{"id":734,"date":"2025-01-10T16:06:20","date_gmt":"2025-01-10T16:06:20","guid":{"rendered":"https:\/\/vinhomadeira.web.uma.pt\/?page_id=734"},"modified":"2025-02-11T18:09:44","modified_gmt":"2025-02-11T18:09:44","slug":"utilizacao-aceitavel","status":"publish","type":"page","link":"https:\/\/vinhomadeira.web.uma.pt\/en\/utilizacao-aceitavel\/","title":{"rendered":"Personal Data Protection Policy"},"content":{"rendered":"
\n

The Acceptable Use Policy for the University of Madeira's information and communication technologies aims to establish the guiding principles for their correct and responsible use.<\/p>\n<\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n
<\/div>\n\n\n\n

UMa's Information and Communication Technology Acceptable Use Policy<\/h3>\n\n\n\n

The University of Madeira (UMa) recognizes the citizen\u2019s right of personal data protection, ensuring that all personal data holders whose data are entrusted to UMa are aware of the purpose of the provided information, as well as of their rights in this matter and how to exercise them, under the terms of and in accordance with the article 8, nr.1 of the Charter of Fundamental Rights of the European Union (\u201cCharter\u201d), with the article 16, nr.1 of the Treaty on the Functioning of the European Union (TFEU), and with the General Data Protection Regulation (GDPR).<\/p>\n\n\n\n

In this context, and bearing in mind that the pursuit of such plans depends on a solid combination of responsible users, adequate technologies and safe processes, the University of Madeira, under the terms of the Article 24, nr. 2 of the GDPR, and in strict compliance with the requirements legally established by the Articles 136, nr.1, and 136 nr. 4 of the Code of Administrative Procedure (approved by the Decree-law 4\/2015 of the 7th of January), establishes this Acceptable Use Policy to facilitate the effective application of the GDPR within the framework of its specific characteristics and specificities placed on University of Madeira as a Public Higher Education Institution.<\/p>\n\n\n\n

1. Object and scope of Application<\/h5>\n\n\n\n

The Acceptable Use Policy (hereinafter referred to as \u201cAUP\u201d) of the information and communication technologies of University of Madeira aims to establish the guiding principles for the correct and responsible use of the informatic services and of telecommunication networks, in view of the safety of the institution, of the protection of its users\u2019 interests and of the pursuit of University of Madeira\u2019s mission.<\/p>\n\n\n\n

This policy is subsidiarily applied to the specific regulation that has been approved by the competent authorities of the organic units of University of Madeira, being applied to all users mentioned in item 2.<\/p>\n\n\n\n

UMa reserves the right, when the rules of this AUP are infringed, to proceed immediately with the removal or prevention of access to illegal content or any other content that constitutes a violation of the AUP, or that obstruct the normal operation of the services provided.<\/p>\n\n\n\n

The AUP is of a non-contractual nature and will be periodically revised by UMa without prior notice to its users. However, its updated version is permanently available online at site uma.pt<\/a>.<\/p>\n\n\n\n

2. Users<\/h5>\n\n\n\n

One may define the users of University of Madeira\u2019s information and communication technologies as those with a contractual relationship, namely: teaching staff, researchers, scholarship holders, non-teaching staff and other service providers. Additionally, students, alumni, retirees, and retired or emeritus professors are also considered users. The creation of accounts for others with an occasional or temporary connection to University of Madeira is also a possibility, and the registration of these users requires the accountability of a current user with a contractual link and with the needed competences for that to be done.<\/p>\n\n\n\n

It also applies to users without a link to the University, and that occasionally use its technological infrastructures for various purposes, such as to submit applications, to enrol in courses or degrees, or to use services provided by the University through electronic means.<\/p>\n\n\n\n

The access to technological infrastructures may be provided in a differentiated manner, depending on the type, profile and needs of the user.<\/p>\n\n\n\n

