Observatório de Segurança Rodoviária

Privacy Policy

1. Framework

The National Road Safety Authority (hereinafter ANSR) is a central service of the direct administration of the State with administrative autonomy.

ANSR’s mission is the planning and coordination at the national level to support the Government’s policy regarding road safety, as well as the enforcement of road traffic offense law.

Under the provisions of Regulatory Decree No. 28/2012 of March 12, the responsibilities of ANSR are:

Contribute to the definition of policies in the field of traffic and road safety;
Develop and monitor the National Road Safety Plan, as well as the structural documents related to road safety, and promote its study, namely of the causes and contributing factors of traffic accidents;
Promote and support civic initiatives and partnerships with public and private entities, particularly in the school environment, as well as promote information and awareness-raising actions that foster a culture of road safety and good driving practices;
Prepare studies in the field of road safety, as well as propose the adoption of measures aimed at traffic management and discipline;
Supervise compliance with legal provisions on traffic and road safety and ensure the processing and management of reports of violations of the Highway Code and supplementary legislation;
Standardize and coordinate the supervisory actions of other entities involved in road matters, through the issuance of technical instructions and approval of traffic control and inspection equipment, and exercise the other powers expressly assigned by law, namely the Highway Code and its supplementary legislation;
Financially contribute, in collaboration with the Directorate-General for Infrastructures and Equipment of the Ministry of Internal Administration, to the acquisition of equipment and applications to be used by MAI entities involved in road matters, according to higher guidance.

2. Purpose of ANSR’s Privacy Policy

The ideals of privacy protection and personal data protection constitute one of ANSR’s priorities. As such, and in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), as well as Law No. 58/2019 of August 8, which ensures the execution of the GDPR in national legal order, this document constitutes ANSR’s Privacy Policy.

To this end, and for due purposes, this Privacy Policy describes the purposes of the personal data processing carried out by ANSR, how such data are processed and stored, the categories of entities with which they are shared, how long they are retained, and also the rights granted to data subjects in this context.

3. Purposes of Processing

In addition to fulfilling ANSR’s legal responsibilities, referred to in point 1, it processes personal data for the following purposes:

a) Human resources management;

b) Administrative, accounting and tax management;

c) Access control, electronic communications and IT infrastructure management;

d) Compliance with legal obligations;

e) Management of legal proceedings and other legal actions;

f) Quality and environmental management.

4. Lawful Basis

ANSR is responsible for the processing of personal data as defined by the GDPR, and personal data processing occurs in three types of circumstances:

(i) When it is necessary to comply with legal obligations to which ANSR is bound under the responsibilities and powers arising from Regulatory Decree No. 28/2012 of March 12;

(ii) When the processing of personal data is necessary in the context of the exercise of public interest functions it performs;

(iii) When the processing of personal data is necessary for the execution of a contract or pre-contractual measures related thereto.

ANSR may also process personal data based on legitimate interest, provided that in each case such interest is not overridden by the interests or fundamental rights and freedoms of the data subject that require protection.

Outside the circumstances indicated above, ANSR only processes personal data for specific, explicit and legitimate purposes, and provided that consent has been obtained from the data subject.

5. Rights of Data Subjects

Data subjects may, at any time, exercise their rights, namely, request additional information regarding the processing of their data, request rectification thereof, as well as, within certain limits, request erasure, withdraw their consent, or object to processing, among others, via email protecaodedados@ansr.pt or by letter to the postal address: Avenida Casal de Cabanas, nº 1, 2734-507 Barcarena.

Data subjects should bear in mind that, in certain circumstances (namely, due to legal requirements), their requests may not be fulfilled. Nevertheless, the data subjects will be informed of the measures taken in this regard within one month from the date the request is made.

Data subjects also have the right to lodge a complaint with the National Data Protection Commission at geral@cnpd.pt.

6. Information Security

Information security and personal data protection are priorities for ANSR. For this reason, ANSR has implemented a set of technical and organizational measures which, taking into account state of the art, application costs, and the nature, scope, context, and purposes of each personal data processing, mitigate risks to the data subject and prevent the occurrence of personal data breaches and security incidents in general.

In particular, among others, the following measures stand out:

Developing the necessary efforts to ensure that third parties collaborating with ANSR guarantee adequate protection of the personal data they have access to;
Limiting access to personal data to specific employees and only when, in the scope of their duties, such contact with personal data is justified;
Storing all personal data processed by ANSR on servers that offer security guarantees, namely encryption, access control, and backups;
Subjecting security systems and policies to periodic reviews to ensure that the data are safe and protected;
Monitoring ANSR’s technological infrastructures to prevent and detect irregularities in their use.

7. Sharing and Transfer of Personal Data

ANSR shares data with other national public services and bodies, with the European Union, and with third parties when required by law, protocol and/or in the context of exercising public interest functions.

ANSR may also transfer data to service providers or other public entities. Such transfers occur within processes where these entities act exclusively under its guidance or support and in which it is necessary for them to observe technical and organizational measures equivalent to those to which, in terms of security and data protection, ANSR is bound.

8. Retention of Personal Data

ANSR only retains personal data for the period necessary to fulfill the purposes for which they were collected. The retention periods for most of the personal data processed by ANSR result from the law, the regulations governing ANSR’s activities, or the contracts it enters into with suppliers and partners.

The retention periods for personal data are set out in ANSR’s table of retention and disposal of physical records.