E-REDES

Privacy policy

Digital Channel Privacy Policy

1. Object

This Privacy Policy governs the processing of personal data on the E-REDES Portal (accessible here, also referred to as “Portal”) and the E-REDES App (downloadable here or here, also referred to as “App”). The Portal and the Reserved Area are collectively referred to as “Digital Channels”.

E-REDES – Distribuição de Eletricidade S.A. (also referred to as “E-REDES”), legal entity number 504 394 029, with registered office at Rua D. Luís I, n.º 12, 1249-008 Lisboa, is responsible, as power network operator and concessionaire, for processing the personal data obtained through the use of the Digital Channels, under the terms and for the purposes outlined in the relevant personal data protection legislation, notably the General Data Protection Regulation (hereinafter referred to as “GDPR”) [1], its Implementing Law [2] and the Electronic Communications Privacy Act [3].

In this sense, the data subject (“User”) is informed of how E-REDES collects, processes and protects the personal data provided through the Digital Channels.

E-REDES ensures the utmost respect for the privacy of Users and adopts the necessary measures to protect their personal data. Users should read this Privacy Policy carefully and decide freely and voluntarily whether they wish to use the Digital Channels and provide their data to E-REDES.

The User declares to be of legal age and that the data provided are truthful, accurate, complete and up-to-date. The User will be held accountable in case of non-compliance. If the data communicated belong to a third party, the User declares to have informed the concerned party of the conditions outlined in this document and to have obtained their permission to provide the respective data to E-REDES, for the indicated purposes.

  • This Privacy Policy should be read together with the Terms and Conditions of the Portal (here) and the App (here), as well as the Cookie Policy (here).
2. Data collection and processing – Portal and App

Users can access the Portal freely, namely the open area of the Balcão Digital (accessible here), without being required to register.

2.1. Portal registration data

However, Users will need to register with the Balcão Digital in order to access certain features available on the Portal.

To access the aforementioned features, Users will need to create a profile (accessible here) by providing the following data: email, tax identification number (TIN), name and mobile phone number (private customers); or corporate identification number (CIN), name, address, email and mobile phone number (business customers). Users are required to ensure that the data provided are true, accurate, current and authentic, and to keep them permanently updated. Once registration has been validated, E-REDES will send a link through which Users can set their password and activate reserved access.

2.2. App registration data

As with the Portal (Balcão Digital), Users will need to register in order to access certain features available on the App.

The procedure outlined for the Reserved Area of the Balcão Digital is also followed for registration with the App.

2.3 Registration data in the Reserved Areas of Municipalities, Suppliers, Collective Self-Consumption Managers and LV Network Operators

User registration in the Reserved Area for Local Authorities, Retailers, Collective Self-Consumption Managers and LV Network Operators is carried out by an Access Manager from the respective entity to which it relates.

  • To access the Municipalities' Reserved Area, you must provide your name, user ID, e-mail address, address (optional), cell phone number, profile, job title (optional), indicate whether you are an access manager (yes/no) and contact person (yes/no);
  • To access the Suppliers' Reserved Area, you must provide your name, user ID, cell phone number (optional), job title/theme (optional) and profile; 
  • With regard to the Collective Self-Consumption Manager's Reserved Area, the name, user ID, cell phone number (optional), job title/theme (optional) and profile must be provided; 
  • for access to the LV Network Operator's Reserved Area, the name, user ID, cell phone number (optional), job title/theme (optional) and profile must be provided.

In all cases, once the user has been registered by the Access Manager, a link is sent by E-REDES to the user to set the password and activate the reserved access.

To access the Reserved Area for Local Authorities, here, for Suppliers, here, for the Collective Self-Consumption Manager, here, and for the LV Network Operator, here, the user ID and password must be entered.

  • The data required on the registration form is necessary to create an account in the Reserved Area.

2.4. Access data

Users are responsible for maintaining the confidentiality of the data used to access Reserved Areas, namely their TIN, email, user ID (applicable, on the Portal [Balcão Digital], to the Areas Reserved for Local Authorities and Suppliers) and password, and must not disclose this information to third parties or browse under conditions that allow access and copying by third parties. Users shall be exclusively responsible for accessing and using the Reserved Area by means of their credentials.

Additionally, E-REDES processes data concerning the use of Reserved Areas, in order to improve user experience and display relevant content to users.

Regarding the Balcão Digital and App Areas Reserved for Local Authorities and Suppliers, data will be processed for the following purposes:

  1. Consultation of the history of readings (available in the Reserved Area of the Digital Counter and in the App);
  2. Verification of consumption (available in the Reserved Area of the Digital Counter, in the App and LV Network Operator);
  3. Centralization of information on consumption sites (available in the Reserved Area of the Digital Counter and of Local Authorities);
  4. Quality of service for faults at the consumption site (available in the App);Information/operation requests (available in the Reserved Area of
  5. the Digital Counter, Local Authorities, Suppliers and Collective Self-consumption Manager); 
  6. Consultation of documentation (contract, invoicing) (available in the Reserved Area for Municipalities, Retailers and Collective Self-consumption Manager);
  7. Customer service schedules (available in the Reserved Area for the Digital Counter and Retailers);
  8. Direct process (requests/messages) with the DSO to fulfill the network access contract (available in the Reserved Area for Retailers, Collective Self-consumption Manager and LV Network Operator);
  9. Aggregated consumption data with the volume of energy by market agent (available in the Reserved Area for Retailers).

