Privacy policy

In compliance with the provisions of the regulations on the protection of personal data, in particular, Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, and the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data (hereinafter, GDPR), to Next, you are informed of how your personal data will be processed.

This Privacy Policy will be applicable to all data processing carried out by Redeia companies, except for those carried out through specific domains that will be governed by their specific privacy policy, such as:

http://www.reintel.es/en

https://www.esios.ree.es/es

https://www.elewit.ventures/en

https://www.portalclientes.ree.es/

https://redelectricaetica.globalsuitesolutions.com/denuncias

https://redelectricaetica.globalsuitesolutions.com/consultas

Likewise, the basic information provided individually on the processing of your data may contain specific conditions that will prevail over this Privacy Policy.

To ensure proper management in the processing of your data, RE has appointed a Data Protection Officer, who you can contact for any question you may need to ask at the email address dpd@redeia.com.

Redeia may modify this Privacy Policy whenever necessary. If changes are made, we will let you know through this website or by other means, so that you can learn about the new Privacy conditions. Continuing to use the functionalities made available by Redeia, once the aforementioned modifications have been notified, will mean that you agree with them, except in those cases in which your express consent is necessary.

Who is responsible for the processing of your data?

Your data will be processed by Redeia Corporación S.A. and/or by the companies that make up Redeia (hereinafter, RE), depending on the recipient of your request or the relationship you have established with each of them. You can consult the companies that are part of RE at https://www.redeia.com/en/our-services, of which we provide more information below:

Identity of the main entity: Red Eléctrica de España S.A.U. with C.I.F.: A-85309219.

Other companies of Redeia responsible for processing:

  • Redeia Corporation S.A. with Tax ID (C.I.F.) number: A-78003662.
  • Red Eléctrica Internacional S.A.U. with C.I.F.: A-82852906.
  • Red Eléctrica de España Finance, B.V. with registration number: NL812199017B01.
  • Redeia Financiaciones S.L.U. with C.I.F.: B-42954917.
  • REDCOR Reaseguros, S.A. With registration No. B153252.
  • REDEIA INFRAESTRUCTURAS DE TELECOMUNICACIÓN, S.A. with C.I.F.: A-87323127.
  • Red Eléctrica Infraestructuras en Canarias, S.A.U. with C.I.F.: A-76234822.
  • Redeia Sistemas de Telecomunicaciones S.A.U. with C.I.F.: A-88044144.
  • ELEWIT, S.A. with C.I.F.: A-88409990.

Postal address for notification purposes: Paseo Conde de los Gaitanes No 177, La Moraleja, 28109 Alcobendas (Madrid).

What type of data do we process and from where are they sourced?

RE may process the following types of personal data, depending on the relationship established with the user:

  • Identification and contact data (e.g. first name, surnames, identity document, telephone, email, country of residence).
  • Browsing data (e.g. use of the website, sections visited)
  • Other types of data. Exclusively in the event that the user has voluntarily provided another type of data, as they understand it to be relevant to their request or query and/or by other means (e.g. provided via telephone queries).

The data that RE processes as a result of the interactions carried out by the user through the website comes from the following sources:

  • Data provided by the user by filling in forms made available by RE, by sending emails or by any other means through which the user establishes communication with Redeia.
  • Data generated as a result of browsing and use by the user of the web.

For what purpose will we process your personal data and what is the legal legitimacy?

In general, your data will be processed by RE for the fulfilment of the following purposes:

1. PURPOSE 1: Management of users and provision of services offered through our website.

  • Description of the purpose: RE will process your data to provide you with the services we offer on our website and manage registrations as a user in those sections of the website that require prior registration to access the reserved area.
  • Base of legitimisation: Art 6.1.b) GDPR – the processing is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures.
  • Data processed for this purpose: Identification and contact data (name, surnames, postal or electronic address, identity document, telephone number) and data related to the position, job or professional function performed, if applicable.

2. PURPOSE 2: Manage requests for information, queries, requests and doubts through the forms enabled on the web, through postal or electronic mail, or by telephone contact.

