for the My CEZ platform/application


My CEZ is a service made available to clients or potential clients by CEZ Vanzare S.A., through which details about the contract, consumption, payments, invoice history, new offers and other useful information are provided.

CEZ Vanzare S.A. (hereinafter referred to as “CEZ”), a joint stock company managed in a two-tier system, with the headquarters in Craiova, str. Calea Severinului, nr. 97, etaj 1, judetul Dolj, registered at the Trade Register Office attached to the Dolj District Law Court under no. J16/517/2007, having the Fiscal Code 21349608 is the owner of My CEZ and the data operator, from the perspective of personal data processing inherent to the use of My CEZ.

Through this document, My CEZ users are informed about the processing of personal data when they create an account and use the My CEZ platform/application and the rights they have in connection with the processing of their personal data.



When you choose to use My CEZ, we will process certain personal data that concern you, in connection with the provision of the services you have contracted. CEZ processes your personal data in accordance with the legal provisions in the field regarding the processing of personal data, as an operator, only for the specified purposes.


1. Creating the My CEZ account and authentication in the account

In order to create an account on the My CEZ online platform, we must identify you in our CEZ client database. For this purpose, we request certain account validation data, some of which may constitute personal data:
a) in case of household customers, are requested the following: the client code, the last 6 digits of the personal numeric code, the e-mail address and the telephone number (optional). 
b)in case of non-household customers, are requested the following: the client code, the invoice number, the contract number, the e-mail address  and the telephone number (optional).

You will also need to choose a password to access your account. After confirming the data, in addition to these the surname, first name, county and type of client (domestic/non-domestic) are stored. Later, in order to be able to log in to your account, we ask for your e-mail and password.

We process this data under the execution of a contract with you, namely the My CEZ Terms and Conditions of Use, which you accept when you open your account. In the case of legal representatives of the legal entities, we also have a legitimate interest in the processing of personal data, in order to provide the services available through My CEZ.

The data is stored for the entire duration of your active My CEZ account plus a maximum period of 3 years.

Please keep the confidentiality of account creation and account authentication data. CEZ is not held liable in the event you disclose this data to third parties.

2. Personal data available in the account

My CEZ account allows you to view certain information, including personal data, related to the services that CEZ provides to you. This information refers to: data from the electric energy/natural gas supply contract; data related to consumption, consumption measuring instruments and the address of the place of consumption; information on the provision of energy supply services, transmission of requests, report of invoices and payments; index transmission; reservations in client relations centres and other data processed within similar functionalities.

We process these data under the execution of a contract with you, namely the My CEZ Terms and Conditions of Use, which you accept when you open your account. The data is necessary to benefit from the functionalities of the My CEZ platform and will be available to you for as long as you have an active My CEZ account plus a maximum period of 3 years.


3. Data related to the use of My CEZ

a)    In the case of the My CEZ mobile application, certain data regarding the use of the application are processed, such as: device type (ios/android), ios version, region (country), e-mail address, actions performed in the app (sections visited). Also, the application may request permissions to use the geographical location (only when the application is used), files (documents and pictures).

These data are processed on the basis of the legitimate interest of CEZ, in order to analyse the use of the application and to improve the services offered. The data will be kept as long as you have an active My CEZ account plus a maximum period of 3 years.

b)    In the case of the My CEZ web platform, some data regarding the use of the platform can be processed, as:
-    IP address with which the platform was accessed at the last authentication (for account security);
-    Device Token and the type of device since the last authentication in the mobile application;
-    the e-mail address used to create the account is also used for sending account activation emails, setting/resetting the email address, sending notifications.

These data are processed on the basis of the legitimate interest of CEZ, in order to ensure the necessary security standards, to analyse the way in which the platform is used and to manage the interaction with the clients. The data will be kept for as long as you have a My CEZ active account plus an additional period of 3 years.

IMPORTANT! On the creation of a user account in My CEZ, certain communications related to the supply of electric energy/natural gas (regarding the issuance of invoices, maturity of invoices, notice of non-payment, self-reading index entry period, information regarding the planned/accidental interruption of electricity) will be made by electronic mail, via e-mail or push notifications in the case of the mobile application. You can change this at any time by changing the settings in the Account Settings section, Notifications Preferences subsection, directly from the My CEZ account.

4. Request an offer through My CEZ

Even if you are not a CEZ client, you can request through My CEZ an offer for electric energy or natural gas services.

Thus, you will be able to fill in a dedicated form requesting certain information (type of client - natural or legal person; type of service of interest - electric energy or natural gas; county; distribution operator; current supplier; consumption category). We will process these personal data to act on the request of the data subject before concluding a contract or based on our legitimate interest, to offer CEZ products and services as a result of your request. We will retain these data for a maximum period of 3 years.

