Other privacy policies

Website privacy policy

  • Website privacy policy

    1. What is the purpose of the Personal Data Protection Policy?

    This Policy aims to explain how we obtain, process and protect the personal data you provide or we collect from forms and/or cookies on the website (hereinafter, the 'website') and the Online Office, so you can decided freely and voluntarily whether you want us to process such data.

    The website provides links to platforms and pages managed by third parties offering services for all the companies in the SUEZ group, to which belongs. These pages have their own Privacy Policy, which provides information on the data controller and the purposes of processing.


    2. Who is the data controller responsible for processing data collected via this website?

    The data controller responsible for processing personal data collected via this website is (hereinafter referred to as ”), whose business address and whose tax identification number (NIF) is .


    3. What type of data does collect via this website, what is it used for and what is the legal basis for its use?

    Visiting the website and browsing its different sections does not require users to provide any personal data. However, we will collect some information on your browsing (which does not always let us identify you) by using cookies installed on your computer. For more information, please read our Cookies Policy.

    Users of the website can perform transactions which will require their personal data to be processed:

    (i) Transactions for which customers do not need to register in our systemsuch as: lodging complaints, reporting fraud and incidents outdoors or in buildings, presenting claims, making inquiries.

    Some of these transactions may require the user to provide certain data so they can be processed correctly. Such data may include: identification data (first name, surname, and ID number in some cases); contact details (such as postal address, phone number, email address); other data such as address of the detected fraud or incident.

    • Your data will be processed with the aim of responding to the request in the form you have accessed and completed.
    • The legal basis is the consent granted by the user providing the data, having contacted voluntarily. This consent may be revoked at any time with no retroactive effect (i.e. it does not affect requests that have already been processed).

    (ii) Web transactions to register as a customer/account holder, for instance: connection request, registration request, change of name or transfer of a pre-existing contract.

    Some of these transactions may require the user to provide certain data so they can be processed correctly. Such data may include: identification data (first name, surname, and ID number); contact details (such as postal address, phone number, email address); data on the property in order to request the supply or change the name of the account holder (property deeds, cadastral reference, rental agreement); representation data (powers of attorney when acting on behalf of another person or legal entity); financial data (bank details for bill payment by direct debit).

    • Your data will be processed with the aim of managing your registration as a service customer.
    • The legal basis is the consent granted by the user providing the data, having contacted voluntarily.

    Users interacting with to register as a service customer can find more detailed information on how their data is processed in the Customer and Service User Data Protection Policy .

    (iii) Web transactions that require the user to be a service customer, account holder or person authorised by the account holder, , such as completing the customer meter reading and online bill payments, among others.

    Data provided will be processed in order to carry out the selected transaction as part of your account file in order to generate bills for services received.

    If you are managing bill payment online, you will be sent to pages of third parties (online banking) that work with . These pages have their own Privacy Policy, which provides information on the data controller and the purposes of processing.

    processes your data based on the consent of the user providing it, having contacted voluntarily.

    (iv) Transactions that require registration with the website's 'Online Office' or 'Customer Service Area': from the Online Office, customers can access and enter data in their account (contact details, bank details, etc., as long as the customer is the account holder), enter meter readings, activate e-billing, request duplicate bills and activate the 12 Drops payment plan, among other operations.

    Registration with the Online Office requires the user to be a service customer or account holder and accept the Conditions of Use displayed at the start of the registration process.

    Data is processed in the Online Office to manage contractual relations between the customer and . customers can view additional information on processing their personal data in the Customer and Service User Data Protection Policy.


    4. Transactions carried out by a third party, on behalf of a company and by property administrators

    In general terms, website users should only provide their own personal data in the forms available to them. However, users may provide the data from third parties as long as (i) they have obtained the data legally; (ii) they have authorisation; and, where necessary, have informed the affected party of the transaction or inquiry they are performing.

    Transactions and inquiries on the website must be carried out by users in their own name. As exceptions to the above, transactions on behalf of third parties will be permitted in the following cases:

    • A person with specific authorisation from the account holder.
    • Representatives or contact persons acting on behalf of legal entities.
    • Official property administrators acting on behalf of owners' associations and other customers.

    On the basis of legitimate interest (as stated in Article 19 of Organic Law 3/2018 on data protection and the guarantee of digital rights), the personal data of representatives, contact persons and property administrators will be processed for the sole purpose of managing the request made on behalf of third parties.

    Should the personal data provided belong to a third party, the person providing the data must guarantee that the third party has been informed of this Privacy Policy and has obtained due authorisation to provide the data to for the indicated purposes. The user similarly guarantees that the data provided are accurate and up to date, and is responsible for any loss or damages, direct or indirect, that may arise as a result of a breach of said obligation.


