Data Protection Policy

 

At Endesa, we respect the rights and freedoms of people, among which is the fundamental right to the protection of personal data, established in the Charter of Fundamental Rights of the European Union.

Our commitment to Privacy is one of our priority areas to improve trust and transparency with all those with whom we are linked. For this reason we are guided by the principles included in Regulation (EU) 2016/679 General Data Protection, committing to:

  • Process data in a responsible, fair and transparent manner.
  • Use data for determined, clear and legitimate purposes.
  • Only use data suitable, appropriate and limited to each purpose.
  • Use accurate and updated data.
  • Keep data only for the necessary time.
  • Guarantee the integrity and confidentiality of data.
  • Act with proactive responsibility.

Data Protection Policy for Endesa Energía Customers

Summary

  • Co-responsible parties

    Endesa Energía, S.A.U. and Endesa X Servicios S.L. (hereafter, “Endesa”).

  • Purposes

    • Managing the products and services contracted with Endesa.
    • Complying with legal obligations.
    • Sending commercial communications about products and services.
    • Managing web services.
    • Collecting information when you browse our websites.
    • Finding out your geographic location to inform you on the nearest electric charging station.
    • Managing your appointment request with one of our sales agents.
  • Legitimacy

    • Contract execution: to manage the products and services contracted, which includes answering queries, carrying out informative communications and surveys, billing and collection, energy advice or accreditation in the initiated contracting processes.
    • Compliance with legal obligations: to comply with Endesa's legal obligations.
    • Legitimate interest: (i) to assess financial solvency, customer admission or, where appropriate, communicate data to credit information systems, always in full compliance with the applicable regulations; (ii) to provide information on products or services related to the energy business or on packaged energy offers for the supply of electricity or gas and value-added services related to the service already contracted by the customer (which involves the timely communication of data between Endesa Energía and Endesa X to ensure the effectiveness of the campaigns); (iii) to carry out factoring operations, in order to provide Endesa with an efficient business management model.
    • Consent: (i) to send commercial communications to customers about other products or services offered by other companies, related to the home, insurance, automotive, financial services and leisure, as well as to transfer the data to these companies, including other Endesa group companies; (ii) to send commercial communications of any kind to consumers who are not Endesa customers; (iii) to carry out complex profiling; (iv) to manage the website user ID and send the digital bill; (v) to process geographic location data to provide information on electric charging stations; (vi) to manage your request for an appointment with one of our sales agents. 
  • Recipients

    Endesa only exchanges personal data with (i) service providers that it contracts or may contract that have the status of data processors (some of these data processors may be located outside the European Economic Area), or with (ii) other business partners in the home, insurance, automotive, financial services and leisure industries, provided that we have been authorised by your consent.

    We may also exchange data between Endesa Energía and Endesa X to make packaged energy offers, as well as to avoid unnecessary repetition of commercial campaigns.

    Finally, we will also provide your data to credit information systems in case of non-payment, as well as credit institutions to carry out factoring operations or with public administrations, authorities and agencies to comply with legal obligations.

  • Rights

    Access, rectification, cancellation, limitation of processing and data portability. If you have given your consent for the purposes described above, you may withdraw your consent at any time.  To exercise these rights, you may contact Endesa by e-mail at the following address: solicitudeslopd@endesa.es, or by post to P.O. Box 1128, 41080 – Sevilla, A/A. Endesa Operaciones y Servicios Comerciales, providing the data subject's full name, address, a photocopy of the national identity card, passport or government-issued identity document and request.

  • Further information

    You can obtain further details on the data protection policy employed by Endesa, S.A. using the following dropdown menu DATA PROTECTION POLICY.

Personal data security and protection

At Endesa, we are committed to ensuring the transparent and secure use of our Customers' personal data. As such, we want you to know that you have control of them at all times. As an Endesa Customer, you can decide, whenever permitted under the regulations in force, to whom your personal data is transferred, under what conditions and for what purpose.

To make this possible and in accordance with the best practices of Corporate Governance and Compliance, under our processes of review and constant improvement, we have updated our Data Protection Policy. The new version replaces the policy that used to regulate the processing of your data as an Endesa Customer, with a view to renewing your trust in us and so that you know how we collect, process and protect your personal data.

1) Definitions

2) Who can process your data?

