1. Introduction

The National Entity for the Energy Sector, in portuguese “Entidade Nacional para o Setor Energético, E.P.E” or so called “ENSE”, it is the national entity with specific competencies regarding the management of strategic reserves of petroleum products, inspection and prevention of the compliance with the regulatory legislation for the exercise of the economic activities in the energy sector.
ENSE’s vision translates into maintaining itself as a reference entity specialized in the supervision of the energy sector, guaranteeing the regular functioning of this sector and access to fuel in the event of an energy crisis, governed by the following values:
Independence and rigor. Independence and equidistance from all entities and people with whom ENSE establishes relationships in the exercise of its powers.
Impartiality and legality. As a supervisory entity in the energy sector, we guide this activity by the principles of impartiality and legality.
Innovation and quality. We always seek to operate through an approach of effectiveness, enthusiasm and willingness to innovate.
At ENSE, we recognize the fundamental importance of protecting individuals as regards the processing of their personal data.
Our goal is to guarantee the confidentiality, integrity and availability of the personal data we have, and to obey to the impositions of the national and European law.
It is therefore essential, that we comply with all the community and national requirements that are currently imposed, combining the protection of personal data always with the highest standards of ethical conduct, which we follow.


2. Scope

This Privacy and Data Protection Policy establishes the general rules of conduct to be observed in the practice of ENSE’s activity about the protection of personal data and its processing, without prejudice to the provisions of applicable national and community legislation.
This Data Protection Policy binds the members of ENSE’s management, their employees and subcontractors.
All the concepts that make up this Privacy and Data Protection Policy assume the meaning given to them by the General Data Protection Regulation.

As key concepts related to the processing of personal data, the following stand out:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


3. Principles relating to the processing of personal data

In carrying out any activity that implies the processing of personal data, ENSE applies the principles emanating from the General Regulation on the Protection of Personal Data, such as:

Lawfulness, loyalty and transparency: ENSE takes all appropriate measures to ensure that the holder of personal data is provided with all information regarding the processing to be carried out. This information is provided in a concise, transparent, intelligible way and is easily accessible, always using clear and simple language. The information is preferably transmitted in writing.
Limitation of purposes: ENSE collects personal data for specific, explicit and legitimate purposes, not using the data for other purposes incompatible with the processing.
Data minimization: The data collected is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
Limitation of retention: Personal data is kept only for the time necessary to carry out the purposes for which it is processed;
Completeness and confidentiality: ENSE has installed the appropriate technical and organizational measures to guarantee the security of personal data, including protection against unauthorized or unlawful processing and against its loss, destruction or accidental damage, adopting the appropriate technologies.


4. Legitimacy for the processing of personal data

The processing of personal data by ENSE always has one of the following grounds:

♦ Consent of the data subject;
♦ Execution of a contract or pre-contractual steps;
♦ Compliance with a legal obligation;
♦ Defense of vital interests of data subjects;
♦ Public interest;
♦ Legitimate interests pursued by ENSE or by third parties, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail


5. The processing of sensitive data

ENSE recognizes the prohibition on processing special categories of data, so it will be done exceptionally, within the legal limits established.


6. Collection and processing of personal data

Within the scope of its duties, and in particular with regard to the inspections it carries out, ENSE collects data from natural persons as regards names, contacts and emails.
ENSE can also process personal data sent to you by sending any letter or email.


7. Collection and processing of personal data by digital means

The collection and processing of personal data – the website.
ENSE, through its website www.ense-epe.pt, hereinafter referred to as website, provides access and allows information to be collected:

♦ Through “Balcão Único”
♦ Through spontaneous applications;

The categories of data that may be collected are:

♦ Username
♦ Email;
♦ Password;
♦ Name;
♦ Tax identification number;
♦ Address;
♦ Contact number;
♦ Platform access logs
♦ Curriculum vitae;
♦ Presentation letter;
♦ Browsing data (connection information, cookie data);

Use of cookies

ENSE uses temporary cookies on its website to maximize security, improve performance and navigability and ensure the optimization of online services.
The cookies used by ENSE are as follows:

(i) Essential cookies: allow access to specific areas of websites, for navigation and use of their applications, including access to secure areas, through login.
These cookies are essential for the provision of the service, without which it is not possible to execute such service;

(ii) Functionality cookies: they allow remembering the user’s preferences regarding navigation on the website, so that the user does not have to reconfigure and personalize them each time he visits the website;

(iii) Analytical cookies: they are used to analyze the way users use the websites, allowing to highlight articles or services that may be of interest, to monitor the performance of the websites, identifying the most popular pages and the method of linking between pages or to circumscribe the reason for the error messages displayed by the pages.

Cookies may be used to identify the opening / reading of information and attachments sent by email.
These cookies are used only for the purpose of statistical analysis, not allowing personal information to be collected.
Their purpose is to enable ENSE to provide a high quality user experience, by personalizing its offer and identifying and correcting problems;

Shelf life and shelf life

(i) Permanent cookies: they are stored in the access devices (computer, mobile phone, smartphone or tablet or any other device with internet connection and browser) at the level of the internet browser (browser) and come into operation whenever the user visits again any ENSE website.

(ii) Session cookies: are temporary cookies that work until the end of the session by the user.

Control and blocking of cookies

Users of the ENSE website can choose to block the use of cookies, through their browser settings. Most browsers allow the control of cookies through their settings. However, limiting the use of cookies can hamper the browsing experience and, at the limit, prevent logging into ENSE websites.


8. Exercise of Rights by Data Subjects

ENSE facilitates the exercise of data subjects’ rights, responding to requests made by them, without undue delay, in order to be able to exercise the following rights:

a) Be informed about the processing of your personal data;
b) Obtain access to the preserved personal data concerning him;
c) Request the correction of incorrect, inaccurate or incomplete personal data;
d) Request the deletion of personal data that is no longer needed or if its treatment is unlawful, in accordance with the limitations imposed by the legislation in force;
e) Oppose the processing of your personal data for reasons related to your specific situation;
f) Request the limitation of the processing of your personal data in specific cases;
g) Receive your personal data in automatic reading format and send the file to another controller, whenever applicable;
h) Request that decisions made on the basis of automated processing that concern them or that significantly affect them and that are not based on their personal data are made by natural persons. You also have the right, in this case, to express your point of view and to challenge the decision.

ENSE will use its best efforts, in accordance with the General Data Protection Regulation, to provide, correct and delete personal information that we hold in our files.

If you wish to exercise your rights or obtain any clarification on any matter related to data protection, privacy and information security issues, you can contact ENSE, via email rgpd@ense-epe.pt with the indication of the matter in question and indicating a telephone or e-mail for reply.


9. Impact assessment

ENSE will carry out an impact assessment on data protection whenever the treatment is likely to result in a high risk to the rights and freedoms of natural persons, considering all european and national guidelines, namely Regulation No. 1 / 2018 of the National Data Protection Commission.


10. Storage time

Personal data will be kept only for the period necessary for the purposes underlying its collection and treatment, and will be preserved and disposed of, in accordance with internal rules, notwithstanding the legal provisions applicable in terms of archiving.


11. Technical and Organizational Measures

ENSE applies the technical and organizational measures that guarantee the integrity and confidentiality of personal data.
For this purpose, it has an Internal Information Security Policy that establishes a set of rules and instructions that are applicable to all information circulating in ENSE, with a special emphasis on all information containing personal data.


12. International transfers

Whenever international data transfer is necessary, ENSE will ensure that the transfer complies with the applicable legislation, namely that the third country offers an adequate level of protection or that adequate guarantees are provided and if data subjects enjoy enforceable rights and effective remedial legal measures.