    5. Who can access the personal data provided to via this website?

    uses service providers to carry out some of the tasks related to the contract. Therefore, such service providers need to access users' data to perform the requested transaction. These providers are considered data processors and will only process personal information in compliance with the instructions of . Under no circumstances will the user's personal information be used for purposes other than those detailed in this Policy.

    In the interest of efficiency, some of our suppliers are located in countries outside the European Economic Area (EEA) or, although in the EEA, share information with other organisations outside said area. guarantees that:

    • Transfers are made to countries which the European Commission has determined provide an adequate level of protection.
    • In the absence of said adequacy decision, (currently such transfers are made to the USA, amongst other countries), the Commission's standard contractual clauses have been adopted.

    This information can be found (in Spanish only) on the AEPD website: https://www.aepd.es/es/derechos-y-deberes/cumple-tus-deberes/medidas-de-cumplimiento/transferencias-internacionales

    For further information, please contact the Data Protection Officer of .


    6. With whom do we share your data?

    , on the basis of legitimate interest, can transfer your personal data within the SUEZ Group for administrative purposes (Recital 48 GDPR).

    Except for in the aforementioned case, will not communicate the personal data collected through this website to third parties unless you give your express consent or it is in order to fulfil a legal obligation.

    When your consent is required to share your personal data with third parties, we will inform you of the purpose of processing, the data being shared and the identity or sectors of activity to which your personal data from the data collection forms may be transferred.

    may sometimes share users' data, whether or not they are customers, with government agencies responsible for the services or related fiscal matters when required to do so, when needed in order to process the request or inquiry, or when required for legal proceedings in cases of fraud.

    In particular, is required to share their customers' personal data with certain government bodies, as stated in section 7 (With whom do we share you data?) of the Customer and Service User Data Protection Policy.


    7. How long do we hold your data for?

    Customer data will be held for as long as contractual relations, are maintained to ensure they are properly managed. Once relations have ended (and the periods for payment of unpaid bills has elapsed and conflicts in relation to the service have been resolved) we are required to keep your data as blocked for an additional period in which there may be liabilities arising from our services or data processing.

    Data from non-customers provided other transactions (such as inquiries and reporting frauds) will be kept for the time required to manage your request, and for an additional period in order to meet any possible related legal liabilities.

    If you have authorised us to send you commercial information, we will keep your data until you inform us that you no longer wish to receive our offers, even if your contractual relations with us have ended.


    8. What are your rights in regard to data protection and how can you exercise them?

    The Law recognises that, if you have granted your consent, you may withdraw it at any time and exercise the following rights with regard to data protection:




    You can see what personal data is included in the databases.


    You can change your personal data when it is inaccurate or incomplete.

    Opposition to processing Ask us not to process said personal information for certain specific purposes.


    You can ask us to erase said personal information.

    Restriction of processing

    You can request restriction to the processing of your data in the following cases:

    -While the contested accuracy of your data is being checked.

    -When processing is illegal, but you oppose the erasure of your data.

    -When no longer needs to process your personal data, but you require it for the exercise or defence of complaints.

    -While the legal basis for processing is verified to see whose interest prevails after you have opposed your data being process for purposes of public interest or to meet a legitimate interest.


    You can receive the personal data you have provided us in machine-readable format and transfer it to another data controller.


    All that is required for you to exercise the above rights or withdraw your consent is to send us your request by any of the following methods:

    • By post to the following address: .
    • Via the contact on our website.
    • Registering your request with any of our service offices.

    You will need to provide a photocopy of your legally valid ID card (DNI) or equivalent document accrediting your identity. If you act through legal representation, you must also provide the ID card and document accrediting representation.

    In addition, has appointed a Data Protection Officer whom you may contact regarding any doubts or complaints you may have in relation to data protection. You can contact the Data Protection Officer using any of the following methods:

    • E-mail address: protecciondedatos@aguasdetorremolinos.es
    • Postal address: , to the attention of the Data Protection Officer.

    Your complaint will be investigated confidentially and you will receive an answer from our Data Protection Officer.

    In all cases, as the affected party or data subject, you may lodge a complaint with the competent data protection authority, in this case, .


    9. Social media

    In general, 's corporate profiles on social media (Twitter, Facebook, etc.) are for information purposes only. If you provide data via inquiries or requests made by private messages on social media, such personal data will be used exclusively to respond to the request under the terms and conditions stated in this Policy. We remind you that you should not include your personal data or that of third parties (such as email addresses, phone numbers and contract numbers) in open messages on social media. If you are not sure whether your message can be read by other people, we recommend you contact us by another channel.


    10. WhatsApp Business

    provides instant messenger services through WhatsApp Business for the purposes indicated in section three of this policy. The use of WhatsApp by users is subject to the WhatsApp Business Terms of Service.