Iberdrola, S.A ("Iberdrola") is committed to protecting your privacy and to complying with personal data protection laws and regulations, in particular and as applicable, the European General Data Protection Regulation ("GDPR"), and personal data protection laws and regulations applicable in the jurisdictions where the companies of the Iberdrola Group are located. Your personal data will be processed in a lawful, fair and transparent manner; for specific and legitimate purposes; only if it is adequate, relevant and limited to what is necessary in relation to such legitimate purposes. We will strive to keep your data accurate and updated. Personal data will be maintained in a way that allows for the identification of the data subject only for so long as is necessary to fulfill the legitimate purposes that justify the processing.

Iberdrola has implemented technical and organisational measures to protect your data from accidental loss and from unauthorised or unlawful modification, access, use or disclosure, and has also established procedures to respond to any security incident that could affect your personal data.

Through this privacy notice you are hereby informed about the processing of your personal data as member of Shareholders' Club during your relationship with Iberdrola and after it has ended.

This notice may be modified from time to time. If this notice is updated, we will notify you in writing.

You should read this notice, and any updates, to be aware of how Iberdrola processes your personal data.

What personal data do we collect and process from you?

Iberdrola shall only process your data needed to comply with the purposes detailed below. The data are your name and surname, identity card or passport, country, postal and/or electronic address, phone number, date of birth, numbers of shares and the social networks that you use if you have communicated them to us.

How do we collect your personal data?

You provide us with your personal information through your registration in the Shareholders' Club.

If you do not provide us with your requested personal information, we may not be able to manage your registration.

We ask you to update your personal data as it changes, and always provide truthful information, as we must have your current information.

Who is responsible for the processing of your personal data?

Plaza Euskadi 5, Bilbao

Iberdrola has appointed a Data Protection Officer. You may contact them in connection with any matter related to this privacy notice:

  • By postal mail to Data Protection Officer. Tomás Redondo 1, 28033 Madrid.
  • By email to:

For what purposes do we process your data?

The information you provide us with will be treated in accordance with the following purposes:

  1. Control, monitoring and verification of your status as a shareholder.
  2. Sending of permanent information of the quarterly evolution as well as of the strategy and its industrial group, of the main financial events and the current situation of the company, as well as of the information relative to the exercise of its rights as shareholder.
  3. Direct and personalized telephone service through the Shareholder Office (900.10.00.19).
  4. Receive invitations to corporate, cultural and leisure events organized by the Company and exclusive for shareholders; offer the possibility to participate in raffles and special prizes; offer the possibility of participating in the surveys to know your opinion about the Society.

What is the legitimacy for the processing of your data?

The legal basis for the treatment of your data with the purpose detailed in paragraph 1 above is the legitimate interest of Iberdrola. Such processing is carried out with respect to your right to the protection of your personal data, to your honor and to your personal and family privacy.

The legal basis for the treatment of your data with the purpose detailed in paragraphs 2, 3 and 4) above is the providing of the services that Iberdrola upon you required when you register in Shareholders' Club.

How long do we keep your data?

The personal data provided will be kept to the extent you remain as a member of the Shareholders' Group, during the provision of the services requested and, in any case, once the statute of limitations for any legal actions involved has expired.

However, the personal data provided may be kept duly blocked for as long as required by the applicable regulations.

We also inform you that Iberdrola will be able to check annually if you are still a shareholder and, if you have lost that condition, we will proceed with your withdrawal from the Shareholder's Club.

To whom will your information be communicated?

Your data will be communicated to third parties when necessary for the execution of the legal obligations and to official bodies in compliance with legal obligations.

Your data will also be accessible by external service providers linked to the contractual relationship such as computer services, with which we have subscribed the legally required contracts under which they guarantee the fulfillment of their obligations as data controller.

What are your rights?

You have the right of access to the personal data being processed, as well as the right to request the rectification of inaccurate data or, where appropriate, to request their erasure when the data are no longer necessary for the purposes for which they were collected, as well as the right to object and restrict the processing and the data portability. If your consent was obtained, you have the right to revoke it at any time.

You may submit their requests to exercise their rights free of charges (including a copy of your national identity card or equivalent document) through the following channels:

  • By mail
  • By call to Shareholder's Call Center: 900 100 019.
  • Sending a written notice to: Oficina del Accionista, C/ Tomás Redondo, 1, 28033 Madrid.
  • Data Protection Officer: Tomás Redondo 1, 28033 or

You may file a complaint with the Spanish Data Protection Agency, or equivalent supervisory authority.

More Information

We have implemented the necessary technical measures to protect your data and information from accidental loss, unauthorized access, use and disclosure. However, despite the diligent implementation of such measures, the user should be aware that security measures are not indefeasible. Iberdrola is not responsible for the actions of third parties who, in violation of these measures, access the aforementioned data and information.

We have established procedures for any data security incident.