3) What personal data do we process?

4) What do we process the data for?

5) Why are we entitled to process your personal data?

6) How long will we keep your data?

7) Do we process child data?

8) What security measures do we have in place?

9) What information do we share with third parties?

10) What rights do I have in relation to the processing of my personal data?

11) How can I contact Endesa's Data Protection Officer?

12) Changes to the Data Protection Policy

 

1) Definitions

In order for you to better understand our Data Protection Policy, we define below the concepts included herein:

  • Customer: natural person who has a contractual relationship with Endesa.
  • Contract: agreement governing the terms and conditions applicable to the purchase of any Endesa product or service.
  • Joint controllers: two or more Data Controllers who jointly determine the objectives and/or means of processing. Endesa Energía and Endesa X will be the data controllers in relation to certain processing.
  • CUPS: Universal supply point code (Spanish acronym). Alphanumeric code that uniquely identifies an address to certify the energy supply. Each house has one for electricity supply and one for the supply of natural gas. It is permanent and unchanging, i.e. it does not change even if you change your tariff or supply company.
  • Distributor: company responsible for distributing the energy to your home. In the Spanish electricity market by legal provision, consumers cannot choose their distribution company. It is determined by the area where they reside.
  • Data processor: natural person or legal entity that processes personal data on behalf of the Data controller.
  • Endesa: Endesa Energía, S.A.U. and Endesa X Servicios S.L.
  • Endesa Energía: Endesa Energía S.A.U., a company that supplies electricity and natural gas.
  • Endesa X: Endesa X Servicios S.L, a company that markets value-added energy products and services complementary to those provided by Endesa Energía.
  • Endesa Group: the Endesa Group consists of its parent company, Endesa, S.A., and all its subsidiaries. You can see the full list of companies of the Endesa Group at https://www.endesa.com/es/sobre-endesa/quienes-somos/sociedades.
  • Data subject: identified or identifiable natural person.
  • LOPDGDD: Spanish organic law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
  • Packaged Energy Offer: set of products or services directly related to the field of energy activity, marketed jointly by Endesa Energía and Endesa X under the brand name Endesa.
  • Potential Customer: natural person who has no contractual link to Endesa.
  • Data controller: natural personal or legal entity that, alone or together with others, determines the purposes and means of processing.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • Website User: user registered on one of the websites of Endesa Energía or Endesa X (www.endesa.com, www.endesax.com and www.endesaxstore.com).

 

2) Who can process your data?

The following Endesa Group companies will process your personal data as Joint controllers, except when processing must be carried out to comply with the specific conditions or services of a specific product or service arranged with one of them, in which case they will be considered as independent controllers.

  • Endesa Energía, S.A.U. with tax no. A81948077 and registered office at: C/ Ribera del Loira, 60, 28042-Madrid.
  • Endesa X Servicios S.L., with tax no. B01788041 and registered office at: C/ Ribera del Loira, 60, 28042-Madrid.

Endesa Energía and Endesa X have signed a co-responsibility agreement that duly reflects their respective roles and relationships as Joint controllers in relation to the Data subjects. The essential aspects of this agreement are available on demand.

 

3) What personal data do we process?

Personal data is all information that directly identifies or makes it possible to identify a natural person, including, for example, your first name and surname, email address, and CUPS.  Some of this data may have been provided directly to us when you sign a contract with us, but other data may have inferred from our relationship with you, such as the electricity or gas use for the supply point you are a holder of.

The data that may be processed is grouped into the following categories:

  • Data collected when registering as a Customer, in the Contract or subsequently provided during the contractual relationship: first name, surname, National Identity Document ("D.N.I."), Foreign Identification Number ("N.I.E."), CUPS, telephone number, email address, arranged tariff and the data included in energy advisory tools, geographic location.  
  • Data derived from the provision of services during the contractual relationship: the number of services provided and the incidents resolved or in progress, the arrangement requests made, the results of the satisfaction surveys, the commercial communications sent, the historical consumption from the point of supply you hold, the billing history and the data that may be collected during your visits to our websites through the use of cookies.
  • Data of Potential Customers who consent to their data being communicated to companies in the energy sector for commercial purposes: sometimes we may process the identification data (first name and surname), the telephone number and the address of Potential Customers, provided that they have previously given their informed consent, unequivocally and through a clear affirmative action separate from the other matters, so that their data may be assigned to an energy sector company (including Endesa), to receive advertising about its products and services. In the event that we contact you through campaigns aimed at potential customers, we will inform you in the first contact of the data controller's identity, the purpose and legal grounds for the processing, origin of the data and categories of specific data that we are processing, as well as the possibility of exercising your rights before Endesa, and before the Data controller that collected your data at source.

