• {{currentSearchSuggestions.title}}
  • {{currentSearchSuggestions.title}}
{{navigationCta.name}}

Data Protection Policy

 

At Endesa, we respect the rights and freedoms of people, among which is the fundamental right to the protection of personal data, established in the Charter of Fundamental Rights of the European Union.

Our commitment to Privacy is one of our priority areas to improve trust and transparency with all those with whom we are linked. For this reason we are guided by the principles included in Regulation (EU) 2016/679 General Data Protection, committing to:

  • Process data in a responsible, fair and transparent manner.
  • Use data for determined, clear and legitimate purposes.
  • Only use data suitable, appropriate and limited to each purpose.
  • Use accurate and updated data.
  • Keep data only for the necessary time.
  • Guarantee the integrity and confidentiality of data.
  • Act with proactive responsibility.

Data Protection Policy for Endesa Energía Customers

Summary

  • Data Controller

    Endesa Energía, S.A.U. (“Endesa Energía” from now on).

  • Purposes

    Comply with data controller legal obligations.

    Manage and provide the electricity supply service and/or any other services or products contracted in the energy field, as well as, where appropriate, the application of pre-contractual measures.

    Provide the infoEnergía advice service.

    Manage web user registration in the Endesa Energía private customer area.
    Contact you to inform you about products or services offered by Endesa Energía in the energy field that may be of interest to you. To this end, your data shall be processed to apply profiling/segmentation techniques that make it possible for us to adapt the products and services that we offer to better meet your needs and interests.If you do not wish to be contacted for this purpose, you may object by sending an email to the following address: solicitudeslopd@endesa.es.

    When you give your consent, to contact you to inform you about other products or services offered by Endesa Energía or third parties, related to energy, household goods, insurance, electric vehicles, financial services and leisure. To this end, your data shall be processed to apply profiling/segmentation techniques that make it possible for us to adapt the products and services that we offer to better meet your needs and interests. This consent is not required to enter into the contract.

    To send e-bills if you have signed up to this service.

  • Lawfulness

    To process the data to comply with Endesa Energía legal obligations: compliance with legal obligations.

    To manage the electricity supply contract or, where appropriate, pre-contractual measures and the infoEnergía service: execution of the contract.

    To communicate with credit institutions for factoring operations: legitimate interest of Endesa Energía.

    To manage web user registration in the private customer area of the Endesa Energía website and to send e-bills: consent of the data subject.

    To inform about products or services offered by Endesa Energía in the energy field: legitimate interest of the data controller.

    To inform about Endesa Energía or third-party products, other than those contracted: consent of the data subject.

    To transfer the data to third parties and Endesa Group companies: consent of the data subject.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Notwithstanding the foregoing, if you have given your consent, your data can be transferred to Endesa Group and third-party companies that deal in energy, household goods, insurance, electric vehicles, financial services and leisure so they can inform you about the products or services they offer. This consent is not required to enter into the contract.

    Your data may be communicated to credit institutions to perform factoring operations.

    Furthermore, personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data. It is also possible that some of these processors are located in the United States or outside the European Economic Area.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can withdraw the consent given for the purposes described above at any time by sending an email to solicitudeslopd@endesa.es.

1. Data controller

Endesa Energía, S.A.U. holder of Tax No. A81948077 (“Endesa Energía”) shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Telephone: +34 800 760 909.

 

2. Purpose and processing

Personal data are processed for several reasons at Endesa Energía,

Compulsory processing

Your data shall be processed to manage the supply of electricity and/or, where appropriate, other services or products contracted in the energy field. If any of these products or services entails deferred payment or the provision of a periodic billing service, we may consult the credit records and registers that we deem appropriate to determine your credit standing prior to entering into any contract. The result of any such consultation may, where appropriate, condition the entry into force of the Contract. Moreover, in case of default, Endesa Energía may communicate your data to the said records or registers as provided for under current legislation.

If, after starting the online signing up process and having submitted your personal data, the process fails to complete, you will be sent up to two email reminders containing the support or help you need to successfully complete the signing up process you previously initiated.

Furthermore, your data may be processed in order to provide you with an energy advice service called infoEnergía, using the consumption figures we receive daily to issue your electricity bills and the data you may have provided when filling out the profile as a reference. As part of this service, we will compare the electricity consumption of your home with that of homes that have similar consumption habits to yours in your geographical area.

Lastly, Endesa Energía may process your personal data to comply with any of its legal obligations, specifically those related to the regulation of the energy market or trade regulations, among others.

