If you prefer to always view the website in English, please click here.
Data Protection Policy
At Endesa, we respect the rights and freedoms of people, among which is the fundamental right to the protection of personal data, established in the Charter of Fundamental Rights of the European Union.
Our commitment to Privacy is one of our priority areas to improve trust and transparency with all those with whom we are linked. For this reason we are guided by the principles included in Regulation (EU) 2016/679 General Data Protection, committing to:
- Process data in a responsible, fair and transparent manner.
- Use data for determined, clear and legitimate purposes.
- Only use data suitable, appropriate and limited to each purpose.
- Use accurate and updated data.
- Keep data only for the necessary time.
- Guarantee the integrity and confidentiality of data.
- Act with proactive responsibility.
Data Protection Policy for Endesa Energía Customers
Summary
-
Endesa Energía, S.A.U. and Endesa X Way, S.L. (hereafter, “Endesa”).
When processing is necessary to fulfil the specific terms or services of a product subscribed with one of these companies only, that company will act as the sole Data Controller.
-
- Processing required for the execution of the contract with Endesa: (i) to manage the arrangement of the contract; (ii) to enable the provision of the service (which includes billing, identifying you when you contact Endesa, and sending you messages for information purposes), for addressing enquiries, and for managing your contractual relationship through web services, provided you have registered.
- Processing necessary for compliance with Endesa Energía and/or Endesa X Way’s legal obligations: (i) to enable the exchange of information between Endesa Energía and the distribution company for the provision of the service and billing; (ii) to respond to police, judicial, and tax authority requests; (iii) to address requests from supervisory authorities and other Public Administrations.
- Processing based on Endesa's prevailing legitimate interest: (i) to ascertain the economic solvency that may determine acceptance as a customer, and, if applicable, to report data to credit information systems, always in full compliance with the applicable regulations; (ii) to conduct satisfaction surveys; (iii) to carry out factoring operations, in order for Endesa to have an efficient business management model; (iv) to take collection steps in the event of non-payment; (v) to advertise energy services similar to those subscribed or in connection with Endesa's Bundled Energy Deals* (which involves data exchanges between Endesa Energía and Endesa X Way to integrate their customer databases).
- Processing based on the consent of the data subject includes: (i) providing supplementary services such as sending electronic invoices and processing location data for the use of the Endesa X Way Application; (ii) collecting and processing data related to your internet browsing; (iii) registering and accessing your private customer area by logging in through social media; (iv) creating complex profiles, as well as conducting marketing activities such as sending advertisements about products and services offered by third parties related to home, insurance, automotive, financial services, and leisure, as well as sharing data with these companies to send you advertisements for Endesa products and services when you are no longer a customer.
* Bundled products or services directly related to energy activities, jointly marketed by Endesa Energía and Endesa X Way under the Endesa brand.
-
Endesa may share your personal data with the following entities: (i) the Distribution Company with which it is necessary to enter into the access contract required to provide the service you have subscribed for with Endesa; (ii) credit information systems in the event of non-payment; (iii) partner companies related to the home, insurance, automotive, financial services, and leisure sectors, provided we have been authorised through your consent; (iv) credit institutions with which factoring contracts have been signed; (v) Law Enforcement agencies, the Public Prosecutor's Office and the Courts when required by law; and (vi) the regulatory bodies to which Endesa is subject.
Additionally, we may exchange data between Endesa Energía and Endesa X Way to create Bundled Energy Deals, as well as to avoid unnecessary repetition of marketing campaigns.
We will grant access to your data to service providers contracted by Endesa that act as data processors (some of whom may be located outside the European Economic Area).
-
You have the right to access, rectify, erase, restrict the processing, and transfer your data. If consent has been given for the purposes listed above, this may be withdrawn at any time. To exercise these rights, you may contact Endesa via email at solicitudeslopd@endesa.es or by postal mail at Apartado postal 1128, 41080 – Sevilla, A/A. Endesa Operaciones y Servicios Comerciales, including the following information: full name of the data subject, address for notification purposes, a photocopy of the front side of the ID card, passport, or any other identification document, along with the specific request.
-
Further information
You can find more information about Endesa's data protection policy in the DATA PROTECTION POLICY dropdown.
Co-controllers
Co-controllers
Co-controllers
Purposes and Lawful Basis
Purposes and Lawful Basis
Purposes and Lawful Basis
Recipients
Recipients
Recipients
Rights
Rights
Rights
We at Endesa are committed to ensuring the transparent and secure use of our Customers' personal data. Furthermore, we would like to inform you that you always have control over your personal data. As an Endesa customer, you may decide, within the limitations of the regulations in force, how we will process your personal data, who it is shared with, under what conditions, and for what purpose.
To make this possible, and in accordance with best practices in Corporate Governance and Compliance, we have updated our Data Protection Policy and replaced its predecessor. We have done this as part of our ongoing review and improvement processes. This is intended to strengthen your trust in us and to inform you about how we collect, process, and protect your personal data.
1) Who can process your data?
2) Definitions
3) What personal data do we process?
4) Why will we process your data, and on what legal basis?
5) How long will we keep your data?
6) Do we process data belonging to minors?
7) What security measures are in place?
8) What information do we share with third parties?
9) What rights do you have in relation to the processing of your personal data?
10) How can you contact Endesa's Data Protection Officer?
11) Amendments to the Data Protection Policy
1) Who can process your data?
Your personal data may be processed by the following Endesa Group companies:
- Endesa Energía, S.A. ('Endesa Energía') with TIN A81948077 and registered address at: C/ Ribera del Loira, 60, 28042 - Madrid.
- Endesa X Way, S.L. (‘Endesa X Way’), with TIN B09732520 and business address at: C/ Ribera del Loira, 60, 28042 - Madrid.
Under the particular circumstances described throughout this Data Protection Policy, these companies may process data as Joint Controllers. In this regard, Endesa Energía and Endesa X Way have reached a co-responsibility agreement that appropriately reflects the respective roles and relationships of the Joint Controllers of the data processing in relation to the Data Subjects. The essential aspects of this agreement are available to you, if you request them.
