The EDP Renováveis Group (or EDPR) is committed to respecting the privacy of data owners and protecting their personal data. As such, data owners are informed about how EDPR collects, processes and protects their personal data.
Data owners must therefore confirm that they are of legal age, that the data they provided are true, accurate, complete and up to date and that they accept full responsibility for any direct or indirect damage or loss caused by breach of this obligation.
1. Scope and Liability
The entity responsible for processing the data is EDP Renovaveis S.A., as the parent company of the EDPR Group, through the “EDPR Office of the Ethics Ombudsperson”, hereafter the OEO.
2. Purposes of processing and legal basis
Data owners are informed that the personal data collected through the form will be processed by the OEO in order to analyse and respond to the complaint, on the basis of the authorisation granted by the owner by sending the complaint to the OEO and asking for it to be assessed.
The user is informed that their personal data may be sent to the EDPR entities identified in the Code of Ethics regulations. The entities undertake to process the personal data exclusively and solely for the above-mentioned purposes.
3. International data transfers
The OEO shall process all of the owner’s data in the European Economic Area (EEA) and does not plan any international data transfer.
4. Retention period
Data collected shall be held no longer than 10 years from the closure of the complaint processes, notwithstanding the possibility of the OEO holding them for longer in fulfilment of legal obligations.
5. Rights of data owners
The personal information that will be processed will be limited to such considered as adequate, applicable and necessary for each particular case. It is also guaranteed the confidentiality of the information received and the protection of the identity of the claimants and other related individuals.
The owner may, freely and at any time, exercise their rights of access, rectification or deletion, objection, limitation and portability of their data under current legislation, by contacting the OEO as provided in current legislation.
In any event, owners are informed that if they believe that the OEO has infringed their rights under applicable data protection law, they may file a complaint with the appropriate Supervisory Body.
6. Required data
Data fields marked with an asterisk (*) on the forms provided by the OEO are required fields for analysis of the matter reported and are the minimum necessary to this end. As such, if the data owner fails to complete these fields, the OEO shall not address the request.
7. Automated Decisions
The OEO does not take automated decisions based on the processing of the data.
8. Personal data protection measures
The OEO assumes a commitment to protection of the personal data sent to it. As such, several security measures, of a technical and organizational nature, have been taken in order to protect the personal data provided against dissemination, loss, improper use, alteration, processing or unauthorized access and against any unlawful process.
The access to the stored data within this systems will be exclusively restricted to whom develop internal control and compliance tasks, and only when could be applicable in order to be able to develop the investigation or the adoption of disciplinary measures against to an employee, such access would be granted to the management and control staff of Human Resources Department.
Notwithstanding the security measures adopted, as Internet users, visitors to the website must always adopt additional security measures, notably to ensure that they are using PCs and browsers updated with suitably configured security patches, an active firewall, antivirus and antispyware and they must ensure the authenticity of the websites they visit and avoid untrustworthy websites.