Go to Content

Privacy Policy

DNS.PT Association, hereinafter referred to as .PT, is strongly committed to respecting and ensuring the privacy of users of your website and the respective security of your personal data, as well as all personal data of data subjetcs processed by .pt, as controller.

In addition to what is referred in the personal data protection policy reproduced below, within the scope of its performance, the .PT assumes and recognizes as fundamental a commitment to:

• Respect your privacy and the selection of content you consult on this site;
• Identify and limit the processing of any personal data collected to what is strictly necessary to successfully complete the requested action;
• In cases where it is necessary to collect your personal data, the use of this information is described in the terms of the present document and with respect to the applicable legislation on the privacy and protection of personal data;
• Not to use your data for purposes other than those that have been identified and previously communicated;
• Treat your data according to the applicable legislation, taking into account the security and protection measures that appear as necessary and applicable.

DATA PROTECTION POLICY

Framework
.PT is committed to ensuring that the natural persons with whom it interacts in the exercise of its functions have greater control over their personal data, in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Thus, .PT discloses, to the data subjects, the general rules for the processing of personal data, ensuring that they are collected and processed in accordance with the provisions of the mentioned legislation.

In this regard, .pt intends to ensure the observance of the best practices in the area of security and protection of personal data by promoting all technical and organizational measures in line with the compliance with the GDPR, ensuring that the processing of personal data is lawful, loyal, transparent and limited to duly authorized purposes.

It is under this framework, and in a logic of clarification of concepts and principles, that .pt presents its Data Protection Policy, applicable exclusively to the collection and processing of personal data for which the .pt is responsible for.

Personal Data
Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (data subject).

It is considered identifiable any person that can be identified, directly or indirectly, using reasonable means, by reference to a name, identification number, location data, identifiers by electronic means or one or more specific elements of its physical, physiological, genetic, mental, economic, cultural or social identity.

Personal Data Processing
The processing of personal data consists of an operation or a set of operations carried out on personal data or personal data sets, by automated means, or not, namely the collection, registration, organization, structuring, preservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, deletion or destruction.

Controller
.PT is the entity responsible for the collection and processing of the personal data.

Purpose of Data Processing
.PT process personal data for a set of purposes related to the pursuit of its activity and as well as its operation as a legal entity.

Currently, the purposes of treatment are as follows:
•    Registration of domain names management;
•    Human resource management;
•    Financial management;
•    Infrastructure and system management;
•    Legal management.

Lawfulness of the Processing
In this scope, .PT process your personal data based on the following grounds of lawfulness:

•  In the scope of pre-contractual procedures requested or already within the scope of the contractual relationship arising from the registration of a .pt domain and the management of the contractual relationship, which include, among others, the contacts, via web platform, email and/or telephone for notifications, clarification of questions or conducting surveys of satisfaction and evaluation of the services provided.
•  If you have obtained your consent, as data subject, to process them based on specific, explicit and legitimate purposes, including to allow registration at our events, training and other initiatives;
•  When it is necessary for the fulfillment of legal obligations that apply to it;
•  For the pursuit of legitimate interests of the .pt, which includes, in particular, the need to develop and maintain the present site with the quality and security intended, contribute to the prevention and detection of fraud, allow notification of situations or associated events to the security of the .pt, the networks or the information (in particular through the mechanism of contact via email abuse@dns.pt).

Data Subject’s Rights
As data subject, you can exert, within the limits resulting from the law, the following rights:
•    Right of access to your respective personal data;
•    Right to rectification of any personal data that is inaccurate or incomplete;
•    Right to erasure of your personal data;
•    Right to restrict the processing of your personal data;
•    Right to portability of your personal data;
•    Right to object to the processing of your personal data;
•   Right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (www.cnpd.pt), should you believe that any of the above rights has been breached.

Processors and Recipients
Your personal data may be disclosed or transferred to entities that provide services of registration and management of domain names duly accredited by .PT, court authorities, ARBITRARE - Centro de Arbitragem para a Propriedade Industrial, Nomes de Domínio, Firmas e Denominações and to any entity to which the law assigns powers in respect of criminal investigation or whose mission is to oversee or ensure compliance with the legislation applicable, in particular, to the protection of consumer rights, intellectual property, communications, security, public health and trade practices in general. Only personal data necessary for their intended purpose will be disclosed and transferred.

