• {{currentSearchSuggestions.title}}
  • {{currentSearchSuggestions.title}}
{{navigationCta.name}}

Data Protection Policy

 

At Endesa, we respect the rights and freedoms of people, among which is the fundamental right to the protection of personal data, established in the Charter of Fundamental Rights of the European Union.

Our commitment to Privacy is one of our priority areas to improve trust and transparency with all those with whom we are linked. For this reason we are guided by the principles included in Regulation (EU) 2016/679 General Data Protection, committing to:

  • Process data in a responsible, fair and transparent manner.
  • Use data for determined, clear and legitimate purposes.
  • Only use data suitable, appropriate and limited to each purpose.
  • Use accurate and updated data.
  • Keep data only for the necessary time.
  • Guarantee the integrity and confidentiality of data.
  • Act with proactive responsibility.

Data Protection Policy for Endesa Energía Customers

Summary

  • Data Controller

    Endesa Energía, S.A.U. ("Endesa Energía").

  • Purposes

    • Manage and provide the electricity supply service and/or any other services or products contracted relating to energy, as well as, where appropriate, the application of pre-contractual measures. 
    • Provide the infoEnergía advice service.
    • Send e-bills if you have signed up for this service.
    • Comply with established legal obligations.
    • Contact you to offer information about products or services related to those already contracted and that best fit your energy consumption needs. To this end, your personal data may be analysed in order to draw up a profile that allows us to understand, in a very basic way, whether the commercial campaign to be carried out is in line with your needs and energy consumption preferences. You may object to being sent commercial communications at any time by exercising your right to object by sending an email to the following address solicitudeslopd@endesa.es.
    • If you have given us your consent, we will be able to help you to learn about products and services from other companies with which we collaborate and that may be of interest to you, related to energy, home, insurance, motoring, financial services and leisure. This consent is not required for you to enter into the contract.
    • Manage web user registration in the Endesa Energía private customer area.
  • Legitimacy

    • To manage the electricity supply contract or, where appropriate, pre-contractual measures and the service provided by infoEnergía: execution of the contract.
    • For communications with credit institutions for factoring operations, as well as with credit information systems in case of default: legitimate interest of Endesa Energía.
    • For the data processing needed to comply with Endesa Energía's legal obligations: compliance with legal obligations.
    • To inform about the products or services offered by Endesa Energía in the energy field: legitimate interest of the data controller.
    • To inform about Endesa Energía or third-party products, other than those contracted: consent of the data subject.
    • For the transfer of data to third-party companies with which we collaborate: consent of the data subject.
    • To manage web user registration in the private customer area of the Endesa Energía website and to send e-bills: consent of the data subject.
  • Recipients

    Data will not be transferred to third parties, unless there is a legal obligation to do so.

    Notwithstanding the foregoing, if you have given your consent, your data may transferred to third-party companies with activities related to energy, home, vehicle insurance, financial services and leisure so they can inform you about the products or services they offer. This consent is not required for you to enter into the contract.

    Your data may be communicated to credit information systems in case of default, as well as to credit institutions in order to perform factoring operations.

    Furthermore, Endesa Energía may also give access to your personal data to the service providers it contracts or may contract to act as data processors. It is also possible that some of these data processors may be located in the United States or outside the European Economic Area.

  • Rights

    Access, rectification, deletion, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can withdraw the consent given for the purposes described above at any time.

  • Further information

    More information on the Endesa Energía data protection policy can be found in the Data Protection Policy dropdown.

At Endesa we are committed to guaranteeing the use of our customers' personal data in a transparent and secure way, so we want you to know that you have control over your data at all times. As an Endesa customer, you can decide, provided that the regulations in force allow it, to whom your personal data is transferred, under what conditions and for what purpose.

