Data protection

In the exercise of its duties and powers, namely the mediation activity between banking customers and credit institutions, particularly in the context of the granting and renegotiation of loans, as well as the provision of clarifications and information on credit matters, pursuant to Decree-Law no. 144/2009 of 17 June, the Credit Ombudsman processes personal data in accordance with the principles and rules arising from European and national legislation on personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

The Credit Ombudsman respects the principles of lawfulness, fairness and transparency, purpose limitation (collection for specified, explicit and legitimate purposes), data minimisation, accuracy, and security and integrity of information.

The Credit Ombudsman adopts the technical and organisational measures necessary for the processing of personal data in order to ensure full compliance with data protection rules.

Processing of personal data

The Credit Ombudsman processes the categories of personal data that are strictly necessary, appropriate and relevant to the pursuit of the public interest purposes assigned to it by law, or for compliance with a legal obligation.

The Credit Ombudsman also processes personal data relating to its staff members and service providers.

The Credit Ombudsman retains data for the period strictly necessary to fulfil the purposes that justified their collection.

Sharing and transfer of personal data

Within the scope of its duties, the Credit Ombudsman may share data, in accordance with the law, with credit institutions, financial companies and other entities holding credits originally granted by them, which are involved in mediation requests or requests for clarification, as well as with Banco de Portugal.

The Credit Ombudsman may also share data, in accordance with the law and under the duty of cooperation, with Banco de Portugal and with other public entities, including courts, the Public Prosecutor’s Office, the Tax and Customs Authority, and Social Security, among others.

The Credit Ombudsman also shares personal data with Banco de Portugal insofar as, under the law, Banco de Portugal provides the technical and administrative support necessary for its functioning.

Rights of data subjects and Data Protection Officer

In accordance with the law, the Credit Ombudsman provides data subjects with appropriate means to exercise their rights of information, access, rectification, complaint, restriction or erasure of their data.

To exercise their rights, data subjects may contact the Credit Ombudsman through the following means:

• By email: [email protected]
• By post:

         Mediador do Crédito

         Apartado 21004

         1126-001 Lisboa

If they consider that their rights have not been duly addressed, or if they wish to lodge a complaint, they may contact the Data Protection Officer of Banco de Portugal through the following means:

• By email: [email protected]
• By post:

         Gabinete de Proteção de Dados do Banco de Portugal

         Rua do Comércio, 148

         1100-150 Lisbon

The Data Protection Officer of Banco de Portugal monitors compliance of personal data processing with the GDPR and other EU data protection provisions, ensures communication with data subjects, and cooperates with the Portuguese Data Protection Authority (CNPD), acting as a contact point between the CNPD and data subjects on matters related to the processing of personal data.

Oversight of the Credit Ombudsman’s activities

The activities of the Credit Ombudsman in the field of personal data protection and processing may be subject to complaint before the CNPD or to judicial review, under the general legal terms.