WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
LSDM is responsible for the processing of the customers and/or potential customers personal data. Through automated means or not, it is responsible for the processing of personal data from its collection, organisation, storage to its disposal. LSDM knows and complies with the rules of the processing of personal data, which are currently laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
WHAT PERSONAL DATA IS COLLECTED AND WHAT OPERATIONS ARE PERFORMED?
The data provided by potential customers for information request is:
- Course of interest
- Language of interest
In addition to the information above, the personal data provided by customers at the application stage are:
- Civil Identification Number
- Type of Civil Identification
- Tax number
- Motivations for course attendance
- Completion Certificate from Previous Qualifications
In addition to the above, the personal data provided by customers, in the phase of enrolment are:
- Date of birth
- Disabilities (if applicable)
- Criminal Convictions (if applicable)
- Country of permanent residence
- Country of birth
- Ethnic origin
- Condition of residence status
- Last Qualification 1
- Last Qualification Theme 1
- Date that last qualification was obtained 1
- Last Qualification Grade 1
- Previous Qualification 2 (if applicable)
- Previous Qualification Theme 2 (if applicable)
- Date that was obtained Earlier Qualification 2 (if applicable)
- Previous Qualification Degree 2 (if applicable)
- Additional Qualifications
- Emergency Contact
Regarding data processing operations, we inform that:
- The collection of data from potential customers is done through electronic forms available on the LSDM website and on promotional web pages where consent to the collection is requested. The potential customer voluntarily completes the form, and the data provided is intended to request information about the intended course, training offer or school.
- The customer’s data is collected through:
- Electronic forms available on the LSDM website for application and registration purposes, where it is requested to voluntarily and formally accept the Terms & Conditions on which the service will be provided. The data provided is for the analysis of the application for the intended course and subsequent enrolment and provision of service.
- Participation in educational activities conducted electronically at LSDM Online Campus, within the scope of their courses. The customer voluntarily participates in the proposed activities for approval in the subjects.
- Personal data of customers and potential customers are processed as necessary for the conclusion and execution of the contract or because they have been subject of consent. The omission or inaccuracy of this data or other information provided by the customer and / or potential customer is entirely their responsibility.
- The registration, organisation and data retention, in digital format, is done in computer systems and is in monitored servers and, in physical format, in documentary archive, with controlled access.
- The limitation or destruction of personal data corresponds to actions triggered by the will of the data subject at its request or the expiry of the consent provided, and only in cases where there are no legal requirements for its storage. If the customer or potential customer wishes to modify, correct or delete the stored personal data, they may contact LSDM in writing. In case a misuse of the information systems is detected, LSDM reserves the right to permanently delete or destroy stored data.
- The personal data provided is processed and stored for marketing, sales, customer management, pedagogical management, administrative management, litigation management, network and system management, and compliance of legal obligations, being necessary the express and explicit consent to its use and process.
- The personal data provided will only be used for the purposes indicated above and will not be used for purposes other than those for which consent was given.
- Providing data to third parties: LSDM shares customer/student personal information with the University for the Creative Arts, entity responsible for the accreditation of its courses, with the purpose of record, monitoring quality and assign the final qualification (diploma). Providing personal data is mandatory to fully comply with legal obligations and is performed in a protected manner. LSDM may also share personal information with: other group companies; partners, suppliers and subcontractors to facilitate the performance of any contract made with them or the student; professional, legal and regulatory entities; engine optimisation providers for systems and platforms.
WHAT RIGHTS ARE GUARANTEED?
The customer or potential customer has the right to request from LSDM:
- Access to a copy of your data;
- The rectification of your data;
- Limiting the processing of your data;
- The portability of your data;
- Opposition to the processing of your data;
- Data deletion.
Observe, however, that if there is a rule or obligation legally imposed, legal sentence or administrative decision that overrides these rights, LSDM will impossibility the execution of the request, stating the reasons.
WHAT ARE THE PURPOSES INHERENT IN THE DATA PROVIDED?
Personal data provided by potential customers through contact forms and/or chat, with their consent, will be handled in order to communicate and send commercial information related to the training offer and LSDM in general. The data provided by clients in the context of the application and registration, with acceptance of the Terms and Conditions, and in the course of providing online education, will be addressed with a view to:
- Evaluation of applications for admission in the courses;
- Registration and enrolment payment processing;
- Involvement in teaching-learning activities integrated in online courses;
- Identification of plagiarism compared to other sources of information;
- Continuous improvement - content enhancement, learning dynamics, assessment tools, interaction mechanisms with tutors, analysis of activity participation rates and formal assessment, access devices and browsers, days and hours of access, use of scientific databases;
- Event Information Disclosure directly related to academic training (eg: webinars, events, new courses).
The personal data of alumni will be treated to maintain a relationship with them, in compliance with legal obligations, maintenance of information related to the professional career of graduates and new product offerings.
HOW DO WE KEEP PERSONAL DATA SECURE?
We use a variety of security measures, including:
- Training employees about the importance and mechanisms of data protection;
- Personal data are processed by computer and integrated into servers of cloud storage providers (Google, Bluehost, Salesforce) in accordance with RGPD principles;
- Access to personal data is through authentication tools and access to which only authorised persons are allowed;
- Regular backups are performed to ensure data integrity;
- Access to Online Campus is through integration with Google authentication system, allowing LSDM to not interfere with the personal password management of students and staff;
- Sensitive information is shared with UCA through password protection.
HOW LONG DO WE KEEP PERSONAL DATA?
Personal data will be kept for different periods of time, depending on their intended purpose and taking into account legal criteria, necessity and minimisation of storage period, without prejudice to the legally defined periods for the various purposes. Records of potential customers are kept for 2 years after their consent. At the end of this period a new consent request is sent to maintain or delete the record. Customer/student records will be stored according to the following categories: Medium term retention (up to three years after completion of the course):
- Upon leaving the study programme, LSDM will maintain records regarding participation, mentoring, assessments, results, general and specific feedback of the assessment;
- Permanent Retention: LSDM will retain only the data necessary to identify the student and confirm the dates they took the course, the grade received and the transcript of their grades.
WHAT IS THE RESPONSE AND RESPONSE TIME TO THE DATA SUBJECTS IN THE CONTEXT OF THE EXERCISE OF THE RIGHTS GUARANTEED AND THE VIOLATION OF THEM?
The controller must respond to a request within 30 days. If needed to extend the deadline, it can be extended by justifying the reasons electronically for this purpose, especially when data is also processed by that means. If the request is rejected, the reasons for the request and the possibilities and means of reaction must be sent. Pursuant to the Regulation, if a personal data breach occurs, LSDM guarantees the right to notify within 72 hours. The data controller will send an email to the owner of the personal data that has been breached, informing the extent of the breach, and the data subject may file complaints with the authority(s). For technical reasons, the time limit for reply may be extended and the reasons for such extension should be justified.
HOW CAN YOU CONSULT AND CHANGE YOUR PERSONAL DATA OR WITHDRAW YOUR CONSENT?
To consult, change data or withdraw consent, the following communication channels should be used:
HOW TO FILE A COMPLAINT?
If you consider that your data are not being processed in accordance with the applicable law, in particular the European law, you may contact the supervisory authorities for clarification or to exercise the right to lodge a complaint. Your exercise of this right of complaint is subject to certain exceptions aimed at safeguarding the public interest (prevention or detection of crimes).