top of page


Privacy Policy


The purpose of this Privacy Policy of 27 April 2016 (hereinafter "General Data Protection Regulation" or "GDPR") on the protection of natural persons with regard to the processing of personal data and the free movement of such data is hereinafter "General Data Protection Regulation" or "GDPR") on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and national legislation, namely Law No. 58/2019 of 8 August, which ensures the execution of the GDPR in the national legal order, to make known to the holders of personal data, who in any way interact with UPC, in particular through the website, of the most relevant information in the field of the protection of their personal data, including your rights and how those rights may be exercised, as well as, generally speaking, what personal data is collected, how they are processed, their processing purposes, associated legal grounds and retention periods.



Responsible for the processing of Personal Data


UPC is responsible for the processing of Personal Data and can be contacted at the following email address:



Transmission of Personal and Recipient Data


The personal data processed, in addition to in compliance with a bequeathing obligation may be communicated to official entities, may also be processed by entities subcontracted by UPC, whenever legally required or contractually necessary, being provided to these entities only the data necessary for the performance of the required service.


UPC ensures that the subcontractors to whom it uses provide sufficient guarantees of the implementation of technical and organizational measures appropriate to the processing of personal data in accordance with the GDPR and that they are able to defend the rights of data subjects.


In compliance with legal obligations and for described purposes, personal data may also be transmitted to judicial, administrative, supervisory, or regulatory authorities.


Direct Personal Data Holders


The data subject has direct to:


  • Ask the Controller for access to your personal data, its rectification, payment, or limitation of the processing.

  • To owe the processing of their personal data.

  • Receive personal data concerning you and that you have provided to a Controller, in a structured format, commonly used and automatic reading, and request data portability to another Controller, if this is feasible and technically possible.

  • Withdraw the consent provided, at any time, when the treatment is based only on this legal basis.

  • Lodge a complaint with the Supervisory Authority, in this case the National Data Protection Commission - CNPD.


To this end, the data subject shall send his/her request in writing to the e-mail address:


The data subject may also request any more detailed information on the processing of personal data, as well as to lodge complaints about how his/her personal data is processed, without prejudice to the right to lodge a complaint also with the National Data Protection Commission.


Security of Personal Data


UPC adopts the appropriate and necessary security techniques and measures to protect the data subject's personal data, protecting them from misuse or unauthorized access. UPC treats the personal data to which it accesses in a confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to needs.




Minors may not use the services available through the Web without the prior permission of their parents, guardians or legal representatives who will be solely responsible for all acts performed through the Web by the minors in their charge, including the completion of the forms with the personal data of these minors.


Violation of Personal Data

In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of data subjects, UPC undertakes to report the personal data breach to the data subjects and to the National Data Protection Commission within 72 hours of knowledge of the incident.


Changes to the Privacy Policy


This Privacy Policy, which is also an integral part of the General Terms and Conditions of Use of the website, may be amended, always, without notice, by posting a new version on the website, expressly referring to the date of the last update.


Applicable Law and Fora


Any disputes arising from the validity, interpretation, or enforcement of the Privacy Policy, or which are related to the collection, processing, or transmission of personal data of its holder, shall be submitted exclusively to the jurisdiction of the courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules.

bottom of page