Privacy policy - Main My CEZ
PRIVACY POLICY
for the My CEZ platform/application
My CEZ is a service made available to clients or potential clients by CEZ Vanzare S.A., through which details about the contract, consumption, payments, invoice history, new offers and other useful information are provided.
CEZ Vanzare S.A. (hereinafter referred to as “CEZ”), a joint stock company managed in a two-tier system, with the headquarters in Craiova, Calea Severinului Street, no. 97, 1st floor, Dolj county, registered at the Trade Register Office attached to the Dolj District Law Court under no. J16/517/2007, having the Fiscal Code 21349608 is the owner of My CEZ and the data operator, from the perspective of personal data processing inherent to the use of My CEZ.
Through this document, My CEZ users are informed about the processing of personal data when they create an account and use the My CEZ platform/application and the rights they have in connection with the processing of their personal data.
I. CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES FOR WHICH THEY ARE PROCESSED, AS WELL AS THE LEGAL BASIS OF THEM
When you choose to use My CEZ, we will process certain personal data that concern you, in connection with the provision of the services you have contracted. CEZ processes your personal data in accordance with the legal provisions in the field regarding the processing of personal data, as an operator, only for the specified purposes.
1. Creating the My CEZ account and authentication in the account
In order to create an account on the My CEZ online platform, we must identify you in our CEZ client database. For this purpose, we request certain account validation data, some of which may constitute personal data:
a) in case of household customers, the following details are requested: the client code, the last 6 digits of the personal numeric code, the e-mail address and the telephone number (optional).
b) in case of non-household customers, the following details are requested: the client code, the invoice number, the contract number, the e-mail address and the telephone number (optional).
You will also need to choose a password to access your account. After confirming the data, in addition to these, the surname, first name, county and type of client (domestic/non-domestic) are stored. Later, in order to be able to log in to your account, we ask for your e-mail and password.
We process this data under the execution of a contract with you, namely the My CEZ Terms and Conditions of Use, which you accept when you open your account. In the case of legal representatives of the legal entities, we also have a legitimate interest in the processing of personal data, in order to provide the services available through My CEZ.
The data is stored for the entire duration of your active My CEZ account plus a maximum period of 3 years.
Please keep the confidentiality of account creation and account authentication data. CEZ is not held liable in the event you disclose this data to third parties.
2. Personal data available in the account
My CEZ account allows you to view certain information, including personal data, related to the services that CEZ provides to you. This information refers to: data from the electric energy/natural gas supply contract; data related to consumption, consumption measuring instruments and the address of the place of consumption; information on the provision of energy supply services, transmission of requests, report of invoices and payments; index transmission; reservations in client relations centres and other data processed within similar functionalities.
We process these data under the execution of a contract with you, namely the My CEZ Terms and Conditions of Use, which you accept when you open your account. The data is necessary to benefit from the functionalities of the My CEZ platform.
Also, in the Account Settings section, Commercial Communications Preferences subsection, you will be able to express the option regarding the methods of receiving commercial communications from CEZ. By ticking one or more of the available communication channel options (online - email and online platforms; SMS/MMS/Push USSD; voice call; mail), you agree that CEZ may process your personal data for marketing purposes, for sending commercial communications through the selected channels. We will keep and use your contact data for marketing purposes until the date on which you withdraw your consent for this purpose.
3. Data related to the use of My CEZ
a) In the case of the My CEZ mobile application, certain data regarding the use of the application are processed, such as: device type (iOS/Android), iOS version, region (country), e-mail address, actions performed in the app (sections visited). Also, the application may request permissions to use the geographical location (only when the application is used), files (documents and pictures).
These data are processed on the basis of the legitimate interest of CEZ, in order to analyse the use of the application and to improve the services offered.
b) In the case of the My CEZ web platform, some data regarding the use of the platform can be processed, as:
- IP address with which the platform was accessed at the last authentication (for account security);
- Device Token and the type of device since the last authentication in the mobile application;
- the e-mail address used to create the account is also used for sending account activation emails, setting/resetting the email address, add customer code, sending notifications, online payment confirmation.
These data are processed on the basis of the legitimate interest of CEZ, in order to ensure the necessary security standards, to analyse the way in which the platform is used and to manage the interaction with the clients.
IMPORTANT! With the creation of a user account in My CEZ, certain communications related to the supply of electric energy/natural gas (regarding the issuance of invoices, maturity of invoices, notice of non-payment, self-reading index entry period, information regarding the planned/accidental interruption of electricity) will be made by electronic mail, via e-mail or push notifications in the case of the mobile application. You can change this at any time by changing the settings in the Account Settings section, Notifications Preferences subsection, directly from the My CEZ account.
4. Request an offer through My CEZ
Even if you are not a CEZ client, you can request through My CEZ an offer for electric energy or natural gas services.
