Privacy Policy

1. Privacy Policy

This privacy policy applies to all types of activities involving the processing of personal data on the PORTALS of EDP Energias do Brasil S/A and its controlled and affiliated companies where there is an agreement for such processing (EDP).

This Privacy Policy aims to demonstrate EDP’s commitment to the privacy and protection of its USERS’ personal data by establishing rules regarding the collection, recording, storage, use, sharing, and deletion of personal data within the scope of the services and functionalities of the PORTALS, in accordance with applicable laws and regulations in force.

As a condition for accessing and using the exclusive functionalities of the PORTALS, USERS declare that they: • are legally capable; and
• have fully and carefully read the rules set forth in this document and are fully aware of and agree with the policy established herein.

USERS may contact EDP’s Data Protection Officer regarding any issue related to this privacy policy through the Privacy Portal.

2. Processing of Personal Data

EDP is the entity responsible for processing the personal data of USERS of the PORTALS www.edp.com.br and those related to EDP domains located in Brazil, and is committed to ensuring the protection, confidentiality, and privacy of such information.

3. Personal Data

Personal data is information that identifies USERS and allows us to know who they are within the EDP environment. Therefore, as a USER, you voluntarily provide and/or submit your data in order to access and interact with EDP’s various PORTALS.

Information Provided by the USER

From the information provided by USERS through forms available on our websites and applications, EDP will collect personally identifiable information such as name, phone number, email address, ID number (RG), taxpayer identification number (CPF), and address.

Additional information may also be requested through direct contact between EDP and USERS, whether in person, by email, or by phone, such as installation number information for EDP customers.

Website Browsing Information

When accessing our websites and applications, a “cookie” may be installed on your browser to identify how many times you return to our address. In this case, the following information may be collected: • IP address
• Geographic location
• Referral source
• Browser type
• Duration of visit
• Pages visited

Through its Cookie Policy, EDP websites indicate transparently and clearly the manner, situations, and reasons for the use of collected personal information. USERS may configure their devices and browsers at any time to accept all or some cookies, to notify them whenever a cookie is generated, or to never receive cookies.

USERS may access the Cookie Policy.

4. Purposes of Personal Data Processing

All personal information collected through the use of EDP websites is intended to: • Identify USERS
• Provide services or products
• Comply with legal or regulatory obligations
• Respond to USER and customer requests
• Inform USERS about content, news, updates, and other matters related to maintaining the relationship between the USER and EDP

In all activities involving the processing of personal data by EDP, the principles of purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination — meaning the impossibility of processing data for unlawful or abusive discriminatory purposes — accountability, and compliance are observed.

EDP is not responsible for the truthfulness, accuracy, or consistency of information provided by USERS. If such data is not up to date, EDP recommends that USERS contact us through our customer service channels to update their information.

EDP will inform USERS whenever their consent is required for the performance of its activities. Any consent collected by EDP will be legitimate and specific to fulfill the established purpose, requested clearly and individually.

USER data may be shared with regulatory agencies related to EDP, as well as judicial, administrative, or governmental authorities whenever there is a specific request on this matter, in accordance with legal provisions.

USER data may be customized (“Privacy by Design”) for a particular Service or Product in order to increasingly adapt it to their preferences and interests.

5. Transfer to Other Companies

Personal data may be transferred, in whole or in part, to third-party companies and business partners that are not part of EDP in order to ensure the proper performance of activities within the EDP environment. Personal data may also be shared among EDP Energias do Brasil companies.

Personal data will only be transferred to third parties after obtaining the data subject’s consent or when necessary to comply with legal or regulatory obligations, exercise rights in judicial or administrative proceedings, execute contracts, or meet the legitimate interests of the data subject or EDP.

6. International Data Transfer

Personal data may be transferred, in whole or in part, abroad to entities located outside the USER’s country of residence. EDP complies with the requirements established by applicable legislation and ensures the use of appropriate tools and measures (such as the European Commission’s Standard Contractual Clauses), adopting best security and privacy practices to protect USERS’ personal data.

7. Access to Data

Access to personal data will be restricted only to EDP employees and, among them, only to those with specific internal authorization to do so, without prejudice to other rights established under personal data protection legislation, upon request and at any time.

8. Rights of the Personal Data Subject

EDP provides USERS with a specific communication channel for handling requests: the Privacy Portal.