In order to help our customers understand how we collect, process and protect their personal data, Endesa provides the following information related to the protection of personal data:

1.    Definitions.

2.    Who is responsible for processing your data?

3.    What personal data do we process?

4.    Why do we process the data?

5.    Why are we entitled to process your personal data?

6.     How long will we keep your data?

7.    Do we process data from minors?

8.    What security measures apply?

9.    What information do we share with third parties?

10.    What rights do I have with regard to the processing of my personal data?

11.    How can I contact the Endesa Data Protection Officer?

12.    Changes to the Privacy Policy.

 

1.    Data controller

So that you can better understand our Data Protection Policy, we define the concepts included in it below:

  • Customer: natural person who maintains a contractual relationship with Endesa Energía, S.A.U. (hereinafter Endesa Energía or Endesa).
  • Contract: agreement that regulates the terms and conditions applicable when contracting any Endesa Energía product or service.
  • Data processor: natural or legal person who processes personal data on behalf of the data controller.
  • LOPD-GDD: Organic Law 3/2018, of 5 December, on Protecting Personal Data and Guaranteeing Digital Rights.
  • Data controller: natural or legal person who, alone or together with others, determines the purposes and means of data processing.
  • GDPR: European Parliament and European Council Regulation (EU) 2016/679, of 27 April 2016, on the protection of natural persons with regard to personal data processing and the free movement of these data, which repeals Directive 95/46/EC.
  • Web user: holder of a contract with Endesa Energía registered on the Endesa Customers website. 

 

2.    Who is responsible for processing your data?

Endesa Energía, S.A.U. with Tax No. A81948077 is the data controller for your personal data. The data controller contact details are as follows: Postal address: C/ Ribera del Loira, 60, 28042 Madrid. Telephone: 800 760 909.

 

3.    What personal data do we process?

Personal data is all the information that directly identifies you or that allows us to identify you, including, for example, your first and last name, email address, Universal Supply Point Unification Code or CUPS, etc. It is possible that you provided some of this data directly to us when signing up for your contract with us, but other data may have been inferred from the relationship we have with you, such as the electricity or gas consumption corresponding to the supply point for which you are the effective user.

The data that may be processed is grouped into the following categories:

  • Data collected from the contract or subsequently provided during the contractual relationship: name, surname, DNI/NIE, address of the supply point (CUPS), telephone, email, contracted rate and the data included in the infoEnergy tool that, as explained later on, offers an energy advice service.
  • Data derived from the provision of services during the contractual relationship: number of contacts made and the incidents resolved or ongoing, contracting requests made, results from satisfaction surveys, commercial communications made, historical consumption at the supply point for which you are the effective user, billing history and any data that may be collected from your visits to our websites through the use of “cookies”.

At Endesa, we only process the data that is strictly necessary for the specific purposes set out in this Privacy Policy and only for the time required to do so, always respecting all the principles and obligations contained in both the GDPR and the LOPD-GDD.

The questions listed below explain in detail why and how we process your data.

 

4.    Why do we process the data?

At Endesa we process your personal data in order to manage the provision of products and services that you have contracted with us, to comply with the legal obligations imposed, for example, in energy or consumption, to send out commercial communications about products and services that may be of interest to you, or to gather information about any interactions you may have when you browse our websites through the use of “cookies”. Below you will find the specific purposes for which we use your data:

To manage the products and services contracted with Endesa Energía

Your data will be processed in order to manage the product or service you contract.

If any of these products or services entails deferred payment or the provision of a periodic billing service, we may consult the credit records and registers that we deem appropriate to determine your credit standing prior to entering into any contract. The result of any such consultation may, where appropriate, condition the entry into force of the Contract. Moreover, in case of default, Endesa Energía may communicate your data to said records, always complying with the guarantees granted by the legislation in force in these cases.

If you have started the contracting process through one of our websites and have input your personal data but been unable to complete it, do not worry, we will send up to a maximum of two reminders to your email address with support or help so you can successfully complete the contracting process previously started.

