Introduction

The protection of your privacy and your personal data is a permanent commitment for APL - Administração do Porto de Lisboa, S.A., (APL).
The purpose of this Privacy Policy is to state the principles that guide APL in the collection and processing of personal data provided, through the various channels available, as well as to clarify the exercise of the rights of its holders in this matter, in accordance with the Regulation General on the Protection of Personal Data (Regulation No. 2016/679 of the European Parliament and of the Council, of 27 April 2016).

Definition of Personal Data

Personal data is any numerical, alphabetic, graphic, photographic, acoustic or any other information relating to a person (the data subject) that identifies or makes him identifiable, such as a name, an identification number, data location, identifiers electronically or to one or more specific elements of that person's physical or social identity.

Controller for processing Personal Data

APL is the controller responsible for the collection and processing of personal data that it collects or is communicated by its users.
APL assumes that the data collected were provided by the respective owner, being the same true and exact, and that it was guaranteed permission when it was collected.

Personal Data Processing

Personal data are processed by APL for the following purposes:

  • Pre-contractual arrangements, execution of contracts or management of the contractual or administrative relationship with the data subject;
  • Compliance with legal and regulatory obligations to which APL is subjected, pursuit of the legitimate interests of APL or other authorities with jurisdiction in the Port of Lisbon or reasons of major public interest, pursuant to article 3 of Decree-Law no. 336/98, of November 3, in its current wording resulting from Decree-Law No. 15/2016, of March 9, and other applicable legislation;
  • Disclosure of activities and/or events in the port other than those contracted by the user, which APL still considers to be susceptible to his interest, with the express consent of the same data for this purpose.

The data subject can, at any time, withdraw his consent, without, however, such decision affecting the lawfulness of the previous processing.

In accordance with the regulation, APL adopted the minimization principle, collecting only the data strictly necessary to achieve the objective pursued and defined for the interested individual persons, allowing them to exercise any right regarding this.

Personal Data received by other entities or controllers

Within the scope of JUL (Single Port Window), one of the main applications of the maritime port activity, we receive personal data provided by other entities.
In this context, APL uses the same procedures for the protection of privacy and personal data transferred, while that data remains in the applications databases.

Transmission of Personal Data to third parties

APL may communicate personal data to third parties provided that for this purpose it has unequivocally obtained the consent of the data subjects, or even when:

  • the transmission is carried out within the scope of compliance with a legal obligation, a resolution of the National Data Protection Commission or a court order;
  • the communication is carried out in the performance of functions of public interest, public authority or any other legitimate purpose provided for by law.

Examples of data communication to third parties that we foresee, are the communication of data to recipients like public entities, such as the Tax and Customs Authority or the of the Port of Lisbon Maritime Authority, the notification of case reports to the various authorities with jurisdiction in the Port of Lisbon, the communications made within the scope of JUL and other cases in which the communication of personal data constitutes a legal or contractual obligation, under penalty of not entering into a contract or legal infraction. Note that APL does not intend to transfer personal data to a third country out of the European Union or an international organization.

Data Storage

Appropriate data processing actions will be carried out in APL databases, applying strict control regulations, in accordance with the latest technological advances and with the recommendations of the supervisory authority.
The conservation period depends on the treated activity, the nature of the contact (customer or potential customer, for example) and its uses in the maritime and port sector.
APL keeps certain mandatory documents (invoices, etc.) during the respective legal conservation period.
The period of retention of personal data must also be adequate, in accordance with the established archival criteria enforced.
The data will be deleted as soon as any of the justifications mentioned above cease to exist or when consent is withdrawn.

Your rights in controlling your data

APL ensures data subjects the exercise of the rights of the GDPR, namely:

  • the right to access
  • the right to update and/or rectify
  • the right to portability

When applicable, it is also guaranteed:

  • the right to limit treatment
  • the right to erasure
  • the right of opposition

To exercise these rights, data subjects may contact the data protection officer.
If the use of your personal data is based on consent, you have the right to withdraw it, without compromising the validity of the data processing carried out until that moment.
In addition, holders have the right to submit a complaint to the National Data Protection Commission, whenever they consider that the processing of their data violates the provisions of the Regulation.

Security Measures

APL continuously implements the best physical and logical security practices and measures, which it considers to be indispensable for the protection of its users' personal data as well as for the prevention of unauthorized access to data, improper use, disclosure, loss or undoing.

Only authorized personnel can access personal data, and within their assigned functions and in the course of their work.

Despite the measures adopted by APL, it is important to warn our users that no website, Internet transmission, computer system or wireless connection guarantees conditions of absolute inviolability and security.

Cookies

Cookies are small software tags that are stored on devices used to access the internet, through the browser, retaining only information related to your preferences, not including your personal data.
These labels serve to help determine the usefulness, interest and number of uses of websites, allowing for faster and more efficient navigation, eliminating the need to repeatedly enter the same information.
This portal aims to provide the best, most intuitive and interactive experience to our “navigators”, so it is recommended to use the standard cookie settings in your browser, in order to take advantage of all the features and potential of our portal.

Social Networks

APL does not use social networks to collect elements for the profiling of our users.
When contacting APL by visiting a company page on a social network, you will not be directly providing any personal data.
It is advisable to consult the Privacy Policies of social networks to better clarify your rights as a user.

Tejo Live

The Tejo LIVE project offers the port of Lisbon website users with a free 24/7 service of images of the Tagus River. Its main objectives are, among others, to show:

  • The movement of ships entering and exiting the port of Lisbon;
  • The weather conditions;
  • The sea conditions;
  • Nautical events of public interest.

The LIVE service provides virtually real-time images, with a delay of just about 30 seconds, with no recording of image or sound, nor the storage of the transmitted images.

After the image transmission, no entity will be able to access them.

In some cases with a certain zoom level, the images do not allow facial recognition.

The port of Lisbon reserves the right to suspend or interrupt the image transmission for as long as it deems necessary, for any technical or administrative reason, for reasons of force majeure and of change of circumstances, which are not provided for here.

Data Controller Contacts

Any question related to your personal data or APL's privacy policy can be addressed to the Data Protection Officer by letter sent to his care to 
APL - Administração do Porto de Lisboa, SA, 
Gare Marítima de Alcântara, 1350-355
Lisboa
or by email through the email address dpo@portodelisboa.pt.

Links to third party websites

This website has links to other sites, which may contain useful information / tools for our visitors. This privacy policy is not naturally extended to third party websites, and you should read the privacy policy of those sites visited.
Therefore, APL cannot be responsible for the privacy policy or content present on those same sites.

Changes or updates to the APL Privacy Policy

APL reserves the right, at any time, without prior notice and with immediate effect, to modify, add or revoke, partially or totally, this Privacy Policy, always in compliance with the GDPR and other applicable legislation. 
Any changes will be immediately posted on this page.

We are available for any improvements and/or adaptations of our privacy policy, thus inviting all users to send their suggestions.


Last update: May 5, 2021