At Endesa, we process only the data that is strictly necessary for the specific purposes contained in this Data Protection Policy and only for the time required to do so, as stated in paragraph 6, always respecting all the principles and obligations contained in both the GDPR and the LOPDGDD.

The questions below explain in detail what and how we process your data.

 

4) What do we process the data for?

At Endesa, we process your personal data to, for example, manage the provision of the products and services that you have arranged with us, manage your registration or account as a User of the website, comply with the legal obligations in energy and consumption matters among others, make commercial communications about Endesa's energy-related products and services, and collect information about your interactions when you browse our websites, by using cookies. Below you will find the specific purposes for which we use your data:

a) Managing the contract for an Endesa service

Your data will be processed to manage the contract for an Endesa service.

Additionally, please bear in mind that if you request an Endesa product/service that may entail the deferred payment or the provision of a periodic billing service, we may, in strict compliance with the applicable regulations, consult the financial solvency and credit files that are deemed appropriate to assess your financial solvency before entering into the contract. The outcome of such consultation may condition the entry into force of the contract. Likewise, in case of non-payment, Endesa may send your data to said files, always complying with the guarantees provided by current legislation in such situations.

If you have started the process to enter into a contract or register through one of our websites, and even provided your personal data, but were unable to finish it, do not worry: we will email you address up to a maximum of two reminders with support or help so that you can successfully complete the previously initiated process.

When you are already a Customer, to be able to improve the service quality, your data may be used to respond to your queries and requests made through all our customer service channels (including phone, face to face and websites), send informative communications and surveys on the quality of the service or the satisfaction rate with the service provided, prove your identity in any other arrangement processes, invoice the energy supply or provide energy consultancy services. Similarly, so that Endesa may have an efficient business management model, your data will be processed to perform factoring operations.

In addition, whenever you have registered on the website, your personal data may be processed in order to manage the services that you have as a User of the website, for example, the "electronic invoicing service" (we will need your email address to send you the invoices). This means that if you provide your email address, this will be the preferred means for sending any type of communication related to the framework of the contractual relationship established with you.

b) Complying with legal obligations

Your data may also be processed to comply with any type of legal obligation, such as arranging access to the grids with the Distributor, making the necessary arrangements for a good supply, exchanging information with the Distributor to be able to invoice your energy use or meeting the requirements of the Spanish Markets and Competition Commission or the Spanish Data Protection Agency, among other legal obligations.

c) Sending commercial communications about products and services

Other processing of your personal data may also be carried out on the basis of Endesa's legitimate interest and which you may object to, as provided for in paragraph 10.

This processing will be carried out to offer you information about energy-related products or services or about Packaged Energy Offers, similar to the service you enter or have entered into a contract for. In paragraph 5(d), we explain in more detail the reasons supporting Endesa's legitimate interest.

To this end, your personal data may be analysed beforehand to develop a very basic profile that allows us to determine whether the commercial campaign is suitable for your energy consumption needs and preferences. This analysis may take into account some of your data (first name and surname, telephone number, email, address, national ID number and, where applicable, CUPS), so it may be necessary to send occasional data communications between Endesa Energía and Endesa X to ensure that the campaigns and Packaged Energy Offers, if applicable, are not repetitive, unnecessary or annoying. In any case, your data will only be fully communicated between these companies if you give your consent.

Additionally, you may object both to the receipt of commercial communications of this type, and to the occasional communication of your data between Endesa Energía and Endesa X, at any time, exercising your right of objection through the channels indicated in paragraph 10. Please bear in mind that you will only receive such communications whilst you are an Endesa Customer unless you give your authorisation after that.

As explained in paragraph 5, any complex profiling, in particular the scenarios provided for in Article 22 of the GDPR, will be subject to your prior informed, free and unequivocal consent. Specifically, we refer to decisions which, where appropriate, are taken and based solely on automated processing, including profiling, which have legal effects on the Data subject or significantly affect them in a similar way.

