E-REDES

Personal Data Protection

Data Processing (general)

As an operator and concessionaire of electricity distribution networks, E-REDES is responsible for the processing of personal data that it obtains in the exercise of its activities, either through direct collection, or through the Provision that is made by the electric energy suppliers of the data necessary for the technical and commercial management of the distribution network resulting from the commercial relationship of those with their customers, as is apparent from the legal framework and Regulatory framework for the electricity sector.

  1. Personal data obtained will be processed by E-REDES confidentially and used solely to ensure compliance with the legal obligations and legitimate interests of E-REDES, with the proper safeguarding of the rights, freedoms and fundamental rights of the data subject, treated only during the period strictly necessary for the pursuit of the following treatment purposes and retention deadlines:

    •  Network planning and construction;

    During the lifetime of the asset in operation;

    • Access to networks;
    • Reading and making data available;
    • Delivery point registration;

    Up to 10 years or, in some cases, throughout the existence of the CPE and RPE:

    • Connections to networks;
    • Management and operation of networks, with the exception of call recording with dispatch centres;
    • Legal and administrative;
    • Audits;

    Up to 20 years;

    • Invoicing and Debt management;
    • Anomalies of consumption;
    • Reporting to the regulator;

    Up to 10 years;

    • Change of Supplier;
    • Operational efficiency and continuous improvement;
    • Customer service and Complaint handling;
    • Interventions at the place of consumption;
    • Call recording with dispatch centres;

    Up to 5 years.

  2. Data identified on the forms provided by E-REDES with an asterisk (*) must be completed in order to fulfil the contractual or legally established purpose.

    As such, if it are not provided, E-REDES will not be able to meet the request of its holder.

  3. Under the terms of the applicable legislation, the data subject is guaranteed the right to access, rectify and update their personal data, as well as the right to object to processing, portability and to be forgotten, provided that the exercise of these rights is not incompatible with the fulfilment of the stated purposes and with the legal obligations to maintain and keep the data.

    For the exercise of the rights referred, the data subject shall direct a written request to E-REDES, through the official contacts published on the E-REDES website or to go to any E-REDES store.

    In any case, if the holder considers that E-REDES has not secured the rights that it has in accordance with applicable data protection legislation, it may file a complaint before the National Data Protection Commission (CNPD), as the Supervisory Authority, using the contacts provided by this entity for this purpose.

  4. E-REDES may transmit the data it processes to subcontracted entities only for the purposes described, for the period strictly necessary to fulfil those purposes, subjecting the entities with which it contracts to the obligations of secrecy, confidentiality and security in the processing arising from this information, making sure that all its employees, service providers and suppliers are aware that they are obliged to scrupulously fulfil these obligations.


    The availability of personal data to third parties, which are not covered in the previous point, is dependent on the prior consent of the data subject being obtained in a free, specific, informed, unequivocal, express and revocable manner, and shall be carried out under the strict terms laid down in the applicable legislation and regulations, or even when the transmission is carried out in compliance with a legal obligation, a decision by the authorities, a judicial order, to protect the vital interests of the data subjects or any other legitimate purpose laid down by law.


    E-REDES will process personal data entirely within the European Economic Area and therefore no international transfer of personal data is foreseen.

  5. E-REDES undertakes to make its best efforts to implement the appropriate technical and organisational measures to protect the personal data of its holders against unauthorised access. For this purpose, it uses security systems, rules and other procedures to prevent its destruction, accidental, or unlawful, accidental loss, alteration, dissemination or unauthorised access.

    Despite the efforts of E-REDES to protect your personal data, in cases where personal data is collected through an open network – the Internet – these may circulate in the network without security conditions, at the risk of being seen and used by unauthorised third parties.

  6. E-REDES does not make automated decisions based on the processing of your personal data.

  7. For any questions regarding the General Data Protection Regulation, you may contact the Data Protection Officer at the following email address: dpo@e-redes.pt.

Data Processing Telemetering

The data collected by the smart meters (EMI) are processed by E-REDES with due safeguard of the fundamental rights of the data subject and used exclusively to ensure compliance with legal obligations and the legitimate interests of E-REDES, only for the period strictly necessary for the pursuit of processing purposes and with certain and determinable retention periods.


The personal data collected and processed by E-REDES through the respective EMI are mainly data on quarter-hourly energy consumption, through a load diagram, and other data may also be collected, associated with the different legally foreseen functions, such as tariff data (contracted power, tariff in progress), data of instantaneous quantities (power, voltage, current), closures, power control related to ICP, demand management data, time and time change, events (power failures, updates, cover opening and other anti-fraud), data related to quality of service (duration of interruptions and periods of voltage variations), HAN access profile data, firmware version and reset.


Personal data is only processed for the period strictly necessary for which they were collected for the following processing purposes: Reading and availability of data, Consumption Anomalies, Customer Service and Complaints Handling, Interventions at the consumption site, Regulatory Reporting, Operational Efficiency and Continuous Improvement, Audits, Legal and Administrative, and are kept for a maximum period of 10 years.


The data subject is guaranteed the right of access, rectification and limitation of their personal data, as well as the right to object to the processing, portability and right to be forgotten, whenever the exercise of these rights is not incompatible with the fulfilment of the stated purposes and with the legal obligations of maintenance and retention of data. To exercise these rights, the data subject must send a written request to E-REDES, through the official contacts published on the E-REDES website, or address any E-REDES store.


E-REDES may transmit the data to subcontracting entities, which will process the data exclusively for the purposes established by E-REDES and in compliance with the instructions issued by it, strictly complying with the legal rules on personal data protection, information security and other applicable rules. 


The availability of personal data to third parties, which are not covered in the previous point, is dependent on the prior consent of the data subject being obtained in a free, specific, informed, unequivocal, express and revocable manner, and shall be carried out under the strict terms laid down in the applicable legislation and regulations, or even when the transmission is carried out in compliance with a legal obligation, a decision by the authorities, a judicial order, to protect the vital interests of the data subjects or any other legitimate purpose laid down by law. E-REDES will process personal data entirely within the European Economic Area and therefore no international transfer of personal data is foreseen.

E-REDES undertakes to make its best efforts to implement the appropriate technical and organisational measures to protect the personal data of its holders against unauthorised access. For this purpose, it uses security systems, rules and other procedures to prevent its destruction, accidental, or unlawful, accidental loss, alteration, dissemination or unauthorised access.

If you believe that E-REDES has in any way failed to ensure its rights under the applicable legislation on data protection, you may file a complaint with the National Data Protection Commission, Supervisory Authority, using the contacts provided by this entity for this purpose.


For any questions regarding the General Data Protection Regulation, you may contact the Data Protection Officer at the following email address: dpo@e-redes.pt.