3. Data collection and processing – Remaining Portal and App features

You can request a connection to the power network through the Portal (Balcão Digital), even if you have not registered with the Reserved Area. Fill in the forms accessible here. The following fields are mandatory for connection to the power network: identification (name and TIN), address, postcode, email and telephone number.

You can also communicate your electricity reading through the Portal (Balcão Digital), under the same terms. Fill in the form accessible here. The following fields are mandatory to benefit from this service: Supply Point Code (SPC) and TIN. You can also provide your email (optional) if you would like to receive an alert confirming that the reading has been recorded in the commercial system.

You can report high-risk situations (here) or proximity to vegetation (here) through the Portal (Balcão Digital) or the App. In these cases, the following fields are mandatory: name, telephone number and email. Additionally, you can report power outages (here), in which case you will need to indicate your SPC and TIN.

You can also report cases of illegal power use here, accessible on the Portal (Balcão Digital) and the App. In this instance, no personal data are required, but you can provide your name, telephone number and/or email, if you wish.

You can report any damages to your installation resulting from incidents related to power supply through the Portal (Balcão Digital). Fill in the corresponding form (here), indicating your Customer details, including the following mandatory fields: name, street, postcode, town, SPC, TIN, email and telephone number.

You can also contact us through the Portal and Balcão Digital (here), without needing to create an account in the Reserved Area. In this case, you will need to provide the following data, depending on your request: name, TIN, SPC, email and/or telephone number.

This information will be processed for the exclusive purpose of providing access to the services available on the Portal.

3.1. Internal Regulations on Call Recording at Dispatch Centers within the scope of RND operation

4. Grounds for lawful data processing

Personal data will be processed to ensure the fulfilment of the legal obligations undertaken by E-REDES, as power network operator (under the terms of Article 6, paragraph 1, subparagraph c), of the GDPR). Additionally, certain data may be processed to pursue legitimate interests related to our duty to respond to your contacts, complaints, queries or suggestions, as well as enable the sharing of news on our websites (under the terms of Article 6, paragraph 1, subparagraph f), of the GDPR). The legitimate interests in question refer to both the interests of E-REDES in responding to Users requests, maintaining contact and allowing Users to view our contents, as well as the legitimate interests of Users in pursuing the aforementioned purposes.

When you request a connection to the power network, as mentioned above, and without prejudice to the necessary processing of information under the legal obligations of E-REDES, we may process your personal data in order to establish the requested relationship with E-REDES after the quotation has been accepted. This processing will cease upon completion of the connection to the network and payment of the associated costs (under the terms of Article 6, paragraph 1, subparagraph b), of the GDPR).

With regard to our Reserved Area, we may process your personal data for the purpose of providing the services outlined in the Terms and Conditions, pursuant to the agreement established in this document (under the terms of Article 6, paragraph 1, subparagraph b), of the GDPR).

5. News sharing

The Portal allows Users to share relevant news on various social media platforms, namely Facebook, LinkedIn and Twitter. E-REDES cannot be held responsible for the processing of shared personal data carried out by these platforms. Therefore, Users should carefully read the Terms and Conditions and Privacy Policies of these platforms before sharing any news.

You can find relevant information about cookies or other tracking technologies used to support the news sharing feature in our Cookie Policy (accessible here).

6. Data transfer to other countries

E-REDES will seek to ensure that personal data are exclusively processed within the European Economic Area.

However, in exceptional circumstances and when strictly necessary for the pursuit of its activities, E-REDES may transfer the personal data collected to other countries or international organisations covered by an adequacy decision from the European Commission, or subject to the adequate safeguards specified in the law (under the terms of article 46 of the GDPR). When transferring data to third countries or international organisations based on adequate safeguards, E-REDES will take additional measures to ensure that personal data benefit from a level of protection essentially equivalent to that existing in the European Union. 

 

Additionally, data collected during browsing on our website, namely through cookies and similar technologies, may also be transferred to countries outside the EEA if you consent to the installation of certain categories of cookies (e.g. analytical or advertising cookies). These cookies are installed by third parties that may transfer your data to countries not covered by an adequacy decision from the European Commission and which do not offer a level of personal data protection essentially equivalent to that existing in the European Union (e.g. United States of America), such as the web analysis and optimisation service “Google Analytics”, provided by Google Ireland Limited. For example, sharing data with service providers outside the EEA (such as Google LLC) could result in disproportionate access to your data by the government authorities and intelligence services of the importing country, or the inability to effectively exercise your rights. Consult our Cookie Policy for more information on the use of these cookies.

If the Data Subject wishes to obtain more information about the processing of personal data conducted outside the EEA, including the safeguards implemented in data transfer operations, they may contact the Data Controllers using the contact information included in this Policy.