Voluntary processing

Your data may be processed for other reasons unrelated to entering into a contract or complying with a legal obligation. You may object to any such processing.

Accordingly, unless you have objected through the authorised channels, you may receive, by any means of communication (including, albeit not limited to, email, SMS and phone calls), information about products or services offered by Endesa Energía in the energy field that may be of interest to you. To this end, your personal data may be analysed for profiling purposes to better adapt any commercial communications to your needs and preferences. This analysis may take into account your demographic data and data on other products of the company you have contracted. Whatever the case, you can only receive commercial communications via non-electronic means as long as you remain a customer of Endesa Energía.

Furthermore, provided that you have given your consent, you may receive, via any communication channel (including, among others, email, SMS and phone calls), information about other products or services offered by Endesa Energía or third parties related to energy, household goods, insurance, electric vehicles, financial services and leisure. To this end, your personal data may be analysed for profiling purposes to better adapt any commercial communications to your needs and preferences. This analysis may take into account your demographic data and data on other products of the company you have contracted. You can only receive commercial communications about products and services unrelated to those contracted as long as you do not withdraw the consent given.

Web services management

Furthermore, whenever you have registered in the private customer area of Endesa Energía, your personal data may be processed to manage the user services over the website.

E-bill

If you have signed up to the “e-billing service”, your email address shall be processed to send the bills.

Email processing

If you provide your email, it shall be treated as the preferred means for sending any type of communication with respect to contractual matters.

Personal data storage limitation

Customer personal data shall be kept as long as they are required to provide the services under contract. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3. Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa Energía hires or may hire and which act as data processors may also be given access to your personal data. It is also possible that some of these processors are located in the United States or outside the European Economic Area. In particular, providers located in the following countries shall be able to access your data: India, Colombia, Peru and the United States. Endesa Energía has been legally authorised for these types of transfer by the Director of the Spanish Agency for Data Protection.

Furthermore, if you have given your consent, your data can be transferred to Endesa Group and third-party companies that deal in energy, household goods, insurance, electric vehicles, financial services and leisure so they can inform you about the products or services they offer.

Your personal data may also be communicated to credit institutions with the necessary guarantees and for the exclusive purpose of performing factoring operations (partial or total advance of receivables assigned to financial entities).

Click on the following link to consult the list of Endesa Group companies: https://www.endesa.com/en/about-endesa/who-we-are/subsidiaries.html.

 

4. Lawfulness of the processing and transfer of personal data

  • As already indicated, the legal basis to conduct the aforementioned “mandatory procedures” shall be the execution of the contract or application of contractual measures, as well as the fulfilment of any applicable legal obligations. This does not apply to those procedures carried out to assess your financial solvency, the acceptance of customers or, where appropriate, the transmission of data to credit information systems, the legal basis of which shall be the legitimate interest of Endesa Energía. Therefore, the refusal to provide the requested personal data, or the provision of inaccurate or incomplete data, may result in Endesa Energía being unable to provide the services you have contracted in the appropriate manner. Users are responsible for the reliability of the data they provide, as well as for notifying Endesa Energía of any future changes to them.
  • The legitimate interest of Endesa Energía shall be the legal basis for the processing done to send you commercial communications about products or services offered by Endesa Energía in the energy field. Accordingly, you can object to this processing at any time through the channels authorised for this purpose. You will find the information required to exercise your right to object in section 6 below, “Rights of data subjects with respect to the processing of their personal data”.
  • The consent you may have given to Endesa Energía shall be the legal basis for the processing done to send you commercial communications about other products or services offered by Endesa Energía, any company of the Endesa Group or third parties, related to energy, household goods, insurance, electric vehicles, financial services and leisure. Accordingly, as long as you do not withdraw your consent, you may very well continue to receive communications of this type.
  • The consent you may have given shall be the legal basis for the transfer of your data to Endesa Group and third-party companies related to energy, household goods, insurance, electric vehicle, financial services and leisure. Accordingly, as long as you do not withdraw your consent, you may very well continue to receive communications of this type.
  • The legitimate interest of Endesa Energía to implement an efficient business model shall be the legal basis for data communications to credit institutions for the sole purpose of performing factoring operations (partial or total advance of receivables assigned to financial entities).
  • The consent you may have given in each case shall be the legal basis for the processing of personal data associated with the management of the web user in the private customer area, as well as, where appropriate, the processing of your email for sending e-bills.
  • The processing of your email as the preferred means for sending communications related to the performance of the contractual relationship is based on the performance of the contract.