3. General principles<\/h5>\n\n\n\n

The use of the information and communication technologies of University of Madeira should be carried out in strict accordance with the University of Madeira\u2019s statutes, bearing in mind the pursuance of the mission to which the University is attached, under the terms of the article 2 of the law no. 62\/2007 of 10th of September (which approves the legal framework of Higher Education institutions), as a public higher education institution.<\/p>\n\n\n\n

The principle of responsible use stated in this document is applied in the use of information and communication technologies of University of Madeira, being applicable to all its users. The University reserves the right to change these conditions, and to apply containment measures when it is believed that the use of its technological resources is not in accordance with what has been stated above.<\/p>\n\n\n\n

The use of information and communication technologies of University of Madeira for commercial purposes or for purposes not compatible with the University\u2019s institutional intent is not allowed. The use of information and communication technologies for advertising purposes is only allowed for the promotion of activities framed in the University\u2019s mission.<\/p>\n\n\n\n

Users\u2019 conduct is expected to be in accordance with the applicable laws and with this policy\u2019s provisions, as the lack of knowledge about them does not justify its violation.<\/p>\n\n\n\n

4. Restrictions<\/h5>\n\n\n\n

Being University of Madeira a user entity of the Science, Technology and Society Network (\u201cRCTS - Rede para a Ci\u00eancia, Tecnologia e Sociedade\u201d, managed by the Foundation for National Scientific Computing or \u201cFCCN - Funda\u00e7\u00e3o para a Computa\u00e7\u00e3o Cient\u00edfica Nacional\u201d), any use of the information and communication technologies of University of Madeira, that infringes the rules established in the user\u2019s letter of the said network, is not allowed (available at www.fccn.pt).<\/p>\n\n\n\n

When using University of Madeira\u2019s information and communication technologies, any actions that infringe the rules established in this document or the ruling legal provisions are not allowed, with special focus on the provisions consigned in the applicable legislation on cyberspace security, personal data protection and computer crime.<\/p>\n\n\n\n

The use of university\u2019s resources should be done in a responsible manner, not being considered as such situations that may interfere, in a harmful manner, with other users or services, whether those are internal or external to the University of Madeira.<\/p>\n\n\n\n

The resources made available through University of Madeira\u2019s information and communication technologies cannot be made available to third parties \u2013 whether it is by selling, renting or assignment \u2013 by the organic units, autonomous services, rectory or other users that are connected to it.<\/p>\n\n\n\n

In many cases, and always depending on previous authorisation of the Rector of University of Madeira or of someone assigned by him, the access may be granted to third parties, only in the case of institutions of the educational, scientific, technology and culture system, with which the University of Madeira has partnership.<\/p>\n\n\n\n

Any non-authorised use of the resources provided by the University of Madeira\u2019s information and communication technologies is considered as improper use and, as such, is subject to disciplinary and criminal proceedings.<\/p>\n\n\n\n

5. Rules about Network and Sytem Security<\/h5>\n\n\n\n

1. It is not allowed for the information and communication technologies\u2019 users to violate (or attempt to) any authentication or security system that protects access accounts, servers, services or networks. As violation one may consider:<\/p>\n\n\n\n

a) The unauthorised access to other people\u2019s data (breach of privacy);<\/p>\n\n\n\n

b- The unauthorised search of vulnerabilities in servers, services or networks, namely the systematic detection of service response (scan);<\/p>\n\n\n\n

c) The entry or attempt to enter machines without the express authorisation of those responsible for them (Break in);<\/p>\n\n\n\n

2. It is not allowed for users to intentionally interfere with the proper operation of the servers, services or networks. In these cases it is included:<\/p>\n\n\n\n

a) Overloading actions, either combined or not with the exploration of vulnerabilities of the systems, aiming to compromise the functioning of services (Denial of Service);<\/p>\n\n\n\n

b) Sending excessive number of packets (Flooding);<\/p>\n\n\n\n

c) Any attempt to hinder or disrupt servers, services or networks;<\/p>\n\n\n\n

d) The installation, use or provision of use PROXYS of the provided connectivity for purposes other than the use of the contracted services;<\/p>\n\n\n\n

e) The maintenance of OPEN RELAY servers;<\/p>\n\n\n\n

f) The introduction of computer viruses, \u201cworms\u201d, harmful code and\/or \u201cTrojan horses\u201d.<\/p>\n\n\n\n

