In compliance with the provisions of the current national regulation concerning personal data protection and Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR); you are informed of how we will process your personal data below.

This privacy policy will be applicable to all data processing performed by the companies of the RE Group, except for those performed by means of http://www.reintel.es/en and https://www.esios.ree.es/en, which will be governed by their specific visibility. The basic information on data processing provided in an individualised manner may also contain specific conditions that will prevail over this privacy policy.

Who is the Controller of your data?

Your data will be processed by Red Eléctrica de España, S.A.U. and/or the companies in the Red Eléctrica Group (hereinafter RE), based on the recipient of your request or the relationship you have established with each of them. You can see the entities that are part of RE at https://www.ree.es/en/about-us/red-electrica-group, and more information about them can be found below:

Identity of the main entity: Red Eléctrica de España S.A.U with C.I.F. (tax ID): A-85309219

Other Red Eléctrica Group companies:

• Red Eléctrica Corporación S.A with C.I.F (tax ID): A-78003662
• Red Eléctrica Internacional S.A.U with C.I.F (tax ID): A-82852906
• Red Eléctrica de España Finance, B.V. with registration number: NL812199017B01
• Red Eléctrica Financiaciones, S.A.U with C.I.F (tax ID): A-85724052
• REDCOR Reaseguros, S.A. with registration number: B153252
• Red Eléctrica Infraestructuras de Telecomunicación, S.A.U with C.I.F (tax ID): A-87323127
• Red Eléctrica Infraestructuras en Canarias, S.A.U. with C.I.F (tax ID): A-76234822

Postal address for notifications: Paseo Conde de los Gaitanes nº 177, La Moraleja, 28109 Alcobendas (Madrid).

Why do we process your personal data?

Generally, your data will be processed by RE for the following purposes:

1. To manage your relationship with RE: We will process your data to manage all of the matters relative to maintaining the relationship established between you and RE.
2. To manage users and provide the services offered on our website: We will process your data to provide the services that we offer on our website and to manage user registrations on the sections of the website requiring prior registration to access the restricted area.
3. To manage information requests, queries, requests, and questions submitted via website forms, postal mail or email, and by phone.. With the information you provide us, RE can provide you with a response to these queries and offer up solutions that adapt to your needs. RE undertakes to process the data obtained and provided by you as long as said data are necessary for the purpose described. Phone calls may be recorded in order to guarantee service quality and for security purposes.
4. To manage the contractual relationship between you and RE.. Generally, when the processing of your data is based on the execution of a contract to which you are a party, we will process your data in accordance with the provisions of the contract signed between you and RE in order to execute and carry out said contract.
5. To comply with the legal obligations required of RE: In its role as the Controller, RE is obligated to comply with the provisions of, inter alia, electricity sector regulations, as well as the obligations necessary to fulfil its functions as an electricity system operator and manager of the power transmission network. This entails it being obligated to provide your personal data to the bodies of the Public Administration, courts, regulatory bodies, and the law enforcement bodies of the government.
6. To send newsletters and manage subscriptions: RE has forms where you can give your unequivocal consent to receive information through newsletters, both through ordinary and electronic means, as well as information about activities organized by RE.
7. Performing satisfaction surveys: With the purpose of verifying your degree of satisfaction with the work carried out by RE we may undertake satisfaction surveys to improve the quality of our procedures and services.

How will data about minors be processed?

Generally, RE’s content and services are mostly aimed at and designed for people over 18.

Nevertheless, our website does have content aimed at minors including online games they may access. RE will not gather or process the personal data of minors under the age of 16, without fully complying with the requirements set forth in the applicable regulations on data protection, with regard to fulfilment of the duty to inform and obtain consent where necessary.

How long will your data be kept?

The personal data provided will be kept for the amount of time needed to manage your request, query, suggestion, complaint, or claim, or as long as there is a contractual relationship, the data subject does not request their erasure or opposition, and the data needn’t be deleted to comply with a legal obligation, or for the formulation, lodging, and defence of claims.

Therefore, RE will keep personal data duly blocked once its relationship with you has ended, except to make it available to Public Administrations, Judges, and Courts to respond to potential liabilities arising from the processing, as well as to lodge and defend claims with the Spanish Data Protection Agency, and they will be kept for the statute of limitations of the actions that may arise from the relationship maintained with the user.

