Privacy Policy

1.    Identification of the data controller

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and Organic Law 3/2018 of 5 December on the protection of personal data, data subjects are informed that their personal data will be processed by EDP RENOVÁVEIS, S.A. ("Data Controller" or the "Company" indistinctly) whose identification data are the following:

  • Spanish Tax ID (NIF): A74219304
  • Registered office: Plaza de la Gesta nº 2, 33007 Oviedo, España.
  • DPO Contact: complianceofficer@edpr.com

2.    Purpose of the processing of your personal data

The Data Controller will process the data subject's data, in a clear and transparent way, for the following legal, specific and sole purposes:

i)    To manage the exercise or delegation of his or her right to attend and vote at the General Shareholders' Meeting, whether data are obtained by the shareholder, or are provided for this purpose by the banks and securities brokers and dealers in which these shareholders have their shares deposited or held (in which case their identification details, contact details and details relating to their shareholding situation will be processed); 

ii)    To draw up a list of participants in order to properly manage the various processes arising from their status as shareholders at the General Meeting.

iii)    To manage the proper functioning and development of the existing shareholder relationship with the data subject within the framework of the aforementioned Meeting. 

3.    Legitimate grounds for the processing of your personal data

The grounds that legitimise the processing of the data subject's personal data for the purposes described above are, mainly, the execution of a contractual relationship between the data subject and the Data Controller, which justifies said processing, together with the fulfilment of legal obligations to which the Data Controller is subject, in accordance with the applicable legislation. 

The processing of personal data for these purposes is mandatory, in order to comply with the contractual and legal obligations to which the Data Controller is subject. If this processing is not carried out, these obligations cannot be met.

4.    Time limit for the storage of your personal data

The data subject's personal data will be kept for a period of 6 years, until the deadline for any possible actions deriving from them expires, in accordance with the applicable regulations.

5.    The recipient of your personal data

The data of the data subjects may be communicated within the context of the General Meeting to notaries, for the purpose of drawing up notarial instruments, or be accessible to the public to the extent that it is contained in the documentation available for consultation or stated at the General Meeting, or to third parties in the exercise of the right to information provided for by law.

6.    International data transfers

The personal data of the data subject shall not be transferred internationally to third countries outside the European Economic Area.

7.    Rights of the data subject

The data subject has the right to:

  • Revoke, where appropriate, the consent granted, notwithstanding the legality of the processing carried out until that time.
  • Access his or her personal data.
  • Rectify inaccurate or incomplete data.
  • Request the deletion of his or her data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • Oppose the processing of his or her data by the Data Controller, in accordance with regulations.
  • Request from the Data Controller the limitation of data processing when any of the conditions provided for in the applicable regulations are fulfilled.
  • Request the portability of his or her personal data.
  • In this regard, the data subject is informed that his or her personal data will not be subject to automated individual decision-making (including profiling).

For the purposes of exercising the above rights, the data subject may contact, through a written communication at the Departament of Compliance - C/ Serrano Galvache, nº 56, Edificio Olmo, 6ª planta, 28033 Madrid, attaching a photocopy of his or her ID card or passport or by e-mail complianceofficer@edpr.com

Lastly, when the data subject believes that the Data Controller has infringed the rights that are recognised by the applicable regulations on data protection, he or she will be able to file a complaint before the Spanish Data Protection Agency through its physical address C/ Jorge Juan, 6. 28001 - Madrid or the web page https://www.aepd.es/

8.    Technical and organisational measures

The Data Controller will process the personal data of the data subject, at all times, in an absolutely confidential manner while respecting the mandatory duty of secrecy with regard to them, in accordance with the provisions of the applicable regulations. Thereby adopting for this purpose the necessary technical and organisational measures that guarantee the security of the personal data and avoid their unauthorised alteration, loss, processing or access, taking into account the state of the art, the nature of the data stored and the risks to which they are exposed.