• {{currentSearchSuggestions.title}}
  • {{currentSearchSuggestions.title}}
{{navigationCta.name}}

Data Protection Policy

 

At Endesa, we respect the rights and freedoms of people, among which is the fundamental right to the protection of personal data, established in the Charter of Fundamental Rights of the European Union.

Our commitment to Privacy is one of our priority areas to improve trust and transparency with all those with whom we are linked. For this reason we are guided by the principles included in Regulation (EU) 2016/679 General Data Protection, committing to:

  • Process data in a responsible, fair and transparent manner.
  • Use data for determined, clear and legitimate purposes.
  • Only use data suitable, appropriate and limited to each purpose.
  • Use accurate and updated data.
  • Keep data only for the necessary time.
  • Guarantee the integrity and confidentiality of data.
  • Act with proactive responsibility.

Data Protection Policy for Endesa Energía Customers

Summary

  • Co-responsible parties

    Endesa Energía, S.A.U. and Endesa X Servicios S.L. (Herein “Endesa”).

  • Purposes

    • Manage the products and services contracted with Endesa or purchased at the Endesa X Store.
    • Comply with established legal obligations.
    • Make commercial communications about products and services.
    • Manage web services.
    • Gather information when you browse our websites.
    • Know your geographical location to locate the nearest electric vehicle charging point.
    • Manage an appointment request with one of our specialists.
  • Legitimacy

    • Performance of the contract: to manage products and services contracted or purchased, which includes dealing with queries, sending information and surveys, billing and collection, energy advice and proof of contractual processes that have started.
    • Compliance with legal obligations: to comply with Endesa's legal obligations.
    • Legitimate interest: (i) to assess financial solvency, acceptance as a customer or, where appropriate, to disclose data to credit information systems, always in full compliance with applicable regulations; (ii) to offer information on products or services related to the field of energy or on packaged energy offers for the supply of electricity or gas and a value-added service related to the service that the client has already purchased (which entails occasional exchanges of data between Endesa Energía and Endesa X to guarantee the effectiveness of the campaigns); (iii) to offer information about a product related to one you purchased at the Endesa X Store; (iv) to carry out factoring operations, so that Endesa can have an efficient business management model.
    • Consent: (i) to send marketing messages to customers about other products or services offered by third-party companies, related to energy, home, insurance, automotive, financial services and leisure, and to transfer the data to said companies, including other companies in the Endesa group; (ii) to send marketing messages of all types to consumers who are not Endesa customers or who have not purchased at the Endesa X Store; (iii) to carry out complex profiling; (iv) to manage Users of the website and send electronic bills; (v) to process information about your geographic location data to inform you about electric vehicle charging points; (vi) to manage your request for an appointment with one of our specialists.
  • Recipients

    Endesa only exchanges personal data with (i) service providers with which it has or may have contractual relationships who have the status of data processors (some of these data processors may be located outside the European Economic Area), and with (ii) other collaborating companies related to the energy, home, insurance, automotive, financial services and leisure sectors, provided you have authorised us by giving your consent.

    We may also exchange data between Endesa Energía and Endesa X in order to make packaged energy offers, and to avoid unnecessary repetition of marketing campaigns.

    We will also disclose your data to the credit information systems in the cases permitted under current regulations, and to credit entities to perform factoring operations, or to public administrations, authorities and organisations to comply with legal obligations.

  • Rights

    Access, rectification, deletion, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You may withdraw the consent given for the purposes described above at any time.

  • Further information

    More information about the Endesa data protection policy can be found in the Data Protection Policy.

Security and personal data protection

At Endesa, we are committed to ensuring that our customers' personal data will be used transparently and securely, so we want you to know that you have control over your data at all times. As an Endesa customer, provided that the current regulations allow it, you can decide who receives your personal data, under what conditions and for what purpose.

To make this possible, we have updated our Data Protection Policy as part of our review and continuing improvement process and in accordance with the best practices in Corporate Governance and Compliance. This new Data Protection Policy replaces the one that previously regulated the processing of your data as an Endesa customer, and we hope to renew your trust in us by informing you how we collect, process and protect your personal data.

1) Definitions

2) Who can process your data?

3) Which personal data do we process?

4) Why do we process the data?

5) Why are we entitled to process your personal data?

6) How long will we keep your data?

