Privacy Policy

Ethics Ombudsperson

Privacy Policy

The EDP Renováveis Group (or EDPR) is committed to respecting the privacy of data owners and protecting their personal data. As such, data owners are informed about how EDPR collects, processes and protects their personal data.

Data owners are advised to read this privacy policy carefully. It has been drafted in clear and simple language, for ease of comprehension, so that users can decide freely and voluntarily if they wish to provide EDR with their personal data.

Data owners must therefore confirm that they are of legal age, that the data they provided are true, accurate, complete and up to date and that they accept full responsibility for any direct or indirect damage or loss caused by breach of this obligation.

1. Scope and Liability

This privacy policy applies to all personal data collected on the ethical complaints registration form.

The entity responsible for processing the data is EDP Renovaveis S.A., as the parent company of the EDPR Group, through the “EDPR Office of the Ethics Ombudsperson”, hereafter the OEO.

You may contact the OEO about any matter related to this privacy policy, through the following contact points:

2. Purposes of processing and legal basis

Data owners are informed that the personal data collected through the form will be processed by the OEO in order to analyse and respond to the complaint, on the basis of the authorisation granted by the owner by sending the complaint to the OEO and asking for it to be assessed.

The user is informed that their personal data may be sent to the EDPR entities identified in the Code of Ethics regulations. The entities undertake to process the personal data exclusively and solely for the above-mentioned purposes. 

3. International data transfers

The OEO shall process all of the owner’s data in the European Economic Area (EEA) and does not plan any international data transfer.

4. Retention period

Data collected shall be held no longer than 10 years from the closure of the complaint processes, notwithstanding the possibility of the OEO holding them for longer in fulfilment of legal obligations.

5. Rights of data owners

The personal information that will be processed will be limited to such considered as adequate, applicable and necessary for each particular case. It is also guaranteed the confidentiality of the information received and the protection of the identity of the claimants and other related individuals.

The owner may, freely and at any time, exercise their rights of access, rectification or deletion, objection, limitation and portability of their data under current legislation, by contacting the OEO as provided in current legislation.

In any event, owners are informed that if they believe that the OEO has infringed their rights under applicable data protection law, they may file a complaint with the appropriate Supervisory Body.

For any question related to this privacy policy, the owner may also contact EDPR’s Data Protection Officer (DPO), whose contact details are:

6. Required data  

Data fields marked with an asterisk (*) on the forms provided by the OEO are required fields for analysis of the matter reported and are the minimum necessary to this end. As such, if the data owner fails to complete these fields, the OEO shall not address the request.

7. Automated Decisions

The OEO does not take automated decisions based on the processing of the data.  

8. Personal data protection measures

The OEO assumes a commitment to protection of the personal data sent to it. As such, several security measures, of a technical and organizational nature, have been taken in order to protect the personal data provided against dissemination, loss, improper use, alteration, processing or unauthorized access and against any unlawful process.

The access to the stored data within this systems will be exclusively restricted to whom develop internal control and compliance tasks, and only when could be applicable in order to be able to develop the investigation or the adoption of disciplinary measures against to an employee, such access would be granted to the management and control staff of Human Resources Department.

Notwithstanding the security measures adopted, as Internet users, visitors to the website must always adopt additional security measures, notably to ensure that they are using PCs and browsers updated with suitably configured security patches, an active firewall, antivirus and antispyware and they must ensure the authenticity of the websites they visit and avoid untrustworthy websites.

9. Cookies

The ethical complaints form does not use cookies.