Finally, when you have given your consent, we will also be able to help you find out, by any communication channel (including but not limited to email, SMS and phone calls), about other products and services of other companies with which we collaborate and that may be of interest to you, related to home, insurance, automotive, financial services and leisure. Your data will only be transferred in full to other Endesa group companies, or to third parties related to the previous sectors, if you have given your express consent to this end.

In any case, we remind you that you can withdraw your consent at any time through the channels indicated in section 10 of this Data Protection Policy.

d) Managing web services

Whenever you have signed up for or registered on the Endesa websites, your personal data will be processed so as to manage the website's services.

e) Collecting information when you browse our websites

Endesa's websites, like many other Internet portals, use a technology called "cookies" to collect information about the interactions you may make on the pages, provided that, if applicable, you have authorised their use.

If you want to know in detail how this technology works, see the section "Cookies in Endesa".

f) Geographic location to find out the nearest electric charging station

By using the JuicePass App, and as long as you have consented to it, we will process information about your geographic location to provide you with directions, so that you can reach the nearest electric charging station. You can turn the location feature on or off using your device's settings, as follows:

iOS: Turn location services on or off. Settings > Privacy > Location Services.

Android: Settings > Location or Quick Settings, accessible by swiping from top to bottom on your device's screen

g) Asking for an appointment with one of our sales agents

We may also process your personal data in order to make an appointment with one of our sales agents, provided that you have made the request through one of the sites enabled for this purpose.

 

5) Why are we entitled to process your personal data?

Depending on the specific purpose for which we process your data (for example, properly manage the service you had selected, comply with legal obligations that apply to us, send commercial communications or collect information when you browse our websites), we will rely on the applicable legal grounds.

You can find below of the legal grounds that will allow us to carry out the different types of processing:

a) Contract performance

The legal grounds for carrying out the provision of the services you have arranged with us is the "performance of the Contract", which gives us the legal basis to carry out the necessary processing of personal data (including your email address) to respond to your queries and requests through all of our customer service channels (including telephone, face-to-face and online channels), send informational communications and conduct surveys on the quality of service or satisfaction rate with the service provided, certify your identity in the contract processes you initiate with us, invoice, process payments or provide you with energy advisory services.

Refusal to provide the requested personal data, or providing inaccurate or incomplete data, may result in the inability to suitably provide the arranged services. In this regard, you are responsible for the accuracy of the data provided and for informing Endesa, S.A. of any change to them.

b) Compliance with legal obligations

As stated above, we sometimes have to use your personal data to comply with legal obligations of any kind. Therefore, the legal grounds for this processing consists precisely of fulfilling those legal obligations.

c) Consent

Consent constitutes legal grounds for Endesa to process the data, after obtaining the Data subject's express, free, unequivocal and informed consent.

The consent that you may have given is legal grounds for the processing carried out for the purpose of sending commercial communications about products or services of other companies, related to home, insurance, automotive, financial services and leisure, as well as the transfer of your data to such companies, including to other Endesa Group companies. Likewise, any commercial communication on energy-related offers aimed at consumers other than Customers of Endesa is subject to prior express consent for that purpose. Therefore, provided that you do not withdraw your consent, it is possible to continue sending these types of communications, and your data may remain under the control of these companies with which we collaborate.

Any complex profiling, in particular the cases provided for in Article 22 of the GDPR, will be subject to the prior explicit consent of the person concerned.

The processing of your email address to send digital invoices is carried out on the legal basis of the consent that you have given in each case.

Processing derived from the activation of your geographical location through the JuicePass app (to inform you about the closest electric charging stations) will only be carried out as long as you have given your consent for that purpose.

Consent is also the legal grounds for processing your personal data in order to manage the request for an appointment with one of our sales agents.

In any case, we remind you that, if you have given your consent for any of the purposes described above, you have the right to withdraw it at any time, with no consequences for the services or products you have signed a contract for. You will find the information necessary to exercise your right to withdraw consent in section 10 of this Data Protection Policy.

d) Legitimate interest

The legitimate interest constitutes legal grounds, provided that Endesa's interest in processing the Customer's data is within the Customer's reasonable expectations, taking into account their relationship with Endesa. Data subjects always have the opportunity to exercise the right to object, as set out in paragraph 10.

