top of page
Sustainable Energy

Privacy Policy

Tupi Energy Limited (“TUPI”) respect your privacy and value the relationship they have with you. This Data Protection and Privacy Policy aims to inform you about the way TUPI processes your Personal Data and ensures your privacy in the development and carrying out of its activities, namely:

•    Controller of your Personal Data
•    Principles applicable to the protection of your Personal Data
•    Personal Data, Processing of Personal Data and Data Subjects
•    Category of Personal Data that TUPI processes
•    Purposes of the processing of your Personal Data
•    Lawful Bases
•    Storage period of your Personal Data
•    Sharing of your Personal Data
•    International Flows of Personal Data
•    Your rights and how you can exercise them
•    The Data Protection Officer    
•    Security of your Personal Data
•    Confidentiality
•    Cookies
•    Other TUPI Data Protection and Privacy Policies
•    Alterations to this Data Protection and Privacy Policy


1) Controller of your Personal Data

The Controller of your Personal Data is the company of the Tupi which provides services and/or supplies products to you, determining to this end, without limitation:

•    The Personal Data that have to be processed in the context of providing services and/or sup-plying products;
•    The Purposes for which the Personal Data are processed; and,
•    The means to be used for the processing of the Personal Data.

2) The Principles applicable to the protection of your Personal Data

The Processing of your Personal Data is carried out according to the general principles enunciated in the General Data Protection Regulation (“GDPR”), namely:

•    In the context of the relationship established, TUPI guarantees that your Personal Data will be processed lawfully, fairly and transparently (“Principle of lawfulness, fairness and transparency”);
•    TUPI collects your Personal Data for certain explicit and legitimate purposes and does not subsequently process the same Data in a way incompatible with those purposes (“Principle of purpose limitation”);
•    TUPI ensures that only Personal Data are processed that are appropriate, relevant and limited to what is strictly necessary for the purposes for which they are processed. (“Principle of data minimisation”);
•    TUPI takes appropriate measures so that inaccurate Personal Data, bearing in mind the purposes for which they are processed, are deleted or rectified without delay (“Principle of accuracy”);
•    TUPI stores Personal Data in such a way that it allows them to be identified only during the period necessary for the purposes for which they are being processed. (“Storage limitation principle”);
•    TUPI ensures that your Personal Data are processed in a way that ensures their security, including protection against unauthorised or unlawful processing and against loss, destruction or accidental damage, adopting all appropriate technical and organisational measures to that end (“Principle of integrity and confidentiality”).

3) Personal Data, Processing of Personal Data and Data Subjects

“Personal Data” are all information and/or elements that, regardless of how they are stored, can identify you or make you identifiable, directly or indirectly, to TUPI, in particular by reference to an identifier, for example a name, an identification number, your location data and/or online identifiers, or to one or more specific elements of your physical, physiological, genetic, mental, economic, cultural or social identity.

“Personal Data Processing” means the operation or set of operations performed on the Personal Data of Data Subjects, via automated or non-automated means, from the gathering of information until its destruction. Within this cycle, among others, are included: recording, organisation, structuring, storage, adaptation or alteration, recovery, consultation, use, disclosure via transmission, dissemination or otherwise making available, comparison or interconnection, limitation, deletion. The concept of Personal Data Processing is quite broad and shall be applicable to all operations or sets of operations performed by TUPI with reference to your Personal Data.

In the context of the activities carried out by TUPI, the “Data Subject” is, without limitation, the customer and/or former customers, potential customers, investors, partners, candidates for a job, employees and ex-employees, employees of partners, suppliers and contractors and their employees, applicants and claimants, visitors and individuals captured in CCTV images and all those individual people that have a relationship with TUPI and who are the subjects of the Personal Data.

4) Category of Personal Data that TUPI processes

In the carrying out of its activities, TUPI processes Personal Data from a significant set of categories of Data Subjects.

The personal data collected by TUPI always depends upon the nature of the interaction, but may include the following:

Category of Personal Data / Personal Data (list of examples)

Identification and contact data:

Name, surname, citizen card number, postal address, landline or mobile phone number, fax number, email address and/or other similar contact information.

Demographic data:

Country, gender, age and date of birth, language, general education and professional history, as well as data of general interest about work.