When processing is necessary to fulfil the specific terms or services of a product subscribed with one of these companies only, that company will act as the sole Data Controller.
2) Definitions
To allow you a better understanding of our Data Protection Policy, we provide you with the following definitions of the concepts included therein:
- Customer: physical person with a contractual relationship with Endesa.
- Contract: an agreement that regulates the terms and conditions applicable to the acquisition of any product or service from Endesa.
- Joint controllers of data processing: two or more Data Controllers who jointly determine the purposes and/or means of the processing. In this regard, Endesa Energía and Endesa X Way will be Joint controllers of data processing vis-a-vis certain processes outlined in this Data Protection Policy. In such cases, this will be explicitly stated.
- SPUC: Supply Point Universal Code. It is the alphanumeric code that uniquely identifies a property to certify energy supply. Each household has one for its electricity supply and another for its natural gas supply. The code is permanent and unchanging, meaning it does not change even if there is a change in tariff or supplier.
- Distribution Company: this is the company responsible for distributing energy to your home. In the Spanish electricity market, by legal provision, individuals are not able to choose their distribution company, which is determined by the area in which they reside.
- Data processor: a natural or legal person who processes personal data on behalf of the Data Controller or Joint Controllers.
- Endesa: Endesa Energía, S.A. and Endesa X Way, S.L. When we refer solely to Endesa we are referring to both companies together.
- Endesa Energía: Endesa Energía S.A., a company engaged in the marketing of electricity, natural gas, and complementary value-added energy products and services, such as electrical and gas maintenance and repairs, air conditioning equipment, and photovoltaic panels.
- Endesa X Way: Endesa X Way, S.L., a company specialised in energy charging activities for electric vehicles, marketing charging points, and providing an installation service for such charging points.
- Endesa Group: the Endesa Group comprises the parent company Endesa, S.A., all its dependent companies, and, in this policy, also includes Endesa X Way, S.L. You can view the complete list of companies within the Endesa Group here: https://www.endesa.com/es/sobre-endesa/quienes-somos/sociedades.
- Data Subject: any identified or identifiable natural person.
- LOPDGDD: Organic Law 3/2018, of 5 December on Personal Data Protection and the Guarantee of Digital Rights.
- Bundled Energy Deal: a set of products or services directly related to energy activities, jointly marketed by Endesa Energía and Endesa X Way under the Endesa brand. For example, subscribing for the electricity tariff and the purchase of a domestic charging point.
- Data controller: a natural or legal person who, alone or jointly with others, determines the purposes and means of processing.
- GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, which repeals Directive 95/46/EC.
- Website User: a registered user on any of the websites or applications of Endesa Energía or Endesa X Way.
3) What personal data do we process?
Personal data refers to any information that directly identifies or can identify a physical person, such as their name, last name, email address and SPUC. Some of this data may have been provided directly by you when entering into a contract with us. In contrast, other data may derive from our relationship with you, such as information about the consumption of electricity or gas corresponding to the supply point for which you are the account holder.
The data that may be processed is grouped into the following categories:
- Data collected during registration as a Customer, in the Contract, or provided subsequently during the contractual relationship: name, surname, National Identity Document ('D.N.I.'), Foreigner Identification Number ('N.I.E.'), SPUC, phone number, email address, tariff subscribed, and data included in energy advisory tools, geographical location.
- Data derived from service provision during the contractual relationship: data derived from the provision of services during the contractual relationship includes information related to the assistance we may have provided when you requested it, any resolved or ongoing incidents, the contract requests you have made, the results of satisfaction surveys we may have asked you to complete, marketing messages we have sent you, the historical consumption of the supply point for which you are the account holder, your billing history, and data that may be collected from your visits to our websites through the use of 'cookies'. You will find information about the way we process data from cookies here.
- Data obtained from third parties includes information sourced from credit information systems that will be referenced later, as well as consumption data from the Distribution Company, data obtained from the land registry related to the address associated with the supply point, and sociodemographic data obtained from Datacentric Solutions, S.A.U., Adsalsa Publicidad, S.L., Beleader Internet Marketing, S.L., Ibrands Medios Interactivos, S.L., Rock Internet, S.L., Webpilots España, S.L., Ignium Consulting, S.L., and Elige Mejor, S.L. These data are necessary to complete the information required to develop your profile when you have authorised us to do so.
At Endesa, we only process the data that is strictly necessary for the specific purposes outlined in this Data Protection Policy and only for the duration required, as specified in Section 6, while always respecting all the principles and obligations set forth in both the GDPR and the LOPDGDD.
The questions outlined below provide detailed explanations of how and for what purposes we process your data.
4) Why will we process your data, and on what legal basis?
1. Processing required for effective management of the contractual relationship with ENDESA
1.1 During the registration process
When you request registration for an Endesa service, the entity providing the service (Endesa Energía and/or Endesa X Way) will process the data required to manage the registration request. If the service subscribed requires joint service provision by the aforementioned entities, they will act as Joint Controllers of the data.
This processing is justified by the need to apply the necessary pre-contractual measures for the conclusion of the Contract and its subsequent performance, where appropriate.
1.2 While you are in a contractual relationship with ENDESA
For the duration of your Contract with Endesa, and for its adequate operation, maintenance and management, we will carry out the following data processing activities:
a) Routine management of the contractual relationship: service provision and billing
If you have subscribed for a service with Endesa, your data will be processed by the entity with which you entered into the agreement (Endesa Energía and/or Endesa X Way) for the purpose of providing that service, including, among other purposes:
- Billing the service.
- To identify you when you contact us.
- To send you messages to keep you informed about matters that may affect the service.
When the service purchased involves the joint provision of services by Endesa Energía and Endesa X Way, the service providers will be designated as Joint controllers of the data processing.
This processing is justified by the need to fulfil the Contract with Endesa Energía and/or Endesa X Way.