This channel is exclusively intended for requests related to the processing of personal data, such as: • Confirmation of the existence of personal data processing within the EDP environment
• Blocking or objecting to data processing
• Deletion of unnecessary and/or excessive data
• Data deletion, subject to compliance with legal or regulatory obligations
• Review of automated decisions
• Withdrawal of consent

For correction of incomplete, inaccurate, or outdated data, please refer to the customer service channels here, in accordance with ANEEL Normative Resolution No. 1,000/2021.

EDP Suppliers
https://edpartners.miisy.eu/login?locale=pt_BR
https://sinergie.miisy.eu/login

EDP SMART (Solar or Energy Efficiency)
https://empresas.edp.com.br/
Customer Service Center, available from 8:00 a.m. to 8:00 p.m., Monday through Friday.

EDP Espírito Santo (Distributor)
https://www.edp.com.br
https://www.edponline.com.br
0800 721 0707
Hearing Impaired Assistance: 0800 727 2655

EDP São Paulo (Distributor)
https://www.edp.com.br
https://www.edponline.com.br
0800 721 0123
Hearing Impaired Assistance: 0800 727 2872

Volunteer Portal
https://voluntariado.edp.com/pt-BR

9. Data Retention

The retention period for personal data within EDP complies with the requirements established by sector-related legislation and may vary according to the purpose for which the data was collected.

In any case, USER and EDP customer data is stored in a secure and controlled environment for the period required under applicable legislation.

USERS may use the Privacy Portal communication channel to request deletion of their data before this period expires. However, data may need to be retained to comply with legal or regulatory obligations, court orders, fraud prevention (Art. 11, II, “a” of the LGPD), credit protection (Art. 7, X of the LGPD), among other legitimate interests provided for in the LGPD (General Data Protection Law).

Once legal retention periods have expired, personal data will be deleted following internal methodology or retained in anonymized form for statistical purposes.

10. Security Measures

EDP is committed to ensuring the protection and security of the personal data made available to it. Therefore, various technical and organizational security measures are adopted to protect personal data against disclosure, loss, misuse, alteration, unauthorized processing or access, as well as any other form of unlawful processing.

Notwithstanding the security measures adopted, as an Internet USER, website visitors should always adopt additional security measures, such as ensuring they use a computer and browser updated with properly configured security patches, active firewall, antivirus, and antispyware software, and verifying the authenticity of websites visited on the internet, avoiding websites with questionable reputations.

Use of the PORTALS implies full knowledge of this Privacy Policy, which may be changed without prior notice. Therefore, USERS are advised to review this page regularly to remain informed.

11. Data Privacy Incident Communication

A data privacy incident occurs whenever there is any accidental or unlawful situation resulting in the destruction, loss, alteration, improper access, unlawful or inappropriate processing of personal data, such as a personal data breach.

To report privacy incidents, suspected or confirmed cases may be submitted to the Data Protection Officer through the Privacy Portal so that the appropriate clarifications and measures may be taken.

12. Advertisements

Like other websites, when a USER clicks on an EDP advertisement on a third-party website, EDP collects and uses the information contained in such advertisements, made available through the USER’s access. The information contained in advertisements includes IP address (Internet Protocol), ISP (Internet Service Provider), browser used to visit our website (such as Internet Explorer or Firefox), duration of visit, and pages visited within the PORTALS.

13. Access to Third-Party Websites

EDP is not responsible for the privacy policy or content available on third-party websites. USERS should always review the privacy policies of any other website accessed through the PORTALS.

14. Jurisdiction

This document is governed by and shall be interpreted in accordance with the laws of the Federative Republic of Brazil. In the absence of any legal provision to the contrary, the courts of the District of São Paulo, State of São Paulo, shall have jurisdiction to resolve any issues arising from this document, with express waiver of any other jurisdiction, however privileged it may be.

The use of EDP PORTALS by USERS implies acceptance of the conditions established in this Privacy Policy, including any changes that may be made to it.

15. Identification of the Data Protection Officer
Name: Fabio William Loreti
Alternate: Cynthia Alves Rosa Fernandes
Communication Channel: Privacy Portal

Date of publication of the original version: 08/27/2020.
Date of publication of the latest version of this document: 05/15/2026.