In this case, Endesa has carried out a weighting report to assess the suitability of direct marketing of energy-related products and services which concludes the following specifically: (i) Customers benefit from a more competitive and integrated price covering all aspects relating to energy consumption (heating, hot water, maintenance of supplies, charging services for electric vehicles), and (ii) in this way, Endesa can maintain its competitive position in the market, in line with other operators who also offer Packaged Energy Offers. The essential aspects of this weighting report, as well as the impact assessment carried out with respect to this processing, are available on demand.

Endesa's interest in direct marketing activities as set out in Recital 47 of the GDPR is to be able to be competitive in the provision of services and products related to energy supply, which make it possible to achieve a more sustainable energy model through the provision of services for the installation of energy equipment, maintenance and repair, automation and electric mobility, among others.

However, even if you can reasonably expect that, for example, you will receive advertising from an electrical maintenance service if you have a contract for electricity supply, you can object, at any time and through any channel, to the processing of your data by Endesa under its legitimate interest.

Processing carried out to offer you information about energy-related products or services or Packaged Energy Offers, similar to the service being arranged or already arranged, is done based on Endesa's legitimate interest.

Please be aware that the regulations in force allow us to use Endesa's legitimate interest as a legal basis for carrying out the above processing based on the expectations that you may have as our Customer. For this reason, we remind you that you can object at any time to the processing identified in the previous section, exercising your right to object through the channels indicated in paragraph 10.

The necessary processing is also carried out on the basis of the legitimate interest to assess your economic solvency, your approval as a Customer or, where appropriate, the communication of your data to credit information systems. Endesa's interest in performing this processing is clear, insofar as this is an authorisation that Article 20 of the LOPD-GDD grants to creditors who provide a periodic billing service, as is the case.

Furthermore, processing carried out for the purpose of performing factoring operations (partial or total advance of loans transferred to financial institutions), so that Endesa can have an efficient business management model, will be carried out on the basis of Endesa's legitimate interest in being able to obtain financing in order to conduct its commercial activity.

 

6) How long will we keep your data?

Your personal data as a Customer will be kept as long as it is necessary for the provision of the services under the Contract. As soon as it is not necessary for this purpose, the data will be blocked during the period in which they may be necessary to respond to claims or defend against administrative or court actions, as well as for the statute of limitations of criminal, civil, commercial and/or administrative responsibilities and may only be unlocked and processed again for this reason. Once this period comes to an end, the data will be permanently erased.

Specifically, Customers' personal data will be kept for the duration of the contractual relationship. After that period, and once any debts or charges have matured, the data will be kept in a blocked state for 6 years, in accordance with the limitation period of the obligation to keep commercial and accounting documentation. After that time, the data will be definitively cancelled.

The above period will not apply in cases where you expressly consented to receive advertising of Endesa's energy-related products or services, when you were not a customer of Endesa. In this case, your data will be kept until you withdraw your consent through the channels indicated in paragraph 10, or for a maximum period of two (2) years.

If you are a website User, we will store your personal data as long as you remain a User. However, if we find that for a period of two (2) years you have not used or interacted with your account or any of our web services, we will terminate your account by blocking your data. Consequently, if you then want to reuse any of the web services, you will need to register again.

 

7) Do we process child data?

Endesa ensures the proper use of the data of minors, guaranteeing respect for applicable laws using the measures that are reasonably appropriate and, therefore, no personal data is collected from minors without the prior consent of their parents, guardians or legal representatives.

 

8) What security measures do we have in place?

With the aim of making its Data Protection Policy effective, Endesa has adopted the technical and organisational security measures that are reasonably necessary to prevent alteration, loss, misuse, processing and unauthorised access or theft thereof, depending on the state of technology, for all channels in which personal data can be processed, including, therefore, all websites, telephone service and face-to-face channels.

 

9) What information do we share with third parties?

Endesa only exchanges personal data with third parties that will be considered Data processors – for which we will not need your authorisation – in order to properly manage the contractual relationship, or with other collaborating companies when we have been authorised subject to your consent.

We will also provide your data to credit information systems as provided for in current regulations, as well as credit institutions to carry out factoring operations or with public administrations, authorities and agencies to comply with legal obligations.