  • Description of the purpose: RE will process your data to respond to requests, queries, requests and doubts made available to us through forms provided for this purpose on the website, by email or post, or by telephone contact, and put at your disposal solutions that suit your needs. Phone calls may be recorded in order to ensure the quality of the service and for security purposes.
  • Base of legitimisation: Art. 6.1b) GDPR – processing is necessary for the execution of a contract in which the interested party is part of or for the application at the request of the latter of pre-contractual measures.
  • Data processed for this purpose: Identification and contact data (first name, surnames, identity document, postal or electronic address, telephone number, voice).

3. PURPOSE 3: Compliance with legal obligations required of RE.

  • Description of the purpose: RE, in its capacity as data controller, is obliged to comply with the provisions, among others, with the regulations of the electricity sector, as well as with those obligations necessary for the fulfilment of the functions as operator of the electricity system and manager of the electricity transmission grid. This requires you to provide your personal data to Public Administration bodies, courts, regulatory bodies and State Security Forces and Bodies.
  • Basis for legitimisation: Art. 6.1c) GDPR – processing is necessary for the fulfilment of a legal obligation applicable to the data controller.
  • Data processed for this purpose: Identification and contact data (first name, surnames, identity document).

4. PURPOSE 4: Send newsletters and subscription to newsletter.

  • Description of the purpose: At RE there are forms where you can grant your unequivocal consent to authorise the receipt of information through bulletins and newsletters, both by ordinary and electronic means, as well as information about the activities organised by RE.
  • Basis for legitimation: Art. 6.1a) GDPR – the interested party gave their consent for the processing of their personal data for one or more specific purposes.
  • Data processed for this purpose: Identification and contact data (name, surnames, postal or electronic address).

It should be noted that you may object at any time to the purpose of processing your personal data for advertising or promotional purposes by RE, using the channels enabled for this, as detailed in the section. What are your rights when you provide us with your data?

5. PURPOSE 5: Developing perception studies.

  • Description of the purpose: In order to be able to verify your degree of satisfaction with the work carried out by RE, we may carry out perception studies to improve the quality of our procedures and services.
  • Base of legitimisation: Art. 6.1f) GDPR – the processing is necessary for the satisfaction of legitimate interests pursued by the data controller or by a third party.
  • Data processed for this purpose: contact data (first name, surnames, postal or electronic address, contact telephone number) and data relating to the position, job or professional function performed.

In any case, and if it is necessary for the fulfilment of the processing purposes RE may give access to personal data to third party service providers, who will access them as data processors. In the event that this access involves the transfer of your personal data outside the European Economic Area, RE will ensure the existence of adequate mechanisms and guarantees provided for by the applicable regulations (e.g. Standard Contractual Clauses) to guarantee that the provider applies a level security equivalent to that required by European data regulations.

How will the data of minors be processed?

In general, the contents and services of RE are directed and designed mostly for people over 18 years of age.

However, there is content on our website intended for minors which includes online games to which they can have access.

In such case, RE will request the consent of the holders of their parental authority or guardianship, or legal representative, for users under 14 years of age, not collecting or processing personal data in any case without fully complying with the requirements established in the applicable data protection legislation in relation to compliance with the duty to inform and to obtain any necessary consents.

How long will we store your data?

RE will store the personal data provided for the period necessary to manage your request, query, suggestion, complaint or claim, or as long as the contractual relationship is maintained, its deletion or opposition is not requested by the interested party and they should not be deleted since they are necessary to comply with a legal obligation or for the formulation, exercise and defence of claims.

In this regard, RE will store and duly block the personal data once its relationship with you has ended, and will only make it available to the Public Administrations, Judges and Courts for the attention of the possible responsibilities arising from the processing, as well as for the exercise and defence of claims at the Spanish Agency for Data Protection and will be stored during the prescription period of the actions that may arise from the relationship maintained with the user.

Your personal data will be stored for the time necessary to fulfil the purpose for which it was collected. If your data is used for several purposes that require us to store it for different periods, we will apply the longest retention period.

How do we collect your data?

In each process in which you provide your personal data, you will be informed of the mandatory or optional nature of its completion (for example, marking with asterisks those fields in which mandatory data is requested), and of the consequences of not providing said data.

