
Privacy Policy
Privacy Policy
Treasury and Public Debt Management Agency, IGCP, E.P.E.
- Overview IGCP, E.P.E.
-
The Treasury and Public Debt Management Agency - IGCP, E.P.E. (hereinafter, Agency or IGCP, E.P.E.) is a public legal entity with a business nature whose purpose is the integrated management of the treasury, financing, and direct public debt of the State, including the debt of public sector entities whose financing is ensured through the State Budget.
It also coordinates the financing of funds and services with administrative and financial autonomy.
In addition to its main purpose, IGCP, E.P.E. can also undertake:
- Consultancy and technical assistance activities;
- Debt management of entities in the public administrative sector;
- Asset management of entities in the public administrative sector consisting of government debt securities;
- Management of derivative portfolios of entities in the public corporate sector.
IGCP, E.P.E. carries out its mission in compliance with the General Regime for the Issuance and Management of Direct Public Debt of the State (Law No. 7/98, of 3 February), ensuring, each year, the satisfaction of the State's financing needs based on five guiding principles of its action, namely:
- Minimization of direct and indirect costs from a long-term perspective;
- Ensuring a balanced distribution of costs across multiple annual budgets;
- Prevention of excessive concentration of amortizations over time;
- Avoidance of excessive risks exposure;
- Promotion of a balanced and efficient functioning of financial markets.
According to its respective statutes, it is primarily the responsibility of IGCP, E.P.E.:
- Propose to the Government the guidelines to be pursued in financing and managing the availability of State treasury, including the financing of public sector entities whose funding is ensured through the State Budget, taking into account this budget, market conditions, and treasury needs.
- Propose to the Government the guidelines to be followed in the management of the State's direct public debt, including the debt of the aforementioned public sector entities;
- Ensure, in conjunction with the management of the State's direct public debt, the management of the State's treasury availability and carry out the necessary financial investments for this purpose;
- Manage the financial derivatives operations of the public sector entities for which active debt management is entrusted to IGCP, E.P.E.;
- Ensure the centralization and control of Treasury fund movements, as well as their accounting;
- Promote the unity of the State treasury;
- Manage and control the State's collection system.
In the exercise of its competencies, IGCP, E.P.E., namely:
- Negotiates, on behalf of the State and in accordance with the guidelines of the government official responsible for the area of finance, loans and financial operations for the management of the State's direct public debt, including the debt of public sector entities whose financing is ensured by the State Budget, and contracts these loans and operations through any legally permissible means for this purpose;
- Executes the application of the State treasury's availability;
- Plans and monitors cash flows, ensures proper fund management and its relationship with the Bank of Portugal;
- Performs operations related to receipts, payments, and fund transfers, and develops and implements the necessary IT infrastructure and information systems to support the management of the State treasury;
- Defines the modalities of public debt, in accordance with the provisions of the State Budget, the annual state financing plan, and other applicable legislation.
With the entry into force of the new regime for the public corporate sector (approved by Decree-Law 133/2013, of October 3), the Agency started to intervene in the procedure for controlling the indebtedness of the entities included in it and assumed the competence to manage the portfolios of financial derivatives of the reclassified public companies.
- Purpose of the Privacy Policy of IGCP, E.P.E.
-
This Privacy Policy describes the purposes for which personal data is collected by IGCP, E.P.E., how it is processed and stored, with whom it is shared, how long it is retained, and the rights of data subjects.
Personal data refers to information relating to an identified or identifiable individual - the "data subject" - whereby an identifiable person can be directly or indirectly identified by reference to an identifier, such as a name, civil or tax identification number, location data, electronic identifiers, or other specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
This Privacy Policy does not cover data relating to collective legal persons.
This Privacy Policy is not an exhaustive description of all data processing operations carried out by IGCP, E.P.E. It will be updated whenever significant changes occur in the processing operations.
This document is further complemented by specific policies aimed at certain operations and procedures that are interrelated with the data processing operations described here.
In order to fulfill the transparency obligation imposed by the General Data Protection Regulation (GDPR), this Privacy Policy will be incorporated, by reference, into various forms used by the Agency for the collection of personal data.
- IGCP, E.P.E. as the data controller
-
IGCP, E.P.E. processes personal data in three types of circumstances:
- When necessary to fulfill legal obligations to which it is bound within the framework of its mission as defined by its statutes (approved by Decree-Law No. 200/2012, of August 27);
- When the processing of personal data is necessary for the performance of functions of public interest as defined by the same statutes;
- When the processing of personal data is necessary for the execution of a contract or pre-contractual measures associated with it.
IGCP, E.P.E. may also process personal data if it has a legitimate interest to do so, provided that such interest is not overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of their personal data.
Outside of the aforementioned circumstances, IGCP, E.P.E. only processes personal data if it has obtained the consent of the data subject for specific, explicit, and legitimate purposes.
IGCP, E.P.E. is responsible for the processing of personal data it collects, processes, and stores, in the sense that these expressions are defined by the RGPD.