When you are a customer, in order to be able to provide you with the best possible service, your data may be used to answer any queries or requests you may have through any of our service channels (including telephone, in person and web channels), carry out informative communications and satisfaction surveys, identify you in any contracting processes you initiate with us, invoice the energy supplied or provide an energy advice service called infoEnergy, which takes as a reference the consumption information we receive daily to issue your electricity bills and the data you may have contributed by filling in your profile on the Endesa Customers website, compare them with that of other customers with homes located within your geographic area that have similar consumption habits to yours, and provide you with some recommendations so you can best adjust your consumption habits and energy savings.

In addition, as long as you have registered on the Endesa Customers website, your personal data may be processed in order to manage the services you require as a user of this website, for example, the “electronic billing service”, for which we need to use your email address to send the bill. On this issue, you should be aware that, if you provide us with your email address, it will be treated as the preferred means for sending any type of communication relating to our contractual relationship.

To comply with the established legal obligations

Your data may also be processed to comply with any type of legal obligation, such as contracting access to the networks with the Distributor Company, taking the necessary steps to ensure the supply is provided successfully, exchanging information with the Distributor Company in order to bill your energy consumption and to meet the requirements of the National Markets and Competition Commission, among other legal obligations.

To send out commercial communications on products and services in the interest of the customer

Your data may be processed for other reasons unrelated to entering into a contract or complying with a legal obligation. You may object to any such processing.

This processing will be carried out to be able to offer you, through any communication channel (including, among others, email, text message and phone calls), information about products or services related to the products or services already contracted and that best fit your energy consumption needs.

To do this, your personal data may be analysed beforehand in order to draw up a profile with which we can find out, in a very basic way, whether the commercial campaign to be carried out is in line with your needs and preferences in terms of energy consumption. In this analysis, the data included in the previous section (demographic data, contracted rate, historical consumption, products and services contracted with Endesa, etc.) may be taken into account. In any case, we remind you that you can object at any time to receiving commercial communications by exercising your right to object through the channels indicated in the section What rights do I have regarding the processing of my personal data?

Bear in mind that you can only receive commercial communications of this type while you are still an Endesa customer, unless you subsequently authorise us in this respect.

Finally, and for the cases in which you have given us your consent, we can also help you, through any communication channel (including, among others, email, text message and phone calls), to stay informed about products and services offered by other companies with which we collaborate and that may be of interest to you, related to the energy, home, insurance, motoring, financial services and leisure sectors. Your data will only be transferred to third parties related to these sectors if you have given us your consent to do this.

We would also remind you that you can withdraw your consent at any time through the channels indicated in the section, What rights do I have with regard to the processing of my personal data?

Managing the web services

Furthermore, whenever you have registered in the private customer area on the Endesa Energía website, your personal data may be processed in order to manage the website's services.

To gather information when you browse our websites

Endesa's web pages, like many other internet portals, use a technology known as "cookies" to collect information on your interactions with their web pages, provided you have authorised their use.

If you want more details about how this technology works you can consult the section "Cookies at Endesa".

 

5.    Why are we entitled to process your personal data?

Depending on the specific purpose for which we process your data (for example, to properly manage the contractual relationship we have with you, to comply with applicable legal obligations, to send out commercial communications or to collect information when you browse our websites), we will have the applicable legitimacy basis.

Therefore, below, we inform you of the legitimacy bases that will allow us to carry out the different types of processing:

Execution of the contract

The legal basis for us to be able to manage the products and services that you have contracted with us is “execution of the contract”, which legitimises us to carry out the necessary personal data processing (including processing your email address), deal with your queries and requests through all our service channels (including telephone, face-to-face and web channels), carry out informative communications and satisfaction surveys, identify you in the contracting processes that you initiate with us, bill the energy supplied or provide you with the infoEnergy service.

Therefore, refusing to provide the requested personal data, or providing us with inaccurate or incomplete data, may result in Endesa Energía being unable to provide the services you have contracted in the appropriate manner. Therefore, we would remind you that, as a user, you are responsible for providing reliable data, as well as for notifying Endesa Energía of any future changes to them.

