Eneva's Sites
Client Portalen
Eneva’s privacy policy was created to demonstrate the commitment the company has in guaranteeing the privacy and protection of Personal Data of users of the available interactive services, as well as to clear up how the company handles the Personal Data itself.
Please read this policy thoroughly and, should you have any doubts, feel free to contact us through any of the customer services channels found here.
BASIC CONCEPTS
To better understand this policy the following definitions should be taken into consideration:
Cookies: small files sent to your browser or device, that store your preferences and other information about how and when our sites are visited, as well as the number of people that access them.
Personal Data or data: this is data concerning a person, who may be identified or become identifiable.
Data Protection Officer (DPO): the person responsible for acting as the communication channel between Eneva, data subjects or owners, and the National Authority for Protection of Data (ANPD).
Applicable Legislation: all the legislation that deals with privacy and the protection of Personal Data, especially under the Law No. 13.709/2018 (the General Law for Protection of Personal Data – LGPD).
Our sites: this denotes the electronic address of our website www.eneva.com.br and sub-domains.
Policy: This is the Policy for Privacy and Handling of Personal Data.
Data Subjects or Owners: this is you, the person to who the Personal Data refers, whether acting as a user of the site, an investor or analyst.
Handling: the entire operation of handling Personal Data, including those that refer to the gathering, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, exclusion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
GATHERING OF PERSONAL DATA
Eneva may collect data directly from the user, through the completion of forms, or when the user interacts with our sites.
Relations with Investors – Speak to RI and Newsletter
What data may be gathered? Name, E-mail, Telephone Numbers and Place of Work.
Why it is being gathered? To register the user for us to be able to send alerts and news from Eneva’s RI, as well as to answer any doubts and possible requests.
Eneva Commercial Sector – Contact Us
What data is gathered? Name and E-mail.
Why it is being gathered? To answer any doubts and possible requests from the user about the free market of energy and gas.
Eneva Distributed Production – Speak with Us
What data is gathered? Name and e-mail.
Why it is being gathered? To answer doubts and possible requests from the user about opportunities in distributed production.
Eneva Distributed Production – Distributed Production Maranhão and Ceará (Information from the Legal Representative of the Registered Unit.)
What data is gathered? Full name, National ID number (RG), CPF (Social Security Number), Nationality, Date of Birth, Profession, Marital Status, Contract Address, Telephone Numbers and E-mail.
Why it is being gathered? To register the data with the Energy Distributor/Utility in order to benefit the user with direct discounts in their electricity bill.
Speak with Us
What data is gathered? Name, E-mail and Telephone Numbers.
Why it is being gathered? To answer any doubts and possible requests from the user about opportunities in distributed generation.
Work with us
What data is gathered? Name, E-mail, Telephone Numbers, Parents’ Names, Marital Status, Gender, Nationality, CPF (Social Security Number), Date of Birth, ID Number, Level of Education, Photograph, Complete Address, and Professional Data.
Why it is being gathered? To identify and validate the user, as well as evaluate the candidate for open positions and job opportunities within Eneva.
Press Office – Registration and Contacts
What data is gathered? Name, Means of Communication, E-mail and Telephone Numbers.
Why it is being gathered? To register the user in order to send information on Eneva that has been published in the press.
Digital Identification
What data is gathered? Cookies
Why it is being gathered? To personalise and improve the user’s experience on Eneva’s site as well as to fulfil legal obligations for maintaining registered information set out by Marco Civil da Internet – Law Nº 12.965/2014.
Databases. The database, made-up of the gathered data, is the property of Eneva and is our responsibility; whereby its use, access and sharing, whenever necessary, shall be carried out within the limits and intentions of business described in this Policy.
SHARING OF DATA
The Personal Data gathered, and the activities registered may be shared:
– With the Recruitment and Selection sector, when the user accesses the “Work with Us” area of the site and submits their resume.
– With the companies and business areas of Eneva, which are in accordance with this Policy;
– With the authorised judicial, administrative and governmental organs, whenever there is a legal determination, requirement, requisition or judicial order;
– Automatically, whenever there are ownership changes, such as mergers, acquisitions and incorporations.
Unless Eneva receives legal or judicial orders, user’s information will never be transferred to third parties or used in ways different from those which have been gathered and informed in this Policy.
Should user have any doubts about whom their data will be shared with, they may contact ask through the various service channels available under this policy.
It should be reiterated that for market research purposes, any data revealed to the press and for press releases will be shared anonymously so that identification of individual users will be impossible.
SECURITY OF INFORMATION
Security. any data that users supply will be maintained in accordance with strict standards of security and confidentiality.
Security and Governance Practises. To protect your privacy and your Personal Data, Eneva relies on a governance programme which contains rules on best practises, policies and internal procedures, which layout the conditions of organisation, training, educational actions and supervisory tools as well as the mitigation of risk associated with the Handling of Personal Data.