- Legal Basis
-
As the data controller, IGCP, E.P.E. bases the lawfulness of personal data processing on Article 6(1)(b), (c), and (e) of the GDPR. Furthermore, it may also act under Article 6(1)(f) of the same provision, which legitimizes processing necessary for the performance of tasks carried out in the public interest or in the exercise of official authority.
Therefore, the primary legal basis for the processing operations carried out by IGCP, E.P.E. is the fulfillment of its duties and competences as provided in its statutes and other applicable legislation, with the consent of the data subjects being only of residual importance.
- Rights of Data Subjects
-
Data subjects, through the contact means indicated below, in number 10 may:
-
Request access to information – the data subject has the right to obtain confirmation of whether their personal data is being processed, and, when applicable, access their personal data and the information provided by law;
-
Request correction of the information if it is inaccurate or incomplete – the data subject has the right for IGCP, E.P.E. to correct the inaccurate or incomplete data concerning them without unjustified delay;
-
Request the deletion of their personal data – the data subject has the right to request IGCP, E.P.E. to delete their data when one of the following reasons applies:
- The personal data are no longer necessary for the purpose for which they were collected or processed;
- The data subject opposes the processing and there are no prevailing legitimate interests justifying the processing; or
- They have withdrawn their consent for data processing (in cases where processing is based on consent) and there is no other ground for such processing.
-
Request the limitation of the processing of their personal data – the data subject has the right to request IGCP, E.P.E. to limit the processing of their data if one of the following situations applies:
- The data subject contests the accuracy of the personal data, in which case the limitation will apply while IGCP, E.P.E. verifies the accuracy of such data;
- The processing of data is lawful and the data subject opposes the deletion of personal data, requesting instead the limitation of its use;
- IGCP, E.P.E. no longer needs the personal data for processing purposes, but such data is required by the data subject for the declaration, exercise, or defense of a right in a legal process;
- If the data subject has opposed the processing until it is verified that the legitimate grounds of IGCP, E.P.E. for processing the data prevail over those of the data subject.
-
The limitation of the processing of personal data means that they can only be processed, retained, or used:
- With the consent of the data subjects; or
- For the purpose of declaration, exercise, or defense of rights in legal proceedings; or
- For the defense of rights of another individual (or legal entity) that is not the data subject; or
- For reasons of public interest of the Portuguese State, another country of the European Union, or the European Union itself.
-
Oppose the processing of their personal data – the data subject, for reasons related to their particular situation, and concerning interests, rights, or fundamental freedoms, may oppose the processing of their personal data in cases where the processing of data, as provided for in paragraph f) of paragraph 1 of Article 6 of the GDPR, is carried out for the purpose of the legitimate interests pursued by IGCP, E.P.E. (under the provisions of paragraph f) of paragraph 1 of Article 6 of the GDPR).
In this situation, IGCP, E.P.E. will cease the processing of the personal data in question, unless it demonstrates the existence of legitimate grounds that override the legitimate interests, rights, and freedoms of the data subject.
-
- Information Security
-
IGCP, E.P.E. implements and ensures the maintenance of adequate protection measures so that its internal procedures for the security of personal data are in compliance with current regulations.
IGCP, E.P.E. also makes every effort to contractually ensure that third parties with whom it collaborates, as partners or service providers, guarantee adequate protection of the personal data to which they have access.
IGCP, E.P.E. limits access to personal data to specific employees, within the scope of their respective functions and only when contact with such personal data is justified.
IGCP, E.P.E. takes the necessary measures to ensure the secure processing of personal data, seeking to protect them against loss or misuse and implementing security procedures to prevent unauthorized access to such personal data.
- Sharing and Transfer of Personal Data
-
IGCP, E.P.E. shares data with third parties when required by legal determination and/or in the context of its activities that are similar to credit institutions, particularly in the management of the State's treasury and the issuance of retail public debt instruments.
IGCP, E.P.E. may also transfer data to service providers or other public entities in the scope of processes in which such entities act exclusively under its guidance or support, and where it is necessary for them to comply with technical and organizational measures equivalent to those required of the Agency.
- Retention of Personal Data
-
IGCP, E.P.E. only retains personal data for the period necessary to fulfill the purposes for which they were collected. The retention periods for most personal data processed by IGCP, E.P.E. are determined by law, regulations governing IGCP, E.P.E.'s activities, or contracts entered into with clients, suppliers, and partners. Only exceptionally does IGCP, E.P.E. collect and process data based on its legitimate interest or the consent of the data subject.
- Cookies
-
- IGCP, E.P.E. uses session cookies and log data, such as the IP address, accessed item, and user agent of the user.
- These data can be used for anonymous statistical purposes.
- Cookies are deleted when the user leaves the website.
- Users have the option to prevent the generation of cookies by selecting the corresponding option in their web browser.
- Information and Complaints
-
Data subjects, for issues related to their personal data, can contact IGCP, E.P.E. via email at info@igcp.pt or by sending a letter addressed to the Data Protection Officer at the following address:
Avenida da República, n.º 57, 1.º andar
1050-189 Lisbon.
The Data Protection Officer can also be contacted via email at dpo@igcp.pt
Data subjects can also choose to contact the Supervisory Authority, which in Portugal is exercised by the National Data Protection Commission, by sending their message to: geral@cnpd.pt