Compliance with legal obligations

As previously stated, sometimes we have to use your personal data to comply with various legal obligations, therefore, the legal basis that legitimises us to perform this processing consists, specifically, of fulfilling these legal obligations.

Legitimate interest

The data processing that is carried out with the purpose of offering you products or services related to those already contracted and adjusted to your energy consumption needs are carried out based on Endesa's “legitimate interest”.

Accordingly, we inform you that the regulations in force allow us to use legitimate interest as a basis for legitimisation that entitles us to perform the above processing based on the expectations you may have in relation to being our customer. For this reason, we remind you that you can, at any time, object to receiving commercial communications and you can exercising your right to object through the channels indicated in the section, What rights do I have with regard to the processing of my personal data?

On the other hand, the processing necessary to judge your financial solvency, your admission as a customer or, where appropriate, the communication of your data to credit information systems, are also carried out based on legitimate interest. Endesa's interest in carrying out this processing is clear, as long as it is an authorisation granted by Art. 20 of the LOPD-GDD to creditors who provide a periodic billing service, as is our case.

Likewise, the processing carried out to perform factoring operations (partial or total advance of loans assigned to financial entities), so that Endesa can operate an efficient business management model, will be carried out based on the legitimate interest of Endesa in being able to obtain financing to undertake its commercial activity.

Consent

The legal basis for the processing that is carried out with the purpose of sending you commercial communications about other products or services offered by third-party companies, related to energy, home, insurance, motoring, financial and leisure services, as well as the transfer of your data to these companies, is based on any "consent" you may have given. Therefore, as long as you do not withdraw your consent, you may continue to receive communications of this type, or your data may continue under the control of those companies with which we collaborate.

Any "consent" you have given in each case will be the legal basis for the processing of personal data associated with managing you as a web user in the private customer area of the website, as well as, where appropriate, the processing of your email for sending e-bills.

The use of the services and products offered by Endesa Energía will never be subject to your having given the requested consent. Furthermore, you are hereby reminded that if you have given your consent, you have the right to withdraw it at any time without this having any consequences for the services or products you have contracted or for which you are a beneficiary. You will find the information required to exercise your right to withdraw consent in the section What rights do I have with regard to the processing of my personal data?

 

6.    How long will we keep your data?

The personal data you provide as a customer will be kept as long as they are required to provide the services under contract. Once it is no longer needed for this purpose, the data will be blocked for the period during which it may be required to deal with complaints or to defend against administrative or legal proceedings, as well as for the period of limitation for criminal, civil, commercial and/or administrative responsibilities and it may only be unblocked and processed again for this reason. After this period, the data will be deleted definitively.

If you are a web services user, we will save your personal data while you still use these services. However, if we detect that during a period of two (2) years you have not used or interacted with your account or with any of our web services, we will proceed to cancel your account by blocking your data. If, after this period, you wish to use any of the web services again, you must register again.

 

7.    Do we process data from minors?

Endesa ensures the proper use of minors' data, guaranteeing respect for the laws that are applicable to them and the measures that are reasonably appropriate in these cases, and, therefore, we do not collect any personal data relating to minors without the prior consent of their parents, guardians or legal representatives.

 

8.    What security measures apply?

Endesa, with the objective of making its Data Protection Policy effective and efficient, has adopted the necessary technical and organisational security measures to prevent alteration, loss, misuse, treatment or unauthorised access or theft thereof, depending on the state of the technology, for all channels in which personal data can be processed, including, therefore, all web pages, telephone support services and face-to-face channels.

In addition, we inform you that your data may be subject to an anonymisation process in which they will be replaced by an irreversible identifier, so that the customer behind the identifier cannot be identified, in order to conduct studies and internal analysis to obtain aggregate results that help us identify general behaviours and improve the quality of the products and services offered.