You can find below the details of this processing, its recipients and legal basis:

a) Access by third parties for the provision of the arranged service

The service providers that Endesa engages or may engage and that have the status of Data processors (including other Endesa group companies), which will carry out the personal data processing necessary to provide you with the arranged services, may have access to your personal data, following the instructions that Endesa deems appropriate and guaranteeing at all times the confidentiality, security and secrecy of the information to which they have access. These third parties may assist, for example, in the provision of services related to: sales, customer service, recovery, marketing and advertising and professional services.

Additionally, some of these third parties acting as Data processors may be located outside the European Economic Area. More specifically, full-trust providers located in: the United States, India, Colombia, Peru and Morocco. We have the legal qualification to make such transfers, having been authorised by the Director of the Spanish Data Protection Agency, or having offered appropriate safeguards by making use of the data protection clauses adopted by the European Commission. You can find a list of these Data processors in Information about data processors.

 

Occasional transfer of data between Endesa Energía and Endesa X

As previously indicated, occasional non-electronic data communications between Endesa Energía and Endesa X for sending Packaged Energy Offers and to avoid the unnecessary repetition of commercial campaigns are based on Endesa's legitimate interest.

These communications will be done occasionally and for the purpose described, without any permanent or complete transfer of your data between these two companies for other purposes. Specifically, the categories of data that are the subject of this occasional transfer are: first name and surname, telephone number, email address, postal address, national identity card number and, where applicable, CUPS.

You will only receive electronic commercial communications about Packaged Energy Offers from another company in the Endesa Group other than the company with which you have arranged a product or service when you have consented to receive such communications. 

c) Transfer of data to third parties with which we collaborate

Under no circumstances will personal data be transferred to third parties unless you have previously provided your consent.

If you have consented to this, your data may be shared with Endesa group companies or third parties related to the home, insurance, automotive, financial services and leisure sectors, in order to receive information about the products or services offered by these companies. As such, the transfer will take place if it has been consented to, if necessary for the informed purpose, and on the basis of the categories of authorised data.

You can find out about the companies that make up the Endesa Group at: https://www.endesa.com/es/sobre-endesa/quienes-somos/sociedades.

d) Communicating information to credit reporting systems

As stated above, we may, in accordance with current regulations, communicate your data to the equity and credit solvency systems that we deem appropriate if you have failed to pay the periodic billing service that you have arranged with us, based on the legitimate interest. The categories of data that will be communicated in these cases are: first name, surname, national identity card number, point of supply address, amount and date of non-payment.

e) Performing factoring operations

Data communications may be sent to credit institutions for the sole purpose of performing factoring operations so that Endesa can have an efficient business management model. This processing will be carried out under the strictest security measures and on the basis of Endesa's legitimate interest of being able to obtain financing to carry out its commercial activity. The categories of data subject to this communication are:  first name and surname, national identity card number, town/city and economic-financial data.

f) Compliance with a legal obligation

Your personal data may be transferred to administrations, authorities and public bodies, including state security forces and bodies, courts and tribunals, the Spanish Markets and Competition Commission, the Spanish Data Protection Agency, tax authorities, all in accordance with the applicable regulations.

 

10) What rights do you have in relation to the processing of your personal data?

The GDPR and LOPDGDD provide for the following rights in relation to the processing of your personal data, which you may exercise with regards to and against each of the Data controllers.

  • Access: confirms whether we are processing your personal data and, if so, which.
  • Rectification: allows you to help us correct errors and modify data that may be inaccurate or incomplete.
  • Erasure: allows you to request the erasure of your data, meaning that Endesa will stop processing it unless there is a legal obligation for its storage, in which case it will be duly blocked, or other legitimate reasons for processing it prevail.
  • Object: allows you to ask us to stop processing personal data over which we believe we have a legitimate interest for its processing, for example, based on your expectations as a Customer (e.g. offers of products and services). At Endesa, we will stop processing your data, unless there are overriding legitimate reasons, or it is necessary to respond to claims or defend against administrative or court actions, in which case your data will remain duly blocked.
  • Portability: allows you to receive your personal data in a structured, commonly used and mechanically readable format to be able to transmit it to another Data controller.
  • Withdraw consent: stops your data from being processed for a purpose that was previously authorised, such as receiving commercial communications from third parties with which we collaborate.

