Privacy Policy

Your data will be processed by REN – Redes Energéticas Nacionais, SGPS, S.A. and/or by other companies that are part of the REN Group, depending on the company receiving your request, or on the relationship established with each of these companies.

You can consult the companies that are part of the REN Group, at any time, at: https://www.ren.pt/pt-pt/investidores/governo-da-sociedade.

REN may process the following types of data, depending on the relationship established with the user:

• Identification and contact data (e.g., names, identification documents, mobile phone, e-mail, residence).
• Browsing data (e.g., use of the website, sections visited).
• Other types of data. Exclusively in cases where the user has voluntarily provided other types of data that they consider relevant to their request and/or by any other means.

The data that REN processes as a result of the interactions exchanged with the user via the website come from the following sources:

• Data provided by the user by filling out forms provided by REN, by sending e-mails, or through any other means through which the user establishes contact with REN.
• Data generated as a result of browsing and using the web.

Personal data is collected by REN for specific and legitimate purposes, respecting the principles of loyalty, transparency, minimisation, integrity, and confidentiality.

Your personal data is used by REN to comply with legal and contractual obligations, to manage its activity, and to provide you with services, and your data is not used for purposes other than those for which they were collected, which will always be communicated to you.

You can find additional detailed information regarding the carried out processing at: https://www.ren.pt/media/mz1d1e2k/direito-%C3%A0-informa%C3%A7%C3%A3o-aos-titulares.pdf.

The personal data and any other information that you provide to us when filling out an electronic form available on the Portal (“Data”) will be processed by REN for the purpose of managing the required service, to respond to your request. The filling out of the forms is voluntary, and only the personal data necessary to respond to your request is collected. Thus, only the questions marked with an asterisk (*) are essential, and without such data REN cannot fulfil, or perfectly fulfil, the identified purposes.

With your consent, your personal data may be processed by REN to send you information that is of interest to you, by sending newsletters. This personal data will be kept for the period of the respective processing, and for as long as you do not object to their processing.

Personal data is kept only for the period strictly necessary to allow (i) the fulfilment of legal and regulatory obligations, (ii) the fulfilment of an established contract with the data subject, (iii) the management of the company’s activity, and (iv) the delivery of information and/or products requested by the data subjects.

After the expiry of this period, the personal data is deleted by REN.

Among the entities to which the data may be transmitted are service providers contracted by REN, national authorities (e.g., CNPD [the Portuguese National Data Protection Commission], City Councils, Tax Authority), regulatory entities in the sector (e.g., ERSE [the Portuguese Energy Services Regulatory Entity], DGEG [the Portuguese Directorate-General of Energy and Geology]), and banking institutions.

If necessary for the fulfilment of the purposes, REN may transmit personal data to service providers, who will access this data as subcontractors. In the event that such access involves transfers of personal data outside the European Economic Area, REN will ensure the implementation of the mechanisms and guarantees established in the applicable regulations (e.g., Standard Contractual Clauses) to ensure that the provider applies a level of security equivalent to that required by European standards.

All REN providers who have access to your personal data, as a result of the services they provide to REN, have signed contracts that include data protection clauses, in accordance with the provisions of Article 28 of the GDPR, and are obliged to comply with these obligations, namely: to apply technical and organisational measures, to process the data exclusively for the contracted purposes, to process the data only in accordance with REN’s written instructions, and to delete the data upon the termination of the services provided.

REN makes every effort to ensure the highest possible levels of security appropriate to the nature of the data being processed. Therefore, REN undertakes to implement the appropriate and necessary technical and organisational measures to protect the personal data it processes against accidental or unlawful destruction, loss, alteration, dissemination, or unauthorised access and use.

When communicating data to third parties, REN takes appropriate measures to ensure that the entities that have access to the data are reputable and also adopt the necessary technical and organisational measures to protect personal data and ensure its confidentiality, integrity, and availability, which will be duly recorded and safeguarded in a contract to be signed between REN and the third-party entity/entities.

Any entity subcontracted by REN will process the personal data of the subjects, on behalf of REN, and REN will remain responsible for the personal data provided to it.

In any case, it should be noted that technical security in a medium such as the Internet is not impregnable, and malicious actions by third parties may occur, even though REN makes every effort at its disposal to prevent such actions.

The data subject may exercise the rights of access, rectification, and limitation of the processing of data that specifically concern them, at any time, by means of written communication addressed to REN’s Data Protection Officer at the following addresses:

• Avenida dos Estados Unidos da América, 55, 1749-061 Lisboa, Portugal
• protecaodados@ren.pt

In the cases provided for in the GDPR, the holder may also request the deletion or object to the processing of their data, withdraw their consent to the processing, request the portability of the data, and not be subject to automated decisions regarding their personal data by contacting the same addresses in writing.

You also have the right to file a complaint with the Portuguese National Data Protection Commission (CNPD).

For any additional information regarding the protection of personal data, please consult the CNPD website or send an e-mail to this entity at geral@cnpd.pt.