Repository logo

Privacy Policy


The Fundação para a Ciência e a Tecnologia, I. P., as an administrative entity with high commitments in the area of research in science, technology and innovation in all areas of knowledge, is committed to the principles applicable to data protection and to strengthening the legal protection of the holders of personal data in strict compliance with the relevant legislation, namely the provisions of Article 35 of the Constitution of the Portuguese Republic, Regulation (EU) 2016/679, of the European Parliament and of the Council of 27th April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR), Law no. 58/2019, of 8 August, which ensures the implementation of the GDPR in the national legal order, and Law 59/2019, of 8 August, which approved the rules on the processing of personal data for the purposes of the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties.

The FCCN Unit of the Fundação para a Ciência e a Tecnologia, I. P. (FCT) is responsible for developing and maintaining technological areas in the communications infrastructure and advanced services related to research, science and education.

In carrying out its duties, the FCT plays a responsible and fundamental role in the promotion, valorisation, dissemination and sharing of knowledge, actively participating in the implementation of the guidelines for a National Open Science Policy.

Open Science is more than making data and publications available in open access. It represents the opening up of the scientific process as a whole, reinforcing the concept of scientific social responsibility.

The implementation of Open Science implies the incorporation of methodologies, tools and practices of a collaborative nature and requires the commitment of the various stakeholders involved in the production, dissemination and utilisation of knowledge, such as FCT.

As part of its overall duties, FCT is the body responsible for developing, funding and evaluating the national scientific and technological system. Through its FCCN unit, it also provides Information and Communication Technologies services to the academic and scientific community, striving for best management and IT security practices.

Repositórios Científicos de Acesso Aberto de Portugal (hereinafter the ‘RCAAP Portal’) play an important role in promoting Open Science, namely through the adoption of open access to scientific knowledge in Portugal and in increasing the visibility of the results of Portuguese academic and scientific activity.

This role is materialised through numerous services, in particular:

  • The Serviço de Alojamento de Repositórios Institucionais (henceforth ‘SARI’) which is intended to be used by the institutions of the scientific and higher education system to host their repositories with their own individualised corporate identity.

  • The Repositório Comum (henceforth ‘Repository’), which is a service derived from SARI aimed at education and research institutions that produce scientific literature and are unable to provide their community with their own institutional repository, either due to their organisational size or the lack of human resources for this type of service.

The RCAAP Portal provides access to thousands of scientific journal articles, communications, thesis and dissertations, among other types of publications, which are scattered throughout numerous Portuguese scientific repositories and journals belonging to national higher education institutions and other research and development organisations.

SARI is made available on a SaaS basis, freeing institutions from the technical management of a service of this nature and allowing them to focus on managing the scientific information produced at their institution. This service houses the repositories of higher education institutions, state laboratories and public hospitals.The purpose of this Privacy Policy is to inform the holders of personal data who interact with SARI in the institutional and common areas, accessible at https://projeto.rcaap.pt/sari/ and https://projeto.rcaap.pt/repositorio-comum/ respectively, about compliance with FCT's privacy practices with regard to the protection of that data, without prejudice to reading and understanding the Terms and Conditions of Use.

FCT acts as the data controller regarding personal data it collects during the registration in its services by data subjects.

The operation, administration, information and personal data deposited in each repository is the responsibility of the member institutions.


Responsible for Data Processing

FCT, with head office at Av. D. Carlos I, 126, 1249-074 Lisboa, NIPC 503904040 and telephone: +351 21 3924300, is responsible for processing personal data.


Data Protection Officer

FCT has appointed a Personal Data Protection Officer, who can be contacted directly via e-mail at dpo@fct.pt for all questions relating to the processing of personal data under this Privacy Policy.

Among other tasks, the Data Protection Officer monitors the compliance of data processing with applicable regulations, ensuring compliance with privacy and data protection policies, and is one of the points of contact for clarifying issues relating to data processing.


Data Collection, Categories of Data Subjects and Categories of Data

In the context of the institutional and common SARI, FCT collects personal data in two ways:

  • a) Directly from data subjects by manually filling in forms and surveys for scientific research purposes, and also in cases where correspondence is exchanged via email and user registration.

  • b) Indirectly from data subjects if the account is created using a DNI or digital mobile key, European authentication via eIDAS, or through a RCTSaai institutional account or an ORCID account, in which case, after authentication and authorisation by the data subject, the data is automatically filled in by accessing these systems.

The personal data collected concerns the following categories of data subjects:

Researchers, Managers, Members and Employees of the member organisations: State Laboratories, Associated Laboratories, Higher Education Institutions, Public Hospitals, R&D Units, other Units of the National Science and Technology System, International Institutions and Similar Organisations.Within the scope of SARI, the following categories of personal data are collected:

COMMON

  • Civil identification: name, surname, gender, country of residence, civil identification number and/or passport, tax number, digital signature;

  • Contact: personal email address, institutional email address.

