments in corporate emails;
-
Installation, maintenance and management of antivirus and firewall systems on SCML’s computers;
-
Centralised management of software distribution to SCML’s computers;
-
Pseudonymisation of personal data;
-
Access control to SCML’s physical premises;
-
A disaster recovery centre at an alternative location;
-
CCTV system;
-
Automatic fire and intrusion detection system;
Delivery of training and/or awareness-raising on information security and data protection.
Processors and Third Parties
-
Processors: SCML may engage other entities contracted by it (processors) to process the data subject’s data on SCML’s behalf and in accordance with its instructions, in strict compliance with the GDPR, national legislation on personal data protection and this Policy. Processors may not transfer the data subject’s data to other entities without SCML’s prior written authorisation, and are also prevented from engaging other entities without SCML’s prior authorisation. SCML undertakes to ensure that such processors are only entities providing sufficient guarantees of implementing appropriate technical and organisational measures, so as to ensure data subjects’ privacy and the protection of their rights. All processors are bound to SCML by a written contract setting out, in particular, the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, the rights and obligations of the parties — including the duty of confidentiality — and the security measures to be implemented. Under the right to information, SCML will provide the data subject with information about the categories of processors which, in any given case, may carry out processing of data on SCML’s behalf.
-
Third parties: SCML may also transfer data to third parties — namely entities to which data must be disclosed in accordance with the applicable legislation, such as the Tax Authority, Social Security, insurers, among others.
Transfer of data outside the European Union
In certain types of processing, the data subject’s personal data may be made available by SCML to third parties, which may involve their transfer outside the European Union, whether to third countries or international organisations. In that case, SCML undertakes to ensure that the transfer complies with the applicable legal provisions, namely as regards the assessment of the adequacy of such third countries or international organisations regarding data protection and the requirements applicable to such transfers.
In the event of a personal data breach, and to the extent that such breach is likely to result in a high risk to the rights and freedoms of the data subject, SCML will notify the national supervisory authority of the breach and communicate the breach to the data subject, within 72 hours of becoming aware of it.
Under the GDPR, communication to the data subject is not required in the following cases:
-
Where SCML has implemented appropriate technical and organisational protection measures, and those measures have been applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person not authorised to access it, such as encryption;
-
Where SCML has taken subsequent measures which ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise; or
-
Where it would involve disproportionate effort for SCML to communicate to the data subject, in which case SCML will issue a public communication or take a similar measure whereby the data subject will be informed.
Any personal data breach whose processing is the responsibility of SCML may be reported through the following means:
-
Through the following Contact form;
-
By post, to the address Largo Trindade Coelho, 1200-470 Lisbon.
Contacts
Largo Trindade Coelho
1200-470 Lisbon
* Cost of a call to the national landline network