3. Data interception is not allowed in any network or server without the express authorisation of its legitimate owners;<\/p>\n\n\n\n

4. It is forbidden to falsify data (introduce, modify, supress or delete, completely or partially) after its production, with the intent of deceiving data receivers. In the case of falsification, it is included but not limited to:<\/p>\n\n\n\n

IP address alteration (IP Spoofing);<\/p>\n\n\n\n

b) Alteration the identification of e-mails.<\/p>\n\n\n\n

The access to the networks entails the responsibilities that are inherent in the use of any of University of Madeira\u2019s resources, and may be revoked when its inadequate use is verified.<\/p>\n\n\n\n

In order to protect the integrity of computer systems, the administrators authorised by the rectory may, when necessary, suspend or remove the access to the University of Madeira\u2019s network or computers.<\/p>\n\n\n\n

6. Rules about e-mail service security<\/h5>\n\n\n\n

E-mail is a mean of communication primarily intended to facilitate academic, administrative, research and management processes. Its use conforms to the principles of ethical use of resources and networks.<\/p>\n\n\n\n

The abusive use of e-mail may cause inconvenience and damages to the remaining network users, either directly or indirectly, by jeopardising the normal functioning of the service support systems. Consequently, it is not allowed:<\/p>\n\n\n\n

a) to send e-mails to those who have (expressly) declared not wanting to receive them;<\/p>\n\n\n\n

b) to spread chain letters, pyramid schemes, or any other intrusive or harassing messages.<\/p>\n\n\n\n

7. Rules of the accommodation service<\/h5>\n\n\n\n

All the material published on webpages on the University of Madeira\u2019s servers must comply with its official policies, such as academic responsibility, intellectual property, the right to privacy, among others.<\/p>\n\n\n\n

Accommodation Rules<\/p>\n\n\n\n

1. UMa provides its faculties and research centres with hosting space in its servers and a personalised address, with or without its own domain, to access the hosted pages.<\/p>\n\n\n\n

2. The hosted pages\u2019 content is of the sole responsibility of its faculties and research centres and should not, in any case, contain information that:<\/p>\n\n\n\n

a) Violates copyright rules, namely by containing counterfeited software, counterfeited audio (music) and video (films) files. This restriction extends to the accommodation, installation, execution, use and\/or provision of this types of content and\/or applications;<\/p>\n\n\n\n

b) is considered as illegal, offensive, pornographic, paedophile or discriminatory based on religion, sex or race;<\/p>\n\n\n\n

c) incites the practice of criminal acts;<\/p>\n\n\n\n

d) promotes physical or moral damage against any individuals;<\/p>\n\n\n\n

e) explores or incites the exploitation of minors.<\/p>\n\n\n\n

8. Rules about content<\/h5>\n\n\n\n

UMa reserves the right to remove any applications or to restrict the provision of services when it becomes aware of the existence of any illegal activities, or of activities that violate national or international laws, developed through those means, namely:<\/p>\n\n\n\n

a) The violation of any law, of any applicable jurisdiction, including laws about content or advertising that may be widespread online, and related to: alcohol, competition, protection of minors, illicit substances, exportation, armament, importation, privacy, debt securities, telecommunications, and tobacco;<\/p>\n\n\n\n

b) The practice of dishonest or unfair acts, including the promotion or communication of defamatory, scandalous, threatening, injurious, xenophobic, or private information without the consent of the people affected by it, or the promotion of information likely to cause moral damage, either due to its content or to the frequency of its promotion;<\/p>\n\n\n\n

c) The promotion, encouragement or defence of violence against any state, organisation, group, individual or property, or the dissemination of information, training or support in order to carry out such violence;<\/p>\n\n\n\n