Thus, you will be able to fill in a dedicated form requesting certain information (type of client - natural or legal person; type of service of interest - electric energy or natural gas; county; distribution operator; current supplier; consumption category). We will process these personal data to act on the request of the data subject before concluding a contract or based on our legitimate interest, to offer CEZ products and services as a result of your request.
5. Conclusion a contract for electric energy or natural gas services through My CEZ
If you accept the offer sent by CEZ for electric energy or natural gas services, the supply contract can be concluded remotely directly through My CEZ. Clients/potential clients who wish to conclude contracts by this mean and do not have an active My CEZ account, must activate their account after submitting the preliminary information necessary to generate the offer (according to section 4 above).
For this purpose, you will be asked to upload certain information and documents to the platform, such as:
- copy of the identity card;
- copy of ownership deed/title of the place of consumption/ affidavit;
- the last invoice related to the place of consumption (it is recommended to send the last invoice for the correct retrieval of the data);;
- other relevant documents, depending on your particular situation, as may be justifiably requested by CEZ.
You will also be asked for additional identification information, necessary to complete and generate the contract: name, surname, personal ID number, series and number of identity card, date of issue and issuer of identity card, home address, contact details (contact number telephone, fax and e-mail address), data regarding the address of the place of consumption. The data found in the identity card can be automatically retrieved from the copy of the identity card that you upload to our systems, if you opt for this possibility during the online contracting procedure.
In order to generate and conclude the contract, you will be asked to go through a series of validation steps that will involve receiving links / codes on your e-mail address or via SMS. It is absolutely necessary to use a valid e-mail address to which you currently have access to manage all aspects related to the operation of the My CEZ account.
The above documents and information are required under energy legislation, which requires the collection of minimal information from energy service clients. We will process this data in order to prepare and conclude the supply contract, according to the CEZ offer accepted by you and to create a client code in our internal client management system.
Also, the technical process of generating the contract includes a series of steps in which you can choose how you want the correspondence to be received. We will use your contact information based on our legitimate interest to communicate to you relevant issues related to the services we provide. You may object to the receipt of electronic or physical correspondence from us, but we reserve the right to contact you, including by using your telephone number or e-mail, in the event of important and / or urgent matters related to the services we provide to you.
6. Signing a contract for electricity or natural gas services through a CEZ field sales agent
If you go through the steps for contracting CEZ electricity /natural gas supply services through a field sales agent, as part of this process a My CEZ user account will be created for the field sales agent.
For this purpose, certain information and documents about you will be registered in the CEZ system via a mobile device (tablet, smartphone), such as: type of customer - natural or legal person; type of service of interest - electricity or natural gas; county; distribution operator; current supplier; consumption category. On the basis of this information the available offers will be generated. Following the acceptance of an offer, in order to complete the contracting procedure, certain information and documents are requested and uploaded into CEZ systems:
- copy of identity card / tax registration certificate;
- copy of property deed / title deed / affidavit;
- invoice from the current supplier containing the technical data of the place of consumption
- other relevant documents, depending on your particular situation, as may be justifiably requested by CEZ.
Also, the necessary information for generating the contract will be filled in the My CEZ platform: Identification data (name, surname, personal ID number, series and number of identity document, date of issue and issuer of the identity document); Home address data (county, city, exact address); Contact data (landline and mobile phone number, fax and e-mail address); data regarding the place of consumption, correspondence. The data found in the identity card will be automatically retrieved from the copy of the Identity Card that you upload to our systems, if you opt for this possibility during the online contracting procedure.
The above documents and information are required under energy legislation, which requires the collection of minimum information from energy customers. We will process this data in order to prepare and conclude the supply contract, according to the CEZ offer accepted by you and to create a customer code in our internal customer management system, if applicable.
Also, the process of generating and concluding the contract includes a series of steps where you can choose how you want to receive mail. We will use your contact data on the basis of our legitimate interest to communicate relevant issues related to the services we provide. You may object to receiving electronic or physical correspondence from us, but we reserve the right to contact you, including by using your telephone number or by email, on important and/or urgent matters relating to the services we provide.
7. General interaction between CEZ and customers / users of the My CEZ platform
Please, note that if you become a CEZ customer due to the change of your electricity supplier, the energy legislation requires us to process your personal data in the contract by transmitting them to the distribution operator (which may be Distributie Energie Oltenia S.A. or another distribution operator in your geographical area). This, obligation is also valid if CEZ is the first supplier with which you conclude a contract. The distribution operator must know, according to the law, certain information about the places of consumption, which include the identity of the clients and the actual consumption. Moreover, the distribution operator can contact you directly to resolve certain important and / or urgent issues related to infrastructure and devices (including smart meters that the distribution operator manages).
