Legal information - ISIC Portugal

Data protection is a priority for ISIC Portugal.

This Privacy Policy establishes the terms and conditions under which PUMPKINTREASURE, LDA (hereinafter “ISIC Portugal”), with registered office at Rua João Penha, 14- 3º D, 1250-131 Lisboa, exclusive representative of ISIC, ITIC and IYTC cards in Portugal, data controller for the purposes of this Privacy Policy, processes the personal data provided by the user in connection with the use of the website isic.pt website (hereinafter, “ISIC Portugal website”), the mobile application or app, understood as the software application designed for use on smartphones, tablets or other mobile devices (hereinafter, “ISIC APP”) or other applications, software, digital media, storage media or functionality related to the ISIC trademark in Portugal (together, “the Platform”).

When using the Platform, each time the user provides any type of information or it is necessary to access any type of information that, depending on its characteristics, allows ISIC Portugal to identify the user, such as their name, surname, e-mail address, billing or shipping address or telephone number, etc. (hereinafter “Personal Data”), whether for the purposes of searching, purchasing our products or using our services or features, will be subject to this Privacy Policy, the General Terms and Conditions of Purchase and Use and other documents referred to therein (together “Terms”), applicable at any time and which must be reviewed to ensure that they are accepted.

The processing of a user’s personal data must always comply with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to ISIC Portugal. By means of this data protection declaration, ISIC Portugal would like to inform the general public about the nature, scope and purpose of the personal data it collects, uses and processes. In addition, you are informed of your rights through this data protection declaration.

As the controller, ISIC Portugal has implemented various technical and organizational measures to ensure the most complete protection of personal data processed through the Platform. However, Internet-based data transmissions may, in principle, have security gaps, and therefore absolute protection may not be guaranteed. For this reason, each user is free to transfer personal data to ISIC Portugal by alternative means, for example by telephone.

1. Collection of personal data and purposes of processing

Before using our services or features, you should read this Privacy Policy, as well as the Terms and Conditions in the specific section relating to each service or feature. In each section you can check if there are specific conditions of use or if they require specific processing of your Personal Data.

Failure to provide certain mandatory information may result in it not being possible to manage your registration as a user or use certain features or services available through the Platform.

You hereby warrant that the Personal Data provided herein is true and accurate and agree to report changes and modifications. If you provide ISIC Portugal with the Personal Data of third parties, you are responsible for providing it and for obtaining their consent to such provision for the purposes indicated in the corresponding sections of this Privacy Policy. Any loss or damage caused to the Platform, to ISIC Portugal or to third parties by the communication of erroneous, incorrect or incomplete information in the registration forms shall be the sole responsibility of the user.

ISIC Portugal uses Personal Data, as applicable, for the following purposes:

1.1 Management of registration as a Platform user. The Personal Data that the user makes available to ISIC Portugal is used to identify the user as a user of the Platform and to give the user access to the different functionalities, products and services available when registering as a user.

1.2 Preparation, fulfillment and execution of the purchase and sale contract relating to the products purchased or any other contract entered into with us through the Platform.

1.3 Contacting you by email, telephone, SMS or other equivalent form of electronic communication, such as push notifications from the ISIC APP, etc., regarding updates or informative communications related to contracted features, products or services, including Platform security updates, when necessary or reasonable for their implementation.

1.4 Responding to and processing user requests through the customer service channels available in relation to the Platform, as well as monitoring the quality of our service.

The duration of data processing will last (i) the period of time provided for by law; or (ii) an indefinite period of time (i.e. until you request that certain data or all data be deleted); (iii) or until the specific purpose applicable to certain data no longer exists. For example, data relating to user requests will be processed to the extent that ISIC Portugal is required to store it under the applicable legislation, and will be deleted once this legal constraint ceases to exist.

2. Newsletter subscription

If the user authorizes the subscription to the ISIC Portugal Newsletter, we will provide the user with information and communications related to ISIC, via email, as well as via push notifications through the ISIC APP – if these notifications have been activated on the user’s mobile device.

Subscribing to the ISIC Portugal Newsletter may involve the use of Personal Data in order to carry out personalized communication to the user via email. We may also make this information available to the user via push notifications through the ISIC APP, if these have been activated on the user’s mobile device. In order to improve the service provided to you, we inform you that your Personal Data relating to your online purchases, tastes and preferences may be used for the purposes of analysis, creating user profiles, quality surveys and improving our interaction with you.

If you are a registered user, you can cancel your registration by following the information we provide in each communication.

3. Data protection rights

ISIC Portugal undertakes to respect the confidentiality of the user’s Personal Data and to guarantee the exercise of their rights. Users can exercise their rights of access, rectification, cancellation and opposition by sending an email to: dados@isic.pt, indicating the reason for the request.

If you decide to exercise these rights and one of the personal data provided is your email address, please specify this in your written request, indicating the email address from which you wish to exercise your rights of access, rectification, cancellation and opposition.

Your card will not be issued immediately. You must wait for the institution that granted you the discount to validate your request and, only after validation, can your card be issued (if you meet the requirements). Once approved and issued, you will receive an email with your card number.

We always suggest checking your spam folder to make sure you haven’t received the email with your new card details or any communication from ISIC Portugal.

If you have ordered a physical card, paid for it and have not yet received it at your address, please check the waybill sent by email and contact CTT for more information about sending your card.

4. Other Necessary Uses of your personal data

In order to fulfill the purposes set out in this Privacy Policy, it may be necessary for ISIC Portugal to process your Personal Data to the extent that it is directly related to each purpose.

It may also be necessary to transfer the user’s Personal Data to third parties that provide support services to ISIC Portugal, such as financial bodies, entities that combat fraud, providers of technological, logistical, transportation and delivery services, customer services and/or services for analyzing transactions carried out on the Platform with the aim of offering users sufficient guarantees within the scope of commercial operations, etc. For the purposes of service efficiency, the aforementioned employees and suppliers may be located in other countries or territories outside the European Economic Area, which do not offer the same degree of data protection as the user’s country or, as the case may be, the European Union.

By accepting this Privacy Policy, you expressly authorize us to process and share the Personal Data referred to above with ISIC Association, and/or to transfer your Personal Data to such service providers located outside the European Economic Area for the purposes set forth herein.

