1. Data of the Controller
In compliance with data protection regulations, and taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, in particular Articles 15 and 14 thereof, an information table is provided below in which you can find out about all the elements relevant to the processing of your data.
DATA CONTROLLER IDENTIFICATION:
Company name: IGNIS ENERGIA, S.L.(Hereinafter The Manager),
Address: C/ CARDENAL MARCELO SPINOLA, 4 / 28016 Madrid
ID NUMBER: B87290805
Telephone: +34 91 005 9775
We are committed to keeping the information you provide to us in the strictest confidence by preventing unauthorized access, manipulation of information, loss or destruction. To this end, we will apply the security measures established by the applicable regulations and all those that our resources and modern technology allow us to apply. Please note that in many cases, it is essential that you provide the information we request in order to enjoy the benefits of our website.
The personal data you have provided us with, which is necessary to provide you with the contracted service, is confidential and will only be used for the following main purposes: supply of electrical energy and/or natural gas, additional services (maintenance and emergency), supply of energy-efficient products with or without installation, and the creation of profiles to offer you our services in a personalized way according to your preferences and consumption schedules.
The specific purposes for which we process your personal and professional data are as follows:
To adequately provide the contracted services related to the supply of light/gas in the CUPS
Prescribe power settings adapted to your consumption pattern. This will require profiling according to your consumption, evaluating personal aspects.
Send you commercial information via telephone/newsletter about offers that are adapted to your profile of electricity consumption or related products.
* Logic used: To carry out the processing of the data, an automated procedure is used where all the fields are filtered in order to obtain a profile of the client.
Updating of the data: If there are any changes in your data, please update them immediately using the procedures provided for this purpose.
Data retention criteria: They will be kept for as long as you remain a client and do not exercise your right to delete them or put them to this segmentation purpose.
We will communicate with you through electronic means such as SMS, WhatsApp, email or regular mail, in accordance with the data you provide. You can always object to receiving information by all means by which we contact you. In each communication we will inform you about the cancellation procedures.
3. Data we process about our Clients and Legitimacy
The legitimacy for the processing of your data is the execution of the contract that you have signed with IGNIS ENERGIA, S.L., with a legal basis regulated according to the Commercial Code and complementary laws as well as those specific laws that may affect the specific activity.
Likewise, in certain cases, the basis of legitimacy will be the consent that you give us to process data in accordance with a specific purpose or the legitimate interest that the company has, in order to correctly provide the contracted services.
The categories of personal and professional data that we process are as follows:
- Identification data of natural/legal person: name, surname, DNI/ CIF, proxy, address, telephone, email
- Data relating to the electricity supply: CUPS, address, contracted power, historical data provided by the Customer’s Distributor, as well as data relating to the hourly consumption curve.
- Banking data under SEPA regulations
Other specially protected data is not processed.
4. Recipients of the data
IGNIS ENERGÍA, S.A. may communicate your data to other companies of the group (enter link or list of companies) for internal administrative purposes, as well as to third parties that provide a service as Data Processors and that provide us with a specific service for the proper development of our activity. With all of them, all the legal requirements have been formalized in order to comply with the GRPD.
We will not communicate your data outside the foreseen purposes unless there is a legal obligation or we ask for your express authorization.
5. Data retention criteria
The data will be kept at least as long as you remain a customer. Similarly, once the contractual relationship has ended, they may be kept for the purpose of establishing communications as long as you do not request opposition to the processing or deletion of the data.
If the information is necessary for the exercise of legal or contractual actions, it may be kept, duly blocked, for the time necessary for the development of these processes or the fulfillment of the requirements received.
The Client expressly authorizes the Controller to contract the services in whole or in part with third parties whose intervention he deems appropriate for the proper development of the services. In this case, the Controller is obliged to sign a contract with the subcontracted third party in which the obligations to be fulfilled by the latter in relation to the protection of personal data are stipulated, and in particular the Controller is required to fulfil the same data protection obligations as those to which the Controller has committed itself with its clients, as well as sufficient guarantees for the application of appropriate technical and organisational measures so that the processing is in accordance with the applicable regulations.
The Controller shall be diligent in the selection of suppliers by applying mechanisms to verify the level of compliance with data protection regulations, in order to mitigate risks that may affect the security of the information.
7. Users’ Rights
The GDPR contains a number of rights in favour of the persons whose data are processed. This section provides information on how to exercise your rights as a Client with respect to your personal data. All the rights mentioned below can be exercised by sending your request to the following e-mail address: firstname.lastname@example.org, together with a copy of your identity document. Please note that we may request additional information to verify your identity before proceeding with your request. The interested party, without prejudice to any other administrative appeal or legal action, shall have the right to file a complaint with the Spanish Data Protection Agency through the electronic site at: www.agpd.es, whenever they consider that their data are not being processed correctly.
- Right of access: The right of access allows the interested party to know and obtain, free of charge, information about their personal data being processed. You may ask us to provide you with the information we hold about you.
- Right of rectification: This right is characterised by the fact that it allows us to correct errors, to modify data that are found to be inaccurate or incomplete and to guarantee the accuracy of the information being processed. You must inform us of any changes in your data and you are responsible for updating your information.
- Right of erasure: The right of erasure allows for the deletion of data that prove to be inadequate or excessive, unless they must be kept for the correct development of the contracted service, by legal imperative or because they are subject to legal or judicial action.
- Right of opposition: The right to oppose is the right of the interested party not to have their personal data processed or to have it cease to be processed for certain purposes. You may object to the processing of your data by indicating the specific purposes for which you object.
- Right of Portability: The right of portability allows you to request a copy of your personal data in a structured, commonly used and machine-readable format.
- Right of Limitation: The right to limit data allows you to limit the use and request restrictions on the processing of your personal data.
- Right not to be subject to an automated decision including profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on your person or significantly affects you in a similar way. Here it will be necessary to take into account the exception cases established by the GDPR.
8. Withdrawal of consent
You have the possibility and the right to withdraw consent for any specific purpose granted at the time, without affecting the lawfulness of processing based on consent prior to withdrawal.
9. Security measures
In the processing of your information we apply appropriate security measures according to the type of data. Our aim is to prevent access by unauthorised third parties, theft, loss or unauthorised disclosure of your information. However, even if we apply all possible security measures, the risk of a technical or human failure with respect to the information will never completely disappear, for this reason we ask that if you detect any incidence or have indications that your information may be at risk, please contact us so that we can investigate the fact and offer you solutions. The measures we apply to protect your information are mainly the following:
- We maintain a record of processing activities as referred to in Article 30 of Regulation (EU) 2016/679.
- We have implemented identification and authentication systems to prevent unauthorized access;
- We have implemented identification and authentication systems to prevent unauthorized access; we implement pseudonymization where possible and resources permit.
- We encrypt personal data and confidential information for those sensitive data we access for the reason of the service provided;
- We implement measures to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services such as anti-virus, firewalls;
- We implement backup and recovery systems in order to restore the availability and access to personal data quickly in the event of a physical or technical incident;
- We maintain a control of the accesses made to the information that can be processed during the services;
- We implement an effective incident management procedure, which allows us to detect incidents related to the confidentiality of information, and its immediate resolution;
- We implement a process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of processing;
- We inform and adequately train employees and managers in the obligations of confidentiality and in the maintenance of the technical and organizational measures implemented, obtaining their commitments of confidentiality and compliance in writing.
- We have approved a Data Protection and Business Resource Management Policy, known and accepted by all members of the organization.
10. Applicable law and jurisdiction
This Policy shall be governed by Spanish and European law, in particular by the GDPR. Any dispute will be resolved before the courts corresponding to the domicile of Madrid.