You can choose to receive marketing communications from us online (e-mail and online platforms), via SMS / MMS / push notifications, by voice call or by mail. You can refuse to receive such communications, without such refusal negatively affecting the conclusion and performance of the service contract. We will keep the marketing contact details until the date on which you withdraw your consent for this purpose.
Client feedback is very important to CEZ. Therefore, we will be able to send you forms asking for your feedback about our services. We carry out this activity in our legitimate interest to know the opinion of the clients in connection with the development of the contractual relationship and any issue regarding the supply of energy and / or natural gas, in order to improve the contractual relationship and the services or products we offer.
The segmentation of the CEZ customer database can take into account socio-demographic criteria (eg age, gender), as well as geographical. This processing is performed for our legitimate interest to know the needs and preferences of our clients, to formulate personalized offers, as well as for the clients' interest to benefit from solutions as appropriate as possible to their needs.
In order to provide customers with support regarding any question, need for technical assistance or any other problem they may have regarding the provision of services, they can contact us by phone through the call-center system, on which occasion we process the following data. personal: name and surname, telephone number, customer code, data regarding the last invoice, date of birth, personal ID number, data regarding the home address, address of the place of consumption, correspondence address, data regarding the bank account (if necessary), voice (registration). This processing of this data is carried out in the legitimate interest, of us and of the clients, to solve their requests regarding the supply of energy and / or natural gas.
8. Balance and invoice information section in My CEZ - web version, dedicated to household customers
If you are a CEZ household customer, whether or not you have an account created in My CEZ, you can access, within the My CEZ homepage (web version), a dedicated section that allows you to view balance and billing information (via a button positioned below the login section). Once you have accessed this button, you will be directed to a page where, in order to view the information related to the contract you have as a CEZ customer, you will have to fill in some details so that we can recognize you and provide you with the relevant information. For this purpose, we will ask you for your customer code and the last 6 digits of your personal ID number. Afterwards you need to confirm that you agree with the terms and conditions provided to you. To validate the data entered, you will be asked to enter the CAPTCHA code that appears on the screen.
Once you have completed the authentication steps, the following information will be displayed:
- balance at the date of access;
- list of invoices (which will contain information such as: customer code, service type, invoice number, issue date, due date, amount, payment balance, payment status). You can also download any of the displayed invoices in PDF format.
You can use the invoice filtering function, which means that you can choose which criterion(s) are taken into account when your invoices are displayed (e.g. date of issue, due date, payment status, service type, invoice number, reset filters).
We also offer you the possibility to pay your invoices online, in full or in part. If you wish to make a partial payment, you need to enter the amount you wish to pay. Otherwise, choose the "Pay in full" option and you will be redirected to the payment page of the payment processor. After making the payment you will receive a confirmation of the payment by email. If you do not have an email address already registered in the system, before being directed to the payment processor's payment page you will have to enter an email address to receive the online payment confirmation.
Once you have entered your card details when paying online, they will not be used or stored by CEZ. Payment processing will be carried out through a payment processor (third party service provider to CEZ). When making the payment, you will be redirected to a payment page provided by the payment processor where you will find details on the terms and conditions for the use of the card payment functionality and on the processing of related personal data by the payment processor.
When you no longer wish to have the page that informs you about the above-mentioned information open, you can click on the "Logout" button which will return you to the homepage.
We process your personal data related to the use of this functionality pursuant to the execution of a contract with you, namely the My CEZ Terms and Conditions of Use which you accept when you log in to access the Balance Information and Invoices section.
As a rule, CEZ keeps your personal data for the time necessary to fulfill the purposes presented above. In particular, the following storage periods shall apply: (a) the contracts shall be kept for a period of 10 years from the termination of the contractual relationship between the customer and CEZ; (b) we are also obliged by law to collect and keep tax supporting documents, such as invoices, proof of service provision and proof of payments made during the execution of the contract, etc. These data will be processed based on the obligations imposed by the fiscal and accounting legislation and the related regulations and will be stored for the period of applicable fiscal prescription; (c) records from the call center shall be kept for a period of 5 years from the time the call was made.
II. TO WHOM WE DISCLOSE PERSONAL DATA
We will disclose your personal data only for the purposes and to the categories of recipients described below:
a) Disclosure of data to CEZ Vanzare affiliated entities
Your personal data may be disclosed to any other company that is a member of our group if we believe that this is in our legitimate interest, for internal administrative purposes (e.g. data management in internal computer systems, contract archiving, management invoices, dispute resolution, etc.) or for auditing and monitoring our internal processes. Access to information is limited to staff who need to know personal information.
b) Disclosure of data to other entities
We may also disclose your personal data to third parties in the following situations:
- distribution operators, according to the energy legislation, to inform them about new contracts and places of consumption, about changing suppliers, as well as about the ways in which clients can be contacted in order to solve important/urgent issues related to infrastructure and devices.