5. Definitions

This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration must be legible and understandable to the general public as well as to our customers and business partners. To ensure this, we would like to start by explaining the terminology used.

In this data protection declaration, we use the following terms, among others:

Personal data

Personal data means any information relating to an identified or identifiable natural person (“user”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

User

The user is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.

Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific user without recourse to supplementary information, provided that such supplementary information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

Data Controller or Controller or Controller responsible for processing

Data Controller or Controller or Controller responsible for processing is the natural or legal person, public authority, agency or other body which (alone or jointly with others) determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be indicated by Union or Member State law.

Data Processor or Processor or Processor

Data Processor or Processor or Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a specific inquiry in accordance with Union or Member State law should not be considered as recipients; the processing of such data by such public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

Third party

The third party is a natural or legal person, a public authority, an agency, or another body other than the user, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

Consent

User consent is any freely given, specific, informed and unambiguous indication of the user’s wishes – by means of a statement or by a clear affirmative action – expressing agreement to the processing of personal data relating to him/her.

6. Controller and Data Processors

Name and Address of the Controller

The controller, for the purposes of the General Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union and other provisions relating to data protection, is:

Pumpkintreasure, Lda.

Rua João Penha, 14- 3º D

1250-131 Lisbon, Portugal

Telephone: +351 213 461 383

E-mail: info@isic.pt

Website: https://isic.pt

Name and Address of Data Processors and Sub-Processors

ISIC Association

Nytorv 5

1450 Kobenhavn K

Denmark

Website: www.isic.association.org

ISIC Service Office

Starine Novaka 1,

Belgrade, 11000

Serbia

Email: info@isic.org

Website: www.isic.org

Amazon Web Services Inc

410 Terry Avenue

North Seattle

WA 98109

United States of America

Orchitech Solutions s.r.o.

Konevivi 2660/141

130 00 Prague 3

Czech Republic

Almouroltec – Serviços de Informática e Internet Lda dba PTisp

National Road Nº3

2250-028 Constância

Portugal

Telephone: 707 200 933

E-mail: helpdesk@ptisp.pt

Website: https://ptisp.pt

CTT – Correios de Portugal, S.A. – Public Limited Company

Avenida D. João II, nº. 13

1999-001 Lisbon

Portugal

Website: www.ctt.pt

CTT Expresso – Serviços Postais e Logística S.A.

Avenida D. João II, nº 13

1999-001 Lisbon

Telephone: 707 200 118

Website: http://www.cttexpresso.pt

Easypay – Instituição de Pagamento Lda

Rua Soares de Passos, 14 B

1300-537 Lisbon

Portugal

Phone: +351 213 617 930

Email: correio@easypay.pt

Masterway – Masterstrategy

Avenida 5 de Outubro, 125 – Piso 6

1050-052 Lisbon

Portugal

Phone: +351 217 960 398

Email: helpdesk@masterway.net

7. Cookies

ISIC Portugal’s web pages use cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Many websites and web servers use cookies. Many cookies contain a cookie ID, which is a unique identifier for the cookie. It consists of a string (i.e. a set of characters) that websites and servers can assign to the specific web browser in which the cookie is stored. This allows the websites and Internet servers visited to differentiate the user’s individual browser from other Internet browsers containing other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, ISIC Portugal can provide the users of the ISIC Portugal website with more user-friendly services that would not be possible without the cookie setting.

Through a cookie, information and offers on the ISIC Portugal website can be optimized with the user in mind. Cookies allow ISIC Portugal, as mentioned above, to recognize users of the ISIC Portugal website. The purpose of this recognition is to make it easier for users to navigate the ISIC Portugal website.

The user may, at any time, prevent the setting of cookies on the ISIC Portugal website by means of a corresponding setting of the Internet browser used and therefore permanently deny the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the user disables the setting of cookies in the Internet browser used, not all features of the ISIC Portugal website may be fully usable.

8. Data collection and general information

The ISIC Portugal website collects certain general data and information when a user or automated system accesses the ISIC Portugal website. This general data and information is stored in the server’s log files. The data collected may consist of:

browser types and versions used;
the operating system used by the system making the access;
the website through which the system reaches the ISIC Portugal site (the so-called referrer);
sub-websites;
the date and time of access to the website;
the Internet service provider of the system accessing the website;
any other similar data and information that may be used in the event of an attack on ISIC Portugal’s information technology systems.

By using this general data and information, ISIC Portugal does not draw any conclusions about the user. Instead, this information is necessary to:

deliver the content of the ISIC Portugal website correctly;
optimize the content of the ISIC Portugal website, as well as its advertising;
ensure the long-term viability of information technology systems and website technology;
provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

Therefore, ISIC Portugal analyzes the data and information collected statistically, with the aim of increasing the company’s data protection and security, and guaranteeing an optimal level of protection for the personal data it processes. Anonymous data from server log files is stored separately from all personal data provided by a user.

9. Subscribing to ISIC Portugal newsletters

On the ISIC Portugal website, users have the possibility to subscribe to the ISIC Portugal newsletter. The input mask used for this purpose determines which personal data is transmitted, as well as when the newsletter is requested from the controller.

ISIC Portugal regularly informs its customers and business partners via a newsletter about ISIC Portugal offers. The ISIC Portugal newsletter can only be received by the user if (1) he/she has a valid e-mail address, and (2) he/she signs up to receive the newsletter.

During newsletter registration, ISIC Portugal also stores the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the user at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the possible misuse of a user’s e-mail address at a later date and therefore serves the purpose of legal protection of the controller.

Personal data collected as part of a newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers may be informed by e-mail insofar as this is necessary for the operation of the newsletter service or a registration in question, as could be the case with modifications to the newsletter offer, or changing technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. Subscription to the ISIC Portugal newsletter may be terminated by the user at any time. Consent to the storage of personal data, which the user has provided in order to send the newsletter, may be revoked at any time. For the purpose of revoking consent, a corresponding address can be found in each newsletter. The user may also unsubscribe from the newsletter by communicating this wish to the controller.

10. Rastrection from Newsletter

The ISIC Portugal newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to allow log files to be recorded and analyzed. This enables a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, ISIC Portugal may see if and when an e-mail was opened by a user and which addresses in the e-mail were invoked by users.