7) Do we process data relating to minors?

8) Which security measures are applied?

9) What information do we share with third parties?

10) What are my rights with regard to the processing of my personal data?

11) How can I contact the Endesa Data Protection Officer?

12) Changes to the Data Protection Policy.

 

1)     Definitions

To help you better understand our Data Protection Policy, we will start by defining below some of the concepts included in it:

  • Customer: a natural person who maintains a contractual relationship with Endesa.
  • Contract: an agreement that regulates the terms and conditions applicable when contracting any Endesa product or service.
  •  Joint controllers: two or more data controllers who jointly determine the objectives and/or methods used for the data processing. In this context, Endesa Energía and Endesa X will be joint controllers for the processing of certain data.
  • Distribution company: the company responsible for distributing energy to your home. In the Spanish electricity market, citizens cannot choose their distribution company; it is determined by the area you live in.
  • Data processor: natural or legal person who processes personal data on behalf of the data controller.
  • Endesa: Endesa Energía, S.A.U. and Endesa X Servicios S.L.
  • Endesa Energía: Endesa Energía S.A.U.
  • Endesa X: Endesa X Servicios S.L.
  • Endesa Group: The Endesa group is made up of the parent company, Endesa S.A., and all its subsidiaries. You can see the complete list of companies in the Endesa Group here: https://www.endesa.com/en/about-endesa/who-we-are/subsidiaries.
  • LOPDGDD: Organic Law 3/2018, of 5 December, on Protecting Personal Data and Guaranteeing Digital Rights.
  • Packaged Energy Offer: set of products or services, directly related to the field of energy, that are jointly marketed by Endesa Energía and Endesa X under the Endesa brand, with more advantageous conditions or at a better price than if purchased separately.
  • Data controller: natural or legal person who, alone or together with others, determines the purposes and methods used in data processing.
  • GDPR: European Parliament and European Council Regulation (EU) 2016/679, of 27 April 2016, on the protection of natural persons with regard to personal data processing and the free movement of these data, which repeals Directive 95/46/EC.
  • Website user: registered user on any of the Endesa Energía or Endesa X websites (www.endesa.com, www.endesax.com and www.endesaxstore.com).

 

2)    Who can process your data?

The following companies in the Endesa Group will process your personal data as "Joint Controllers," except for any processing that must be carried out to comply with the particular conditions or services for a specific product or service contracted with one of them, in which case they will be considered separate "Data controllers":

  • Endesa Energía, S.A.U. with Tax ID No. A81948077 and registered office at: Calle Ribera del Loira, 60, 28042, Madrid - Spain.
  • Endesa X Servicios S.L. with Tax ID (CIF) B01788041 and registered office at: Calle Ribera del Loira, 60, 28042, Madrid - Spain.

In this context, Endesa Energía and Endesa X have reached a joint controller agreement that duly reflects their respective functions and relationships as joint controllers in relation to the stakeholders. The essential aspects of this agreement are at your disposal, if requested.

 

3)    Which personal data do we process?

Personal data are any information that directly identifies you or allows you to be identified, including, for example, your first and last name, email address, Universal Supply Point Unification Code (“CUPS”), etc. You may have provided some of this data directly when you signed your contract with us but other data may have been inferred from our relationship with you, such as the electricity or gas consumption corresponding to the supply point of which you are the effective user.

The data that may be processed are grouped into the following categories:

  • Data included when registering as a user, in the contract or subsequently provided during the contractual relationship: first name, last name, ID No., supply point (CUPS), telephone no., email address, contracted rate and data entered in energy advice tools, geographic location.  
  • Data derived from the provision of services during the contractual relationship: number of contacts made and the incidents resolved or ongoing, contract requests made, results of satisfaction surveys, commercial communications made, historical consumption at the supply point of which you are the effective user, billing history and any data that may be collected from your visits to our websites through the use of “cookies”.

At Endesa, we only process the data that are strictly necessary for the specific purposes set out in this Data Protection Policy and only for the time required to do so, as stated in Section 6 and always respecting all the principles and obligations contained in both the GDPR and the LOPDGDD.

The questions listed below explain in detail why and how we process your data.

 

4)    Why do we process the data?