- companies that provide us products and services (authorized persons), such as: suppliers who have access to clients’ personal data in order to provide us with certain services such as: IT systems management; website services, database management for marketing, invoice transmission, invoice transmission, field contracting services, technical solutions for online contracting etc.
- other entities, such as: public authorities and institutions, auditors, lawyers and other external professional consultants, when their activity imposes knowledge of the data or when the law requires us to disclose them.
We may also disclose your personal data to other third parties in the following situations:
o if you request or give us your consent in this regard;
o the persons who demonstrate that they have the legal authority to act on your behalf;
o if we have the obligation to disclose your personal data in order to comply with a legal obligation or a request from the authorities.
Also, if you choose to pay for CEZ services by card online, directly from My CEZ, your data will be processed by the payment processor (third party service provider compared to CEZ). At the time of the payment, you will be redirected to a payment page provided by the payment processor, where you will find details on the terms and conditions for using the card payment functionality and on the processing of related personal data.
The third parties with whom we choose to share your personal information in accordance with the above are limited (by law and contract) in their ability to use personal data strictly for the specific purposes identified by us. We will always ensure that any third party with whom we choose to share personal data is subject to data protection obligations. However, for the avoidance of doubt, this may not be applicable where the disclosure is not our decision (for example, whether we need to provide personal data as a result of a mandatory request from a public authority).
III. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We process your personal data within the EEA and do not transfer or disclose your personal data to third parties outside the EEA. If we use non-EEA providers who may have access to your data for the provision of services to CEZ, we will take appropriate steps to ensure that they adequately protect your personal information in accordance with this policy.
IV. YOUR RIGHTS
As a data subject, according to the law, you have certain rights regarding the way we process your data.
(a) Right of withdrawal of consent: When you have given your consent to the processing of your personal data, you may withdraw your consent at any time.
(b) Right to rectification: You may request the rectification of personal data concerning you, if they are inaccurate or incomplete.
(c) Right to restriction of processing: You may request the restriction of the processing of your personal data if one of the following cases applies:
• you contest the accuracy of your personal data, for the period we need to verify the accuracy of the data;
• the processing is illegal and you oppose the deletion of your personal data, requesting instead the restriction of their use;
• we no longer need your personal data for the purpose of processing, but you request them for the appeal, exercise or defence of a right in court, or
• you object to the processing (under the right of opposition) for the period in which we verify whether our legitimate rights prevail.
(d) Right of access: You may request information about the personal data we process about you, including information about the categories of data we hold, what they are used for, the duration of the processing and to whom this data is disclosed, if applicable.
(e) Right to delete data: You may request that we delete your personal data concerning you. We must comply with this request if we process your personal data, except for the data that are necessary:
• for exercising the right to freedom of expression and information;
• to comply with a legal obligation we have;
• for archiving purposes in the public, scientific interest, or for historical studies or for statistical purposes; or
• for finding, exercising or defending a right in court.
(f) Right of opposition: You may oppose, at any time, the processing of your personal data for reasons related to your particular situation, provided that the processing is based on our legitimate interests or those of a third party. In this case, we will no longer process your personal data, unless we can prove legitimate and compelling reasons justifying the processing and prevailing over your interests, rights and freedoms or for the finding, exercising or defending a right in court.
You also have the right to oppose to the processing of data for direct marketing purposes.
(g) Right to data portability: You may request to receive your personal data that you have provided to us and which are processed under the consent or performance of a contract, and if it is technically feasible, to request that to be submitted to another operator.
(h) The right not to be subject to a decision based solely on automatic processing, including profile creation, which produces legal effects which concern or affect you to a significant extent.
(i) Right to file a complaint: If you have a grievance, please let us know to try to remedy the situation. If we do not succeed, you can contact the The National Supervisory Authority for Personal Data Processing, through the procedure described on its website: www.dataprotection.ro.
To notice:
• Time period: We will try to settle your request within one month, which may be extended by two months, for specific reasons related to a particular legal right or the complexity of your request. In all cases, if this term is extended, we will inform you about the duration of the extension and the reasons that led to it.
• Lack of identification: In some cases, we may not be able to find your personal data due to the identification elements you indicated in your application. In such cases, where we are unable to identify you as the data subject, we cannot comply with your request to exercise the legal rights described in this section unless you provide us with additional information that allow your identification. We will inform you and give you the opportunity to provide such additional details.
• Exercise of rights: To exercise your rights, please contact us in writing (including electronically) at the contact details provided in the section below.
V. CONTACT INFORMATION
Please address your questions and requests about the processing of personal data following the contact instructions in the section of this website or directly by e-mail to the address dpo@cez.ro.
VI. CHANGES TO THIS POLICY
This policy can be modified whenever we deem it necessary, and it will be made known by posting on our website.