Business data for providing TUPI services and/or products:

Counter reader, universal installation code and delivery point code, data indicated on the invoice, consumption data, payment data, vehicle data, especially the licence plate number and product model, data arising out of information in the context of response to any questions, requests or complaints, data resulting from the collection of opinions, evaluations of TUPI services and/or data associated with information about the subject’s preferences and interests, to the extent that they are related to the products and/or services provided by TUPI.

Payment Data

Tax identification number, credit and/or debit card numbers, security code numbers, payment dates, amounts of debt or payments received and/or other related billing information.

Account Data

Method of acquisition of or subscription to products and/or services, their transactions, billing history and customer loyalty, within the context of the TUPI services that they use or any other related information.

Data on preferences

Information on the preferences and interests of subjects, insofar as this is related to products and/or services, and on the method via which the subject prefers to receive information.


Data from social networks

Information shared on social networks in the interaction with TUPI, where transparency is ensured through the existence of appropriate privacy policies.

Identification and contact data in control of accesses and/or capturing and recording of images by CCTV devices

Data associated with access such as time of entry and exit, location, person to contact, reason for visit and/or data regarding the vehicle and images captured by the video surveillance system.

Location Data

Data from the Global Positioning System (GPS) when the user allows services based on location and/or when they opt to provide information related to location during the registration of a product and/or service.

Security credentials data

User ID, passwords, answers to password recovery questions and/or other similar security information needed to authenticate and access TUPI accounts and services.

IT usage data

User ID, functions, rights, session start and finish times, computer name and/or IP address and/or traffic data and content of calls made.


Information gathered when we use cookies, web beacons, pixels and/or other technologies, including, but not limited to, for advertising purposes.

We stress that you will not be required to share your Personal Data with TUPI. Nevertheless, if you choose not to share your personal information, in some cases TUPI may not be able to provide the desired services or supply the desired products, guarantee certain specialised features and/or respond effectively to certain questions that you may have.

5) Purposes of the processing of your Personal Data

The development and performance of various activities pursued by TUPI means the existence of a significant set of specific, explicit and legitimate purposes for the processing of your Personal Data, such as:

Purposes / Purposes of Processing (non-exhaustive list):

Accounting, Tax and Administrative Management

•    Customer Management
•    Vendor Management
•    Administrative Management
•    Economic and Accounting Management


Commercial and Marketing Activity

•    Contacts Management
•    Customer Management for providing TUPI services and/or products
•    Customer support
•    Marketing
•    Online advertising
•    Opinion surveys and polls
•    Customer loyalty


Definition and Analysis of Profiles

•    Definition of profiles
•    Dynamic analysis of profiles
•    Development of predictive models
•    Improvement and innovation in TUPI services and products
•    Research and analysis of analytical information


Call Recording

•    Proof of contractual relationship
•    Monitoring the quality of service
•    Emergency


Capture and Recording of Images via CCTV Devices

•    Video-surveillance for the security of people and goods

Access Control Management

•    Access control for the protection of people and goods

Human Resources Management

•    Selection of personnel and recruitment

Electronic Communications Management

•    Management of use of websites and mobile applications
•    Storing of traffic/location data


Scientific research or analysis of statistical information

•    Improvement and innovation in TUPI services and products

Litigation Management

•    Collections management and credit recovery
•    Providing information to judicial, administrative, supervisory and/or regulatory authorities


Compliance with Contractual and/or Legal Obligations

•    Transferring Data to Third Parties
•    Prevention of fraud and security


6) Lawful Bases

Regarding the “Lawfulness Principle” enshrined in current and future data protection laws, in developing and performing its activities, TUPI only processes your Personal Data when there is a lawful basis that legitimises the processing, namely:

Lawful Bases / What do they consist of?


TUPI will only process your Personal Data if you consent to the respective Processing via a free, specific, informed and explicit declaration of willingness, by which you accept, by a declaration (in writing or orally) or a positive unambiguous act (by filling in an option), that your Personal Data may be the subject of Processing.

Pre-contractual procedures or the execution of a contract

TUPI may process your Personal Data if they are needed, without limitation, for the execution of a contract to provide services and/or supply products to
which it is a party as Contractor, Client, Supplier and/or partner, or in order to carry out pre-contractual procedures for your order.