For these purposes, we will process the following data: identifying information (such as name, surname, identification document, postal and email address, and phone number), data related to electricity supply (such as SPUC and contracted power), financial data (such as the bank account for payment of bills or bank card number), and the data generated by your interaction with us when you make an enquiry or file a complaint.
Refusal to provide requested personal data or providing inaccurate or incomplete information could hinder our ability to adequately provide contracted services. In this regard, you are reminded that you are responsible for the accuracy of the data provided, as well as for informing Endesa Energía and/or Endesa X Way of any changes to that information.
b) Enquiries through the various channels available to you
If you make an enquiry or request through any of our customer service channels (including telephone, in-person, social media, and our websites and apps), your data will be processed by Endesa Energía and/or Endesa X Way depending on the entity to which you direct your enquiry or request, in order to manage it based on the performance of the contractual relationship.
In this case, we will process the data that allows us to identify you as a customer, as well as information related to the subject of your enquiry.
c) Management of your contractual relationship with Endesa Energía or Endesa X Way through web services, provided you request it by registering for the aforementioned service
Provided you have registered as a User on the Endesa Energía or Endesa X Way websites through their websites or Apps, your personal data will be processed by the entity responsible for the website where you registered, with the purpose of managing the services we provide through these websites and apps. In this regard, please be aware that if you provide us with your email address, it will be treated as the preferred means for sending any communications related to the contractual relationship we have with you.
This processing is carried out based on the execution of the terms and conditions that govern the use of the website.
1.3 Processing involving Endesa Energía's relations with third parties necessary for proper Contract fulfilment
a) Use of your data to enter into the ATR contract (access to grids) with the Distributor
Endesa Energía will process your personal data to contract on your behalf with the Distribution Company relevant to the location where we provide the service to secure the grid access necessary for your supply. To do this, we will provide the necessary data for this contract, which is recorded in the Supply Points Information System regulated by electricity law.
The processing and transfer of data are based on their necessity for the performance of the Contract entered into with Endesa Energía.
b) Performing the necessary procedures for supply
In addition, your personal data will be processed by Endesa Energía to carry out the necessary management and communications with the Distribution Company to ensure the supply of electricity or gas, based on the execution of the Contract that binds you to us (for example, addressing claims submitted to the Distribution Company that it forwards to Endesa Energía for management).
2. Processing necessary for compliance with Endesa Energía and/or Endesa X Way’s legal obligations
a) Exchange of information by Endesa Energía with the distribution company for service provision and billing
In accordance with the applicable regulations, Endesa Energía will communicate with the Distribution Company and obtain the necessary personal data from them to adequately provide you with the electricity or gas supply subject to the contract and for invoicing purposes. The personal data that will be obtained from the Distribution Company for these purposes includes your identifying information and details about your energy consumption at any given time, which are recorded in the Supply Points Information System regulated by electrical and gas regulations, respectively.
b) Response to police, judicial, and fiscal requests
Endesa Energía and/or Endesa X Way may be required to respond to requests from Law Enforcement agencies, judicial authorities, and the Public Prosecutor's Office, in compliance with Article 7 of Organic Law 7/2021 of 26 May on the protection of personal data processed for the purposes of preventing, detecting, investigating, and prosecuting criminal offences and executing penalties.
c) Response to requests from supervisory authorities and other Public Administrations
Both Endesa Energía and Endesa X Way are legally bound to respond to requests from the supervisory authorities to which they are subject, including the Spanish National Commission on Markets and Competition and the Spanish Data Protection Agency, in accordance with the regulations governing the energy sector, competition law, and personal data protection, respectively.
Furthermore, Endesa Energía and Endesa X Way are required to comply with the legal obligations imposed upon them, including the sharing of your personal data with certain Public Administrations (for example, tax authorities).
In such cases, the processing of your data will be based on the compliance with the legal obligations to which Endesa Energía and Endesa X Way are subject.
3. Processing based on Endesa's prevailing legitimate interest
Endesa Energía and/or Endesa X Way will process certain personal data based on the understanding that there is a legitimate interest on their part, which does not negatively impact your rights and interests and which is in line with your expectations. To ensure this is the case, we have conducted the necessary analysis to weigh the prevalence of these legitimate interests, and where legislation requires it, we have carried out a data protection impact assessment to avoid any risk to your rights. The essential aspects of the weighting reports and impact assessments are available to you upon request at the following address: dpo@endesa.es.
You are reminded that you may object at any time to the processing activities identified in this section, exercising your right to object in accordance with the requirements and through the channels specified in Section 9 of this Data Protection Policy.
3.1 Processing related to credit information systems
a) Consultation of Credit Information Systems at the time of the contract request and during the term of the Contract
If you request to enter into a contract for a product or service from Endesa Energía and/or Endesa X Way that may involve deferred payment or the provision of a regular billing service, always in strict compliance with applicable regulations, we may consult the ASNEF credit information system (owned by Asnef-Equifax Servicios de Información Sobre Solvencia y Crédito, S.L.) prior to contracting and while you maintain your relationship with us, in order to assess your economic solvency at any given moment.
When such verification is made before signing the Contract, the result of the consultation may be considered to determine whether signing is appropriate.
The processing of data obtained through the consultation of these systems in the context of managing your request is based on Endesa's legitimate interest, as enabled by Article 20 of the LOPDGDD.
b) Communication to Credit Information Systems regarding non-payment of bills
Endesa Energía and/or Endesa X Way may communicate your data to the ASNEF credit information system (owned by Asnef-Equifax Servicios de Información Sobre Solvencia y Crédito, S.L.) mentioned in the previous section in the event that you fail to make timely payment for the services contracted with either of them. The data categories that will be shared in these scenarios include: full name, ID number, supply point address, amount owed, and date of non-payment.
The communication of such data to credit information systems is carried out based on Endesa Energía or Endesa X Way's legitimate interest in providing information to these systems, thereby contributing to the fulfilment of the role they play, which is to serve as a necessary tool for assessing the risk that may arise from non-compliance by the data subjects in the event that they are granted a particular monetary, financial, or credit operation, in accordance with the provisions of Article 20 of the LOPDGDD.