Such personal data collected in the tracking pixels contained in the newsletters is stored and analyzed by the controller in order to optimize the sending of the newsletter, as well as to further tailor the content of future newsletters to the interests of the user. This personal data will not be passed on to third parties. The user has the right at any time to revoke the respective declaration of consent issued through the dual registration procedure. After a revocation, this personal data will be deleted by the controller. ISIC Portugal automatically considers a withdrawal from receiving the newsletter as a revocation.

11. Possibility of contact via website

The ISIC Portugal website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general electronic mail address (e-mail address). If a user contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject is stored automatically. This personal data transmitted voluntarily by the data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

12. Routine deletion and blocking of personal data

The data controller shall process and store the user’s personal data only for the period necessary to achieve the purpose of storage, or to the extent granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or other competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.

13. User rights

Right to be informed

Each user has the right – granted by the European legislator – to know how the personal data they provide will be used by the controller or processor.

This data protection declaration explains how all personal data collected by ISIC Portugal may be used.

If a user has any questions about how his/her personal data will be used, he/she may at any time contact our Data Protection Officer or another employee of the controller directly.

Right to confirmation

Each user has the right – granted by the European legislator – to obtain confirmation from the controller as to whether or not personal data concerning him/her is being processed.

If a user wishes to make use of this right of confirmation, he/she may at any time contact our Data Protection Officer or another employee of the controller directly.

Right of access

Each user has the right – granted by the European legislator – to obtain from the controller, at any time and free of charge, information about his/her stored personal data and a copy of this information. In addition, European directives and regulations grant the data subject access to the following information:

The purposes of the processing;
The categories of personal data concerned;
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
If possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to determine this period;
The existence of the right to request the controller to rectify or delete personal data, or to restrict the processing of personal data relating to the user, or to object to such processing;
The existence of the right to lodge a complaint with a supervisory authority;
When personal data is not collected from the user, any available information on its origin;
The existence of automated decision-making, including profiling, referred to in Articles 22(1) and (4) of the GDPR and – at least in such cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.

In addition, you have the right to obtain information about whether personal data is transferred to a third country or to an international organization. Where this is the case, the user has the right to be informed of the appropriate safeguards relating to the transfer.

If a user wishes to take advantage of this right of access, he/she may at any time contact our Data Protection Officer or another employee of the controller directly via email at dados@isic.pt or info@isic.pt.

Right of rectification

Each user has the right – granted by the European legislator – to obtain from the controller without undue delay the rectification of inaccurate personal data about him/her. Taking into account the purposes of the processing, the user has the right to complete incomplete personal data, including by submitting an additional declaration.

If a user wishes to make use of this right of rectification, he/she may at any time contact our Data Protection Officer or another employee of the controller directly via email at dados@isic.pt or info@isic.pt.

Right of erasure (Right to be forgotten)

Each user has the right – granted by the European legislator – to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay when one of the following reasons applies, provided that the processing is no longer necessary:

The personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
You withdraw the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR and there are no legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
Personal data has been processed unlawfully.
The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the provision of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by ISIC Portugal, you may, at any time, contact our Data Protection Officer or another employee of the controller directly. The Data Protection Officer of ISIC Portugal or another employee shall promptly ensure that the erasure request is complied with immediately.

If ISIC Portugal has made personal data available and is responsible for the deletion of personal data in accordance with Article 17(1), ISIC Portugal – taking into account available technology and implementation costs – shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that you have requested the deletion by those controllers of any links to, or copies or replication of, those personal data, unless the processing is necessary. The Data Protection Officer of ISIC Portugal or another employee will arrange the necessary measures in individual cases.

Right to restriction of processing

Each user has the right – granted by the European legislator – to obtain from the controller restriction of processing if one of the following conditions applies:

The accuracy of the personal data is contested by the user, for a period allowing the controller to verify the accuracy of the personal data.
The processing is unlawful and the user objects to the deletion of the personal data and requests the restriction of its use.
The controller no longer needs the personal data for processing purposes, but they are required by the user for the establishment, exercise or defense of legal claims.
The user has objected to the processing pursuant to Article 21(1) of the GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the user.

If one of the aforementioned conditions is met and you wish to request the restriction of the processing of personal data stored by ISIC Portugal, you may at any time directly contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of the ISIC Portugal or another employee will arrange the restriction of the processing.

Right to data portability

Each user has the right – granted by the European legislator – to receive the personal data concerning him/her, which has been provided to a controller, in a structured, commonly used and machine-readable format. He/she has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, by exercising your right to data portability in accordance with Article 20(1) of the GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and where doing so does not adversely affect the rights and freedoms of others.

To ensure the right to data portability, you may, at any time, contact our Data Protection Officer or another employee of the controller directly via email at dados@isic.pt or info@isic.pt.

Right to object

Each user has the right – granted by the European legislator – to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her on the basis of Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

ISIC Portugal shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the user, or for the establishment, exercise, or defense of legal claims.

If ISIC Portugal processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you contact ISIC Portugal to object to processing for direct marketing purposes, ISIC Portugal will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you by ISIC Portugal for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, you may at any time contact our Data Protection Officer or another employee of the controller directly. Furthermore, the user is free – in the context of the use of information society services and notwithstanding Directive 2002/58/EC – to use their right to object by automated means, using the technical specifications.

Automated individual decision-making, including profiling

Each user has the right – granted by the European legislator – not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion, or performance, of a contract between you and a data controller, (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for the conclusion or performance of a contract between the user and a data controller, or (2) is based on the user’s explicit consent, the controller must implement reasonable measures to safeguard the user’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention by the controller, to express his or her point of view, and to challenge the decision.

If a user wishes to make use of his or her rights regarding individual decision-making automatically, he or she may at any time contact our Data Protection Officer or another employee of the controller directly.

Right to withdraw consent to data processing

Each user has the right – granted by the European legislator – to withdraw their consent to the processing of their personal data at any time.

If the user wishes to exercise the right to withdraw consent, he/she may, at any time, contact our Data Protection Officer or another employee of the controller directly.

14. Children's privacy

ISIC Portugal is particularly concerned about protecting the personal data of children and adolescents, and therefore the ISIC Portugal Platforms and their content are not intended for children under 12 years of age.

