Portugal
the right to confirm whether the data is being processed and, if so, to have access to that data and information. Where applicable, the data subject may also: (i) request that inaccurate or incomplete personal data be corrected; (ii) request the deletion of personal data, unless there are legal grounds for its processing; (iii) object to the processing of personal data in certain circumstances, such as in direct marketing situations; (iv) request the restriction of the processing of personal data in certain specific situations. In its turn, the data controller must (i) ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and national data protection legislation; (ii) define the specific purposes for which personal data are processed and (iii) ensure that the rights of data subjects are respected, including the rights of access, rectification, erasure and portability. The controller should also implement appropriate technical and organizational measures to ensure the security and privacy of personal data. The data processor shall implement technical and organizational measures to ensure compliance with data protection laws (i.e., GDPR and national laws), and shall also manage the storage of personal data on servers or cloud platforms and process personal data on behalf of the data controller (i.e., payment processing and marketing services). Therefore, it is crucial for the controller to select processors who provide sufficient guarantees regarding the implementation of www.mgra.pt
appropriate security measures and compliance with data protection laws. A formal contract should be established between the two parties, clearly defining the obligations, responsibilities, and security measures that the processor must adopt to protect personal data. The parties shall work together to ensure that personal data is processed in accordance with data protection laws and regulations (Article 28 GDPR). REQUIREMENTS FOR DATA PROCESSING V .1. Grounds for collection and processing The processing of personal data is delimited by principles such as (i) lawfulness, fairness and transparency, (ii) purpose limitation, (iii) data minimization, (iv) accuracy, (v) storage limitation, and (vi) integrity and confidentiality. The controller is subject to accountability and shall be responsible for, and be able to demonstrate compliance with, such principles. Processing of personal data shall be lawful only if and to the extent that at least one of the following applies (Article 6(1) GDPR): The data subject has given consent to the processing of his/her personal data for one or more specific purposes;
Made with FlippingBook - PDF hosting