  • Academic and Professional Activity: level of education, academic or professional career, academic degree, work history, published works, published reports, job titles, evaluations, references, interviews, certificates, awards, letters of recommendation; contents of works and projects, institutional address, application results;

  • Tracking: tools and protocols such as IP addresses (internet protocol), unique identifiers, security logs (access), audit logs;

  • Authentication: access credentials (user name and password), user profiles;

  • Browsing data: IP address (internet protocol), session cookies, user cookies


Purpose of processing personal data

Data is collected for specific, explicit and legitimate purposes and may not be further processed in a way that is incompatible with those purposes.

The personal data processed through SARI is for the purpose of managing and making scientific and technological literature available online.


Legal grounds for treatment

The processing of personal data relating to Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) complies with the principles of lawfulness, fairness, transparency and the limitation of the retention period, based on Article 6 of the GDPR, point c) and e): because it is necessary for the fulfilment of FCT's legal obligations and the exercise of functions in the public interest, arising from Decree-Law no. 55/2013, of the 17th April, defining FCT's mission and attributions, Ordinance no. 216/2015, of the 21st July, which approved its statutes, Decree-Law no. 60/2018, of the 3rd August, which simplified the administrative procedures necessary for the pursuit of R&D activities.


Rights of Personal Data Subjects

Data subjects have the right to be informed about the processing of their data, and have the right to demand the correction of any inaccuracies, the deletion of unduly recorded data and the integration of omissions, under the terms of the GDPR and other applicable legislation.

Specifically, they may exercise the following rights, within the limits and exceptions provided for by law:

  • right of access: the data subject has the right to obtain confirmation from the FCT (data controller) about the processing of their personal data, as well as to access that data and request information about its processing.

  • right to rectification: the data subject has the right to have inaccurate personal data rectified and incomplete data completed.

  • right to erasure: the data subject has the right to obtain the erasure of their personal data, without prejudice to the established retention periods.
  • right to restriction of processing: the data subject has the right to obtain restriction of processing.

  • right of portability: the data subject has the right to receive personal data concerning him/her collected through this website in a structured, commonly used and machine-readable format. They also have the right to have their personal data transmitted directly to other data controllers.

  • right to object: the data subjects have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, including profiling. FCT shall cease processing personal data unless it has compelling legitimate reasons for such processing which override the interests, rights and freedoms of the data subject, or for the purposes of asserting, exercising or defending a right in legal proceedings.

  • right to withdraw consent: the data subject has the right to withdraw consent at any time, provided that the data is processed on the basis of consent and there is no other legal basis for such processing.

  • the right to lodge a complaint: with the Comissão Nacional de Proteção de Dados Pessoais (https://www.cnpd.pt/), if you consider that any of the above rights have been violated.


Sharing Personal Data with Third Parties and Subcontractors

The provision of information or services by the FCT to SARI users, namely students, researchers, managers, members and employees of other institutions or citizens in general, may involve the use of services from third party subcontractors with access to the personal data of said users.

Accordingly, only the personal data strictly necessary to fulfil the purpose of managing and developing digital infrastructures for science, technology and research and development (R&D) activities will be communicated and transferred. In any case, FCT will remain responsible for processing the personal data made available to it.

Subcontracting entities that process personal data on behalf of the FCT are obliged to present, in writing, sufficient guarantees that the appropriate technical and organisational measures have been taken to comply with current legislation on privacy and the protection of personal data, as well as to ensure that the rights of the data subject are defended, and such guarantees are formalised through the conclusion of appropriate contractual instruments that guarantee and respect the legal requirements in force.


Conservation period

The retention period for personal data is the period set by law or regulation or, failing that, the period necessary to fulfil the purpose for which it was collected and processed.

Personal data is kept in a form that allows the identification of data subjects for no longer than is necessary for the purpose for which it is processed, without prejudice to, inter alia, the fulfilment of legal obligations that impose a certain retention period or the exercise of FCT's rights and legitimate interests.

Personal data that is clearly not relevant to the purpose of managing and developing digital infrastructures for science, technology and research and development (R&D) activities is not retained and must be immediately and irreversibly anonymised and deleted.

The personal data of SARI users will be kept for as long as the data subject's user account remains active. Once the account has been deleted, the personal data will be anonymised, with the possibility of reversal if the user wishes to reactivate the account.

For data relating to access credentials (user name and password) and user profiles of FCT employees, the established retention period is 3 years after deletion of the user account.

For data relating to logs and IP addresses, the established retention period is 6 months after collection.

However, in the case of processing for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, FCT may retain some of the data for longer periods, without prejudice to applying the appropriate guarantees for the rights and freedoms of the data subject, under the terms of the legislation in force.