The systems will only store information on defaults that have occurred within the last five years. In any event, if you pay the outstanding debts, Endesa Energía or Endesa X Way will notify the system so that the data can be erased.
3.2 Processing aimed at improving Endesa's products and services
a) Conducting satisfaction surveys
Once you become a Customer, and to improve the quality of the services we provide, your data may be used by the entity with which you have a contractual relationship (Endesa Energía and/or Endesa X Way) to conduct surveys regarding service quality or satisfaction levels with the assistance provided, based on their legitimate interest in improving their services.
3.3 Data transfer to factoring companies
Endesa Energía or Endesa X Way may process your personal data for the purpose of conducting factoring operations (partial or total advance of assigned credits to financial entities), enabling Endesa to maintain an efficient business management model. These transfers will be carried out based on Endesa's legitimate interest in obtaining the necessary financing to effectively carry out its activities.
These processing activities will be conducted under the strictest security measures and based on Endesa's legitimate interest in securing funding to develop its commercial activities. To achieve this, your identifying data (name and surname, national identity document number) and economic-financial information related to the credit rights of Endesa Energía or Endesa X Way as a result of your Contract with them will be shared with those entities.
3.4 Obtaining additional data for debt recovery actions in the event of default
In case of non-payment on your part, the entity with which you have entered into the contract for the service, namely Endesa Energía or Endesa X Way, may process your data to take the necessary actions to recover the outstanding debt. To accomplish this, they may engage third-party companies responsible for processing, which will carry out the necessary actions for debt recovery and may update the information you provided and obtain any additional data that may be necessary for this purpose.
This processing is carried out based on the legitimate interest of Endesa Energía or Endesa X Way in managing the outstanding debt and processing its recovery, as well as their obligation to keep the information related to you up to date.
3.5 Marketing activities about services provided by Endesa
a) Advertising for energy services similar to those subscribed by the company of which you are a customer or for Endesa's Bundled Energy Deals
If you are a Customer of Endesa Energía and/or Endesa X Way, the entity of which you are a Customer will process your data so that you receive advertising for their similar products and services based on their legitimate interest in keeping you informed about their offerings. Additionally, based on their legitimate interest and as Joint Controllers of the data processing, Endesa Energía and Endesa X Way will process your data to ensure you receive advertising for Endesa's Bundled Energy Deals that align with the service you have already subscribed (for example, the joint offer that includes registering for your electricity supply and purchasing a domestic charging point).
For this purpose, Endesa Energía and Endesa X Way may analyse your personal data to create a very basic profile that allows them to determine whether the marketing actions related to energy services similar to those contracted with the entity you have a contractual relationship with, or regarding Endesa's Bundled Energy Deals, align with your energy consumption needs and preferences. In cases where the marketing action refers to Bundled Energy Deals, Endesa Energía and Endesa X Way will be Joint Controllers of the processing.
To create this profile, we will only consider a very limited number of data points available to Endesa Energía or Endesa X Way, which will include your name, surname, phone number, email, address, national identity document number, and, where applicable, SPUC.
This processing is based on Endesa's legitimate interest in informing you and facilitating your access to bundled deals that enable you to achieve a more sustainable energy model. This includes offering services for the installation of energy equipment, maintenance and repairs, automation, and electric mobility, among others. It also aims to prevent the campaigns and Bundled Energy Deals we may carry out from becoming repetitive, unnecessary, or bothersome if they do not align with your needs.
b) Integration of Endesa Energía and Endesa X Way's customer databases for the provision of Bundled Energy Deals
Endesa Energía and Endesa X Way will share their customers' data to subsequently make Bundled Energy Deals through non-electronic means as Joint Controllers, thus avoiding unnecessary repetition of commercial campaigns.
These communications will be made exclusively for the described purpose, and under no circumstances will your data be shared between these companies for other purposes. Specifically, the categories of data that are subject to this communication are: name, surname, contracted product, phone number, email, address, national identity document number, and, where applicable, SPUC.
4. Processing that Endesa will only carry out if you provide your consent
Endesa will process your personal data for the purposes listed below only if you have expressly given your consent for this. We remind you that you can revoke the consent granted for any of these purposes without affecting the lawfulness of the processing carried out prior to that revocation, as indicated in Section 9 of this Data Protection Policy.
However, in cases where consent is given for the provision of a service (for example, sending you the electronic invoice), revoking that consent will result in the inability to continue providing that service.
4.1 Provision of other additional services
a) Sending your electronic bill
If you have registered for Endesa's 'electronic billing service,' the entity with which you have signed the Contract will process your email address in order to send you your invoice. This processing is based on the consent you have granted by signing up for this service.
If you withdraw your consent, Endesa will provide you with service billing information through non-electronic means.
b) Processing of location data for the use of the Endesa X Way App
By using the Endesa X Way App, and provided you have given your consent in accordance with its privacy policy, Endesa X Way will process information about your geographical location solely for the purpose of providing you with directions to the nearest electric vehicle charging point to your location. You can activate or deactivate the location feature at any time through your device settings as follows:
iOS: Activate or deactivate Location. Settings > Privacy > Location.
Android: Settings > Location or via Quick Settings, accessible by swiping down from the top of your device's screen.
4.2 Data related to your internet browsing, subject to consent for the use of cookies
Like many other internet portals, Endesa’s websites use a technology called 'cookies' to collect information about your interactions on their websites, provided you have authorised their use, where applicable.
If you would like to know in detail how this technology works and how you can consent to or refuse its use, you can refer to the section 'Cookies at Endesa.'
4.3 Social login on Endesa's websites or applications
In certain instances, Endesa's websites or applications will provide you with the option to register or access your private customer area by logging in through the Facebook social network or using your Google or Apple ID account. To do this, you will need to give your express consent for your identifying personal data (name, surname, email, and password) listed with Facebook, Google, or Apple ID, depending on the method you chose, to be shared with Endesa Energía or Endesa X Way (depending on which company is facilitating your access to your private customer area) so that you can log in or register without having to create a new account for that website.
