The Investor Compensation Scheme (ICS) is a legal entity, established under the terms of Decree-Law 222/99 of 22 June, which operates jointly with the Portuguese Securities Market Commission (CMVM) to protect retail investors.
Rua Laura Alves, nº 4
Telephone: 213 177 000
Fax: 213 537 077/8
On 25 May 2018, the General Regulation on Data Protection (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016). Pursuant to Article 37/7 of the mentioned Regulation, António Delicado has been appointed Data Protection Officer of the Investor Compensation Scheme (ICS).
Processing of Personal Data by the ICS
The Investor Compensation System (ICS), a legal entity governed by public law, created by Decree-Law No. 222/99, of 22 June, as an investor protection system that operated at the Portuguese Securities Market Commission (CMVM), processes personal data, in accordance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 (GDPR), Law No. 58/2019 of 8 August and other applicable European and national legislation.
A. Data processing controller
ICS – Investor Compensation Scheme
Rua Laura Alves, no. 4
Telefone: +351 213 177 000
Fax: +351 213 537 077
B. Contacts of the Data Protection Officer
Rua Laura Alves, n.º 4
Telefone: +351 213 177 000
Fax: +351 213 537 077
C. Purposes of the processing and source of personal data
The purposes of the personal data processing operations carried out by the ICS result from applying the legal regime contained in Decree-Law No. 222/99 of 22 June and the ICS Regulation, approved by Ordinance No. 1266/2001 of 6 November.
1. Within the specific activities of the ICS, personal data can be used within the scope and as a result of the System's activation process for:
a) Administrative procedures aimed at verifying the admissibility or exclusion of investors' claims from the scope of ICS coverage;
b) Analysis of issues related to the admissibility of claims under the System's coverage or to claims accepted under the System's coverage or excluded from it;
c) Clarification of issues concerning funds and financial instruments covered by the respective data subjects and with the participating entity that initiated the action and other public and private entities, namely Banco de Portugal, CMVM, the Deposit Guarantee Fund and the liquidator of that entity;
d) Exercise of ICS rights in legal proceedings, namely in insolvency proceedings of entities participating in the System.
2. Personal data can also be used for current activities of the ICS:
a) Financial and Asset Management - namely in public acquisitions and protecting of public interests in the execution of contracts;
b) Human Resources - namely to assess possible obstacles, spuriousness and suspicions;
c) Information technology and systems - namely for data quality control and impact assessments;
d) Litigation - namely in cases where the ICS is party to lawsuits or is by law obliged to cooperate with judicial authorities;
e) Organisation - namely for the internal systematisation of information regarding the ICS;
f) Research – namely in carrying out analyses and opinions;
g) Liaison with external entities – above all in cooperation with the Public Ministry, courts, and other public entities;
h) Filing systems – concerning duties to keep records for administrative or historic purpose.
3. The personal data that the ICS handles originates from:
a) The receipt of information reported or obtained under applicable law or regulation, namely from the participating entities, Banco de Portugal, CMVM, the liquidators of participating entities or investors;
b) Public data, namely those contained in public records.
4. Transversal activities are also governed by the applicable general.
D. Categories of the personal data and of the recipients
1. The ICS can only transmit data to third parties if this transmission is allowed by law or by agreement provided for by law.
2. The recipients of the data are therefore typically those referred to in Section C(1)(c) and (d).
3. The ICS does not handle special categories of personal data.
E. Transfer of personal data to third countries and international organisations
The ICS can transmit personal data for public interest reasons, under the terms of Article 49(1)(d) and (4) of the GDPR and Article 22 of Law No. 58/2019 of 8 August.
F. Criteria for the storing period of personal data
1. As a public entity, the ICS is subject to criteria of administrative interest for data storing. If they have administrative interest, deletion is not allowed.
2. You cannot delete them, until all the legal effects that concern them have prescribed.
3. When stored in historical archive, the ICS reserves its access, even internally.
G. Rights of the Data Subject
1. The data subject has the right to request from the ICS:
a) Access to personal data that concerns said,
b) Its correction or deletion,
c) The limitation of processing with respect to the data subject,
d) The right to object to the processing,
e) The right to data portability.
2. The right of access may be restricted by judicial secrecy, in accordance with national and European regulatory texts.
3. The right to erasure and opposition to processing do not proceed when the ICS is acting in the legitimate exercise of its duties, under the terms provided for in the GDPR.
4. Similarly, data portability is included in both the GDPR and cooperation regime to which the ICS is bound.
H. Lawfulness of data processing
1. The lawfulness of data processing carried out by the ICS results, as a rule, from public interest duties vested as such, by law.
2. When the lawfulness of personal data processing is based on the data subject's consent, said has the right to withdraw it at any time without compromising the lawfulness of the processing carried out based on the previously given consent.
I. Complaint to a supervisory authority
Data subjects are entitled to complain to the National Data Protection Commission (CNPD):
Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa
Tel: +351 213928400
Fax: +351 213976832
J. Duty to communicate data
The data subjects are obliged to communicate data to the ICS when this results from law or regulation.
L. Automated decision-making
1. By law, no final decision by the ICS is fully automated since there is always human involvement.
2. However, the ICS may automatically refuse to receive requests or information when said do not comply with legal, regulatory and/or computer requirements.