Compliance with a legal obligation

TUPI may process your Personal Data to ensure and guarantee compliance with legal obligations to which it is subject by the laws of a Member State and/or the European Union.

Defence of vital interests of the Data Subject

TUPI may process your Personal Data to ensure the defence of your vital interests, especially when such Processing is essential to your life.

Legitimate Interests

TUPI, other Controllers or Third Parties, may process your Personal Data provided that this Processing does not prevail over your interests and fundamental rights and freedoms.

7) Storage period of your Personal Data

TUPI stores your Personal Data only for the period of time necessary to execute the specific purposes for which they were collected. However, TUPI may be obliged to store some Personal Data for a longer period, taking into consideration factors such as:

•    Legal obligations, under the laws in place, to store Personal Data for a given period;
•    Contractual obligations and/or legitimate interest of TUPI;
•    Terms of prescription, under the laws in place;
•    (possible) Disputes; and,
•    Guidelines issued by the competent data protection authorities.


During the Processing period of your Personal Data, TUPI ensures that they are treated in accordance with this Data Protection and Privacy Policy. As soon as your Data are no longer needed, TUPI will delete them securely.

8) Sharing of your Personal Data

Entities with whom TUPI shares your Personal Data / Why we share your Personal Data


Your Personal Data may be shared with companies hired to provide services to TUPI.
Companies hired to provide services are bound to TUPI by written agreement, and may only process your Personal Data for the purposes specifically established and are not authorised to process your Personal Data, directly or indirectly, for any other purpose, for their own advantage or that of third parties.


Other Controllers and/or Third Parties

In compliance with legal and/or contractual obligations, Personal Data may be transmitted to judicial, administrative, regulatory or supervisory authorities, to energy distribution network operators, to third parties with whom TUPI establishes partnerships and also to entities that perform,
lawfully, data-gathering activities, actions to prevent and combat fraud, statistical or market studies.


9) International Flows of Personal Data

TUPI may transfer your Personal Data outside the European Economic Area (“EEA”), to locations that may not guarantee the same level of protection.

However, TUPI only transfers your Personal Data outside the EEA:

•    Through binding rules applicable to TUPI (binding corporate rules);
•    When the transfer is made to a location or through a method or in circumstances that the European Commission regards as ensuring adequate protection of your Personal Data;
•    When it has implemented data protection clauses similar to those adopted by the European Commission or by a competent data protection authority; or,
•    When none of the above apply, but, even so, the law authorises this transfer, for example, if it is required for the declaration, exercise or defence of a right in a lawsuit.


You may request detailed information about security measures that TUPI has implemented regarding transfers of Personal Data outside the EEA and, when applicable, a copy of the data protection clauses in force at the TUPI via the email

10) Your rights and how you can exercise them

As a Subject of Personal Data processed by TUPI, you have the right to access, rectification, limitation, portability, deletion and the right to object to the Personal Data Processing, in certain circumstances, which may be exercised under the terms of this chapter of the Data Protection and Privacy Policy.

Rights / What do they consist of?

Right to the provision of information

You have the right to obtain clear, transparent and easily understandable information about how TUPI uses your Personal Data and what your rights are. That is why TUPI provides you with all this information in this Data Protection and Privacy Policy.

Right of access

You have the right to obtain information about the Personal Data that TUPI processes (if it is processing them) and certain information (similar to that provided in this Privacy Policy) about how these Data are processed. This right allows you to know and confirm that we are using your Data in compliance with data protection laws.

TUPI may refuse to supply the requested information whenever, in order to do so, TUPI has to reveal Personal Data from another person or the information will have a negative impact on the rights of another person.

Right to rectification

If your Data are incorrect or incomplete (for example, if your name or address is wrong), you may ask TUPI to take reasonable measures to correct them.

Right to deletion of data

This right is also known as the “right to be forgotten” and, so put simply, it allows you to request the deletion or elimination of your data, provided that there are no valid grounds for TUPI to continue to use them or their use is illegal. This is not a generic right to deletion, because exceptions are allowed (for example, whenever these data are required for the defence of a right in a judicial process).