4.4 Creation of customer profiles and marketing actions
a) Creating complex profiles
If you have given your consent by checking the designated box or over the telephone, Endesa Energía or Endesa X Way will process your data to create a more complex profile regarding your preferences and consumption habits. This will enable us to carry out the marketing activities referred to in sections b) and c) below, as well as to advertise services similar to those contracted by the company of which you are a customer and to create Bundled Energy Deals.
To develop this profile, we will process the necessary personal data, as well as information related to your energy consumption at any given time (hourly load curve). Additionally, we will utilise statistical data impacting consumption, such as the Client's area of residence, type of housing, and weather information. Your consumption data will cover the past year.
This profiling will not involve the adoption of any decisions that could have legal implications or significantly affect you. If Endesa were to carry out this type of processing, we would notify you of this and request your consent if necessary.
b) Advertising of products and services provided by third-party companies
If you have given your consent by checking the designated box or over the telephone, Endesa will process your personal data for the purpose of sending you advertising related to other products or services offered by third parties (related to home, insurance, automotive, financial services, and leisure) that we believe may suit your needs. Endesa may process your data so that you receive advertising about products and services provided by third parties through any communication channel (including, but not limited to, email, SMS, and telephone calls).
c) Sharing data with third parties so that they can offer their products and services
Additionally, provided you have given your consent by checking the designated box or overt the telephone, Endesa may share your data with third-party companies in the sectors indicated in the previous section b) so that you can receive advertising from them about their products and services. The categories of data that will be shared in these cases include: name, surname, mobile phone number, email address, and postal code.
Under no circumstances will the data shared include the profile that Endesa Energía or Endesa X Way may have created in accordance with the provisions outlined in section a).
d) Advertising of Endesa products and services when you are no longer a customer
Provided you have given your consent by checking the designated box or over the telephone, and in the event that you cease to be an active customer, you may still receive advertising about products and services provided by Endesa through any communication channel (including, but not limited to, email, SMS, and phone calls).
5) How long will we keep your data?
We will keep your data for as long as necessary for the purposes justifying the processing. In particular:
- Personal data provided during the registration process, along with data collected during credit information checks, will be kept for these purposes until a Contract is formalised, at which point they will be processed under the scope of the contractual relationship. If you do not enter into a Contract with Endesa, the data will be kept for one (1) month to allow for the completion of the registration process if requested by the interested party.
- Any personal data provided as a Customer and processed for purposes related to the Contract, including any legal obligations Endesa may assume as a result of that relationship, will be retained for the duration of the Contract and for the periods established by the legislation applicable to the service provided (electricity or gas). Once the Contract is terminated, if no outstanding debt or obligation remains, Endesa will block the data, as outlined below.
- Data related to your basic profiling, where consent is not required, will be retained for up to one (1) year or until you object to Endesa continuing this processing.
- Personal data provided in connection with enquiries, requests, or to arrange an appointment with Endesa's sales agents will be retained until the request is processed.
- Any personal data that we process due to your status as a User of our website will be retained as long as you maintain that status. However, if we detect that you have not used or interacted with your account or any of our web services for a period of two (2) years, we will proceed to cancel your account. In this case, if you wish to resume using any of the web services, you will need to re-register.
- Any personal data that we process to enable you to access or register as a User of our website using your social media profile will be kept until you revoke your consent to access the website in this manner. Furthermore, as explained in the previous section, if we detect that you have not used or interacted with your account or any of our web services for two (2) years, we will cancel your account.
- In the event of non-payment, your personal data processed by Endesa in relation to it will be retained for as long as necessary to carry out any suitable actions for debt recovery.
- The data processed for purposes based on your consent will be processed by Endesa Energía and/or Endesa X Way until your consent is revoked. If you are no longer an Endesa customer but you have not withdrawn your consent, your data will be kept for up to two (2) years after the end of the Contract.
After the above periods have elapsed, your data will be blocked for the period during which it may be necessary to address claims or defend against administrative or judicial actions, as well as for the statute of limitations for any applicable criminal, civil, commercial, and/or administrative liabilities. The data will only be unlocked and processed again for these purposes. After this period, the data will be definitively erased.
Specifically, the Customers' personal data will be kept for the duration of the contractual relationship. Once this period ends and any existing debt or obligation has been settled, the data will be kept in a blocked state for 6 years, in accordance with the statute of limitations for retaining commercial and accounting documentation. After this period, the data will be permanently deleted.
6) Do we process data belonging to minors?
Endesa is committed to ensuring the appropriate use of personal data referring to minors by guaranteeing compliance with applicable laws and implementing reasonably appropriate measures. Therefore, personal data referring to minors will not be collected without the prior consent of their parents, guardians, or legal representatives.
7) What security measures are in place?
To ensure that its Data Protection Policy is effective and efficient, Endesa has adopted the technical and organisational security measures necessary to prevent the alteration, loss, misuse, unauthorised processing, and access or theft of data, in accordance with the current state of technology, for all channels in which personal data may be processed, including all websites, telephone, and face-to-face channels.
8) What information do we share with third parties?
1. Data transfers
As we have indicated when describing the various ways that Endesa will process your personal data, Endesa may share your data with the following entities:
- The Distribution Company, for the conclusion of the grid access contract required to provide the service you have subscribed for with Endesa.
- Entities that manage credit information systems in cases where you have not settled your debts with Endesa, provided the requirements established in applicable regulations are fulfilled.
- Third-party partner companies of Endesa operating in the home, insurance, automotive, financial services, and leisure sectors, provided you have granted your consent for this and for the purpose of receiving information about the products or services offered by these companies.
- Credit institutions with which factoring contracts have been signed, exclusively for the purpose of executing those contracts.
- Law Enforcement agencies, the Public Prosecutor's Office, and the Courts when required to do so by law.