If the user is under 12 years of age, the processing of their personal data is only lawful if and to the extent that consent is given or authorized by the holders of parental responsibilities for the child.

ISIC Portugal will not knowingly collect any personal data from children under the age of 12, or from minors between the ages of 12 and 16 without parental consent, nor will it knowingly allow such persons to register as users.

If the child’s parental responsibility holders become aware that their child under sixteen (16) years of age has provided ISIC Portugal with personal data without their consent, they should contact ISIC Portugal in order to give their consent or delete their data.

15. Data protection provisions on the application and use of Google Analytics (with anonymization functionality)}

On this website, the controller has integrated the Google Analytics component (with anonymization functionality). Google Analytics is a web analytics service. Web analytics is the collection, aggregation, and analysis of data about the behavior of visitors to websites. A web analytics service collects, among other things, data about the website from which a person came (the so-called referrer), which pages were visited, or how often and for what duration a page was viewed. Web analytics are mainly used for the optimization of a website and to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Anphitheatre Parkway, Mountain View, CA 94043-1351, United States of America.

For web analysis via Google Analytics, the controller uses the “anonymizeIp” feature. Through this feature, the IP address of the user’s Internet connection is obtained by Google and anonymized when accessing our website from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze traffic on our website. Google uses the data and information collected, among other things, to evaluate the use of our website and provide online reports showing the activities on our website and to provide us with other services about the use of our website on the Internet.

Google Analytics places a cookie on the user’s information technology system. The definition of cookies is explained above. By setting the cookie, Google is able to analyze the use of our website. With each call-up to one of the individual pages of this Internet website, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser on the user’s information technology system will automatically send data via the Google Analytics component for the purposes of online advertising and commission settlement for Google. In the course of this technical procedure, the Google company gains knowledge of personal information, such as the user’s IP address, which enables Google, among other things, to understand the origin of visitors and clicks and subsequently set commissions.

The cookie is used to store personal information, such as the time of access, the location from which access was made and the frequency of visits to our website by the user. With each visit to our website, such personal data, including the IP address of the Internet access used by the user, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on the personal data collected through this technical procedure to third parties.

The user may, as indicated above, prevent the setting of cookies on our website at any time by means of a corresponding setting of the web browser used and thus permanently deny the setting of cookies. This browser setting will also prevent Google Analytics from setting a cookie on the user’s information technology system. In addition, cookies already used by Google Analytics can be deleted at any time via the web browser or other software programs.

In addition, the user has the possibility of objecting to the collection of data generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google. To do this, the user must download a browser add-on from tools.google.com/dlpage/gaoptout and install it. This browser add-on informs Google Analytics – via JavaScript – that any data and information about web page visits cannot be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the user’s information technology system is subsequently deleted, formatted, or newly installed, the user must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on has been uninstalled by the user or by any other person who is attributable to their sphere of competence, or is deactivated, it is possible to carry out the reinstallation or reactivation of the browser add-on.

Further information and Google’s applicable data protection provisions can be found at www.google.com/intl/en/policies/privacy and at

www.google.com/analytics/terms/us.html.

Google Analytics is explained at www.google.com/analytics.

16. Legal basis for treatment

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party – as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service – processing is carried out on the basis of Article 6(1)(b) of the GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services.

If ISIC Portugal is subject to a legal obligation by which the processing of personal data is required – such as compliance with tax obligations – the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the user or another natural person. This would be the case, for example, if a visitor was injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, the processing would be based on Article 6(1)(d) of the GDPR.

Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds, if the processing is necessary for the legitimate interests pursued by ISIC Portugal or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the user that require protection of personal data. Such processing operations are particularly permissible because they were specifically mentioned by the European legislator, who considered that a legitimate interest could be assumed if the user is a customer of the controller (Recital 47 Phrase 2 of the GDPR).

17. Legitimate interests exercised by the controller or a third party

Where our processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business in favor of the well-being of all our employees and shareholders.

18. Period during which personal data will be stored

The criteria used to determine the storage period for personal data are the respective legal retention period. After the expiration of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment of the contract or the initiation of a contract.

19. Possible consequences of not providing personal data

Before personal data is provided by the user, the user must contact our Data Protection Officer. Our Data Protection Officer will explain to you whether there is an obligation to provide personal data, and the consequences of failing to provide personal data.

ISIC Portugal processes personal data in particular for the purposes mentioned below:

The issue and activation of ISIC, ITIC and IYTC cards;
Accessing and providing products and services to users;
Auditing, research and analysis to ensure the maintenance, protection and improvement of its services;
Sending information about ISIC Portugal services.

The User may choose not to provide ISIC Portugal with certain information, but this may result in the impossibility of using certain features, such as:

Issuing ISIC, ITIC or IYTC cards;
Sending ISIC, ITIC or IYTC cards;
Accessing the virtual ISIC, virtual ITIC or virtual IYTC card;
Receiving the ISIC Portugal newsletter;
Access to online benefits;
Participation in contests, promotions, surveys or sweepstakes;
Solving problems related to ISIC, ITIC or IYTC cards.

20. Advertising campaigns

If the user authorizes the use of their data for advertising purposes, ISIC Portugal will provide the user with information and communications relating to ISIC, via email and telephone.

Authorization for advertising purposes may involve the use of Personal Data in order to carry out personalized communication to the user via email and telephone.

If you are a registered user, to change your details or cancel your registration, fill in the form on the Data Management Request page.

At ISIC Portugal we understand that the use of your personal data requires your trust. We are subject to the highest privacy standards and will only use your personal data for clearly identified purposes and in accordance with your data protection rights.

The confidentiality and integrity of your personal data are our primary concerns.
This Privacy Policy sets out how PUMPKINTREASURE LDA, the exclusive representative of ISIC, ITIC and IYTC cards in Portugal and hereinafter referred to as ISIC Portugal, uses your personal data in connection with the card application.

1. Who is responsible for processing my personal data?

ISIC Portugal is responsible for processing your personal data from the moment you fill in the card application form until the moment you give your consent to subscribe to the ISIC Portugal newsletter.

2. How do you collect my personal data?

Your personal data will be collected and processed when you fill in the card application form and when you give your consent to subscribe to ISIC Portugal newsletters.