The use of the services offered by Endesa Energía shall never be subject to your giving the requested consent. Furthermore, you are hereby reminded that if you have given your consent, you have the right to withdraw it at any time without this having any consequences for the services or products you have contracted or for which you are a beneficiary. You will find the information required to exercise your right to withdraw consent in section 6 below, “Rights of data subjects with respect to the processing of their personal data”.

 

5. Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa Energía has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6. Data subject rights with respect to the processing of their personal data

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa Energía has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

You also have the right to withdraw consent if you have given it and to object to receiving commercial communications.

To exercise these rights, Endesa Energía can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to PO Box 1128, 41080 - Sevilla, Attn. Endesa Operations and Commercial Services.
  • Email to the following address: solicitudeslopd@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7. Data source

The personal data processed by Endesa Energía are those provided by you to contract the electricity supply and/or maintenance services, and also your consumption habits, for the purposes of the provision of the infoEnergía service. Occasionally such data can be enhanced with specific sources of information about the Spanish energy market.

 

8. Data Protection Officer

Contact the Data Protection Officer if you have any questions regarding the purposes of the processing of your personal data or about its lawfulness.

Endesa S.A., parent company of the Endesa Group of which Endesa Energía is a member, has appointed a Data Protection Officer for this company —who reports to the Data Protection Officer for Spain— to whom you may submit any issue concerning the processing of your personal data at the following addresses: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpoc@endesa.es.

Data Protection Policy for Investors and Analysts

Summary

  • Data Controller

    Endesa, S.A. (“Endesa”)

  • Purposes

    Enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: ir@endesa.es.

1.    Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain

 

2.    Purpose and processing

The personal data of investors and analysts shall be stored and processed by Endesa, S.A. to enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

Personal data storage limitation

The personal data of investors and analysts shall be kept as long as no request is received for their erasure and as long as they are no longer required for the purposes for which they are processed. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis for processing your data.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Rights with respect to the processing of your personal data

Investors and analysts can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to ir@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

 

Shareholder Data Protection Policy

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Enable communication with the shareholder within the framework of corporate relations.

    Enable compliance with related legal obligations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

    Compliance with legal obligation.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time by sending an email to: eoaccionista@endesa.es.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose and processing

The personal data provided by shareholders (to exercise or delegate their attendance and voting rights at Shareholders’ Meetings and to enable communications) or that are provided by the banking entities, companies and securities brokers in which the said shareholders have deposited their shares shall be stored and processed by Endesa, S.A. to enable communication with the shareholder within the framework of corporate relations and to enable compliance with related legal obligations.

Personal data storage limitation

Shareholder personal data shall be kept as long as they are required to meet the above purposes. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis to process shareholder data as is compliance with any related legal obligations. Accordingly, the refusal to provide the requested personal data or the provision of inaccurate or incomplete data may affect your activity as a shareholder in Endesa S.A.

Shareholders are responsible for the reliability of the data they provide and for notifying Endesa S.A. of any future changes to them.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Shareholder rights in relation to the processing of their personal data

Shareholders can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to eoaccionista@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
  • Freephone: +34 900 666 900

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

Data Protection Policy for Endesa S.A. Corporate Website Users

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Manage the services provided or actions carried out by Endesa, user queries or suggestions made using the web form, as well as to manage the Endesa news alert service.

  • Lawfulness

    Consent of the data subject.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Other Enel Group companies may have access to your personal data, as well as the service providers that Endesa hires or may hire and who act as data processors.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose of personal data processing

User data shall be processed to manage the services provided or actions carried out by Endesa, as well as to manage the newsletter and the Endesa news alert service.

Personal data storage limitation

User personal data shall be kept as long as they are required to meet the above purpose. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.      Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Moreover, in the case of signing up to the Digital Experts programme, your data may be transferred to other Enel Group companies whenever they carry out a programme-related initiative.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

4.      Lawfulness of the processing

Any processing done to manage the services, actions or initiatives carried out by Endesa or by Enel Group companies shall be legally based on the user consent given when providing their data and accepting this data protection legal notice.

Moreover, those actions carried out to manage the Endesa newsletter and news alert service shall also be legally based on the consent provided by the user when subscribing to the said service.

 

5.      Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.      Data subject rights with respect to the processing of their personal data

You can exercise your rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

You also have the right to withdraw consent at any time.

To exercise these rights, contact Endesa by post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request for the attention of Internal Communication - Endesa at 60 C/ Ribera del Loira, 28042 Madrid, Spain

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.      Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.