In keeping with its values and with the aim of acting responsibly in the community and in maintaining harmonious relationships with all its stakeholders, the protection of privacy and personal data, as well as their transparent and upright handling constitute essential values for the whole Ensino Lusófona universe.

Therefore, all the institutions that integrate Ensino Lusófona handle personal data in a lawful, loyal and transparent way, in accordance with the norms of each country where they are located.

In Portugal institutions abide by the General Data Protection Regulation, and are audited by the competent authority, the National Commission for the Protection of Data (CNPD).

Privacy and Personal Data Protection Policy | Ensino Lusófona institutions in Portugal

1. The collection and storage of personal data of the Universidade Lusófona, ISDOM- Instituto Superior Dom Dinis, ISLA Gaia, ISLA Santarém, IPLUSO – Instituto Politécnico da Lusofonia, ETACADEMY – Executive Training Academy e o ISMAT- Instituto Superior Manuel Teixeira Gomes is carried out by COFAC, crl — Cooperativa de Formação e Animação Cultural — responsible for data processing, ensuring the security of the data bases, through appropriate policies and measures to prevent access, and misuse and to respond to possible intrusions, minimizing the possible effects.

2. Regarding the applications and in the student/institution relationship, and by virtue of a legal obligation, the competent services and bodies collect, process and file the personal data necessary for the processes and documents delivered, either in physical or in digital form.

3. The treatment of information and the right of the holder to change the data:

3.1. Applications:

3.1.1. The data collected are processed under the application process and are valid during the period of analysis and decision, the file time should never exceed one year, being: In the case of validated and accepted applications, the data transferred and filed in the individual student process, not being eliminated; In the case of non-validated applications, the information is archived for a maximum period of 5 years, and the data cannot be changed or deleted before this period; In all other cases, in particular non-validated applications, the data shall be stored for a maximum period of 1 year, at the end of which they shall be deleted.

3.2. Enrolment/Registration (Individual Student Process)

3.2.1. The data collected are processed in the scope of the academic process, and the information is permanently stored on physical and digital media, there being no place for its destruction (or forgetfulness).

3.2.2. Validated and accepted application data, whose holders are enrolled, are transferred to the student process, and cannot be changed and/or eliminated.

4. The holder may request, at any moment, the verification of the personal data filed, and may update the personal data, excluding those who are legally protected.

5. The Institution does not provide, through any means, the data collected and stored to third parties and is limited to using the personal data according to the purpose for which it was collected and its use authorized. However, and as a result of public utility status, the official or judicial entities that, within the scope of their competencies, may request, or whose access to personal data are entitled to them by law or regulation, constitute cases in which the transmission of the same tale place, ensuring the registration of this act.

6. The institution’s access to data policy ensures that each user only accesses the data strictly necessary for the performance of his/her function, keeping track of the access authorizations and resorting, whenever possible, to the pseudonymization of the data, through a candidate or student code, minimizing the risks of breach of privacy.

7. In compliance with the General Regulation on Data Protection, the data owners have guaranteed access to the data made available, and may consult, request correction or update, of all or part of the data at any time, if applicable.

8. Whenever applicable, the period of the authorization granted for the use of personal data shall be deleted from the system.

9. The institution has a Data Protection Officer, Diogo Mateus, who can be contacted through e-mail: or through telephone at 21 751 55 00.

10. In case of doubt or conflict, not resolved by the Person in Charge, the competent authority is the National Data Protection Commission (CNPD), Rua de São Bento 148, 1200-031 Lisboa, Telephone 21 392 84 00, e-mail:, accessible on line at