3. For what purposes and on what grounds can my personal data be used?

The personal data that ISIC Portugal collects by filling in the card application form is used for the following purposes:

To appear on your ISIC/ ITIC/ IYTC card;
Verifying the accuracy of the data provided for issuing the ISIC/ ITIC/ IYTC card;
To contact you if there is any doubt or any incorrect data that makes it impossible for ISIC Portugal to issue your card;
Send the ISIC/ ITIC/ IYTC card by e-mail, by registered mail to the address indicated on the card application form;
Issuing the invoice for your card;
Accessing and using your virtual card;
Benefit and use of online discounts;
Sending the ISIC Portugal newsletter.

4. What personal data can be collected?

The personal data that ISIC Portugal collects by filling in the card application form is as follows:

Your name and surname;
Gender
Nationality;
The name of the educational establishment where you study/teach (only for ISIC and ITIC cards);
Your date of birth;
The address to which the card should be sent;
A photograph;
Your telephone number;
Your email address;
An official document proving your name, surname and date of birth;
An official document proving your student/teacher status (only for ISIC and ITIC cards);
NIF;
Name of the holder of parental authority (in the case of applications for cards for children under 16);
Identification document of the holder of parental authority (in the case of applications for cards for children under 16).

5. How do you keep my personal data safe?

We use a variety of security measures, including encryption and authentication tools, to help protect and maintain the security, integrity and availability of your personal data.

Although data transmission over the internet or website cannot guarantee complete security against intrusion, ISIC Portugal and our service providers and business partners strive to implement and maintain physical, electronic and procedural security measures designed to protect your personal data in accordance with applicable data protection requirements. Among others, we have implemented the following:

Restricted personal access to your personal data only within the scope of the communicated purposes;
Transfer of collected data only in encrypted form;
Protection of information technology systems through firewalls to prevent unauthorized access to your personal data;
Permanent monitoring of access to information technology systems in order to prevent, detect and stop the misuse of your personal data.

6. How long do you keep my personal data?

We only keep your data for as long as is necessary for the purpose for which it was collected.

Once the maximum retention period has been reached, your personal data will be irreversibly anonymized (the anonymized data may be retained) or securely destroyed.

For the purposes described in this Privacy Policy (requesting a card and sending a newsletter) your personal data will be stored:

In the ISIC Portugal card issuing system database

- After the card has been issued, up to 1 (one) month after its expiry date;
- After applying for a card, without payment, for 1 (one) month after the date of application;

In the ISIC Association Central Database

- For 6 (six) months after your card expires;

ISIC/ ITIC Newsletter

- Until you withdraw your consent.

7. Who can you share my personal data with?

ISIC is a global company. As such, your personal data may be shared with the ISIC Association and/or may be transferred to such service providers located outside the European Economic Area for the purposes set out herein, however ISIC Portugal guarantees that your personal data will only be processed for the purposes described in this Privacy Policy.

We guarantee that your personal data will be processed in accordance with appropriate security measures.
Your personal data is stored on the secure servers of our suppliers/service providers and is accessed and used only in accordance with our policies and standards (or equivalent policies and standards of our suppliers/service providers), which may include access by ISIC partners to the data necessary to provide access to the product required by the cardholder, namely the status of your card (valid or invalid).

* ISIC Portugal and Data Protection Officer Contact Details

ISIC Portugal

Data Protection Officer

dados@isic.pt
ISIC Portugal customer service

Telephone line: 213 461 383, available on working days from 10:00 to 13:00 and 14:30 to 17:00

E-mail: info@isic.pt

8. How can I change or withdraw my consent?

You can, at any time, change or withdraw your consent, with effect for the future, however, this may result in the impossibility of using certain functionalities, such as:

Access to the virtual card;
Receiving the ISIC Portugal newsletter;
Access to online benefits;
Participation in contests, promotions, surveys or sweepstakes;
Assistance and resolution of problems related to your card.

To withdraw your declarations of consent submitted to ISIC Portugal, simply access the data management request form, fill in your personal details and submit your request. The last Data Management Request Form submitted to ISIC Portugal will prevail over all previous ones.

Consent granted to ISIC Portugal may be withdrawn by submitting the Data Management Request Form at https://www.isic.pt/pt/pedido-de-gestao-de-dados.html, by contacting ISIC Portugal Customer Service at 213 461 383, by post (ISIC Portugal, Rua João Penha, 14- 3º D, 1250-131 Lisboa) or by e-mail at dados@isic.pt.

You can also remove unprinted data on the isic.pt website in the area for your card at https://www.isic.pt/pt/o-meu-cartao.html.

9. Get in touch with us

If you have any questions about our use of your personal data, you should first contact our customer service department. Additionally, you can contact the Data Protection Officer.

Subject to certain conditions, you may have the right to ask us to:

provide you with additional information about our use of your personal data;
provide you with a copy of the personal data you have provided to us;
provide the personal data you have provided to us to another controller at your request;
update any inaccuracies in the personal data we hold;
delete personal data whose use is no longer legitimate;
limit the way we use your personal data until the complaint has been investigated.

Your exercise of these rights is subject to certain exceptions designed to safeguard the public interest (prevention or detection of crime) or our interest (maintaining professional secrecy).

If you exercise any of these rights, we will analyze them and respond within a maximum of one (1) month.

If you are dissatisfied with our use of your personal data or with our response after exercising any of these rights, you have the right to lodge a complaint with the supervisory authority (Comissão Nacional de Proteção de Dados – CNPD | Rua de São Bento, n.º 148, 3º, 1200-821 Lisboa | Tel: 351 213928400 | Fax: +351 213976832 | e-mail: geral@cnpd.pt).

1. terms and conditions of use of the Platform

Article 1.1. Object-scope of application and acceptance of the Terms and Conditions of Use

These terms and conditions (hereinafter referred to as “Terms”) regulate access to and use of the ISIC Portugal website, owned by Pumpkintreasure, Lda. the exclusive representative of the ISIC, ITIC and IYTC cards in Portugal, with registered office at Rua João Penha, 14- 3º D, 1250-131 Lisboa and tax number 510 583 628, hereinafter referred to as “ISIC Portugal” and the ISIC APP, owned by the ISIC Association, a non-profit organization registered in Denmark and of which Pumpkintreasure, Lda. is a member.