5. Conclusion a contract for electric energy or natural gas services through My CEZ

If you accept the offer sent by CEZ for electric energy or natural gas services, the supply contract can be concluded remotely directly through My CEZ. Clients/potential clients who wish to conclude contracts by this mean and do not have an active My CEZ account, must activate their account after submitting the preliminary information necessary to generate the offer (according to section 4 above).

For this purpose, you will be asked to upload certain information and documents to the platform, such as:
-    copy of the identity card;
-    copy of ownership deed/title of the place of consumption;
-    the last invoice related to the place of consumption;
-    other relevant documents, depending on your particular situation, as may be justifiably requested by CEZ.

You will also be asked for additional identification information, necessary to complete and generate the contract: name, surname, CNP, series and number of identity card, date of issue and issuer of identity card, home address, contact details (contact number telephone, fax and e-mail address), data regarding the address of the place of consumption.

In order to generate and conclude the contract, you will be asked to go through a series of validation steps that will involve receiving links / codes on your e-mail address or via SMS. It is absolutely necessary to use a valid e-mail address to which you currently have access to manage all aspects related to the operation of the My CEZ account.

The  above documents and information are required under energy legislation, which requires the collection of minimal information from energy service clients. We will process this data in order to prepare and conclude the supply contract, according to the CEZ offer accepted by you and to create a client code in our internal client management system.

Also, the technical process of generating the contract includes a series of steps in which you can choose how you want the correspondence to be received. We will use your contact information based on our legitimate interest to communicate to you relevant issues related to the services we provide. You may object to the receipt of electronic or physical correspondence from us, but we reserve the right to contact you, including by using your telephone number or e-mail, in the event of important and / or urgent matters related to the services you provide.

Please, note that if you become a CEZ customer due to the change of your electricity supplier, the energy legislation requires us to process your personal data in the contract by transmitting them to the network operator (which may be Distributie Energie Oltenia S.A. or another network operator in your geographical area). This, obligation is also valid if CEZ is the first supplier with which you conclude a contract. The network operator must know, according to the law, certain information about the places of consumption, which include the identity of the clients and the actual consumption. Moreover, the network operator can contact you directly to resolve certain important and / or urgent issues related to infrastructure and devices (including smart meters that the network operator manages).

You can choose to receive marketing communications from us online (e-mail and online platforms), via SMS / MMS / push notifications, by voice call or by mail. You may refuse to receive such communications, without such refusal adversely affecting the conclusion and performance of the service contract. We will keep the marketing contact details until the date on which you withdraw your consent for this purpose.

Client feedback is very important to CEZ. Therefore, we will be able to send you forms asking for your feedback about our services. We carry out this processing in our legitimate interest to know the opinion of the clients in connection with the development of the contractual relationship and any issue regarding the supply of energy and / or natural gas, in order to improve the contractual relationship and the services or products we offer.

Segmentation of the database with CEZ clients may take into account socio-demographic criteria (eg age, gender), as well as geographical. This processing is performed for our legitimate interest to know the needs and preferences of our clients, to formulate personalized offers, as well as for the clients' interest to benefit from solutions as appropriate as possible to their needs.

In order to provide customers with support regarding any question, need for technical assistance or any other problem they may have regarding the provision of services, they can contact us by phone through the call-center system, on which occasion we process the following data. personal: name and surname, telephone number, customer code, date of birth, voice (registration). This processing is carried out in the legitimate interest, of us and of the clients, to solve their requests regarding the supply of energy and / or natural gas.

As a rule, CEZ keeps your personal data for the time necessary to fulfill the purposes presented above. In particular, the following storage periods shall apply: (a) the contracts shall be kept for a period of 10 years from the termination of the contractual relationship between the customer and CEZ; (b) we are also obliged by law to collect and keep tax supporting documents, such as invoices, proof of service provision and proof of payments made during the execution of the contract, etc. These data will be processed based on the obligations imposed by the fiscal and accounting legislation and the related regulations and will be stored for the period of applicable fiscal prescription; (c) records from the call center shall be kept for a period of 5 years from the time the call was made.


We will disclose your personal data only for the purposes and to the categories of recipients described below:

a)    Disclosure of data to CEZ Vanzare affiliated entities

Your personal data may be disclosed to any other company that is a member of our group if we believe that this is in our legitimate interest, for internal administrative purposes (e.g. data management in internal computer systems, contract archiving, management invoices, dispute resolution, etc.) or for auditing and monitoring our internal processes. Access to information is limited to staff who need to know personal information.

b)    Disclosure of data to other entities

We may also disclose your personal data to third parties in the following situations: 

-    network operators, according to the legislation, to inform them about new contracts and places of consumption, about changing suppliers, as well as about the ways in which clients can be contacted in order to solve important/urgent issues related to infrastructure and devices.
-    companies that provide us products and services (authorized persons), such as: suppliers who have access to clients’ personal data in order to provide us with certain services such as: IT systems management; website services, database management for marketing, invoice transmission, etc.
-    other entities, such as: public authorities and institutions, auditors, lawyers and other external professional consultants, when their activity imposes knowledge of the data or when the law requires us to disclose them.