These guarantees imply the adoption of technical and organisational measures to ensure, in particular, respect for the principle of data minimisation and pseudonymisation.


General measures adopted to guarantee the security of personal data

To guarantee the protection of personal data, FCT implements strict, internationally recognised rules that apply to all those who legally handle personal data.

Accordingly, technical and organisational security measures are implemented to protect the personal data made available to FCT, as well as the confidentiality, integrity and authenticity of the data processed. Personal data stored by the FCT is encrypted and anonymised whenever possible, and subject to access control based on the principle of least privilege.

FCT continually reviews the quality and information security practices it adopts in order to ensure, on the one hand, continuous improvement and, on the other hand, that it keeps abreast of new cyber threats and implements the necessary countermeasures.


Notification and complaint

Without prejudice to sending a direct notification to FCT, through the contacts available at https://www.fct.pt/contactos, you can complain directly to the Comissão Nacional de Proteção de Dados (https://www.cnpd.pt/), using the contacts provided by this organisation for this purpose.


Changes to the privacy policy

This Privacy Policy may be updated, so regular consultation is advised. Changes are deemed to take effect from the date they are posted on this website. Explicit mention to the date of the update is made.


Cookies Policy


FCT, with headquarters at Av. D. Carlos I, 126, 1249-074 Lisboa, NIPC 503904040 and telephone: +351 21 3924300, is responsible for processing personal data.

This Cookies Policy informs users of the websites available at https://projeto.rcaap.pt/sari/ and https://projeto.rcaap.pt/repositorio-comum/ (hereinafter jointly referred to as ‘SARI’) about the use of cookies by FCT.

This policy should be analysed in addition to and in conjunction with our Privacy Policy.


1. What are cookies?

Cookies are small information files that are placed on your electronic equipment and which can fulfil various functions, such as storing user preferences for certain types of information or storing information relating to your visit to each website, the main purpose of which is to detect the users during their visits to the website and the respective configuration parameters.

The use of cookies on the internet is commonplace and does not harm users' computers or other electronic equipment used to access the web.


2. What are the functions of cookies?

Cookies perform various functions, including helping the site's content management and updating department to gain a deeper understanding of how the site is used, facilitating browsing, storing your preferences and generally improving your user experience. They also ensure that the sites present relevant content to each user. They are therefore tools for continually improving the user experience.


3. What kind of cookies do we use?

There are different types of cookies with different forms of action and purposes in your internet browsing. We use the following categories:

  • Strictly necessary cookies: these are essential cookies because they guarantee navigation on the website and the use of its functionalities, including recording whether or not the user has authorised the use of cookies by the website. These cookies cannot be rejected when using a website.
Retention period for data collected in this context: one year after collection.

  • Functional cookies: these are cookies that allow websites to remember information about the choices made by the user, such as username, language, the region from which the user accesses the website, and to personalise the user's browsing experience. These cookies expire at the end of the user's session (for example, when the user closes the browser window) or may remain for a longer period to memorise the user's preferences and choices on the site. /li>
Retention period for data collected in this context: one year after collection.

  • Analytical cookies: these cookies are used to analyse how users use the site and to monitor its performance, for example, which pages have the highest volume of visits or whether any error messages are returned to the user. This makes it possible to provide a high-quality experience by personalising the offer and quickly identifying and correcting any problems that arise. These cookies are used for the purposes of continuous improvement and statistical analysis.
To this end, we use the Google Analytics analysis tool and its cookies. Click here to consult the Google Analytics Privacy Policy.

Retention period for data collected in this context: two years after collection.


4. How can you manage your cookies?

Different browsers offer different ways of managing the cookies implemented by the websites you browse. There is no standard way of removing cookies and, depending on the browser you use, there are several advanced ways of managing them. However, all browsers allow a general removal of cookies from your computer.

We remind you that disabling cookies means that all or some of the available features may be inhibited, penalising your browsing experience.

To manage the use of cookies in your browser, follow these steps:

Google Chrome

  • Select the ‘Settings’ menu;

  • Select the ‘Show advanced settings’ option;

  • Under ‘Privacy’, select ‘Content Settings’.

More informations here.

Mozilla Firefox

  • Select the ‘Tools’ menu;

  • Select the ‘Preferences’ option;

  • At the top, select the ‘Privacy’ icon.

More informations here.

Safari

  • Select the ‘Edit’ menu;

  • Select the ‘Preferences’ option;

  • At the top, select the ‘Privacy’ icon.

More informations here.

If you use more than one browser, you will have to manage cookies independently for each one. More information on cookies at: https://www.allaboutcookies.org


5. Updating the Cookies Policy

FCT reserves the right to make changes to this Cookie Policy at any time, which will be duly publicised.

We recommend that users of our website periodically review our cookie policy in order to be informed about our management of cookies.