d) The dissemination, sending or receiving of information that violates copyrights, patents, trademarks, trade secrets, software licensing agreements or other third party\u2019s intellectual property rights;<\/p>\n\n\n\n

e) The exposure of UMa, its leaders and staff to public contempt and ridicule;<\/p>\n\n\n\n

f) Programmes, scripts or applications that may jeopardise the normal functioning of the services provided;<\/p>\n\n\n\n

g) The exercise of private activities, including the mining of cryptocurrency and the sale of services and products;<\/p>\n\n\n\n

h) To participate or allow the participation of games of chance or gambling;<\/p>\n\n\n\n

9. User identification and authorisation<\/h5>\n\n\n\n

Except for the content publicly available, the access to the University\u2019s resources is made through the attribution of specific access credentials.<\/p>\n\n\n\n

The basic principle in user account creation to access the information and communication technologies of University of Madeira meets the user\u2019s profile, as well as the resource and\/or service the user needs to access. Bearing in mind that the University of Madeira, as identity provider, is responsible for providing identity assertions that are both reliable and accurate to its own and third-party services, it is essential to ensure a process of credential attribution with a high degree of reliability and safety, forcing greater responsibility for those involved in the process.<\/p>\n\n\n\n

Users identified in item 2 are eligible for the allocation of resource access accounts, with a contractual or occasional link. In this case, the person responsible for assigning the account is in charge of the citizen identification, ensuring the existence of a legitimate purpose, clearly distinguishing the types of identity registered in the systems (users, generic, non-human accounts, among others).<\/p>\n\n\n\n

In the identity attribution process to users, the university of Madeira collects, at least, data such as the name and identification number of the holder. User accounts are always accompanied by an expiration date that fits the user\u2019s profile and the purpose of the creation of the account, being the right of access aligned with the termination of the link or reason for creation.<\/p>\n\n\n\n

In the cases that the user\u2019s access to resources needs to be authorised, this attribution should be properly justified as fitting the profile and functions, being done by the entity of University of Madeira that is responsible for the service.<\/p>\n\n\n\n

In addition to then situations previously mentioned, temporary user accounts with limited permissions may be created to gain access to wireless networks and other electronic services displayed online.<\/p>\n\n\n\n

The access authorisation to resources assumes the acceptance of this policy, which is valid as long as the access right remains. It can be suspended or cancelled in case of infringement or for safety reasons.<\/p>\n\n\n\n

The attributed authorisations are personal and untransferable, and the user is responsible for maintaining the confidentiality and protection of the credentials to him\/her assigned.<\/p>\n\n\n\n

10. Privacy and personal data treatment<\/h5>\n\n\n\n

The attributed authorisations are personal and untransferable, and the user is responsible for maintaining the confidentiality and protection of the credentials to him\/her assigned.<\/p>\n\n\n\n

The University of Madeira, in the pursuit of its mission and attributions, collects some personal data from users during the use of its infrastructures.<\/p>\n\n\n\n

11. Monitoring and record keeping<\/h5>\n\n\n\n

In compliance with the legal and statutory obligations, University of Madeira monitors and records the use of its information and communication technologies, aiming to store the records considered to be necessary for the correct technical support of the equipment, and ensure the safety of the University\u2019s infrastructures. The monitoring will be carried out according to the minimum requirements of Networks and Information Systems established by the Resolution of the Council of Ministers 41\/2018, in strict compliance with the interests of the organisation and its users.<\/p>\n\n\n\n

University of Madeira guarantees that, during monitoring, there will not be interference in the electronic communication protected by cryptographic algorithms, respecting its users\u2019 rights, privacy and freedom.<\/p>\n\n\n\n

The University collects data referring to the use of the infrastructures in a pseudonymized manner, including only the needed data for the previously mentioned purposes, namely IP addresses, ports, protocols, date, hour, user-agent browser, and metadata related to the layers 3 and 4 of the Open System Interconnection (OSI) model. Other data may be collected, with the user being previously informed of the additional data in the conditions of use of the services.<\/p>\n\n\n\n