Your personal data will be kept for the period of time necessary to fulfil the purpose for which they were collected. If your data are used for several purposes, thereby obliging us to keep them for different periods of time, we will apply the longest retention period.

What gives us the authority to process your data?

RE has the authority to process your personal data on the following legal bases:

• Execution of a contract: Your data must be processed in order to manage, maintain, and execute a contract signed between you and RE.
• Consent: You have given your consent by filling out a form authorising the processing of your personal data for a specific purpose or for certain purposes. You may revoke this consent at any time through the means available to you.
• Compliance with legal obligations: Your data must be processed in order to comply with the legal obligations established by law (tax, corporate, labour, etc.)
• Action carried out in the public interest: Your data must be processed to provide a service of general economic interest pursuant to the provisions of Law 24/2013, of 26 December, on the Energy Sector and Royal Decree 1955/2000, of 1 December, regulating the activities of transport, distribution, commercialisation, supply, and authorisation procedure for electric power facilities.
• Legitimate interest of RE: The processing of your data is based on the legitimate interest of RE when there is no other legitimate basis to allow for processing. In all cases, an analysis of our authority has been carried out so as not to violate your fundamental rights and freedoms in any way, considering the reasonable expectations pursuant to your relationship with RE.

How do we collect your data?

In each process in which you provide your personal data you will be informed of the obligatory or optional nature of completing the field and of the consequences of failing to provide said data.

Through this Privacy Policy, you declare that the information and data you provide us are accurate and true, RE reserves the right to exclude any data subjects that have provided false data, without prejudice to the initiation of legal proceedings. You shall be the only one responsible for providing false or inaccurate statements and for the damages they cause RE or third parties.

If you provide the personal data of third parties on a form, you guarantee that you have informed said third party of this Privacy Policy and that you received their authorisation to provide RE with their data for the indicated purposes.

In accordance with article 14 of GDPR, RE undertakes to provide any third party whose details you indicate with the relevant information.

Who are the recipients of your data?

RE will share and give up your personal data in the fulfilment of the above-mentioned purposes and based on the above-mentioned legitimate bases for processing to:

• RE Group companies, which can be viewed at https://www.ree.es/en/about-us/red-electrica-group.
• Public Administrations and the Administration of Justice, and generally Competent Authorities when RE is legally obligated to provide the data.
• RE suppliers that have access to your personal data and carry out the processing of said data as RE’s processors, as a result of the services they provide RE.
  All suppliers with access to personal data that provide services to RE have signed the corresponding processor contract in accordance with the provisions of article 28 of GDPR, compelling them to fulfil the same obligations: apply appropriate technical and organisational measures; process personal data for the agreed upon purposes and only heeding the documented instructions of RE, and the obligation to erase the data once provision of service has finished.
• Given the activity that RE carries out, it is possible that international data transfers to countries outside the European Economic Area (EEA) may take place.
  For the cases in which international data transfers take place to countries outside the European Economic Area (EEA) or to countries that do not offer an adequate level of protection, the necessary measures will be applied with the appropriate guarantees through the use of Standard Contractual Clauses authorising the international transfer.

What are your rights when you provide us with your data?

You will be able to exercise the rights of Access, Rectification, Portability, Erasure, Restriction, or, where applicable, to Object. In order to exercise these rights, you must send a letter to the above-mentioned postal address or via email to the following address: digame@ree.es including in the matter “Data protection”.

You must specify which of these rights you wish to exercise and, in turn, you must attach a photocopy of the national ID card or equivalent identity document of the data subject. In the event a legal or voluntary representative acts on the data subject’s behalf, they must also provide a document proving this representation and their identity document.

In addition, in the event you consider your right to personal data protection has been violated, you may file a claim with the Spanish Data Protection Agency (www.agpd.es).

How do we ensure your data’s security?

RE applies and maintains the appropriate technical and organisational measures to guarantee an adequate level of security based on prior risk analysis.

Specifically, RE has put in place all of the technical resources at its disposal to prevent the loss, misuse, alteration, unauthorised access, and theft of the data you provide.

This Privacy Policy was last updated on: 23 May 2018