We may also disclose your personal data to other third parties in the following situations:
o    if you request or give us your consent in this regard;
o    the persons who demonstrate that they have the legal authority to act on your behalf;
o    if we have the obligation to disclose your personal data in order to comply with a legal obligation or a request from the authorities.

Also, if you choose to pay for CEZ services by card online, directly from My CEZ, your data will be processed by the payment processor (third party service provider compared to CEZ). At the time of the payment, you will be redirected to a payment page provided by the payment processor, where you will find details on the terms and conditions for using the card payment functionality and on the processing of related personal data.

The third parties with whom we choose to share your personal information in accordance with the above are limited (by law and contract) in their ability to use personal data strictly for the specific purposes identified by us. We will always ensure that any third party with whom we choose to share personal data is subject to data protection obligations. However, for the avoidance of doubt, this may not be applicable where the disclosure is not our decision (for example, whether we need to provide personal data as a result of a mandatory request from a public authority).


We process your personal data within the EEA and do not transfer or disclose your personal data to third parties outside the EEA. If we use non-EEA providers who may have access to your data for the provision of services to CEZ, we will take appropriate steps to ensure that they adequately protect your personal information in accordance with this policy. These measures include:
•    in the case of service providers based in the USA, concluding standard contractual agreements approved by the European Commission with them, or ensuring their adherence to the Privacy Shield, or
•    in the case of service providers based in countries outside the EEA, the conclusion of standard contractual agreements approved by the European Commission with them or other appropriate guarantees, such as decisions issued by the European Commission to ensure that the country in question provides an appropriate level of  personal data protection.



As a data subject, according to the law, you have certain rights regarding the way we process your data.
(a)    Right of withdrawal of consent: When you have given your consent to the processing of your personal data, you may withdraw your consent at any time.
(b)    Right to rectification: You may request the rectification of personal data concerning you, if they are inaccurate or incomplete.
(c)    Right to restriction of processing: You may request the restriction of the processing of your personal data if one of the following cases applies:
•    you contest the accuracy of your personal data, for the period we need to verify the accuracy of the data;
•    the processing is illegal and you oppose the deletion of your personal data,  requesting instead the restriction of their use;
•    we no longer need your personal data for the purpose of processing, but you request them for the appeal, exercise or defence of a right in court, or  
•    you object to the processing (under the right of opposition) for the period in which we verify whether our legitimate rights prevail.
(d)    Right of access: You may request information about the personal data we process about you, including information about the categories of data we hold, what they are used for, the duration of the processing and to whom this data is disclosed, if applicable. 
(e)    Right to delete data: You may request that we delete your personal data concerning you. We must comply with this request if we process your personal data, except for the data that are necessary:

•    for exercising the right to freedom of expression and information;
•    to comply with a legal obligation we have;
•    for archiving purposes in the public, scientific interest, or for historical studies or for statistical purposes; or
•    for finding, exercising or defending a right in court.
(f)    Right of opposition: You may oppose, at any time, the processing of your personal data for reasons related to your particular situation, provided that the processing is based on our legitimate interests or those of a third party. In this case, we will no longer process your personal data, unless we can prove legitimate and compelling reasons justifying the processing and prevailing over your interests, rights and freedoms or for the finding, exercising or defending a right in court. 
You also have the right to oppose to the processing of data for direct marketing purposes.
(g)    Right to data portability: You may request to receive your personal data that you have provided to us and which are processed under the consent or performance of a contract, and if it is technically feasible, to request that to be submitted to another operator.
(h)   The right not to be subject to a decision based solely on automatic processing, including profile creation, which produces legal effects which concern or affect you to a significant extent.
(i)    Right to file a complaint: If you have a grievance, please let us know to try to remedy the situation. If we do not succeed, you can contact the  The National Supervisory Authority For Personal Data Processing, through the procedure described on its website:

To notice:
•    Time period: We will try to settle your request within one month, which may be extended by a maximum of two months, for specific reasons related to a particular legal right or the complexity of your request. In all cases, if this term is extended, we will inform you about the duration of the extension and the reasons that led to it.

•    Lack of identification: In some cases, we may not be able to find your personal data due to the identification elements you indicated in your application. In such cases, where we are unable to identify you as the data subject, we cannot comply with your request to exercise the legal rights described in this section unless you provide us with additional information that allow your identification. We will inform you and give you the opportunity to provide such additional details.

•    Exercise of rights: To exercise your rights, please contact us in writing (including electronically) at the contact details provided in the section below. 


Please address your questions and requests about the processing of personal data following the contact instructions in the section of this website or directly by e-mail to the address



This policy can be modified whenever we deem it necessary, and it will be made known by posting on our website.