Terms of Use and Privacy Policy

1. Scope and Acceptance

This document regulates the Terms of Use and the Privacy Policy of the website of the Conservatório de Música de Loulé – Francisco Rosado (hereinafter "CML-FR" or "Conservatório"), in accordance with Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR) — and applicable national legislation.

By browsing this site, the user expressly accepts and agrees to be bound by these Terms. If you do not agree with any part of this document, you should refrain from using the portal.

2. User Responsibility

The user will be entirely responsible for the access and correct use of this site, submitting to the applicable current legislation — national or international —, as well as to the principles of good faith, morality, and public order. The user undertakes to use the site and its contents prudently, in accordance with the possibilities and purposes for which it was designed.

The CML-FR will not assume any responsibility, direct or indirect, derived from the incorrect use of the site or its contents, the user assuming, under their sole responsibility, the consequences, damages or actions that may result from their access or use of the site and the contents hosted therein, or from accessing content inserted on other sites, as well as its reproduction or communication.

3. Intellectual Property and Copyright

The content included on this site may be subject to exclusive industrial or intellectual property rights belonging to the Conservatory or other entities. It is expressly forbidden to copy, reproduce, modify, display, transmit or disclose, in any form or for any purpose, the content of this site, as well as intangible assets subject to exclusive rights.

Registered trademarks, product names, company names or logos mentioned on the site belong to their respective owners. Any reference to products, services, or processes does not constitute endorsement, sponsorship, or recommendation by CML-FR.

The text, information or any data contained on this site are for exclusively informational purposes, and do not, under any circumstances, constitute an offer.

It is, however, permitted to quote part of the texts published on this site, provided that the source is duly identified.

4. Disclaimer of Technical Liability

CML-FR, or any of its employees, collaborators, agents, suppliers or content licensors, does not guarantee that the site will be uninterrupted or error-free; nor does it offer any guarantee regarding the results obtained from its use.

No person or entity involved in the creation, production, or distribution of this site, or its software, shall be liable for any losses and damages, direct or indirect, arising from its use. This exclusion of liability applies to any losses caused by performance failure, error, omission, interruption, deletion, delay in operation or transmission, computer virus, communication breakdown, unauthorized access, or alteration of data.

5. Collection and Processing of Personal Data

5.1 Purpose and Legal Basis

CML-FR collects personal data only when voluntarily provided by users through the forms available on the portal (contact, registrations, application submissions) or through subscribing to our newsletter.

The legal basis for processing is the explicit and informed consent of the data subject (Article 6(1)(a) of the GDPR).

5.2 Local-Only Storage

All personal data collected on this portal is stored exclusively on CML-FR's own servers, in Portugal. We do not share, sell, or transfer personal data to external third-party services, SaaS communication platforms (such as Mailchimp, Sendgrid, or similar), or any other entity outside our institutional infrastructure.

Data collected in forms are stored in our internal database, being accessible only to authorized staff of the Conservatory. Newsletter subscriptions are managed through our own email sending system, also hosted on our servers.

5.3 Virtual Artificial Intelligence Assistants

Our portal provides conversational assistants based on Artificial Intelligence (AI). To protect your privacy, all submitted messages are subject to an automatic personal data anonymization filter (PII Scrubbing) before any processing. This filter automatically detects and removes information such as tax identification numbers (NIF), bank account numbers (IBAN), and direct contact details (phone numbers, email addresses) that may be inadvertently included in the messages.

Conversation records are retained for the following periods for security and compliance audit purposes:

Public assistants: 365 days from the date of the conversation.

Internal assistants (restricted area): 730 days from the date of the conversation.

Upon expiry of this period, the records are automatically deleted from our systems.

5.4 Newsletter Tracking and Statistics

Our newsletters contain a "tracking pixel" (an invisible image) and formatted links that allow us to know if emails have been opened and which hyperlinks have been clicked. We use this data, as well as information about the type of device used, exclusively for statistical purposes, to understand what interests our community and to improve the quality of the communication and content we send. By subscribing to our newsletter, you are consenting to this collection of performance and interaction data. This tracking is done internally and the data is not shared with external entities. You can unsubscribe and revoke this consent at any time.