At Endesa we process your personal data, among other purposes, to manage the provision of products and services that you have purchased from us, to manage your registration or website user account, to comply with the legal obligations imposed, for example, on energy or consumption, to send you marketing messages about products and services that may be of interest to you, or to gather information about interactions you may have when you browse our websites through the use of “cookies”. The specific purposes for which we use your data are detailed below:

a)     Manage the purchase of a product or the subscription to an Endesa service

Your data will be processed to be able to manage the purchase of a product or the subscription of an Endesa service.

You should also know that if you request a product or service that can entail deferred payment or the provision of a periodic billing service, before entering into a contract, we may consult solvency and credit records and registers as we see fit to determine your credit standing, always in strict compliance with the applicable regulations. The result of these enquiries may affect the entry into force of the contract or purchase of the product. In addition, in the event of default, Endesa may communicate your data to these registers, always complying with the guarantees granted by the legislation in force in these cases.

If you started to subscribe for a product or service on one of our websites and input your personal data but were unable to complete the process, do not worry; we will send up to a maximum of two reminders to your email address with support or help so that you can successfully complete the purchase or subscription process that you had started.

Once you become our customer, in order to provide you with the best possible service, your data may be used to deal with your queries and requests on all our service channels (including by telephone, face-to-face and on our websites), send you informative communications and conduct service quality and customer service satisfaction surveys, identify you in the contracting processes that you initiate with us, bill you for the energy supplied or provide you with energy advisory services. Likewise, in order for Endesa to have an efficient business management model, your data will be processed to carry out factoring operations.

In addition, if you are registered with the website, your personal data may be processed in order to manage any purchases you may make through the Endesa X store and the services available to you as a user of this website, for example, the “electronic billing service”, for which we need to use your email address to send you your bills. On this issue, you should be aware that, if you provide us with your email address, it will be treated as the preferred means for sending any type of communication relating to our contractual relationship.

b)     Comply with legal obligations

Your data may also be processed to comply with any type of legal obligation, such as contracting access to the networks with the “Distribution Company”, taking the steps required to ensure that the supply is provided successfully, exchanging information with the Distribution Company in order to bill your energy consumption, and meeting the requirements of the National Markets and Competition Commission and the Spanish Data Protection Agency, among other legal obligations.

c)     Send marketing messages on products and services of interest to the customer

Other processing of your personal data may also be carried out based on Endesa's legitimate interests. You can object to these as indicated in Section 10.

We will process the data in order to be able to send you information on products and services in the energy sector, or Packaged Energy Offers that are related to your subscribed service that best fit your energy consumption needs, and, where appropriate, to enable you to make improvements to your bills (or even benefits for the service already purchased) as a result of signing up for electricity or gas supplies and a value-added service together. If you have made a purchase through the Endesa X Store related to the energy sector and you do not object, you may also receive this type of information.

To do this, your personal data may be analysed beforehand in order to draw up a basic profile from which we can find out whether the commercial campaign being carried out fits your needs and preferences in terms of energy consumption. This analysis may take into account the data included in the previous section (demographic data, contracted rate, historical consumption, products and services contracted with Endesa, etc.), so it may be necessary for Endesa Energía and Endesa X occasionally to exchange specific parts of your data in order to ensure that the campaigns and Packaged Energy Offers that we send to you are not repetitive, unnecessary or annoying. In any case, the full communication of your data will only take place if you have given us your consent.

Anyway, we remind you that at any time you can object to both the receipt of commercial communications and the communication of any of your data between Endesa Energía and Endesa X, although in this case you will not be able to take advantage of the Packaged Energy Offers, by exercising your right of objection through the channels indicated in Section 10.

Remember that you will only receive these marketing messages while you are an Endesa customer, unless you authorise us subsequently or have bought a product from the Endesa X Store and did not oppose being sent commercial information related to the product or service previously acquired by Endesa X.

In addition, as explained in Section 5, any complex profiling, including the assumptions provided for in Article 22 of the GDPR, will be subject to our having previously obtained explicit, informed, free and unequivocal consent from the affected party.

Finally, for the cases in which you have given us your consent, we can also help you, through any communication channel (including, among others, email, text messages and phone calls), to stay informed regarding products and services offered by other companies with which we collaborate that may be of interest to you, related to the energy, home, insurance, motoring, financial services and leisure sectors. Your data will only be transferred to other companies in the Endesa Group or to third parties related to these sectors if you have given us your express consent.