To exercise these rights, you must write to Endesa using one of the following channels:

  • Post, including a photocopy of your ID, passport, foreigner's ID no. or any other valid identification document, and details of your request, sent to: Apartado postal 1128, 41080 Sevilla, A/A. Endesa Operaciones y Servicios Comerciales.
  • Email, to solicitudeslopd@endesa.es, with the following information: the Data subject's full name, address, photocopy of the national identity card, foreigner's ID number or any other government-issued identity document and details of your request.

We remind you that the regulations in force allow you to file a complaint with the Spanish Data Protection Agency, whose contact details are as follows:

Agencia Española de Protección de Datos

Calle Jorge Juan, 6 – CP: 28001, Madrid.

Telephone: 901 100 099 / 91 266 35 17

 

11) How can I contact Endesa's Data Protection Officer?

Endesa S.A., the parent company of the Endesa Group of which Endesa Energía and Endesa X are a member, has appointed a Data Protection Officer for these companies.

If you have any doubts regarding the purposes of Endesa's processing of your personal data, its legitimacy or any other matter relating to the protection of personal data, you can contact our Data Protection Officer by post to the following address: C/ Ribera del Loire, 60, 28042-Madrid, or by sending an email to: dpoc@endesa.es.

 

12) Changes to the Data Protection Policy

Whenever Endesa updates this Data Protection Policy as a result of new processing of personal data, we will inform you of this in sufficient time so that you can send us any type of enquiry or, where appropriate, exercise the rights recognised by the regulations in force at that time.

Thank you for the trust you have placed in Endesa.

Data Protection Policy for Investors and Analysts

Summary

  • Data Controller

    Endesa, S.A. (“Endesa”)

  • Purposes

    Enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

  • Lawfulness

    Legitimate interest of Endesa, S.A.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can find information on how to exercise these rights in the Information in detail.

  • Further information

    More information about the Endesa S.A. data protection policy can be found in the DATA PROTECTION POLICY dropdown.

1.    Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain

 

2.    Purpose and processing

The personal data of investors and analysts shall be stored and processed by Endesa, S.A. to enable the communication and sending of public information to investors and analysts within the framework of Endesa, S.A.'s Institutional Relations.

Personal data storage limitation

The personal data of investors and analysts shall be kept as long as no request is received for their erasure and as long as they are no longer required for the purposes for which they are processed. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis for processing your data.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Rights with respect to the processing of your personal data

Investors and analysts can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to ir@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

 

Shareholder Data Protection Policy

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    • Enable communication with the shareholder within the framework of corporate relations.
    • Enable compliance with related legal obligations.
  • Lawfulness

    • Legitimate interest of Endesa, S.A.
    • Compliance with legal obligation.
  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Personnel belonging to service providers that Endesa S.A. hires or may hire and which act as data processors may also be given access to your personal data.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time. You can find information on how to exercise these rights in the Information in detail.

  • further information

    More information about the Endesa S.A. data protection policy can be found in the DATA PROTECTION POLICY dropdown.

1.    Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.    Purpose and processing

The personal data provided by shareholders (to exercise or delegate their attendance and voting rights at Shareholders’ Meetings and to enable communications) or that are provided by the banking entities, companies and securities brokers in which the said shareholders have deposited their shares shall be stored and processed by Endesa, S.A. to enable communication with the shareholder within the framework of corporate relations and to enable compliance with related legal obligations.

Personal data storage limitation

Shareholder personal data shall be kept as long as they are required to meet the above purposes. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.    Lawfulness of the processing

The legitimate interest of Endesa, S.A. is the legal basis to process shareholder data as is compliance with any related legal obligations. Accordingly, the refusal to provide the requested personal data or the provision of inaccurate or incomplete data may affect your activity as a shareholder in Endesa S.A.

Shareholders are responsible for the reliability of the data they provide and for notifying Endesa S.A. of any future changes to them.