5.5 Whistleblowers Channel (MENAC) The Complaints Channel (MENAC) was designed to ensure total anonymity for anyone submitting a report. The application does not record, store, or transmit any data to the monitoring system (Sentry) that could identify the author of a report, including IP addresses, individualized timestamps, or browsing metadata. Technical infrastructure logs generated by the network server are retained exclusively on the institutional server, with access restricted to the platform’s technical administrator; these logs are not accessible to the management or staff of CML-FR. The legal basis for this processing is established under Decree-Law no. 109-E/2021, of December 9 (MENAC), in its most current version, in conjunction with Law no. 93/2021 — General Regime for the Protection of Whistleblowers.

6. Cookie Policy

6.1 What are Cookies?

A cookie is a small text file that the server stores on your device when you visit a website. It serves to make navigation faster and more personalized between visits.

6.2 Essential and Technical Cookies (do not require consent)

These cookies are strictly necessary for the correct functioning of the portal. They do not collect information that individually identifies the user and cannot be disabled without compromising the site's functionality.

CookiePurposeDurationcsrftokenSecurity protection against CSRF attacks in forms (Django)1 yearsessionidMaintenance of the authenticated session (reserved area)SessionthemeStores visual theme preference (light/dark)1 year

Our frontend also uses your browser's Local Storage (it is not a cookie, but local storage) to save page display preferences (e.g., grid or list view). This information remains only on your device and is never sent to our servers.

6.3 Analytical Cookies — Google Analytics 4 (require consent)

We would like to use Google Analytics 4 (GA4) to understand, anonymously and in aggregate, how the portal is used, with the aim of continuously improving it.

To ensure compliance with the RGPD, we have implemented the Google Consent Mode v2 in the most restrictive configuration (Strict Mode):

By default, GA4 is completely blocked. No analytical cookie (such as the _ga) is installed on your device without your explicit consent.

The consent banner that appears on your first visit allows you to choose: to only accept essential cookies, or to also accept analytical ones.

If you choose "Only Essentials", GA4 can continue to send anonymized and individually unidentifiable counting pings (cookieless mode), but without planting any cookies on your device.

If you choose "Accept All", GA4 activates full tracking, with _ga and _gid cookies managed by Google.

You can change your decision at any time through the "Manage Cookies" link available in the footer of the site.

For more information about Google's privacy policy, visit policies.google.com/privacy.

7. Links to Third-Party Sites

This site may contain links to other websites on the Internet. By following these links, the user may receive cookies from third-party servers.

CML-FR is not responsible for the terms of use, privacy policy, form, content, or practices of these external sites. We do not exercise any control over the processing of personal data, content, products, and services offered by third parties through the hyperlinks provided. The use of information obtained through them is done under the sole responsibility and risk of the user.

8. User Rights (GDPR)

Under the terms of the GDPR, every user has the following rights regarding their personal data:

Right of Access: Request information about the data we hold about you.

Right to Rectification: Correct inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): Request the deletion of your personal data from our systems.

Right to Object: Object to the processing of your data for certain purposes.

Right to Data Portability: Receive your data in a structured and readable format.

8.1 How to exercise your rights — Guest Users

If you have submitted a contact form or subscribed to our newsletter and wish to exercise any of the above rights, you can contact us via the email address direcao@conservatoriodeloule.pt, identifying the request and the data concerned. We will respond within a maximum of 30 days.

8.2 How to exercise your rights — Internal Users (Teachers and Staff)

If you are a user with an account for the institutional portal (teacher, staff member, or collaborator) and wish to exercise your Right to be Forgotten, namely the anonymization or complete deletion of your account and associated data in the system, you should:

Send a formal request by email to: direcao@conservatoriodeloule.pt
The request must include: full name, identification of the position or role, and an express declaration of consent for the irreversibility of the anonymization process.

The anonymization of an internal account is an irreversible process that includes the deletion of profile data, session history, and associated activity logs. The request will be processed by the Directorate within a maximum period of 30 days.

9. Changes to this Document

The present Terms of Use and Privacy Policy are subject to review, modification, or update at any time. The date of the last update will always be displayed at the top of this page. We encourage you to review this page regularly to remain informed of any changes.

Conservatório de Música de Loulé – Francisco Rosado, March 2026

Also access the "Privacy and Personal Data Protection Policy" of the Conservatory, as an institution, available as Annex VII of the Internal Regulations.