In the absence of any other retention period defined in the conditions of use of certain services or by legal requirement, records are kept for a maximum period of 24 months.<\/p>\n\n\n\n

It is forbidden for individuals outside University of Madeira to access these records. Technicians may be authorized to access these records due to infrastructure security monitoring processes, or in exceptional and justified situations of technical screening or to comply with legal requirements.<\/p>\n\n\n\n

12. Infringement and incident response<\/h5>\n\n\n\n

When it comes to the response to safety incidents and vulnerability detection, the University of Madeira\u2019s team responsible for computer security analyses infringement cases according to the mentioned provisions.<\/p>\n\n\n\n

To each case, it notifies both the person responsible for data security and the offender, if identified, and then evaluates the decision of a temporary access suspension to the information and communication technologies, or other measures that allow impact minimization. When personal data are involved, the Data Protection officer is notified.<\/p>\n\n\n\n

13. Responsability<\/h5>\n\n\n\n

University of Madeira does not take any responsibility for the use of its infrastructures when it involves any actions that violate the law, statutes, regulations, and these provisions, being of the sole responsibility of the users.<\/p>\n\n\n\n

14. Alterations to the acceptable use policy of information and communication technologies<\/h5>\n\n\n\n

University of Madeira reserves the right to, at any time, readjust or change the present Acceptable Use Policy of the information and communication technologies. Any changes will be properly advertised.<\/p>\n\n\n\n

15. Questions and Suggestions<\/h5>\n\n\n\n

To get more information on the way University of Madeira deals with personal data, or to clarify any questions regarding this issue, complaints or comments can be submitted regarding the Acceptable Use Policy of the information and communication technologies.<\/p>\n\n\n\n

16. More Information<\/h5>\n\n\n\n

To learn more about information security, please refer to the document UMa's Information Security Policy<\/a>.<\/p>\n\n\n\n

Contacts<\/p>\n\n\n\n

Universidade da Madeira – Edif\u00edcio da Reitoria<\/h5>\n\n\n\n

Col\u00e9gio dos Jesu\u00edtas – Rua dos Ferreiros<\/p>\n\n\n\n

9000-082 Funchal – Portugal<\/p>\n\n\n\n

Telefone: (+351) 291 209 400<\/p>\n\n\n\n

Universidade da Madeira – Campus da Penteada<\/h5>\n\n\n\n

Campus Universit\u00e1rio da Penteada<\/p>\n\n\n\n

9020-105 Funchal – Portugal<\/p>\n\n\n\n

Telefone: (+351) 291 705 000<\/p>\n\n\n\n

Data Protection Officer \u2013 epd@mail.uma.pt<\/a><\/p>\n\n\n\n

<\/p>","protected":false},"excerpt":{"rendered":"

A Pol\u00edtica de Utiliza\u00e7\u00e3o Aceit\u00e1vel das tecnologias de informa\u00e7\u00e3o e comunica\u00e7\u00e3o da Universidade da Madeira tem como objetivo estabelecer os princ\u00edpios orientadores para uma utiliza\u00e7\u00e3o correta e respons\u00e1vel. Pol\u00edtica de Utiliza\u00e7\u00e3o Aceit\u00e1vel das Tecnologias de Informa\u00e7\u00e3o e Comunica\u00e7\u00e3o da UMa A Universidade da Madeira (UMa) reconhece o direito dos cidad\u00e3os \u00e0 prote\u00e7\u00e3o dos seus dados […]<\/p>","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-734","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/pages\/734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/comments?post=734"}],"version-history":[{"count":5,"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/pages\/734\/revisions"}],"predecessor-version":[{"id":1271,"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/pages\/734\/revisions\/1271"}],"wp:attachment":[{"href":"https:\/\/vinhomadeira.web.uma.pt\/en\/wp-json\/wp\/v2\/media?parent=734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}