Aldea

Privacy Policy

This text is a recommended baseline and should be reviewed by your legal advisors before final publication.

At Aldea we believe in clarity: here we explain what personal data we collect, what we use it for and what rights you have over it. This Privacy Policy complies with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR) and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).

Data controller

Data we collect

We only process the data we need in each case. Depending on your relationship with us, we may collect:

  • Identification and contact data: full name, NIF/NIE, postal address, email and phone number.

  • Supply and contract data: supply point address, CUPS code, energy consumption, contracted tariff and details of your previous supplier.

  • Banking and payment data: account number (IBAN) and billing information.

  • Browsing data: IP address, device identifiers and cookies, as set out in our Cookie Policy.

  • Data you provide voluntarily: anything you enter in contact forms, the customer area or the app.

Purposes and legal basis

We use your data for specific purposes, each with a legal basis that legitimises it:

  • Managing your energy supply contract and the services of the Aldea ecosystem (energy supply, solar communities, EV charging, etc.). Legal basis: performance of a contract (Art. 6.1.b GDPR).

  • Meeting our legal obligations in tax, accounting and energy-sector matters. Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).

  • Handling your enquiries and requests via forms, phone or the customer area. Legal basis: your consent or our legitimate interest in replying to you (Art. 6.1.a and 6.1.f GDPR).

  • Sending you commercial communications about Aldea's products and services. Legal basis: your consent or, for existing customers and similar products, our legitimate interest (Art. 6.1.a and 6.1.f GDPR). You can object at any time.

  • Improving our services and website through analytics. Legal basis: your consent (Art. 6.1.a GDPR).

Data retention

We keep your data for as long as the contractual relationship lasts and, once it ends, for the periods required by law to address potential liabilities (generally up to 6 years for commercial and accounting obligations, plus any applicable tax periods). Data processed on the basis of your consent is kept until you withdraw it. Afterwards, data is blocked and securely deleted.

Recipients and disclosures

We do not sell your data. We only share it when necessary:

  • With electricity distributors, the system operator and energy-sector bodies that are essential to provide your supply.

  • With banks to manage payments and collections.

  • With public authorities when required by law.

  • With service providers (technology, customer support, hosting) acting as data processors under contract and solely on our instructions.

No international data transfers outside the European Economic Area are planned. Should any occur, they would be carried out with the appropriate safeguards set out in the GDPR (standard contractual clauses or adequacy decisions).

Your rights

As the data subject, you have the right to:

  • Access: know which of your data we process.

  • Rectification: correct inaccurate or incomplete data.

  • Erasure: ask us to delete your data ("right to be forgotten").

  • Objection: object to certain processing, including marketing.

  • Restriction: ask us to restrict processing in certain cases.

  • Portability: receive your data in a structured, commonly used format, or have us send it to another controller.

  • Withdraw consent at any time, without affecting the lawfulness of prior processing.

How to exercise your rights

Write to us at legal@aldeaenergy.com or by post to ALDEA CLIENTES SLU, Calle Espinosa 8, 202, 46008 Valencia, stating the right you wish to exercise and attaching a copy of a document proving your identity. We will respond within one month at the latest.

Complaints to the AEPD

If you believe we have not handled your request properly or that we process your data improperly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid, via its website www.aepd.es. We would, however, appreciate the chance to resolve it with you first.

Security measures

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration, in line with Article 32 of the GDPR. This includes encryption of communications, access control, staff training and regular review of our systems.

Changes to this policy

We may update this Privacy Policy to reflect legal changes or changes to our services. We will always publish the current version on this page, together with its last-updated date.