We would also remind you that you can withdraw your consent at any time using the channels indicated in Section 10 of this Data Protection Policy.

d)   Manage the web services

If you have registered in the Private Customer Area on the Endesa website, your personal data may be processed to manage the website's services.

Therefore, if you register with a 'social login' through Google or Facebook, your username and password will be processed to register you on the App.

e)     Gather information when you browse our websites

Endesa's web pages, like many other internet portals, use a technology known as "cookies" to collect information on interactions with their web pages, provided that you have authorised their use.

If you would like more details about how this technology works, you can consult the section "Cookies at Endesa".

f)     Geographical location to locate the nearest electric charging point

Provided you have consented, your geographical location will be processed to identify and inform you of the nearest electric vehicle charging points.

g)     Request an appointment with one of our specialists

We may also process your personal data to make an appointment with one of our specialists, when you request this using one of the sites provided for this purpose.

 

5)    Why are we entitled to process your personal data?

Depending on the specific purpose for which we need to process your data (for example, to properly manage our contractual relationship with you, to comply with applicable legal obligations, to send you marketing messages or to gather information when you browse our websites), we will have the applicable legal basis.

We therefore inform you below of the bases for legitimisation that will allow us to carry out the different types of processing:

a)     Performance of the contract

The legal basis for us to be able to manage the products and services that you have purchased from us is “performance of the contract”. This entitles us to carry out the necessary personal data processing (including processing your email address) to deal with your queries and requests on all our service channels (including by telephone, face-to-face and our websites), send you messages with information and conduct service quality and customer service satisfaction surveys, identify you in the contractual processes with us, bill you, process payments, deliver products purchased through the Endesa X Store or provide you with energy advisory services.

Therefore, refusing to provide the personal data requested or giving us inaccurate or incomplete data may result in our being unable to properly provide the goods or services purchased. Therefore, we would like to remind you that you are responsible for providing truthful data, as well as for notifying Endesa of any future changes to those data.

b)     Compliance with legal obligations.

As previously stated, sometimes we need to use your personal data to comply with some kind of legal obligation; therefore, the legal basis that legitimises us to perform this processing consists, specifically, of fulfilling these legal obligations.

c)     Consent

Consent constitutes a legitimate basis for Endesa to process personal data, after obtaining the express, free, unequivocal and informed consent of the interested party.

Therefore, any processing that is carried out with the purpose of sending you commercial communications about other products or services offered by third-party companies relating to energy, home, insurance, motoring, financial and leisure services, as well as the transfer of your data to these companies, is legally based on the "consent" that you may have given. Similarly, any marketing messages about offers in the field of energy activity aimed at consumers who are not Endesa customers, and who have not bought a product from the Endesa X Store, are subject to obtaining prior express consent for the purpose.

Any complex profiling, including the assumptions provided in Article 22 of the GDPR, will be subject to having previously obtained explicit consent from the affected party. Therefore, as long as you do not withdraw your consent, you may continue to receive communications of this type, or your data may remain under the control of the companies with which we collaborate.

Personal data processed which is associated with your Username on the website (and registration with a ‘social login’ through Google or Facebook) and any processing of your email address to send you digital bills, is based on the consent you have given in each case.

The processing carried out as a result of activating your geographical location to be able to inform you about your nearest electric vehicle charging points, will only be carried out as long as you have given your consent for this purpose.

Likewise, your "consent" to process your personal data to manage the request for an appointment with one of our specialists also has a legal basis. We would also remind you that if you have given your consent for any of the purposes described above, you have the right to withdraw it at any time without this having any consequences on the services or products you have purchased. You will find the information you need to exercise your right to withdraw your consent in Section 10 of this Data Protection Policy.

d)     Legitimate interest

Legitimate interest is a legitimate basis provided that Endesa's interest in processing the data of a customer who has bought an Endesa product is within the customer's reasonable expectations, taking into account their relationship with Endesa. Any interested party always has the possibility of exercising the right to object, as specified in Section 10.