Access to and use of the ISIC Portugal website, the ISIC, ITIC and IYTC cards and the ISIC APP is the sole responsibility of the user, who is subject to acceptance of these terms and conditions of use, the privacy policy and data processing transcribed herein. The use of the ISIC website, the ISIC, ITIC and IYTC cards and the ISIC APP, as well as the relations between ISIC Portugal and users are governed by the applicable Portuguese legislation.

Article 1.2. ISIC, ITIC and IYTC cards and their services are reserved for personal use.

The allocation of an ISIC card to a bearer is individual, subject to verification of the user’s student status, according to the current academic year, verification of personal data, such as name, surname and date of birth, and the provision of an identity photograph and payment of the requested amount.

The allocation of an ITIC card to a holder is individual, subject to verification of the user’s teaching status according to the current school year, verification of personal data such as name, surname and date of birth, and the provision of an identity photograph and payment of the requested amount.

The allocation of an IYTC card to a holder is individual, subject to verification of personal data such as name, surname and date of birth, and the provision of an identity photograph and payment of the requested amount.

The use of ISIC services (ISIC Portugal website, ISIC, ITIC and IYTC cards and ISIC APP) is available for personal use by the user. The user may not use the ISIC services without authorization to sell products or services, nor to increase traffic to a third-party website for commercial reasons (sales, promotion, advertising, etc.), nor for personal gain.

Under no circumstances will the user use ISIC content, reuse and display or reproduce ISIC pages on a third party site. If a user wishes to incorporate or reproduce ISIC content on another site, they should contact ISIC Portugal: info@isic.pt.

If a user wishes to advertise or present any content or information of a commercial, promotional or advertising nature, they should contact ISIC Portugal: info@isic.pt.

Article 1.3. Changes to ISIC Portugal’s terms and conditions and services

ISIC Portugal reserves the right to change these Terms, or revise the Privacy Policy and data processing herein whenever it sees fit, with or without prior notice. Click on the “Terms and Conditions of Use” located on the ISIC Portugal website to consult its current version. The most current version of the Terms replaces all previous versions.

If you do not agree to these Terms, do not use ISIC services. These Terms and the Privacy Policy constitute a contract between you and ISIC Portugal and apply to your use of the ISIC Portugal website, the ISIC, ITIC and IYTC cards and the ISIC APP. It is the user’s responsibility to read and review them whenever they access the ISIC Portugal website, the ISIC APP and use the ISIC, ITIC and IYTC cards, in order to be aware of any changes made, as they affect their rights.

Article 1.4. ISIC Portugal’s responsibility for content

The contents of the ISIC Portugal website and the ISIC APP, including, without limitation, images, texts, software, photographs, sound, music, videos, interactive resources and the like (“Content”), trademarks and logos (“Trademarks”), or any other industrial or intellectual property rights contained therein, are the property of ISIC Portugal, and their use by unauthorized third parties is expressly prohibited. The content of the ISIC Portugal website and the ISIC APP is provided for information and personal use only and may not be used, copied, reproduced, distributed, transmitted, disseminated, sold, licensed or otherwise exploited for any other purpose without the prior written consent of the respective owners. The user declares not to use, disable or interfere with security-related features of the ISIC Portugal website and the ISIC APP.

The user may, however, print material contained on the ISIC Portugal website and in the ISIC APP, provided that it remains unchanged, is for personal and non-commercial use, and retains the source and copyright indication, and provided that any other indication of ownership is not removed.

Nothing on the ISIC Portugal website and the ISIC APP should be interpreted as granting any kind of license or other authorization for use to its users.

The ISIC Portugal website and the ISIC APP may contain images or other materials whose copyright belongs to third parties, such as partners or other entities that contribute to their creation or maintenance (e.g. stock photos).

Although the personal data provided to ISIC Portugal is covered by the privacy and data processing policy set out in these Terms, any information or other content that the user transmits through the ISIC Portugal website and the ISIC APP, whether by email, sending files or otherwise, will be considered non-confidential and non-reserved.

The user agrees that use of the ISIC Portugal website and the ISIC App is at the user’s own risk. To the fullest extent permitted by law, ISIC Portugal disclaims all warranties, express or implied, with regard to the use of the ISIC Portugal website and the ISIC APP. ISIC Portugal does not guarantee the correctness or accuracy of the content made available on the ISIC Portugal website and the ISIC APP, and assumes no responsibility or liability for any (i) errors or inaccurate content, (ii) personal injury or property damage of any kind resulting from access to and use of the website and application, (iii) unauthorized access to or use of our secure servers and/or personal and/or financial information stored on them, (iv) interruptions or cessation of transmission to or from our website, (iv) errors, viruses, trojan viruses or similar that may be transmitted to or through the ISIC Portugal website or the ISIC APP, and/or (v) errors or omissions in the content or any loss or damage incurred as a result of the use of content published, sent, transmitted or made available through the website (vi) unavailability or any difficulty or inability to download or access the content or any other failure in the communication system that may result in the unavailability of the ISIC Portugal website and the ISIC APP. ISIC Portugal shall not be liable for any assistance or maintenance of the ISIC Portugal website and the ISIC APP.

ISIC Portugal reserves the right to make changes and corrections, change the name, suspend or close the ISIC Portugal website and the ISIC APP when it deems appropriate and without prior notice to users.

ISIC Portugal assumes no responsibility or liability for content transmitted between users or between users and any third parties outside this website.

To the extent permitted by law, ISIC Portugal and all its legal representatives, directors, employees or others who in any way act on behalf of and represent ISIC Portugal, as well as any other party involved in the creation, production, maintenance or implementation of the ISIC Portugal website and the ISIC APP, shall not be liable to any user of the ISIC Portugal website and the ISIC APP, for any possible damage, loss or injury (including any loss of profit and moral damages, any indirect, incidental or consequential loss) arising from the correct or incorrect use of the ISIC Portugal website and the ISIC APP and its content, from access to the user’s computer, mobile phone/smartphone or tablet or computer system by third parties, or from any viruses, etc.

The ISIC Portugal website and the ISIC APP contain links to third-party websites. These links are provided solely for convenience and easier access by the user. The existence of these links does not mean that ISIC Portugal has any rights over the content of these sites. ISIC Portugal does not verify their content and is not responsible for the content of any of these sites or for any fact arising from their use or viewing, nor does it verify that they are free of any viruses or other items that may cause damage to the user. Accessing and visiting any of these third-party websites is done at the user’s own risk, and the user is responsible for any use and/or the consequences thereof.