 

4.    Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

5.    Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa S.A. has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.    Shareholder rights in relation to the processing of their personal data

Shareholders can exercise their rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

To exercise these rights, Endesa, S.A. can be contacted through any of the following channels:

  • Post, attaching photocopy of your National ID card, passport or any other identification document, and stating your request, addressed to the Secretary's Office of the Endesa, S.A. Board of Directors, 60 C/ Ribera del Loira, 28042 Madrid.
  • Email to accionistas@endesa.es containing the following information: name and surname of the data subject, address for the purposes of notifications, photocopy of their National ID card, passport or any other identification document, and statement of the request.
  • Freephone: +34 900 666 900

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.    Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

Data Protection Policy for Endesa S.A. Corporate Website Users

Summary

  • Data Controller

    Endesa, S.A.

  • Purposes

    Manage the services provided or actions carried out by Endesa, user queries or suggestions made using the web form, as well as to manage the Endesa news alert service.

  • Lawfulness

    Consent of the data subject.

  • Recipients

    Data shall not be transferred to third parties, except under legal obligation.

    Other Enel Group companies may have access to your personal data, as well as the service providers that Endesa hires or may hire and who act as data processors.

  • Rights

    Access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

1.      Data controller

Endesa, S.A. holder of Tax No. A28023430 shall be the data controller under this policy. Data controller contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain.

 

2.      Purpose of personal data processing

User data shall be processed to manage the services provided or actions carried out by Endesa, as well as to manage the newsletter and the Endesa news alert service.

Personal data storage limitation

User personal data shall be kept as long as they are required to meet the above purpose. Whenever they are no longer needed for this purpose, the data shall be blocked throughout the period in which they may be required for prosecution or defence purposes in administrative or judicial actions and may only be unblocked and processed again for this reason. After this period, the data shall be definitively erased.

 

3.      Data recipients

Your personal data may be transferred to Public Administrations, Authorities and Bodies, including Courts and Tribunals, when so required by applicable regulations.

Moreover, in the case of signing up to the Digital Experts programme, your data may be transferred to other Enel Group companies whenever they carry out a programme-related initiative.

Personnel belonging to service providers that Endesa hires or may hire and which act as data processors may also be given access to your personal data.

 

4.      Lawfulness of the processing

Any processing done to manage the services, actions or initiatives carried out by Endesa or by Enel Group companies shall be legally based on the user consent given when providing their data and accepting this data protection legal notice.

Moreover, those actions carried out to manage the Endesa newsletter and news alert service shall also be legally based on the consent provided by the user when subscribing to the said service.

 

5.      Security measures

To ensure the efficiency and effectiveness of its Data Protection Policy, Endesa has adopted the necessary technical and organisational security measures to prevent any alteration, loss, misuse, unauthorised processing and accessing or theft thereof in accordance with the current state-of-art of the technology.

 

6.      Data subject rights with respect to the processing of their personal data

You can exercise your rights of access, rectification, erasure, restriction of processing and portability of the data in those cases and within the scope established by the regulations applicable at any time.

You also have the right to withdraw consent at any time.

To exercise these rights, contact Endesa by post, attaching a photocopy of your National ID card, passport or any other identification document, and stating your request for the attention of Internal Communication - Endesa at 60 C/ Ribera del Loira, 28042 Madrid, Spain

You are also hereby informed of your right to file a complaint with the Spanish Data Protection Agency.

 

7.      Data Protection Officer

Endesa, S.A. has appointed a Data Protection Officer for the Endesa Group. Protection officer contact details are as follows: Postal address: 60 C/ Ribera del Loira, 28042 Madrid, Spain Email: dpo@endesa.es.

advise icon go to the advise Facebook icon go to Facebook Twitter icon go to Twitter Youtube icon go to Youtube Messenger icon go to Messenger Linkedin icon go to Linkedin Instagram icon go to Instagram Shared Link icon Go to the shared link Checkmark Success icon Checkmark Success down arrow icon down arrow Previous Go to previous Next Go to the next close icon close add icon add up arrow icon up arrow oblique arrow icon look obliquely Arrow down icon Arrow down search engine icon search search engine icon search share icon share filter icon filter email icon send mail email icon email phone icon phone fax icon fac print icon print play icon play user icon go to the user section error icon an error has occurred info icon information thumb up icon like thumb up icon like thumb down icon don't like thumb down icon don't like clock icon Clock Lamp icon Lamp List icon List Map icon Go to the map Phone icon Phone Emergency icon Emergency Pause icon Pause Play icon Play Logout icon Sign off Phone icon Phone