For this purpose, the processing carried out to offer you information about products or services related to the energy sector, or Packaged Energy Offers suitable for the service you have already purchased or the product you may have purchased, which best meet your energy consumption needs or may enable you to benefit from improvements to your bill as a result of purchasing products together (or even benefits on a service you have already purchased) for electricity and gas supply or an added value service (including one-off data transfers which may be made solely and exclusively between Endesa Energia and Endesa X to guarantee the efficiency of those campaigns), is undertaken based on Endesa’s “legitimate interest”. If you have purchased a product from the Endesa X Store and you do not object, you may also receive this type of information from Endesa X based on the company's "legitimate interest".

We therefore inform you that the regulations in force allow us to use legitimate interest as a basis for legitimisation that entitles us to perform the above processing based on the expectations that you may have as our customer. For this reason, we remind you that you can object at any time to the processing identified in the previous section, by exercising your right to object through the channels indicated in Section 10.

On the other hand, the processing needed to judge your financial solvency, your acceptance as a customer or, where appropriate, the communication of your data to credit information systems are also carried out based on legitimate interest. Endesa's interest in carrying out this processing is clear, as long as it is an authorisation granted by Art. 20 of the LOPD-GDD to creditors who provide a periodic billing service, as is our case.

Likewise, the processing carried out to perform factoring operations (partial or total advance of loans assigned to financial entities), so that Endesa can operate an efficient business management model, will be carried out based on the legitimate interest of Endesa in being able to obtain financing to undertake its commercial activities.

Also, data may be exchanged by Endesa Energía and Endesa X for administrative purposes, or to promote the proper management of commercial relationships with customers.

 

6)    How long will we keep your data?

The personal data you provide as a customer will be kept for as long as they are required to provide the services under contract. Once they are no longer needed for this purpose, the data will be blocked for the period during which they may be required to deal with complaints or to defend against administrative or legal actions, as well as for the period of limitation of criminal, civil, commercial and/or administrative responsibilities, and it may only be unblocked and processed again for this reason. After this period, the data will be deleted definitively.

In the cases in which you gave your express consent to receiving personalised offers in the area of energy that may be of interest to you when you were not a customer of Endesa, your data will be kept as long as you do not withdraw the consent provided through the channels indicated in Section 10.

If you are a web services user, we will keep your personal data while you continue to use these services. However, if we detect that you have not used or interacted with your account or with any of our web services during a period of two (2) years, we will proceed to cancel your account by blocking your data. If, after this period, you wish to use any of the web services again, you will need to register again.

 

7)    Do we process the data of minors?

Endesa ensures the proper use of minors' data, guaranteeing respect for the laws that are applicable to them and the measures that are reasonably appropriate in these cases, and, therefore, we do not collect any personal data relating to minors without the prior consent of their parents, guardians or legal representatives.

 

8)    What security measures apply?

In order to make its Data Protection Policy effective and efficient, Endesa has adopted the necessary technical and organisational security measures to prevent the alteration, loss, misuse, processing or unauthorised access to or theft of data, depending on the state of the technology, for all the channels through which personal data can be processed, including, therefore, all websites, telephone support services and face-to-face channels.

In addition, we inform you that your data may be subject to an anonymisation process in which they will be replaced by an irreversible identifier, so that the customer behind the identifier cannot be identified, in order to conduct studies and internal analysis to obtain aggregate results that help us to identify general behaviours and improve the quality of the products and services offered.

 

9)    What information do we share with third parties?

Endesa only exchanges personal data with third parties who will be considered Data Processors - for which we will not need your authorisation - in order to properly manage the contractual relationship, or with other collaborating companies when we have been authorised by your consent.

We will also provide your data to the credit information systems in the cases allowed for under current regulations, as well as to credit entities to perform factoring operations, or to public administrations, authorities and organisations to comply with legal obligations.

Below are the details of this processing, the recipients and the basis for legitimacy:

a)     Access by third parties to provide a service you have purchased

Your personal data may be accessed by the service providers that Endesa engages or may engage, which have the status of Data Processor (including other companies in the Endesa Group), who will process your personal data to provide you with the services purchased, following the instructions that Endesa deems appropriate and ensuring, at all times, the confidentiality, security and secrecy of the information to which they have access. These third parties will help us, for example, in providing services related to sales, customer service, debt collection, marketing and advertising and professional services.