The use of the ISIC Portugal website and the ISIC APP for illegal purposes or any other purposes that may be considered unworthy of the image of ISIC Portugal is expressly prohibited. Usurpation, counterfeiting, use of usurped or counterfeited content, illegitimate identification and unfair competition are criminal offenses.

Users are also prohibited from creating or introducing into the ISIC Portugal website and the ISIC APP any type of virus or program that damages or contaminates them, or advising third parties to do so. Any such infraction shall be punishable under the terms of the law.

The ISIC Portugal website is controlled and offered by ISIC Portugal from its premises in Portugal. ISIC Portugal does not guarantee that the ISIC Portugal site will be available for use in other locations. Anyone accessing or using the ISIC Portugal site from other jurisdictions does so on their own initiative and is responsible for compliance with local laws.

2. General Conditions of Purchase and Use of ISIC/ ITIC/ IYTC Cards

The purpose of these General Conditions of Purchase and Use (hereinafter the “Conditions”) is to disclose and determine in full the fundamental information for the user on the procedures for the purchase of ISIC, ITIC and IYTC cards made on the isic.pt domain, as well as the use of the isic.pt website, owned by Pumpkintreasure, Lda, the exclusive representative of the ISIC, ITIC and IYTC cards in Portugal, with registered offices at Rua João Penha, 14- 3º D, 1250-131 Lisboa and tax number 510 583 628, hereinafter referred to as “ISIC Portugal”.

ISIC Portugal asks the user to carefully read the conditions, cookie policies and privacy policy before using this website.

By using this website or applying for a card online through it, the user, as a private individual, non-professional or trader, adult or holder of parental authorization, who has full and complete legal capacity to contract and apply for a card online on the isic.pt website, is aware that he/she must comply with these conditions and our privacy policies. Therefore, if you do not agree with all the conditions and privacy policies, you should not use this website.

The following terms will be used in this document:

Users: Any identified or identifiable natural person who purchases an ISIC, ITIC and/or IYTC card in accordance with these Conditions.
ISIC: International Student Card, a document issued by the international organization ISIC, which proves the holder’s student status. It is valid for any student studying at least 15 hours a week for a minimum of 12 weeks a year in an establishment recognized by the Ministry of Education.
ITIC: International Teacher’s Card, a document issued by the international organization ISIC, which proves the holder’s status as a teacher. It is valid for any teacher who teaches in an educational establishment recognized by the Ministry of Education.
IYTC: International Youth Travel Card, a document issued by the international organization ISIC, which proves the holder’s status as a young person up to the age of 30.
Online card request: Form available on the ISIC Portugal website for the user to purchase an ISIC, ITIC and IYTC card.
Issuing the card: Placing the user’s data on the ISIC, ITIC or IYTC card by ISIC Portugal.

Scope of the Contract

The following Conditions apply to the application for ISIC, ITIC and IYTC cards through the isic.pt domain, guaranteeing the sending of cards in Portugal, mainland and islands.

When applying for a card online, it is essential to fill in the card application form on the isic.pt domain beforehand, in order to guarantee the veracity of the data provided and its use in the card issuing/billing/sending process.

ISIC Portugal reserves the right to cancel a user’s card application if fraudulent acts, data or information are detected in their use of this service.

Online Card Application

2.1 Applying for a card online

The ISIC, ITIC and IYTC cards on the isic.pt domain are only available for sale in Portugal (Mainland and Islands).

To place an order on the isic.pt domain, the user will need to follow the procedure below:

Select the type of card you wish to order;
Fill in the card application form on the isic.pt domain, registering with correct and truthful information and being able to access and update their personal data before the card is issued. It is necessary to enter personal data on the card application form in order to proceed with the card application;
Upload the document proving your student/teacher status;
Upload a document proving your date of birth;
Upload a passport photo;
Upload a data processing authorization document for children under 16, where applicable;
Fill in all the mandatory fields and choose the desired shipping method;
Accept the General Conditions of Sale Policy.

At the end of the card order, you will be shown a screen with the order confirmation and details. You will also receive an automatic email containing the information.

By submitting your card order, you agree to these Terms and Conditions, as well as the Privacy Policy.

Cancellation and Returns

3.1 Cancellation of the card application by ISIC Portugal

ISIC Portugal reserves the right not to issue cards unless they have actually been paid for, or if the data and documents submitted on the card application form are incomplete, incorrect or do not meet the requirements for issuing the card. Card applications that are not actually paid for or do not meet the requirements for issue will be deleted within 30 days. If the requirements for issuing the card are not met and the card has been paid for, the user will be refunded the amounts paid within a maximum of 30 days from the date of cancellation, provided that they provide the necessary information for the refund to be processed.

3.2 Cancellation of the card order by the User

The cancellation or refund process is handled on a case-by-case basis by ISIC Portugal.

The user can cancel their card order, as long as the card has not yet been issued, by sending their request in writing to the email address info@isic.pt with the reason for cancellation, attaching or forwarding the card order confirmation email, within 5 days of the card order. Instructions for canceling or returning the card application will be answered and defined by ISIC Portugal, by the same means of communication.

Whenever possible, the refund should be made by the same payment method, but if this is not possible, the user must provide proof of payment and proof of account or card ownership, so that the refund can be made by Bank Transfer.

Whenever cancellation is possible, ISIC Portugal undertakes to reimburse the User within a maximum of 30 days.

3.3 Return for withdrawal

The user will not be able to return the product once the card has been issued.

3.4 Returns due to errors or defects

In the event of an error or defect in the card, for which ISIC Portugal is responsible, the user has the right to have it replaced free of charge. The replacement by ISIC Portugal must be made within a maximum of 30 days.

The user must report the error or defect of the card within 5 working days of receiving it, at info@isic.pt.

Prices

The price of ISIC, ITIC and IYTC cards may vary depending on current campaigns. In this sense, the price for each card is the one indicated on the isic.pt domain, in Euros and applicable on the date the order is placed. Each price already includes VAT (Value Added Tax), i.e. it is presented in P.V.P. (Public Sale Price) mode.