 

9.    What information do we share with third parties?

Endesa only exchanges personal data with certain third parties that will be considered Data Processors in order to properly manage the contractual relationship, or with collaborating companies provided we have been authorised to do so. We will also provide your data to the credit information systems in the cases allowed for under current regulations, as well as to the credit entities to perform factoring operations, or to public administrations, authorities and organisations to comply with legal obligations.

We set out the details of this processing, the recipients and the basis for legitimacy below:

Access by third parties to provide the contracted service

The service providers that Endesa contracts or may contract and that may have the status of Data Processor (including other companies in the Endesa Group), who will carry out the personal data processing necessary to provide you with the services contracted, following the instructions that Endesa deems appropriate and guaranteeing, at all times, the confidentiality, security and secrecy of the information to which they have access. These third parties will help us, for example, in providing services related to: sales, customer service, debt collection, marketing and advertising and professional services.

It is also possible that some of these processors that act as data processors may be located in the United States or outside the European Economic Area. In particular, providers located in the following countries will be able to access your data: India, Colombia and Peru. In any case, you should not worry about this, since we have legal authorisation to make these types of transfers, as we are authorised for all of them by the director of the Spanish Data Protection Agency.

Transfer of data to third parties with whom we collaborate

Under no circumstances will personal data be transferred to third-party companies unless you have previously provided us with your consent.

If you have done so, your data may be shared with companies related to the energy, home, insurance, motoring, financial services and leisure sectors.

Communication of information to credit information systems

As stated above, it is possible that, in accordance with current regulations, we may communicate your data to the asset and credit solvency registers that we deem appropriate if you have defaulted on a periodic billing service that you have contracted with us, based on our legitimate interest.

Factoring operations

Data communications may be made to credit institutions for the sole purpose of factoring operations, so that Endesa can operate an efficient business management model. This processing will be carried out under the strictest security measures and based on the legitimate interest of Endesa to obtain financing to undertake its commercial activity.

Compliance with a legal obligation

Your personal data may be transferred to administrations, authorities and public organisations, including courts and tribunals, when required by applicable regulations, for example, to the National Commission for Markets and Competition, tax authorities, etc. 

 

10.    What are your rights regarding the processing of your personal data?

The GDPR and the LOPD-GDD bestow the following rights in relation to the processing of your personal data by Endesa:

  • Access: allows you to confirm whether we are processing your personal data and, if so, which data.
  • Rectification: allows you to help us correct errors and modify data that may be inaccurate or incomplete.
  • Deletion: allows you to request the deletion of your data, which will mean that Endesa stops processing them unless there is a legal obligation for them to be retained, in which case they will be duly blocked, or other legitimate reasons prevail for us to process them.
  • Limiting processing: allows, under the conditions established by law, the processing of your data be paralysed, however, the data may be kept properly blocked to handle complaints or defend against administrative or judicial actions.
  • Objection: allows you to request that we stop processing your personal data which we believe we have a legitimate interest to process, for example, based on your expectations as a customer, as occurs when making offers on products and services.
  • Endesa will stop processing your data, unless compelling legitimate reasons concur, or it is necessary to deal with complaints or defend against administrative or judicial actions, in which case they will remain duly blocked.
  • Portability: allows you to receive your personal data in a structured, commonly used and mechanical reading format so that you can transmit it to another data controller.
  • Withdraw consent: allows your data to stop being processed for a purpose that you had previously authorised, for example, the receipt of commercial communications from third parties with whom we collaborate. 

To exercise these rights, Endesa Energía can be contacted through any of the following channels:

  • By post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to PO Box 1128, 41080 - Sevilla, Attn. Endesa Operations and Commercial Services.
  • By email to the following address: solicitudeslopd@endesa.es including the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

On the other hand, we remind you that the regulations in force allow you to file a complaint with the Spanish Data Protection, whose contact details are as follows:

Spanish Data Protection Agency

Calle Jorge Juan, 6 - CP: 28001 Madrid.