We also inform you that it is possible that some of the third parties that act as data processors may be located outside the European Economic Area. In particular, your personal data may be accessed by trustworthy providers located in the following countries: United States, India, Colombia, Peru and Morocco. In any case, we are legally authorised to make such transfers, having been authorised by the Director of the Agencia Española de Protección de Datos (Spanish Agency for Data Protection) or having provided adequate guarantees by signing standard data protection clauses adopted by the European Commission.

b)     Occasional exchange of data by Endesa Energía and Endesa X

The occasional exchange of data between Endesa Energía and Endesa X in order to send you Packaged Energy Offers by non-electronic means, as well as to avoid unnecessary repetition of commercial campaigns, is based, as previously indicated, on Endesa's legitimate interest.

These messages will be occasional and for the purposes described, and never permanent or complete transfers of your data between these two companies for other purposes. You will only receive electronic marketing messages about Packaged Energy Offers from another Endesa group company other than the company with which you have a contractual agreement, when you have consented to such messages. 

The data may also be exchanged between Endesa Energía and Endesa X for administrative purposes or to streamline customer services procedures.

c)     Transfer of data to third parties with whom we collaborate

Under no circumstances will personal data be transferred to third-party companies unless you have previously provided us with your consent.

If you have given your consent, your data may be shared with Endesa Group companies or third-party companies related to the energy, home, insurance, automotive, financial services and leisure sectors.

d)     Communication of information to credit information systems

As stated above, it is possible that, in accordance with current regulations, we may communicate your data to the asset and credit solvency registers that we deem appropriate if you have defaulted on a periodic billing service that you have contracted with us, based on our legitimate interest.

e)     Factoring operations

Data may be communicated to credit institutions for the sole purpose of factoring operations, so that Endesa can operate an efficient business management model. This processing will be carried out under the strictest security measures and based on the legitimate interest of Endesa in obtaining financing to undertake its commercial activity.

f)      Compliance with a legal obligation

Your personal data may be transferred to government departments, authorities and public bodies, including courts and tribunals, when so required by applicable regulations, for example, to the National Commission for Markets and Competition, the tax authorities, etc.

 

10) What are your rights regarding the processing of your personal data?

The GDPR and LOPDGDD grant the following rights in regard to the processing of your personal data that may be exercised before and against any one of the data controllers.

  • Access: allows you to confirm whether we are processing your personal data and, if so, which data.
  • Rectification: allows you to help us correct errors and modify data that may be inaccurate or incomplete.
  • Deletion: allows you to request the deletion of your data, which will mean that Endesa will cease to process them unless there is a legal obligation for them to be retained, in which case they will be duly blocked, or other legitimate reasons prevail for us to process them.
  • Opposition: allows you to request that we stop processing your personal data over which we consider that we have a legitimate interest for their processing, for example, based on your expectations as a customer, as in the case of product and service offers. Endesa will stop processing your data, unless there are compelling legitimate reasons, or it is necessary to deal with claims or exercise defence against administrative or judicial actions, in which case they will remain duly blocked.
  • Portability: allows you to receive your personal data in a structured, commonly used, mechanically readable format so that you can pass them on to another data controller.
  • Withdrawal of consent: allows you to stop your data from being processed for a purpose that you had previously authorised, for example, the receipt of marketing messages from third party companies with which we collaborate.

To exercise these rights, Endesa Energía can be contacted through any of the following channels:

  • By post, by attaching a photocopy of your National ID card, passport or any other identification document, to a letter stating your request, addressed to Apartado postal 1128, 41080 – Sevilla, España. Attn. Endesa Operations and Commercial Services.
  • Email to the following address: solicitudeslopd@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of your National ID card, passport or any other identification document, and statement of the request.

In addition, we remind you that the regulations in force allow you to file a complaint with the Spanish Data Protection Agency, the contact details of which are as follows:

Spanish Data Protection Agency
Calle Jorge Juan, 6 - CP: 28001 Madrid.
Telephone: 901 100 099 / 91 266 35 17

 

11) How can I contact the Endesa Data Protection Officer?

Endesa S.A., the parent company of the Endesa Group, of which Endesa Energía and Endesa X are members, has appointed a Data Protection Officer for these companies.

If you have any questions regarding the purpose behind the processing of your personal data by Endesa, its legitimacy, or any other matter relating to the protection of personal data, you can contact our Data Protection Officer by post at the following address: C/ Ribera del Loira, 60, 28042, Madrid - Spain, or by sending an email to the following email address: dpoc@endesa.es.

