1. Framework
Greenvolt – Energias Renováveis, S.A. (hereinafter “Greenvolt” or “the Company”) believes that the privacy of all people who interact with it is a fundamental element in building a relationship of trust with all its customers, suppliers and partners.
The protection of Personal Data, as a fundamental commitment of Greenvolt, is achieved through strict compliance with the Personal Data protection legislation in force, respect for the best market practices, and in accordance with the highest ethical standards.
The companies that make up the Greenvolt Group adopt the necessary mechanisms to protect
personal data, and work continuously to monitor and mitigate any risks that arise in the area of privacy and personal data protection.
2. Objective
This policy regulates the storage and processing of Personal Data in the context of the relationship established between a Data Subject and Greenvolt (the “Policy”). The processing and storage of Personal Data is carried out in accordance with the General Data Protection Regulation (“GDPR”) and other legislation applicable at any given time, and applies to the processing of data arising from the legal and/or contractual relationship established with Greenvolt.
3. Processing of Personal Data
A. Data Controller
The data controller is Greenvolt – Energias Renováveis, S.A. with the Tax Identification Number 506042715 with registered office at Rua Manuel Pinto de Azevedo, nº 818, 4100-320 Porto, and with the following contact details:
- [email protected]
- Av. José Malhoa, nº27 3º · 1070 – 156 Lisboa | Portugal
B. Data Protection Officer
The Data Controller, Greenvolt – Energias Renováveis, S.A. has appointed a Data Protection Officer, who can be contacted at [email protected].
C. Personal Data Processed
This information applies to all personal data collected by the Data Controller, such as name, telephone and e-mail contact, address, tax identification number, among others.
D. Purpose of Processing and Legal Basis
The Data Controller will process the data subject’s data, manually and/or automatically, for the following specific purposes, based on the data subject’s consent:
- Commercial and/or marketing communications
Consent will be collected when filling in the data on the contact form.
E. Data recipients
The Data Controller may communicate personal data to other subsidiaries of Greenvolt Energias Renováveis SA, with the said entity becoming the Data Controller for this processing of personal data.
F. Retention Period
The personal data collected through the contact forms will be kept for a period of 10 years, without prejudice to the person responsible being able to keep them for a longer period in order to comply with legal obligations or for the purposes of the company’s historical archive, by applying appropriate technical and organizational measures in the latter case.
G. Exercise of Rights
The data subject has the right to request from the Data Controller, through the
means of contact indicated in point A, access to personal data concerning him/her, as well as its rectification or erasure, and the limitation of processing insofar as it concerns the data subject, or the right to object to processing, as well as the right to data portability, under the terms of the laws governing the processing of personal data.
Alternatively, the data subject may also exercise their rights with the Data Protection Officer, through the contacts mentioned in point B.
The data subject can also assert their rights with the National Data Protection Commission.
H. Withdrawing Consent
The holder’s acceptance that their data may be processed or transferred
will always be revocable, without retroactive effect. In order to revoke said consent, the data subject may contact the Data Controller using the means of contact identified in point A.
I. Personal Data Protection Measures
The Data Controller implements a number of appropriate technical and organizational measures to protect the personal data of the data subjects that it considers sufficient and appropriate to ensure the protection of personal data against destruction, accidental loss, loss, alteration, unauthorized, accidental or unlawful disclosure or access, as well as the necessary, sufficient and appropriate measures to ensure the accuracy, integrity and confidentiality of personal data and an appropriate level of technical and organizational security in relation to the risks inherent in the processing and nature of personal data, including SSL certification on the website where the registration forms are collected, restricted and conditioned access to the website backoffice where the data from the registration forms are recorded, storage of personal data in databases with their own encryption with exclusive access to members of the Data Controller.