Right to restriction of processing

You have the right to “block” or prevent future use of your Data while TUPI evaluates a rectification request or as an alternative to deletion. Provided that the Processing is limited, TUPI continues to be able to store your data, but it cannot use them later. TUPI keeps a list of subjects who have requested the “blocking” of future use of their data to ensure that this limitation is respected.

Right to data portability

You have the right to obtain and reuse certain Personal Data for your own purposes in various organisations. This right applies only to your own Data that you have provided to TUPI and that TUPI processes with your consent and which are processed by automated means.

Right to opposition

You have the right to object to certain types of processing, for reasons related to your particular situation, at any time during which this Processing takes place, for the purposes of TUPI’s or Third Parties’ legitimate interests. TUPI may continue to process these Data if it can prove “overwhelming legitimate reasons for Processing that prevail over your interests, rights and freedoms” or if these Data are necessary for the establishment, exercise or defence of a right in a lawsuit.

Right to submit a complaint

You are entitled to submit a complaint to the competent supervisory authority, namely, the National Data Protection Commission, whenever you believe that the processing of your personal data violates your rights and/or the applicable data protection laws.

You may at any time, in writing, exercise the rights enshrined in the Law on the Protection of Personal Data and other applicable legislation, via the email contact

11) The Data Protection Officer

TUPI has appointed a Data Protection Officer, who assumes a critical role within TUPI in monitoring processing activities of data carried out and in ensuring their respective legal compliance.

The Data Protection Officer has the following functions:

a)    Controlling compliance of the processing performed by TUPI with the provisions of current data protection laws and those connected with the issue of personal data protection in the various Member States and/or in the Union;
b)    Providing advice to TUPI;
c)    Cooperating with the Control Authorities of the respective European Union Member States; and,
d)    Establishing a point of contact with the Control Authorities and with the respective data sub-jects about any issues related to data protection matters.


You may at any time, in writing, contact TUPI’s data protection officer for any questions related to the protection of data and your privacy via the email

12) Security of your Personal Data

Your Personal Data will be processed by TUPI, within the context of the purposes identified in this Policy, according to the TUPI Group’s internal policy and standards, and with the assistance of appropriate technical and organisational measures to promote their security and integrity, notably in relation to unauthorised or unlawful processing of your personal data and their loss, destruction or accidental damage.

Without limitation, TUPI uses logical and physical security requirements and measures to ensure the protection of your Personal Data by preventing unauthorised access, it ensures that the storage of the information is carried out on secure computers in a closed and certified information centre, and that the Data are encrypted whenever possible, it implements audit and control procedures to ensure compliance with the security and privacy policies and, periodically, it reviews security policies and procedures to ensure that TUPI’s systems are secure and protected.

However, given that the transmission of information via the internet is not completely secure, TUPI cannot guarantee the security of your Data when transmitted on an open network.

13) Confidentiality

TUPI recognises that the information you provide may be confidential. TUPI does not sell, rent, distribute Personal Data, or make them available commercially or in any other away to any third-party entity, except in cases where it needs to share information for the purposes set forth in this Data Protection and Privacy. TUPI maintains the confidentiality and integrity of your Personal Data and protects them in compliance with this Data Protection Privacy Policy and all applicable laws.

14) Cookies

TUPI uses cookies to collect information about the use of the website. Whenever you use the website, TUPI processes your Personal Data collected via the use of cookies in compliance with our cookies policy. For more information about the use of cookies, we advise you to read and review the Cookies Policy and to check it regularly to find the most up-to-date versions.

15) Other TUPI Privacy and Data Protection Policies

This Data Protection and Privacy Policy does not impair the applicability of data protection and privacy policies of TUPI’s own websites, which should be consulted.

16) Alterations to this Data Protection and Privacy Policy

TUPI may periodically alter this Data Protection and Privacy Policy. When it does so, it will publish the updated Data Protection and Privacy Policy, and you are therefore advised to check it regularly. TUPI stresses that it shall only use Personal Data in the terms described in the Data Protection and Privacy Policy current at the time the information was collected or authorised by you.

Without prejudice to applicable law, all alterations will take effect as soon as the Updated Policy is published but, whenever TUPI has already collected Personal Data about you and/or whenever required by law, TUPI may take additional measures to inform you about any material alterations and may ask you to agree to these alterations.

bottom of page