 

12) Changes to the Data Protection Policy

Whenever Endesa updates this Data Protection Policy as a result of changes to personal data processing, we will duly inform you of this sufficiently in advance so that you can send us any type of query or, where appropriate, exercise your rights as recognised in the regulations in force at that time.

Thank you for the trust you have placed in Endesa.

Data Protection Policy for Investors and Analysts

Summary

  • Data Controller

    Endesa, S.A. (“Endesa”)

  • Purposes

    Enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: ir@endesa.es.

1.    Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain

 

2.    Purpose and processing

The personal data of investors and analysts shall be stored and processed by Endesa, S.A. to enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

Personal data storage limitation

The personal data of investors and analysts shall be kept as long as no request is received for their erasure and as long as they are no longer required for the purposes for which they are processed. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis for processing your data.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Rights with respect to the processing of your personal data

Investors and analysts can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to ir@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

 

Shareholder Data Protection Policy

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Enable communication with the shareholder within the framework of corporate relations.

    Enable compliance with related legal obligations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

    Compliance with legal obligation.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: eoaccionista@endesa.es.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose and processing

The personal data provided by shareholders (to exercise or delegate their attendance and voting rights at Shareholders’ Meetings and to enable communications) or that are provided by the banking entities, companies and securities brokers in which the said shareholders have deposited their shares shall be stored and processed by Endesa, S.A. to enable communication with the shareholder within the framework of corporate relations and to enable compliance with related legal obligations.

Personal data storage limitation

Shareholder personal data shall be kept as long as they are required to meet the above purposes. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis to process shareholder data as is compliance with any related legal obligations. Accordingly, the refusal to provide the requested personal data or the provision of inaccurate or incomplete data may affect your activity as a shareholder in Endesa S.A.

Shareholders are responsible for the reliability of the data they provide and for notifying Endesa S.A. of any future changes to them.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Shareholder rights in relation to the processing of their personal data

Shareholders can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to eoaccionista@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
  • Freephone: +34 900 666 900

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

Data Protection Policy for Endesa S.A. Corporate Website Users

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Manage the services provided or actions carried out by Endesa, user queries or suggestions made using the web form, as well as to manage the Endesa news alert service.

  • Lawfulness

    Consent of the data subject.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Other Enel Group companies may have access to your personal data, as well as the service providers that Endesa hires or may hire and who act as data processors.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose of personal data processing

User data shall be processed to manage the services provided or actions carried out by Endesa, as well as to manage the newsletter and the Endesa news alert service.

Personal data storage limitation

User personal data shall be kept as long as they are required to meet the above purpose. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.      Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Moreover, in the case of signing up to the Digital Experts programme, your data may be transferred to other Enel Group companies whenever they carry out a programme-related initiative.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

4.      Lawfulness of the processing

Any processing done to manage the services, actions or initiatives carried out by Endesa or by Enel Group companies shall be legally based on the user consent given when providing their data and accepting this data protection legal notice.

Moreover, those actions carried out to manage the Endesa newsletter and news alert service shall also be legally based on the consent provided by the user when subscribing to the said service.

 

5.      Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.      Data subject rights with respect to the processing of their personal data

You can exercise your rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

You also have the right to withdraw consent at any time.

To exercise these rights, contact Endesa by post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request for the attention of Internal Communication - Endesa at 60 C/ Ribera del Loira, 28042 Madrid, Spain

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.      Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

advise icon go to the advise Facebook icon go to Facebook Twitter icon go to Twitter Youtube icon go to Youtube Messenger icon go to Messenger Linkedin icon go to Linkedin Instagram icon go to Instagram Shared Link icon Go to the shared link Checkmark Success icon Checkmark Success down arrow icon down arrow close icon close add icon add up arrow icon up arrow oblique arrow icon look obliquely Arrow down icon Arrow down search engine icon search search engine icon search share icon share filter icon filter email icon send mail email icon email phone icon phone fax icon fac print icon print play icon play user icon go to the user section error icon an error has occurred info icon information thumb up icon like thumb up icon like thumb down icon don't like thumb down icon don't like clock icon Clock Lamp icon Lamp List icon List Map icon Go to the map Phone icon Phone Emergency icon Emergency Pause icon Pause Play icon Play Logout icon Sign off