In any case, the .PT will remain as controller of the personal data made available to it.

Processors which process personal data on behalf of the .pt are obliged to submit in writing sufficient guarantees for the execution of technical and organizational measures appropriate to compliance with the legislation in force and to ensure the protection of the rights of the data subject .

What Data is Collected
In addition to the necessary data for the continuation of its activity, the ownership of employees and suppliers, the .PT processes the personal data necessary for the provision of the .pt domain registration service, duly identified in the respective registration process.

Additionally, .PT may process personal data resulting from browsing this site, in accordance with the Cookies Policy.

Finally, .PT process the personal data you provide voluntarily through your use of this site, such as filling out contact forms or sending electronic mail.

The personal data are collected [in writing, by phone, through forms made available on the website], with their data subject. If personal data are collected from third parties, the data subject will be duly informed of the collection and their rights.

In the scope of its activity, .PT collects and processes personal data related to the following categories: identification data, contact data, qualification data, professional data, bank data, image data and biometric data. 

The data collected and processed refer to the personal data of employees, corporate members, service providers and customers that are related to the .PT activity.

Period for which the personal data will be stored
The personal data shall be stored in such a way as to enable the data subjects to be identified only for the period necessary for the purposes for which they are processed, without prejudice, inter alia, to the fulfillment of legal obligations imposing a certain period of exercise of the rights and legitimate interests of the Controller.

.PT will keep the personal data of the data subjects for the period necessary for the purposes that led to the collection, plus the legal deadlines for preservation of information arising from national legislation and the limitation and expiration periods for the exercise of rights that, as the case may be applicable.

The personal data that are being processed during the storage period may be reused by the same data subjects as soon as a new domain name registration is initiated or for the purpose of reactivating an expired domain name.

Measures taken to ensure the security of personal data
Since 2015, .PT has provided an integrated management system for quality and information security certified in ISO 9001: 2015 and ISO / IEC 27001: 2013, which establishes a set of best practices for enhancing the quality and security of information.

To ensure the protection of personal data, .PT implements strict rules, in line with best international practices, which apply to all those who legally handle personal data.

Technical and organizational security measures are implemented in order to protect the personal data that are made available to .pt, such as the encryption of communication channels between clients, partners and .pt, thus protecting the integrity, confidentiality and authenticity of the data exchanged. The personal data transferred that are stored by .PT are encrypted and anonymized, whenever possible, and subject to access control based on the principle of minimum privilege.

The .PT continuously reviews the practices adopted to ensure the continuous improvement of the practices adopted, accompanying the new cyber threats and implements the necessary countermeasures.

Responsibility of users as Data Subjects
Users are responsible for providing reliable information to .pt and for using .PT services with respect to the rules of use and the rights of third parties.

In particular, users are responsible for the use of usernames, passwords, access codes and any other elements used to access the services provided by .pt, which are personal and non-transferable, and it is up to the users to ensure their confidentiality and prevent their use by third parties. 

Users should also take additional security measures, including ensuring that they use an updated PC and browser in terms of properly configured security patches with active firewall, antivirus, and antispyware.

Data Protection Officer
.pt has appointed a Data Protection Officer that may be contacted directly, using the following contact details, to clarify any issues related to the processing of your personal data and the exercise of your rights.

Contact details: epd@dns.pt.

Notification and Complaint
You can send direct notification to .pt, through the contacts indicated below. You can also complain directly to Comissão Nacional de Proteção de Dados (CNPD), using the contacts made available by this entity for this purpose.


CONTACTS:
Media and .pt website issues: rp@dns.pt;
Processing of personal data issues: epd@dns.pt;
.pt Domain Registration issues: request@dns.pt;
Security issues: abuse@dns.pt

Associação DNS.PT
Rua Latino Coelho, n.º 13, 5.º andar
1050-132 Lisboa - Portugal

Any of the foregoing arrangements may be amended in accordance with the law, judicial decision or recommendation of the competent administrative authority.

If this happens, the information will be updated as soon as possible.