- Regulatory bodies overseeing Endesa, such as the Spanish National Commission on Markets and Competition, the Spanish Data Protection Agency, or tax authorities, among others, in accordance with their regulatory framework.
Additionally, on a case-by-case basis, Endesa Energía and Endesa X Way will mutually exchange necessary data for the non-digital communication of Bundled Energy Deals to ensure the Customer does not unnecessarily receive repeated marketing campaigns about their services. This will apply as long as you have not opposed receiving advertisements for Endesa Energía and/or Endesa X Way's products similar to those you have already contracted, as well as Bundled Energy Deals.
2. Access to your data by service providers (data processors)
You are also informed that Endesa will allow access to your personal data to third-party service providers who collaborate with Endesa in carrying out its activities and which will perform the necessary personal data processing to provide you with the services you have subscribed. These third parties may assist us, for example, in delivering services related to: sales, customer service, debt collection, marketing and advertising, and professional services.
These providers will act as Endesa's data processors, following the instructions given by the company without being able to use the data for other purposes. Endesa will always guarantee the confidentiality, security, and secrecy of the data they access. To this end, Endesa has assessed that these providers have implemented measures to ensure the protection of your personal data and has formalised the corresponding Contracts with them, in which they commit to processing the personal data to which they have access in accordance with the requirements of the GDPR and the LOPDGDD.
Furthermore, we inform you that some of these third parties acting as Data Processors may be located outside the European Economic Area and may be in countries not declared by the EU as providing an equivalent level of data protection. In particular, Endesa has contracted trusted providers located in the United States, India, Colombia, Peru, and Morocco. The company has assessed that the processing of your data in these countries complies with the same guarantees required by European regulations. It has also implemented the necessary safeguards, particularly by signing standard contractual clauses approved by the European Commission with these providers. You can access these Data Processors at: https://www.endesa.com/es/proteccion-datos-endesa/encargados-tratamiento. You may also request information about the guarantees adopted by Endesa for the international transfer of your personal data, including a copy of them, by contacting dpo@endesa.es.
9) What rights do you have in relation to the processing of your personal data?
The GDPR and the LOPDGDD outline the following rights regarding the processing of your personal data, which may be exercised against each of the Data Controllers.
- Access: allows you to confirm whether we are processing your personal data and, if so, which.
- Rectification: allows you to help us to correct errors and amend data that may be inaccurate or incomplete.
- Deletion: allows you to request the deletion of your data, meaning that Endesa will stop processing them unless there is a legal obligation for retention or other legitimate reasons to continue processing prevail.
- Objection: allows you to request that we cease processing your personal data for which we believe we have a legitimate interest, based on the reasons you provide for this request.
At Endesa, we will stop processing your data unless there are compelling legitimate grounds for continuing the processing or if it is necessary to address claims or to defend against administrative or legal actions, in which case the data will remain duly blocked. However, when we process your data for the purpose of making offers for products and services, Endesa will cease processing your data solely as a result of your request.
- Limitation on processing: you may ask Endesa to limit the processing of your data in the following cases:
- While a challenge to the accuracy of the data that you have submitted to us is being checked.
- Where the processing is unlawful, but you object to the deletion of your data.
- If Endesa does not need to process your data, but you need them to exercise or defend claims.
- If you have objected to the processing of your data for the performance of a task carried out in the public interest or for the fulfilment of a legitimate interest, while verifying whether the legitimate grounds for the processing outweigh yours.
- Portability: allows you to receive your personal data in a structured, commonly used, and machine-readable format so that you can transfer it to another data controller.
- Withdrawal of consent: allows your data to stop being processed for a purpose you previously authorised, for example, the receipt of commercial communications from third-party companies with which we collaborate.
To exercise these rights, you may contact Endesa through any of the following channels:
- By postal mail, enclosing a photocopy of your ID card, passport, or any other current identification document, along with the detailed request, to Apartado postal 1128, 41080 - Sevilla, A/A. Endesa Operaciones y Servicios Comerciales.
- By email to solicitudeslopd@endesa.es, including the following information: full name of the data subject, address for notification purposes, a photocopy of the front side of the ID card, passport, or any other current identification document (when your identification cannot be successfully verified through other means), along with the specific request.
Additionally, you are reminded that current legislation allows you to file a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency), whose contact details are as follows:
Agencia Española de Protección de Datos
Calle Jorge Juan, 6 – CP: 28001, Madrid.
Phone numbers: +34 901 100 099/+34 91 266 35 17
10) How can you contact Endesa's Data Protection Officer?
Endesa S.A., parent company of the Endesa Group, which includes Endesa Energía and Endesa X Way, has appointed a data protection officer for these companies.
If you have any questions regarding the purposes for which your personal data is processed by Endesa, the legitimacy of such processing, or any other personal data protection issue, you can contact our Data Protection Officer by post at the following address: C/ Ribera del Loira, 60, 28042-Madrid, or by emailing us at the following address: dpoc@endesa.es.
11) Amendments to the Data Protection Policy
Whenever Endesa updates this Data Protection Policy, particularly as a result of new personal data processing activities, we will notify you in advance so that you can send us any questions or, if applicable, exercise the rights granted to you by the legislation in force at that time.
Thank you for the trust you have placed in Endesa.
Data Protection Policy for Investors and Analysts
Summary
-
Endesa, S.A. (“Endesa”)
-
Enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.
-
Lawfulness
Legitimate interest of Endesa, S.A.
-
Data shall not be transferred to third parties, except under legal obligation.
Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.
-
Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can find information on how to exercise these rights in the Information in detail.
-
Further information
More information about the Endesa S.A. data protection policy can be found in the DATA PROTECTION POLICY dropdown.
Data Controller
Data Controller
Data Controller
Purposes
Purposes
Purposes
Recipients
Recipients
Recipients
Rights
Rights
Rights
1. Data controller
Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain
2. Purpose and processing
The personal data of investors and analysts shall be stored and processed by Endesa, S.A. to enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.