Telephone: 901 100 099 / 91 266 35 17

 

11.    How can I contact the Endesa Data Protection Officer?

Endesa S.A., the parent company of the Endesa Group of which Endesa Energía is a member, has appointed a Data Protection Officer for this company whose contact details are as follows: dpoc@endesa.es.

If you have any questions regarding the purposes of the processing of your personal data, about its legitimacy, or about any other matter related to the protection of personal data, you can contact our Data Protection Officer.

 

12.    Changes to the Privacy Policy

Whenever Endesa updates this Privacy Policy as a result of changes to the personal data processing, we will duly inform you of this in sufficient time so that you can send us any type of query or, where appropriate, exercise your rights as recognised in the regulations in force at that time.

Thank you for the trust you have placed in Endesa.

Data Protection Policy for Investors and Analysts

Summary

  • Data Controller

    Endesa, S.A. (“Endesa”)

  • Purposes

    Enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: ir@endesa.es.

1.    Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain

 

2.    Purpose and processing

The personal data of investors and analysts shall be stored and processed by Endesa, S.A. to enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

Personal data storage limitation

The personal data of investors and analysts shall be kept as long as no request is received for their erasure and as long as they are no longer required for the purposes for which they are processed. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis for processing your data.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Rights with respect to the processing of your personal data

Investors and analysts can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to ir@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

 

Shareholder Data Protection Policy

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Enable communication with the shareholder within the framework of corporate relations.

    Enable compliance with related legal obligations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

    Compliance with legal obligation.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: eoaccionista@endesa.es.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose and processing

The personal data provided by shareholders (to exercise or delegate their attendance and voting rights at Shareholders’ Meetings and to enable communications) or that are provided by the banking entities, companies and securities brokers in which the said shareholders have deposited their shares shall be stored and processed by Endesa, S.A. to enable communication with the shareholder within the framework of corporate relations and to enable compliance with related legal obligations.

Personal data storage limitation

Shareholder personal data shall be kept as long as they are required to meet the above purposes. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis to process shareholder data as is compliance with any related legal obligations. Accordingly, the refusal to provide the requested personal data or the provision of inaccurate or incomplete data may affect your activity as a shareholder in Endesa S.A.

Shareholders are responsible for the reliability of the data they provide and for notifying Endesa S.A. of any future changes to them.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Shareholder rights in relation to the processing of their personal data

Shareholders can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to eoaccionista@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
  • Freephone: +34 900 666 900

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

Data Protection Policy for Endesa S.A. Corporate Website Users

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Manage the services provided or actions carried out by Endesa, user queries or suggestions made using the web form, as well as to manage the Endesa news alert service.

  • Lawfulness

    Consent of the data subject.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Other Enel Group companies may have access to your personal data, as well as the service providers that Endesa hires or may hire and who act as data processors.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose of personal data processing

User data shall be processed to manage the services provided or actions carried out by Endesa, as well as to manage the newsletter and the Endesa news alert service.

Personal data storage limitation

User personal data shall be kept as long as they are required to meet the above purpose. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.      Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Moreover, in the case of signing up to the Digital Experts programme, your data may be transferred to other Enel Group companies whenever they carry out a programme-related initiative.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

4.      Lawfulness of the processing

Any processing done to manage the services, actions or initiatives carried out by Endesa or by Enel Group companies shall be legally based on the user consent given when providing their data and accepting this data protection legal notice.

Moreover, those actions carried out to manage the Endesa newsletter and news alert service shall also be legally based on the consent provided by the user when subscribing to the said service.

 

5.      Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.      Data subject rights with respect to the processing of their personal data

You can exercise your rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

You also have the right to withdraw consent at any time.

To exercise these rights, contact Endesa by post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request for the attention of Internal Communication - Endesa at 60 C/ Ribera del Loira, 28042 Madrid, Spain

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.      Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.