Through this Privacy Policy, you declare that the information and data you provide us are accurate and truthful, with RE reserving the right to exclude from the services any interested parties who have provided false data, without prejudice to the possibility of initiating legal actions. You will be solely responsible for any false or inaccurate statements you make and for the damages that this may cause to RE or third parties.

If, by means of any form, you provide us with third-party personal data, you guarantee that you have informed said third party of this Privacy Policy and that you have obtained their authorisation to provide RE with their data for the purposes indicated.

In compliance with article 14 of the GDPR, RE undertakes to provide any third party whose data provides us with the relevant information.

To which recipients will your data be communicated?

RE will communicate and transfer your personal data for the fulfilment of the purposes indicated above and on the basis of the legitimising bases of the treatment previously indicated to:

  • Redeia companies, which you can consult at the following link: https://www.redeia.com/en/our-services.
  • The Public Administrations and the Administration of Justice, State Security Forces and Bodies and, in general, competent Authorities when RE has the legal obligation to provide them.
  • RE suppliers that have access to your personal data that will process said data as RE treatment managers, as a result of the services they provide to RE. All suppliers with access to personal data that provide services to RE have signed the corresponding data controller contract in accordance with the provisions of article 28 of the GDPR, taking it upon themselves to comply with the following obligations: apply appropriate technical and organisational measures; process the personal data for the agreed purposes and attending only to the documented instructions of RE and the obligation to delete the data once the provision of the services has ended.
  • Due to the activity carried out by RE, there is the possibility of international data transfers to countries located outside the European Economic Area (EEA). For cases in which international data transfers are made to countries outside the European Economic Area (EEA) or to countries that do not offer an adequate level of protection, the necessary measures will be applied with adequate guarantees through the use of Standard Contractual Clauses that legitimise international transfer.

How do we guarantee the security of your data?

RE applies and maintains appropriate technical and organisational measures to guarantee an adequate level of security based on prior risk analysis.

Specifically, RE has established all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorised access and theft of the data you provide us.

What are your rights when you provide us with your data?

RE informs you that you have the right to obtain confirmation on whether we are processing personal data that concerns you or not.

Likewise, RE informs you that you may exercise the following rights over your personal data:

  • Access: You have the right to access your data to know what personal data we are processing that concerns you.
  • Rectification or deletion: In some circumstances, you have the right to rectify any personal data that you consider to be inaccurate and that concern you, and that are processed by ER, as well as the right to request the deletion of your data when, among other reasons, the data were no longer necessary for the purposes for which they were collected.
  • Limitation: In some circumstances, you will have the right to request us to limit the processing of your data, in which case we inform you that we will only store the data on which you have requested limitation in the processing for the exercise or defence of claims.
  • Portability: In some circumstances, you will have the right to receive the personal data that concern you, and that you have provided us, in a structured format for common use and mechanical reading, as well as to have them transmitted by ER to another data controller.
  • Opposition: In some circumstances, and for reasons related to your particular situation, you will have the right to object to the processing of your data, in which case, we would stop processing them unless we are obliged to continue to do so for compelling reasons or for the exercise or defence of possible claims.

To exercise your rights, please submit a letter to the aforementioned postal address or via email to the following address: digame@redeia.com, including in the subject “Data Protection”.

You can also contact our Data Protection Officer at the following address: dpd@redeia.com.

The data controller will take the appropriate measures to provide the interested party with all possible information about the processing of their personal data in accordance with their request within a maximum period of one month from the receipt of the request. This period may be extended for two additional months, depending on the complexity of the case and the number of requests.

You must specify which of these rights he requests to be satisfied and, in turn, must prove your identity in case it is not possible to confirm it in the communication channel of the request. In the event that you are supported by an intermediary, legal or voluntary, you must also provide a document proving the representation, as well as the identity of said party.

Additionally, in accordance with article 77 of the GDPR, if you consider that your right to the protection of personal data has been violated, you can file a claim with the control authority, in Spain, the Spanish Agency for Data Protection (www.agpd.es) or apply to the competent court, in accordance with article 79 of the GDPR. In the same way, we inform you that, in the first instance, you can file a claim with the Data Protection Officer at the following address: dpd@redeia.com.

Update date of this Privacy Policy: July 2022.