Privacy Policy

1. What does our Privacy Policy consist of?

This policy sets out the terms and conditions under which Infraestruturas de Portugal, S.A., with registered office at Praça da Portagem, 2809-013 Almada, registered at the Lisbon Business Registry under the sole registration and tax number of 503933813, as the entity responsible for processing (hereinafter “IP”), processes the personal data of users, in accordance with their right to information as laid down in the General Data Protection Regulation (Regulation No (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and in the Law on Personal Data Protection (Law No 58/2019 of 8 August 2019), particularly with respect to detailed information relating to the nature of the data collected and the respective purpose and the processing which will be undertaken.

2. What is the scope of our Privacy Policy?

This Privacy Policy applies to the website housed at, the associated applications, and other platforms where IP services may be integrated (“Site”), within the scope of which IP may request the User to provide personal data, i.e., information provided by the User which allows IP to identify such a User and/or contact them (“Personal Data”).

3. What are Personal Data?

Any information that relates to an identified or identifiable natural legal person.

A natural legal person is identifiable when they can be identified directly or indirectly, more specifically through an identification number or specific characteristics relating to their physical, physiological, genetic, mental, economic, cultural or social identify.

4. What Personal Data are collected?

The Personal Data collected and processed consist essentially of information relating to name, name of company/entity which they may represent, telephone number, e-mail, address, date of birth, marital status, academic qualifications, professional experience and driving licence number, although other Personal Data may be collected by IP when necessary or convenient.

IP also collects and processes information on the characteristics of the device and the browser/software as well as information on the pages visited by the User. This information may include the type of browser, the domain name, access times and the links through which the User accessed the Site (“Usability Information”). We use this information only to improving the quality of your visit to our Site.

Cookies may also be used. Information in this respect is available for consultation in our Cookies Policy.

5. What constitutes Personal Data processing?

An operation or series of operations performed on personal data or on series of personal data, by manual or automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

6. Communication of Personal Data

The personal data collected are not shared with third parties without the User’s consent, with the exception of the following situations:

  • Communications required by law, in compliance with a specific legal obligation;

  • Service providers which provide services as sub-contractors (cf. Points 6.1. and 6.2. of this Privacy Policy); and

  • Personal data processing, insofar that this is necessary for IP to provide the services.

6.1 What is a subcontractor?

A subcontractor is a responsible entity which processes personal data for IP, as the entity responsible for the processing of such data.

6.2 Does IP use subcontractors for the processing of personal data?

In order to process User Data, IP uses or may use third-party entities, subcontracted by IP, on our behalf, and in accordance with our instructions, to process User Data in accordance with the law and the IP Group Personal Data Protection Policy.

These subcontracted entities may not transmit User Data to other entities without prior written authorization from IP, such entities are also prohibited from contracting other entities without prior authorization from IP.

IP only subcontracts entities which are able to provide maximum security in the execution of suitable technical and organizational measures, so as to guarantee that User rights are defended.

7. Are Personal Data gathered by the IP Group safe?

With regard to general principles relating to the processing of personal data, IP is committed to ensuring that the User Data we process are:

  • Processed in accordance with the law, in a proper and transparent manner in relation to the User;

  • Collected for specific, objective and legitimate purposes, and are not processed at a later time in a manner contrary to such purposes;

  • Suitable, justified and limited to that which is necessary for the purposes for which they are processed;

  • Exact and updated whenever necessary, and all necessary measures are implemented to ensure that any inaccurate data, bearing in mind the purposes for which they are processed, are erased or corrected without delay;

  • Stored in a manner which allows the User to be identified only during the period required for the purposes for which they are processed;

  • Processed in such a manner to ensure their security, including protection against unauthorized or illegal processing and against loss, destruction or unforeseen damage, and where suitable technical and organizational measures are implemented;

7.1 Legitimacy for the processing of personal data

Data processing by IP is lawful when at least one of the following situations is seen:

  • The User has given their clear consent for the processing of User Data for one or more specific purposes;

  • Processing is required for the performance of a contract to which the User is a party, or for pre-contractual procedures at the request of the User;

  • Processing is required for compliance with a legal obligation to which IP is subject;

  • Processing is required for the defence of the fundamental interests of the User or another individual person;

  • Processing is required for purposes of legitimate interests pursued by IP or by third parties (except if the User’s interests or fundamental rights and freedoms prevail which require the protection of personal data).

When User Data is processed by IP based on User consent, the User has the right to withdraw their consent at any time. Withdrawal of consent, however, does not compromise the legality of processing carried out by IP based on the consent previously provided by the User.

7.2 Technical and organizational measures

IP implements various technical and organizational security measures to protect the personal data of Users against loss, dissemination, alteration, or undue or unauthorized processing or access.

8. For how long are the Data stored?

As a rule, data will be stored and preserved only for the minimum period necessary to pursue the purposes which led to collection and/or processing, in accordance with the law.