Personal data storage limitation
The personal data of investors and analysts shall be kept as long as no request is received for their erasure and as long as they are no longer required for the purposes for which they are processed. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.
3. Lawfulness of the processing
The legitimate interest of Endesa, S.A. is the legal basis for processing your data.
4. Data recipients
Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.
Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.
5. Security measures
To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.
6. Rights with respect to the processing of your personal data
Investors and analysts can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.
To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:
- Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
- Email to ir@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.
7. Data Protection Officer
Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.
Shareholder Data Protection Policy
Summary
-
Endesa, S.A.
-
- Enable communication with the shareholder within the framework of corporate relations.
- Enable compliance with related legal obligations.
-
Lawfulness
- Legitimate interest of Endesa, S.A.
- Compliance with legal obligation.
-
Data shall not be transferred to third parties, except under legal obligation.
Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.
-
Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can find information on how to exercise these rights in the Information in detail.
-
further information
More information about the Endesa S.A. data protection policy can be found in the DATA PROTECTION POLICY dropdown.
Data Controller
Data Controller
Data Controller
Purposes
Purposes
Purposes
Recipients
Recipients
Recipients
Rights
Rights
Rights
1. Data controller
Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.
2. Purpose and processing
The personal data provided by shareholders (to exercise or delegate their attendance and voting rights at Shareholders’ Meetings and to enable communications) or that are provided by the banking entities, companies and securities brokers in which the said shareholders have deposited their shares shall be stored and processed by Endesa, S.A. to enable communication with the shareholder within the framework of corporate relations and to enable compliance with related legal obligations.
Personal data storage limitation
Shareholder personal data shall be kept as long as they are required to meet the above purposes. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.
3. Lawfulness of the processing
The legitimate interest of Endesa, S.A. is the legal basis to process shareholder data as is compliance with any related legal obligations. Accordingly, the refusal to provide the requested personal data or the provision of inaccurate or incomplete data may affect your activity as a shareholder in Endesa S.A.
Shareholders are responsible for the reliability of the data they provide and for notifying Endesa S.A. of any future changes to them.
4. Data recipients
Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.
Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.
5. Security measures
To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.
6. Shareholder rights in relation to the processing of their personal data
Shareholders can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.
To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:
- Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
- Email to accionistas@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
- Freephone: +34 900 666 900
You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.
7. Data Protection Officer
Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.
Data Protection Policy for Endesa S.A. Corporate Website Users
Summary
-
Endesa, S.A.
-
Manage the services provided or actions carried out by Endesa, user queries or suggestions made using the web form, as well as to manage the Endesa news alert service.
-
Lawfulness
Consent of the data subject.
-
Data shall not be transferred to third parties, except under legal obligation.
Other Enel Group companies may have access to your personal data, as well as the service providers that Endesa hires or may hire and who act as data processors.
-
Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.
Data Controller
Data Controller
Data Controller
Purposes
Purposes
Purposes
Recipients
Recipients
Recipients
Rights
Rights
Rights
1. Data controller
Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.
2. Purpose of personal data processing
User data shall be processed to manage the services provided or actions carried out by Endesa, as well as to manage the newsletter and the Endesa news alert service.
Personal data storage limitation
User personal data shall be kept as long as they are required to meet the above purpose. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.
3. Data recipients
Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.
Moreover, in the case of signing up to the Digital Experts programme, your data may be transferred to other Enel Group companies whenever they carry out a programme-related initiative.
Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.
4. Lawfulness of the processing
Any processing done to manage the services, actions or initiatives carried out by Endesa or by Enel Group companies shall be legally based on the user consent given when providing their data and accepting this data protection legal notice.
Moreover, those actions carried out to manage the Endesa newsletter and news alert service shall also be legally based on the consent provided by the user when subscribing to the said service.
5. Security measures
To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.
6. Data subject rights with respect to the processing of their personal data
You can exercise your rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.
You also have the right to withdraw consent at any time.
To exercise these rights, contact Endesa by post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request for the attention of Internal Communication - Endesa at 60 C/ Ribera del Loira, 28042 Madrid, Spain
You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.
7. Data Protection Officer
Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.
Basic Data Protection information
Joint data controllers |
Endesa Energía, S.A.U., and Endesa X Way, S.L. (hereinafter, ‘Endesa’). |
---|---|
Purposes and Legal Basis |
Your data will only be processed to send you commercial communications about Endesa's products and services, based on the consent you have granted: (a) directly to Endesa by requesting to receive advertising about our products and services, or (b) to the entity that communicated your data to Endesa, if your data was shared with Endesa due to your consent for transferring them to energy sector companies.
Additionally, your data may be processed by Endesa to respond to police, judicial, and tax authority requests, as well as requests from supervisory authorities and other public administrations. The legal basis for this processing is Endesa’s compliance with its legal obligations. |
Recipients |
Your data will not be shared with third parties unless required by Endesa’s legal obligations to disclose them to police, judicial, and tax authorities, as well as supervisory authorities and other Public Administrations. We will grant access to your data to service providers contracted by Endesa that act as data processors (some of whom may be located outside the European Economic Area). |
Rights |
You have the right to access, rectify, erase, restrict the processing, and transfer your data. If you have granted consent, you can withdraw it at any time. To exercise these rights, you may contact Endesa via email at: solicitudeslopd@endesa.es or by postal mail at Apartado postal 1128, 41080 – Sevilla, A/A. Endesa Operaciones y Servicios Comerciales. You must include the following information: full name of the data subject, address for notification purposes, a photocopy of the front side of the ID card, passport, or any other identification document, along with the specific request. |
Further information | For more information about Endesa's data protection policy for non-customers, you can consult the DATA PROTECTION POLICY dropdown. |
We at Endesa are committed to ensuring the transparent and secure use of personal data. Furthermore, we would like to inform you that you always have control over your personal data.
1) Who can process your data?
2) What personal data do we process?
3) Why will we process your data, and on what basis?
4) How long will we keep your data?
5) What security measures are in place?
6) What information do we share with third parties?
