Privacy Policy

The EDP Group (or EDP) is committed to respecting the privacy of data owners and protecting their personal data. As such, data owners are informed about how EDP collects, processes and protects their personal data.

Data owners are advised to read this privacy policy carefully. It has been drafted in clear and simple language, for ease of comprehension, so that users can decide freely and voluntarily if they wish to provide EDP with their personal data.

Data owners must therefore confirm that they are of legal age, that the data they provided are true, accurate, complete and up to date and that they accept full responsibility for any direct or indirect damage or loss caused by breach of this obligation. If the data provided belong to a third party, users of the complaints form must guarantee that they have informed the third party about the conditions set out in this document and that they have been authorized to provide EDP with the data for the purposes indicated.

1. Scope and Liability

This privacy policy applies to all personal data collected on the ethical complaints registration form.

The entity responsible for processing the data is EDP Energias de Portugal, S.A., as the parent company of the EDP Group, through the “EDP Office of the Ethics Ombudsman”, hereafter the OEO.

You may contact the OEO about any matter related to this privacy policy, through the following contact points:

 
2. Purposes of processing and legal basis

Data owners are informed that the personal data collected through the form will be processed by the OEO in order to analyse and respond to the complaint, on the basis of the authorisation granted by the owner by sending the complaint to the OEO and asking for it to be assessed. 
The data will always be processed in accordance with applicable legislation and when the fundamental rights and freedoms of the owner do not prevail over the above-mentioned legitimate interests.  
 
3. Data Communication

The user is informed that their personal data may be sent to the EDP entities identified in the Code of Ethics regulations. The entities undertake to process the personal data exclusively and solely for the above-mentioned purposes.  
 
4. International data transfers

The OEO shall process all of the owner’s data in the European Economic Area (EEA) and does not plan any international data transfer.

5. Retention period

Data collected shall be held no longer than 10 years from the closure of the complaint processes, notwithstanding the possibility of the OEO holding them for longer in fulfilment of legal obligations.  
 
6. Rights of data owners

The owner may, freely and at any time, exercise their rights of access, rectification or deletion, objection, limitation and portability of their data under current legislation, by contacting the OEO as provided in current legislation.

In any event, owners are informed that if they believe that the OEO has infringed their rights under applicable data protection law, they may file a complaint with the appropriate Supervisory Body.

For any question related to this privacy policy, the owner may also contact EDP’s Data Protection Officer (DPO), whose contact details are:

7. Required data  

Data fields marked with an asterisk (*) on the forms provided by the OEO are required fields for analysis of the matter reported. As such, if the data owner fails to complete these fields, the OEO shall not address the request.

8. Automated Decisions

The OEO does not take automated decisions based on the processing of the data.  
 
9. Personal data protection measures

The OEO assumes a commitment to protection of the personal data sent to it. As such, several security measures, of a technical and organizational nature, have been taken in order to protect the personal data provided against dissemination, loss, improper use, alteration, processing or unauthorized access and against any unlawful process.

Notwithstanding the security measures adopted, as Internet users, visitors to the website must always adopt additional security measures, notably to ensure that they are using PCs and browsers updated with suitably configured security patches, an active firewall, antivirus and antispyware and they must ensure the authenticity of the websites they visit and avoid untrustworthy websites.

10. Cookies

The ethical complaints form does not use cookies.