The period of time during which personal data are stored varies in accordance with the purpose for which the information is processed. Legal requirements do exist which oblige us to store data for a minimum period of time. As such, and whenever there is no specific legal requirement, data will be stored and preserved only for the minimum period necessary for the purposes which led to their collection or later processing, after which they will be deleted in accordance with our Data Retention Policy.

9. What are the purposes of processing User Data?

In general terms on this site, IP E uses User data for the following purposes:

  • Management of the “Contacts” area;

    • Institutional Relations (municipal authorities and other stakeholders);

    • Requests for information, complaints or suggestions;

    • Compliments, events, partnerships, advertising and image;

    • Registration of Media Outlets and Journalists.

  • Management of the Media/Press area for:

    • Requests for information or interviews;

    • To request documentation or obtain authorization to take images and photographs.

  • Registration on the Licensing Platform, with client reserved area for checking processes, licences, scheduling of inspections, etc.

  • Recruitment management process, via:

    • Opportunities;

    • Internships;

    • Sending applications;

  • Access reserved for Clients and Partners as part of Railway Proceedings;

  • Ensuring that the site meets User requirements through the development and publication of content which is as best adapted to requests and the type of User, improving the site’s search capabilities and functionality and obtaining associated information or statistics on typical User profiles. 

10. Are Data transferred outside the European Economic Area?

User data are not transferred to countries outside the European Economic Area. Should such transfers take place in the future, IP pledges to ensure that the transfer is in compliance with applicable legal provisions, more specifically, with regard to determining the suitability of such country in relation to data protection and legal requirements applicable to such transfers.

11. What are Users’ Rights?

As data subjects, Users have the following rights:

  • The right to be informed in advance with regard to the processing of their data;

  • The right to access information on data processing carried out by IP;

  • The right to rectify their data and when personal data is incomplete, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;

  • The right to erasure (‘right to be forgotten’) of personal data where one of the following grounds applies:

    • The User data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

    • The User withdraws consent on which the processing is based and where there is no other legal ground for the processing;

    • The User objects to the processing under the right to object, and there are no overriding legitimate grounds for the processing;

    • Should the personal data have been unlawfully processed;

    • Should the personal data have to be erased for compliance with a legal obligation to which IP is subject;

    • Under applicable legal provisions, IP is not required to delete User Data to the extent that processing is necessary to comply with a legal obligation to which IP is subject for purposes of establishing, exercising or defending a right of IP in legal claims.

In the event of data erasure, IP shall inform each recipient/entity to whom data has been transmitted of the respective erasure, except if such notification proves impossible or would involve a disproportionate effort for IP.

  • The right to limit personal data, if one of the following situations applies:

    • If the User contests the accuracy of their personal data, for a period allowing IP to check on such accuracy;

    • If the processing is unlawful and the User objects to the erasure of data, requesting, in exchange, the limitation of their use;

    • If IP no longer requires User Data for processing purposes, but such data are required by the User for purposes of establishing, exercising or defending legal claims;

    • Should the User have objected to the processing, until it is seen that IP’s legitimate reasons prevail over the User’s.

  • The right to data portability when processing is based on consent or on a contract to which the User is a party and if processing is carried out by automated means;

  • The right to object to personal data processing on grounds relating to a User’s particular situation, at any time to processing of personal data concerning such Users when based on the exercising of legitimate interests pursued by IP or when processing is carried out for purposes other than those for which the personal data were collected, including the defining of profiles, or when personal data are processed for statistical purposes.

  • The right to not be subject to processing which does not have any type of human intervention, including the defining of profiles which may affect the User;

  • The right to submit a complaint to the National Data Protection Commission (CNPD) or a different control authority (whenever applicable).

12. How can users exercise their Rights and/or Complain?

Personal data subjects may exercise their rights by using the "Contacts" area of the site.

Furthermore, data subjects may also contact the IP Group Data Protection Officer with regard to matters concerning personal data processing by email

Finally, and without prejudice to being able to submit claims directly to the IP Group via the contacts provided for the purpose, personal data subjects may make claims directly to CNPD, using the contacts provided by this entity at

13. Are Cookies used?

When you visit our site, a small text file (a Cookie) is created and recorded on the drive of your computer. Cookies are useful as they pages, also recording your preferences and generally improving the User experience. Some of the cookies emitted by the server only last for as long as your visit and expire when you close your browser or application.

To find out more about the cookies we use, please see our Cookies Policy.

14. Changes to Privacy Policy

IP reserves the right to change this Privacy Policy at any time. In the event of substantial changes, a notice will be placed on the site.

15. Applicable Law And Court

Any litigation arising from the validity, interpretation or execution of our Privacy Policy, or which relates to the collection, processing or transmission of personal data shall fall under the exclusive jurisdiction of the courts of Lisbon, without prejudice to applicable laws.