Área Metropolitana de Lisboa has prepared this privacy notice to inform you of how it processes personal data and to indicate your rights as a data subject, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, applicable from May 25, 2018 (hereinafter "GDPR"), on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, as well as applicable national legislation, in particular, Law no.º 58/2019, of August 8, which ensures the implementation of the GDPR in the national legal order.

AML is committed to ensuring the privacy and confidentiality of your data, guaranteeing that its processing is carried out with the strictest respect for individual rights and the legal regime in force and to the extent necessary to achieve the purposes of its processing and to maintain a high standard of service.

Responsible for processing personal data:

AML is responsible for processing your personal data - collected during use and/or registration on this site - and can be contacted by the following means:

Rua Cruz de Santa Apolónia, 23, 25 and 25A, 1100-187 Lisbon

(+351) 218 428 570
(+351) 218 428 577

Data protection officer:

AML has appointed a data protection officer, who can be contacted by letter (Rua Cruz de Santa Apolónia, 23, 25 e 25A, 1100-187 Lisboa) or via email (aml.epd@aml.pt).

Purposes and legal grounds for processing personal data:

AML processes your personal data in order to be able to respond to your requests, for statistical purposes and to carry out studies to support the definition of municipal public policies. This data can be provided through the "suggestions and comments" form on this site, or by communication, complaint and participation, through the service channels provided.

The grounds for processing your personal data, namely for the purposes described above, are those legally provided for in the performance of its activity, and in strict compliance with its legal duties and obligations.

As data controller, AML guarantees that all your personal data:

  • They will be obtained for specific, lawful and clearly defined purposes;
  • They will be compatible with the purposes for which they were collected;
  • They will be kept with appropriate security measures - implemented or to be implemented - against unauthorized access, or against their alteration, destruction or disclosure;
  • They will be kept accurate, complete and updated when necessary;
  • They will be collected on a limited basis and kept only for as long as is strictly necessary, and excessive data will not be collected and/or processed.

AML has implemented levels of security and protection of personal data, as well as technical and organizational measures against its dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.

Categories of personal data:

The personal data subject to processing by AML is of a diverse nature, according to the information and services promoted on the electronic platforms and other services under its management.

Depending on the type of services provided, the following can be collected: name, age, tax identification number, civil identification number, social security number, address, email address and cell phone number.

Criteria for storing and transferring personal data:

The transmission of data to third countries (countries outside the European Union and the European Economic Area) only occurs if this is necessary for the execution of contractual obligations, by legal requirement, execution of orders, requests from the data subject, or, also, with prior and express consent for this purpose.

In the event that it is necessary to use service providers from third countries, they will be obliged to comply with AML's written instructions, under the terms of the GDPR, by signing an agreement with the European Union's standard contractual clauses.

Your personal data is kept in compliance with the time limits defined in the applicable legislation, and will only be kept for the period of time that is appropriate and necessary for the purpose for which it was collected, after which it will be deleted, subject to the appropriate technical and functional guarantees.

Rights of the holder of personal data:

Right of access - Data subjects have the right to know whether or not their data is being processed and, if so, have the right to obtain a set of information about the processing carried out.

Right of rectification - Data subjects have the right to request the rectification of inaccurate data and the completion of incomplete data, without undue delay.

Right to erasure - Data subjects have the right, in certain circumstances, to request the erasure of their personal data.

Right to restriction of processing - Data subjects have the right, in certain circumstances, to ask the controller to restrict the processing of their data, without this implying its erasure.

Right to object - The data subject has the right, under the terms of the GDPR, to object to certain types of data processing. By exercising this right, the data controller must stop processing the data.

Right to portability - The data subject has the right to request, under the terms of the GDPR, that their data be transferred to another company/entity by electronic means or that such data be delivered to them in a structured and easy-to-read file.

Right not to be subject to automated decisions - The data subject has the right to request human intervention in normally automated decision-making processes that have an effect on them.

Right to lodge complaints with the supervisory authority. If you wish to lodge a complaint regarding matters related to the processing of your personal data, you may do so with the National Data Protection Commission, the competent supervisory authority in Portugal.

Any request regarding the exercise of these rights can be submitted to the AML through the contacts mentioned above.

AML has implemented a procedure for responding to requests from data subjects, in order to manage requests efficiently and appropriately, within the legally established deadlines.

Changes to Privacy Information:

AML may update the privacy information at any time. Changes will be duly published, namely on this website, indicating the date of the update.