OLS - SHAREHOLDER'S CLUB PRIVACY POLICY

Iberdrola, S.A ("Iberdrola") undertakes to protect your privacy and ensure compliance with the laws governing personal data protection, most particularly the General Data Protection Regulation ("GDPR") and the Organic Law on Data Protection and Guaranteeing Digital Rights ("LDPGDR"). Your personal data will be processed lawfully, faithfully and transparently for specific, explicit, legitimate purposes; and only where appropriate, pertinent and limited to what is strictly necessary for the purposes for which they are processed. We will keep your data accurate and updated, and they will be stored to allow your identification only for the time necessary to comply with the purposes for which they are processed.

Iberdrola has implemented the necessary technical and organisational measures to protect your data from accidental loss or unauthorised alteration, access, use or disclosure, having also established procedures to react to any security incident that could affect your personal data.

This Privacy Policy serves to inform you about the way in which your personal data will be processed as a member of the OLS - Shareholder's Club during your relationship with Iberdrola and for the purposes of the same.

If this privacy notice is updated, you will be duly notified through the Iberdrola website.

What personal data do we process?

Iberdrola will only process your personal data necessary for complying with the processing purposes listed below. These are your full name, ID document number (DNI/NIF/NIE), number of shares, address (postal and email), date of birth, country, telephone number and electronic signature.

Likewise, if you are the representative of a shareholder, we will process the data necessary to accredit your representation.

How do we obtain your personal data?

Your personal data is obtained through your inscription into the OLS - Shareholder's Club.

If you do not provide us with the personal data we request, we will not be able to process your registration.

Please update your personal data as and when it changes and always provide us with truthful information as we need your current details at all times.

Who is the data controller in charge of processing your personal data?

The data controller of your personal data is IBERDROLA, S.A., with registered office at Plaza Euskadi 5, 48009 Bilbao, and CIF (Tax ID Number) A-48010615. Iberdrola has designated a Data Protection Officer whom you may contact regarding any matter related to this Privacy Policy by sending an email to dpo@iberdrola.com

What will we process your data for?

The personal information you provide will be processed for the following purposes:

  1. To respond to any queries you submit via the OLS - Shareholder's Club application as an Iberdrola shareholder.
  2. To send you information regarding the exercising of your rights as a shareholder.
  3. To send you ongoing information about both quarterly progress and strategy and the industrial group, and important financial events and Iberdrola news.
  4. To obtain direct and personalised telephone service from the Shareholder's Office (+34) 900100019.
  5. To invite you to corporate, cultural and social events organised by Iberdrola and exclusive to shareholders; to invite you to take part in draws and special prize events; to offer you the opportunity to take part in surveys to tell us your opinion of Iberdrola.
  6. To manage the exercising of your right to vote or delegate at the Shareholders' General Meeting electronically, and when applicable, allow the downloading of a duplicate of your attendance, representation and remote voting card for the Shareholders' General Meeting.
  7. The control, monitoring and verification of your shareholder status.

What is the legal basis for processing your data?

The legal basis for the processing of your personal data for the purposes detailed in sections 1, 2, 3, 4 and 5 is the execution of the services provided to you by Iberdrola, following your application to join the OLS - Shareholder's Club.

The legal basis for the processing of your personal data for the purpose detailed in section 6 is compliance with the contractual relationship deriving from your status as shareholder thereby ensuring respect for and the satisfaction of the rights of the shareholders who in turn are members of the OLS - Shareholder's Club.

The legal basis for the processing of your personal data for the purpose detailed in section 7 is Iberdrola's legitimate interest in checking your status as a shareholder. This processing will be carried out respecting your right to the protection of your personal data, reputation and personal and family privacy.

How long do we keep your data?

Personal data supplied will be retained for as long as you continue to be registered with the OLS - Shareholder's Club, during the execution of requested features, and, duly blocked, until the statute of limitations period for possible legal actions has elapsed.

We likewise inform you that, once Iberdrola has checked that you are no longer a member of the OLS - Shareholder's Club, your deregistration from the service will be actioned, with your data being processed until that time.

Who will your data be revealed to?

Your data will not be passed on to anyone outside Iberdrola.

However, your data may be visible to external service providers in connection with your telephone registration with OLS - Shareholder's Club, or with the sending of information as described in previous sections such as invitations to events or to take part in draws or surveys, or in the case of voting in the Shareholders' General Meeting for the control of the correct functioning of the General Meeting and the verification of compliance with the procedures applicable to it. Iberdrola may contract organisations who could have access to personal data within the framework of these tasks, without them being used for any other purpose. Iberdrola has signed the agreements demanded by the GDPR and the LDPGDR with all of them.

What are your rights?

You have the right to access your personal data which are subject to processing, as well as to request that inaccurate data be rectified or, where applicable, erased when they are no longer required for the purposes for which they were gathered. You may also exercise your right to oppose or limit the processing thereof or the right to seek the portability of your data.

You can submit requests to exercise your rights free of charge through the following channels:

  • By sending an email accionistas@iberdrola.com.
  • By calling the Shareholder's Office on (+34) 900 100 019.
  • In writing to: OLS - Club del Accionista, C/ Tomás Redondo, 1, 28033 Madrid.

In any event, you have the right to file a complaint with the Spanish Data Protection Agency at www.aepd.es.