The reduced prices shown on the isic.pt domain are exclusive to the ISIC Portugal website and are not applicable in ISIC issuing offices.

At any time and without prior notice, ISIC Portugal reserves the right to make any changes it deems necessary and may update prices in line with new developments and campaigns. However, with each order placed and registered in the online card ordering system, the card and postage prices will remain unchanged by the online sales contract at the date and time the order is closed.

Payment methods

Online purchases of ISIC, ITIC and IYTC cards on the isic.pt, ISIC Portugal website can be made using the following payment methods via Easypay – Instituição de Pagamento, Lda:

Credit Card (VISA, MasterCard);
Multibanco reference;
Bank transfer.

In the case of payment by credit card, the debit will be made to the User’s card immediately after confirmation of the data submitted via the order form.

During the purchase process, the user can choose the payment method that best suits them, and the value of their order will not be modified by the choice of payment method.

If the user chooses the Bank Transfer payment method, after making the transfer, the user must send proof of the transfer to the email address pagamentos@isic.pt.

Suppliers or issuers of means of payment may accept anti-fraud measures that lead to the rejection of certain types of transactions, to which ISIC Portugal is oblivious insofar as these are security policies of the financial partners.

Shipping

The cards will be sent within 5 working days of the validation of the documents and data submitted in the online card application and issuance of the card. Delivery is made by CTT – Correios de Portugal S.A.

The user can choose between the following delivery methods:

Delivery by e-mail (virtual card)
Sending by registered mail

Delivery is made by CTT – Correios de Portugal S.A.

When sending by registered mail, delivery times to destinations in mainland Portugal can vary between 2 (two) and 3 (three) working days after the card has been issued.

The estimated average time starts counting from the moment the card payment is received by ISIC Portugal and the customer is notified by email. For deliveries to Madeira and the Azores, the user should contact ISIC Portugal at info@isic.pt. In exceptional situations, the order may be delivered within a longer period of time and up to 30 days after placing the order.

When ordering a card, the user must indicate the shipping address and is entirely responsible for the data provided. If the user wishes to indicate a different billing address, they must inform ISIC Portugal via the e-mail address info@isic.pt, indicating the same address.

Promotional Codes (Vouchers)

The ISIC Portugal voucher consists of a promotional code with a limited validity, assigned by ISIC Portugal and made available through the isic.pt domain, with a specific value, which can be discounted when ordering a card online.

Whenever there is a campaign running on the site, its specific conditions, such as user eligibility, duration, exclusions, among others, will be duly detailed on the respective campaign page. Online campaigns and promotional codes are only valid for card orders placed on the isic.pt domain.

Changes

ISIC Portugal may, at any time and without prior notice, modify these conditions or introduce new ones by publishing them on the isic.pt domain, so that the user is aware of them when they access them and before using them.

Once the changes have been made, validation of the order will signify the user’s acceptance of the modified conditions.

Exclusion of Guarantees and Liability

Regardless of the rigor applied in updating the isic.pt domain, it is possible that there may be unintentional errors in the information presented about the products, and ISIC Portugal reserves the right to cancel the user’s order if this occurs.

ISIC Portugal will only be held liable for any damages that the user may suffer as a result of the online sales service when these are attributable to wilful misconduct on the part of ISIC Portugal, and the user acknowledges and accepts that the use of this service is carried out under their sole responsibility and risk. In jurisdictions that do not allow the exclusion and limitation of certain guarantees, ISIC Portugal’s liability will be limited to the extent permitted by law.

Processing of Personal Data

The information or data provided by the user will be processed in accordance with the provisions of the Privacy Policy. By using this website, the user consents to the processing of said information and data and declares that all the information or data provided is true and corresponds to reality.

Intellectual Property

ISIC Portugal holds the intellectual property rights to the content published on the isic.pt domain, which is not supplied externally and is duly identified as such, directly or through an exclusive exploitation license, as well as the products marketed here, which are intellectual and creative works specifically protected by the various branches of intellectual law, commercial and competition rules and other applicable legislation.

Any unauthorized use by third parties of the aforementioned intellectual property rights, in any context and for any functionality, will be subject to the legally prescribed and applicable consequences. The contents of the domain may only be used for personal use. No part of the domain may be reproduced for sale or distributed for commercial gain, nor may it be modified or incorporated into any other work, publication or web domain.

Liability

For all stages of access to the isic.pt online page, the card application process, shipping, Customer Service or subsequent services, ISIC Portugal only bears the obligation of the medium. Consequently, ISIC Portugal’s liability cannot be compromised for all inconveniences or damages inherent to the use of the Internet network, namely a disruption of the service, an external intrusion or the presence of computer viruses or any event qualified as force majeure, in accordance with the applicable legislation.

Furthermore, ISIC Portugal shall not be held liable in the event that the cards are not delivered or if they are prevented from fulfilling any of their obligations due to a case of force majeure and, in particular, in the event of bad weather preventing the order from being forwarded.

Completeness

In the event that one of the clauses of this contract is declared null and void by a change in legislation, regulation or a court decision, this shall in no way affect the validity and compliance with all the other provisions of these General Conditions of Use and Online Sale.

Duration

These General Conditions of Use and Online Sale shall apply for as long as the services and products offered by ISIC Portugal are available online.

For matters not specified in these Conditions, the content of ISIC is subject to the terms and conditions of the International Organization ISIC Association.

User Support

The User Support Service works in your interest to clarify any doubts, suggestions, complaints or queries, also regarding online card applications. You can use the following contact details:

By e-mail to: info@isic.pt
Via the form available on the ISIC Portugal website
By telephone: Customer Helpline – 213 461 383 – Working days from 10.00-13.00H | 14.30-17.00H
By letter to the following address:

ISIC Portugal

Rua João Penha, 14- 3º D

1250-131 Lisbon

Portugal

ISIC Portugal will work to respond to your request as quickly as possible, and always within less than 30 days.

Disputes

Use of the isic.pt domain is subject to these Terms and Conditions of Use and Online Sale and to Portuguese law.

In the event of a dispute, ISIC Portugal and the user must resolve the situation amicably, within the framework of a conventional mediation procedure or any other alternative means of resolution. In the event of failure, the courts of the district of Lisbon shall have jurisdiction, expressly waiving any other jurisdiction, to settle any dispute.