ORBITNEI-ISEP

Privacy Policy

Last updated: June 29, 2026

1. Scope

ORBIT is an internal operating system developed and operated exclusively for and by Núcleo de Estudantes de Informática do ISEP (NEI-ISEP). This Privacy Policy governs the collection, use, and protection of personal data within this internal platform. Access to ORBIT is restricted to members, collaborators, and invited affiliates of NEI-ISEP.

2. Data Controller

The data controller is NEI-ISEP, headquartered at Instituto Superior de Engenharia do Porto, Rua Dr. António Bernardino de Almeida, 431, 4249-015 Porto, Portugal. For any data-related inquiries, contact the NEI-ISEP board atinfo@nei-isep.org.

3. Data We Collect

We collect and process the following personal data solely for internal operational purposes:

  • Account data: name, email address (institutional @nei-isep.org), hashed password, and assigned roles/permissions.
  • Usage data: activity logs, task assignments, project participation, and system interactions recorded for accountability and audit trail.
  • Profile data: avatar, preferences, and settings voluntarily provided by the user.

4. Legal Basis

Processing is carried out under the legitimate interest of NEI-ISEP in managing its internal operations, projects, and membership, as well as under the performance of tasks carried out in the context of the association's activities. For optional features, consent is obtained where required.

5. Data Sharing

Personal data is not shared with third parties outside NEI-ISEP, except:

  • As required by applicable Portuguese or EU law.
  • With third-party infrastructure providers (e.g., cloud hosting) acting as data processors under a Data Processing Agreement.

6. Data Retention

Data is retained for the duration of the user's affiliation with NEI-ISEP. Upon deactivation of an account, personal data is anonymized or deleted within 90 days, unless retention is required by law or for legitimate internal audit purposes (up to 2 years).

7. Your Rights

Under the GDPR, you have the right to:

  • Access, rectify, or erase your personal data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (without affecting lawful processing prior to withdrawal).

To exercise these rights, contact info@nei-isep.org.

8. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), hashed passwords (bcrypt), and access control based on roles and permissions. Only authorized NEI-ISEP members have access to the underlying infrastructure.

9. Changes to This Policy

This Privacy Policy may be updated as internal practices evolve. Users will be notified of material changes via the platform or email.

ORBIT — Internal System of NEI-ISEP