7. Data retention period

The personal data collected will be retained for the period of time necessary for the aforementioned purposes, as follows:

  1. Data related to network access, reading and provision of data, and power consumption/supply point records. These data will be kept for up to 10 years or, in some cases, during the entire duration of the SPC and SPR;
  2. Data related to network connections, network operation and exploitation, legal and administrative operations and audits will be kept for up to 20 years;
  3. [Data related to invoicing and debt management, consumption anomalies and reporting to the regulatory authority will be kept for up to 10 years];
  4. Data related to provision of support to supplier changes, operational efficiency and continuous improvement, customer service, processing of complaints and interventions at the location of consumption will be kept for up to 5 years;
  5. Any other data collected through the Digital Channels will be kept for the period strictly necessary for the purposes for which they were collected;

Personal data may also be kept for a longer period when required by law and/or to defend rights and interests in legal proceedings.

8. Rights of Users

Users may, at any time and free of charge, exercise their rights of access, rectification, erasure, objection, restriction of processing and portability of their data, in accordance with the law. Users may also withdraw their consent, whenever the latter forms the basis for lawful processing. However, this action will not affect prior processing conducted under the terms of the previously given consent, although access to the tools that require the Users’ consent may be revoked.

Rights of the Data Subject:

Right of Access

The right to obtain confirmation as to whether or not personal data are being processed, as well as obtain a copy of the personal data undergoing processing.

The right to obtain the aforementioned copy shall not adversely affect the rights and freedoms of others, including trade secrets or intellectual property and, in particular, the copyright protecting software.

Right to Rectification

The right to obtain the rectification of inaccurate personal data or to have incomplete personal data completed.

Right to Erasure

The right to obtain the erasure of personal data.

This right shall not apply if processing is required to ensure compliance with a legal obligation to which E-REDES is subject.

Right to Restriction of Processing

The right to obtain restriction of processing of personal data by requesting the suspension of processing or the limitation of the scope of processing to certain categories of data or processing purposes.

Right to Data Portability

The right to receive the personal data provided to E-REDES in a structured, commonly used and machine-readable format, and to transmit those data to another controller, if the processing is based on consent or on a contract.

Right to Object

The right to object to processing of personal data, e.g. for direct marketing purposes or targeted online advertising, based on the legitimate interests of E-REDES.

 

Users may exercise the aforementioned rights in writing, using the online form available in the E-REDES “Contact Us” section (accessible here), or by calling us on 218 100 100.

E-REDES may request the User to provide evidence or the necessary elements for their identification, to the extent strictly necessary and proportionate to the exercise of the specific right in question.

Users also have the right to lodge a complaint with the National Data Protection Commission or another competent supervisory authority, if they consider that the processing of their personal data is unlawful.

9. Data recipients

E-REDES may transmit your personal data to subcontractors for the aforementioned purposes, under the terms of the contracts signed with the latter, ensuring compliance with subcontracting obligations, in accordance with the applicable legislation, namely regarding security requirements applicable to data processing.

Finally, E-REDES may also communicate the personal data of Users to third parties, if such disclosure is required for ensuring compliance with a legal obligation, a decision by the National Data Protection Commission or another relevant supervisory body, or a court order. Data may also be transmitted in order to protect the vital interests of Users, with their consent, or for any other legitimate purpose specified in the law.

10. Cookies

Cookies are used on the Digital Channels. To find out more, visit our Cookie Policy here.

11. Security measures

E-REDES undertakes all necessary efforts to protect the personal data of Users from unauthorised access via the Internet. Security systems, rules and other procedures are used to ensure the protection of personal data and prevent unauthorised access, undue use, disclosure, loss or destruction of data.

However, Users are responsible for ensuring that the computer used to access the Portal is adequately protected against harmful software, computer viruses and worms. Additionally, Users should be aware that the risk of unauthorised access to personal data and passwords by third parties is increased if adequate security measures (e.g. secure browser configuration, up-to-date antivirus software, security barrier software and refraining from using software of dubious origin) are not adopted.

Moreover, Users should immediately report any defects, bugs or anomalies detected in the Digital Channels to E-REDES and refrain from attempting to access commercial information or personal data of other users, altering the characteristics of the Digital Channels, or otherwise exploiting the defects, bugs or anomalies in order to use the Digital Channels in an irregular, illicit or different way from that designed by E-REDES.

12. Contact information

Users can contact E-REDES using the online form available in the “Contact Us” section (accessible here) or by calling us on 218 100 100. For any questions related to this privacy policy, Users may also contact the Data Protection Officer (DPO) at: DPO@e-redes.pt.

13. Changes to the Privacy Policy

This Privacy Policy may be changed at any time by E-REDES. Any changes will be published on the Portal and/or communicated to Users through the contact information provided.

 

Date of last change: 25 October 2022

 

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

[2] Law no. 58/2019, of 08 August.

[3] Law no. 41/2004, of 18 August, transposing Directive 2002/58/EC of the European Parliament and of the Council, of 12 July 2002, concerning the processing of personal data and the protection of privacy in the electronic communications sector (in its most current version).