Access to Personal Data, Proportionality and Relevance.
Internally, the Personal Data gathered is solely accessed by duly authorised professionals, respecting the principles of proportionality, necessity and relevance for the objectives of our business, including the commitment to confidentiality and the preservation of privacy as laid out in the terms of this policy.
External links. When users access our sites, they may be directed, via link, to other portals or platforms which may gather their data and have their own privacy policy. It is up to the user to read these policies, and of their own responsibility whether they accept or reject them. Eneva Is not responsible for the privacy policies of third parties nor for the content of any website or service connected to those sites that are not our own.
Handling by third parties under our authority. We aim to carefully vet those who provide services for us, and demand they follow contractual obligations on information safety and protection of Personal Data, with the objective of protecting the user
STORAGE OF PERSONAL DATA AND RECORDING OF ACTIVITIES
Storage location. the Personal Data gathered and the recording of activities are stored in a secure and controlled environment, which may be stored on our servers located in Brazil, as well as the use of resources or services in the cloud (cloud computing), which may require the transfer and/or processing of your data outside of Brazil. These transfers only involve companies who have proven to conform to the applicable legislation, maintaining a level of compliance similar to or even stricter than that laid out by Brazilian legislation.
Length of Storage. Eneva stores Personal Data only for the time necessary to fulfil the requirements for which it was gathered or to fulfil any legal and regulatory obligations, or to preserve rights. For this reason we follow the Safe Retention and Disposal of Information Policy.
Disposal of Personal Data. once the legal need and period of time necessary to maintain the Personal Data has come to an end, a secure disposal method will be used to exclude it, or it will simply be used anonymously for statistical purposes.
EXERCISING YOUR RIGHTS
Your basic rights. the Personal Data is yours and the applicable legislation provides a series of rights related to them, which may be exercised by the user through requisitioning the department responsible for the service channel available in this policy
– Confirmation and Access: The user may request the confirmation on the existence of Handling of and access to Personal Data, including requesting copies of the records that Eneva has about you.
– Correction: the user may request the correction of the Personal Data that is incomplete, incorrect, or out of date.
– Anonymize, Block or Discard: the user may request: to anonymize the Personal Data, so that they are no longer related to them; to block the Personal Data temporarily, suspending the possibility of it being handled for certain end purposes; or to discard the Personal Data completely.
– Transferability: the user may request that Eneva supply their Personal Data in a structured and compatible format allowing for the transfer to third parties, respecting their intellectual property or business secrets.
– Information on Sharing: the user may request information on third parties with whom Eneva shares the Personal Data, limited to information that does not violate our intellectual property or business secrets.
– Revocation of consent: the user may opt to withdraw consent for any end purposes that they have previously consented to this revocation will not affect the legality of any prior handling of information. If the user withdraws their consent for purposes That are fundamental to the normal working of our sites and services, these may become unavailable to them.
– Opposition: the user may oppose the handling of their Personal Data, should they not agree with any and purpose.
Requisition. for their security, whenever a user presents a requisition, exercising their rights, Eneva may request additional information to prove their identity, aiming to prevent fraud.
Non-compliance to requisition. Eneva may choose not to comply with some request for exercising rights, should the compliance violate our intellectual property or business secrets coma as well as when there is some legal or regulatory obligation to retain Personal Data. Moreover, Eneva may choose not to comply with some request if it is necessary to retain the data to allow for our defence or those of third parties that are in dispute of any kind.
Response to requisitions. Eneva commits to answer all requests in a reasonable time frame and always conforming to the applicable legislation.
ADDITIONAL INFORMATION
Alteration of Substance and Updates. The user recognises Eneva’s right to alter the substance of this policy at any moment, conforming to end purposes or needs, such that it aligns with and conforms to legal requirements or norms which are of equal force under the law, where it is the user’s responsibility to always check when accessing our sites. Should alterations be made to this document and the gathering of a new consent be required, the user will be notified through the various means of communication that they have provided to us.
Non applicability. Should any point of this policy be considered non-applicable by the authority for the protection of data or judicially, the other conditions will remain in force and in effect.
Service Channels. Should you have any doubts in relation to the provisions laid out in this policy, including the exercise of their rights, the user may contact the person responsible, who is contactable at the following addresses:
(i) The person responsible: Murilo Luz
(ii) Address for correspondence: Praia de Botafogo, 501 – Torre Corcovado, Sala 404B Rio de Janeiro (RJ) · 22250-040
(iii) Contact E-mail: dpo@eneva.com.br
Applicable Law and jurisdiction. This policy shall be interpreted according to Brazilian legislation, in the Portuguese language, with the jurisdiction of its domicile to settle any disagreements or controversies except for specific exceptions of personal, territorial or functional competence under applicable law.