Privacy policy

Notice. This policy is a good-faith draft for the enbia launch. It is aligned with Regulation (EU) 2016/679 (GDPR) and Portuguese Law 58/2019 (national implementing law), but should be reviewed by a lawyer before the site serves commercial traffic. Items marked TODO need confirmation from Enbiente.

Last updated: 2026-05-16

1. Who is the controller of your data

The controller of personal data collected through this site is:

Entity: Enbiente — Energia e Ambiente, Lda. (legal name to confirm)
Registered office: Rua Santa Isabel, Lote 2, Cave, Repeses, 3500-726 Viseu, Portugal
NIPC: TODO
Email: geral@enbiente.com
Phone: +351 232 099 900

enbia is a service of Enbiente. For data-protection matters, please contact us at the email above.

2. What data we collect

We only collect data you voluntarily provide through the contact form:

Name — to address you in our reply.
Email — for contact.
Company (optional) — to contextualise the request.
Phone (optional) — alternative contact channel.
Area of interest — for internal routing.
Message (optional) — free text you choose to share.

For traffic analytics we use Umami, a cookieless analytics service that does not collect personal data nor allows visitor identification.

3. Why we use your data

The data is used exclusively to:

Reply to your contact request.
Evaluate a potential service proposal.
Maintain a history of commercial interactions for the relevant period.

We do not use your data for automated marketing, profiling, or automated decisions producing legal effects.

4. Legal basis

The legal basis for processing is your consent (Article 6(1)(a) GDPR), provided by submitting the form with the consent checkbox enabled.

If a commercial relationship is later established, further processing is based on performance of a contract (Article 6(1)(b) GDPR).

5. Who has access to your data

Your data is accessed by:

The Enbiente team responsible for commercial contact and implementation.
Enbiente's internal middleware that receives the request from the site and registers it in the company CRM. This middleware runs on Enbiente infrastructure.
Email provider (to be defined — TODO) — used to automatically notify the team when a new request is received.

We do not sell, rent, or share your data with third parties for commercial purposes.

6. International transfers

We do not transfer your personal data outside the European Economic Area.

7. How long we keep your data

Requests without commercial follow-up: deleted or anonymised after 24 months from the last contact.
Requests with an established commercial relationship: retained for as long as necessary to fulfil legal obligations (notably accounting and tax — typically up to 10 years).

8. Your rights

You have the right, at any time, to:

Access the data we hold about you.
Rectify inaccurate or outdated data.
Erase your data (right to be forgotten).
Restrict processing.
Port your data to another controller.
Object to processing.
Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us by email at geral@enbiente.com. We respond within 30 days at most.

9. Complaints

You have the right to lodge a complaint with the competent supervisory authority in Portugal:

Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134, 1.º — 1200-651 Lisbon, Portugal
Phone: +351 213 928 400
Email: geral@cnpd.pt
Site: cnpd.pt

10. Cookies

This site does not use identification or tracking cookies. Traffic analytics, when active, run through Umami, which operates without cookies and without the ability to identify visitors.

11. Security

Communication with the site is fully encrypted (HTTPS). Submitted data is transmitted directly to Enbiente's internal middleware, which applies token authentication and controlled storage.

12. Changes to this policy

This policy may be updated to reflect legal or operational changes. The last-updated date shown at the top is the authoritative reference.