7) What rights do you have in relation to the processing of your personal data?
8) How can you contact Endesa's Data Protection Officer?
9) Amendments to the data protection policy.
1. Who can process your data?
Your personal data may be processed by the following Endesa Group companies:
- Endesa Energía, S.A.U., with TIN A81948077 and business address at C/ Ribera del Loira, 60, 28042 - Madrid.
- Endesa X Way, S.L. (‘Endesa X Way’), with TIN B09732520 and business address at C/ Ribera del Loira, 60, 28042 - Madrid.
Each of these entities will process your data independently in accordance with this data protection policy. However, any reference to ‘Endesa’ in this document refers to both entities collectively.
2. What personal data do we process?
Personal data refers to any information that directly identifies or can identify a physical person, such as their name, last name, and email address.
The only data that will be processed by us are your name, last name, phone number, and postal and/or email address.
These data have been provided by the entity identified in the communication you received or through a phone contact we held.
If you contract a product or service with Endesa, your personal data will be processed in accordance with the company's customer Data Protection Policy.
3. Why will we process your data, and on what basis?
Your data will only be processed to send you commercial communications about our products and services, based on the consent you have granted to:
- Endesa, requesting us to receive advertising material on our products and services, or
- the entity to which, according to the previous section, you communicated your data and to which you authorised their transfer as it belongs to the energy sector.
Additionally, your data may be processed by Endesa to respond to police, judicial, and tax authority requests, as well as requests from supervisory authorities and other Public Administrations. The legal basis for this processing is Endesa’s compliance with its legal obligations.
4. How long will we keep your data?
Your data will be processed by Endesa for the purposes outlined in this Data Protection Policy for as long as you do not withdraw your consent via the channels mentioned in section 7, or for a maximum period of two (2) years.
Once you withdraw your consent, your data will be blocked for the period during which it may be necessary to address claims or defend against administrative or judicial actions, as well as for the statute of limitations for any applicable criminal, civil, commercial, and/or administrative liabilities. The data will only be unlocked and processed again for these purposes. After this period, the data will be definitively deleted.
5. What security measures are in place?
To ensure the effective enforcement of its data protection policy, Endesa has adopted the necessary technical and organisational security measures to prevent alteration, loss, misuse, and unauthorised access to or theft of your data. We take into account the state of technology for all channels in which personal data may be processed.
6. What information do we share with third parties?
Your data will not be shared with third parties unless required by Endesa’s legal obligations to disclose them to police, judicial, and tax authorities, as well as supervisory authorities and other Public Administrations.
However, they will be accessible to third-party service providers collaborating with Endesa, who process the necessary personal data to provide you with marketing and advertising services. These providers will act as Endesa's data processors, following the instructions given by the company without being able to use the data for other purposes. Endesa will always guarantee the confidentiality, security, and secrecy of the data they access. Thus, Endesa has analysed that these providers have adopted measures to guarantee the protection of your personal data and has entered into contracts with them committing to processing the data in accordance with applicable regulations on personal data protection.
Furthermore, we inform you that some of these third parties acting as data processors may be located outside the European Economic Area and may not be in countries not declared by the EU as providing an equivalent level of data protection. In particular, Endesa has contracted trusted providers located in the United States, India, Colombia, Peru, and Morocco. The company has assessed that the processing of your data in these countries complies with the same guarantees required by European regulations. It has also implemented the necessary safeguards, particularly by signing standard contractual clauses approved by the European Commission with these providers. You can access these data processors by clicking here. You may also request information about the guarantees adopted by Endesa for the international transfer of your personal data, including a copy of them, by contacting dpo@endesa.es.
7. What rights do you have in relation to the processing of your personal data?
Applicable regulations on personal data protection grant the following rights concerning the processing of your personal data:
- Access: allows you to confirm whether we are processing your personal data and, if so, which.
- Rectification: allows you to help us to correct errors and amend data that may be inaccurate or incomplete.
- Deletion: allows you to request the deletion of your data, meaning that Endesa will stop processing them unless there is a legal obligation for retention or other legitimate reasons to continue processing prevail.
- Limitation on processing: you may ask Endesa to limit the processing of your data in the following cases:
- While a challenge to the accuracy of the data that you have submitted to us is being checked.
- Where the processing is unlawful, but you object to the deletion of your data.
- If Endesa does not need to process your data, but you need them to exercise or defend claims.
- Portability: allows you to receive your personal data in a structured, commonly used, and machine-readable format so that you can transfer it to another data controller.
- Withdrawal of consent: allows you to stop your data from being processed for a purpose you previously authorised, such as the receipt of commercial communications from Endesa.
To exercise these rights, you may contact Endesa through any of the following channels:
- By postal mail, enclosing a photocopy of your ID card, passport, or any other current identification document, along with the detailed request, to Apartado postal 1128, 41080 - Sevilla, A/A. Endesa Operaciones y Servicios Comerciales.
- By email to solicitudeslopd@endesa.es, including the following information: full name of the data subject, address for notification purposes, a photocopy of the front side of the ID card, passport, or any other current identification document (when your identification cannot be successfully verified through other means), along with the specific request.
Additionally, you are reminded that current legislation allows you to file a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency), whose contact details are as follows:
Agencia Española de Protección de Datos
Calle Jorge Juan, 6 – CP: 28001, Madrid.
Phone numbers: 901 100 099 / 91 266 35 17
8. How can you contact Endesa's Data Protection Officer?
If you have any questions regarding the purposes for which your personal data is processed by Endesa, the legitimacy of such processing, or any other personal data protection issue, you can contact our Data Protection Officer by post at the following address: C/ Ribera del Loira, 60, 28042-Madrid, or by emailing us at the following address: dpoc@endesa.es.
9. Amendments to the Data Protection Policy
Whenever Endesa updates this Data Protection Policy, particularly as a result of new personal data processing activities, we will notify you in advance so that you can send us any questions or, if applicable, exercise the rights granted to you by the legislation in force at that time.