Privacy Policy



The protection of personal data is one of our company’s values. We are fully committed to complying with the regulations in force regarding the protection of personal data. Compliance is a priority objective for us.

The objective of this policy is to explain how personal data is processed in relation to the NEXUS ENERGÍA website, forms, apps and other digital platforms or electronic media owned by it. This policy is equally applicable, where appropriate, to the processing of social media users’ data by NEXUS ENERGÍA depending on their relationship with NEXUS ENERGÍA.

You can join the groups that our company has on different social networks. The user who becomes a fan of the company or a member of any of these groups must accept the conditions of use and privacy policy of the respective social network.

The data controller

The data controller is our company: NEXUS ENERGÍA, TAX ID no. (NIF) A-62.332.580, with registered office at c/Playa de Riazor, 12 OF. 1.5 – 28042 MADRID. NEXUS ENERGÍA guarantees that personal data will be processed with the utmost confidentiality and only for those purposes for which consent has been given or for which you have been informed, all in accordance with the General Data Protection Regulation (“GDPR”) and any other applicable regulation.

Your data may also be processed, under identical conditions, by THE YELLOW ENERGY S.L.U., a company belonging to the same business group, with registered office at Calle Consell de Cent, 42 – 08018 – Barcelona (TAX ID no. [NIF] B66027731).

NEXUS ENERGÍA, S.A. and THE YELLOW ENERGY S.L.U. have appointed a Data Protection Officer who the user can contact in order to resolve any questions at the following email address:


Purposes of the processing

Our company collects your personal identification and contact data in order to manage your request for an offer or request for information, as well as to contact you for any question related to your request by email, ordinary mail, SMS or by telephone contact. to fulfill said object.

You will be notified of any other purpose before we process you data in the respective link provided for this purpose.

Nexus Energía may use automated systems and other means that can be used to create users’ profiles in order to make offers, or actions to improve services or products, by using its own information, as well as information from third parties, if the user has also agreed to this. Furthermore, Nexus Energía may use the user’s dissociated data, preserving their anonymity, even after the end of the relationship, in order to use the data within their support systems for decision-making and business management.


Storage periods


Your data will be kept for the period stipulated in each section of the website in which personal data is requested, or on any form, application or other means by which you have given your consent, unless you consent to it being kept for a longer period, without prejudice to the fact that we may keep your data duly blocked for the purpose of making it available to the competent authorities in the different applicable matters and for the purpose of dealing with claims. In this event, the data will be kept blocked until the expiry of the limitation period, at which time it will be deleted.


Legal grounds for the processing of your data


The legal basis on which the processing of your data is based may be the performance of a contract, the fulfillment of a legal obligation, the consent obtained from the user, or the legitimate interest, as applicable at all times and in accordance with the regulations in force.

You can withdraw or modify the consent given at any time based on your rights.

If, in order to manage any contract or specific request, it is necessary for the user to provide personal data of persons other than the data subject, the user must previously and expressly inform them of the content of this policy and obtain their prior consent for the processing of their data.

Access to and registration on social networks is prohibited to minors under fourteen (14), as is the access to and use of the NEXUS ENERGÍA, S.A. official website by minors under fourteen (14). Similarly, if the user is incapacitated, NEXUS ENERGÍA, S.A. states that the consented assistance of the user’s parent, guardian or legal representative will be required for access to and use of this NEXUS ENERGÍA, S.A. official website. The company shall be expressly exonerated from any liability that may arise from the use of its official page by minors and incapacitated persons, and such liability shall be borne by their legal representatives in each case.


Recipients of personal data and international transfers


Your data will not be sold or leased.

Nexus Energía may give access to certain service providers who carry out certain activities for the company, but in no event will they process the data for their own purposes. In the event of a customer contracting energy, their data will be notified to the distribution company and included in a file (called the Supply Point Information System) for which the latter is responsible, in accordance with current legislation.

The company may report the non-payment situation to companies that provide creditworthiness services in compliance with the applicable regulations. It may also transfer the data to the competent authorities and organisations in compliance with the respective legal and tax obligations. The data related to the possible supply contracts will also be notified to the Tax Administration for the purposes stipulated in General Tax Law 58/2003 and or Law 36/2006 on measures to prevent tax fraud. Similarly, pursuant to Royal Decree 897/2017 which regulates, among others, the figure of the vulnerable consumer, Nexus Energía may communicate the data of customers in default to the relevant administration so that the situation of vulnerability can be determined.

On some occasions, personal data may be communicated or accessed by companies outside the European Union. In these situations, our company will apply all the measures and controls in order to guarantee and protect the processing of your personal data.

The main measures implemented by our company for international transfers of personal data are the signing of standard contractual clauses approved by the European Commission or, where appropriate, any competent supervisory authority in accordance with Article 46 of the GDPR, as well as adherence to Codes of Conduct or other certification mechanisms approved in accordance with Article 46 of the GDPR. You may request the list of providers that process data in a third country by sending an email to

Data transfers in social networks such as Facebook and Twitter, based in the United States, which users may join, will be covered by the same mechanisms indicated in the previous paragraph.

The user is informed that all the information and content published on the official website of NEXUS ENERGÍA, S.A. on any social network may be known by the other users of the official website and the platform of that social network. Consequently, all the information and content published by the user on the official website of NEXUS ENERGÍA, S.A. on the respective social networks will be communicated to other users due to the very nature of the service.

Concerning the use of social networks, NEXUS ENERGÍA, S.A. notifies the user that this entity is only responsible for and guarantees the confidentiality, security and processing of the data in accordance with this policy in respect of the personal data collected from the user through the social networks, assuming no liability whatsoever for the processing and subsequent use that may be made by the social network owner, third-party service providers of the information society that may access such data as a consequence of the provision of their services or the exercise of their activities, third parties that establish hyperlinks to the social network or those to whom NEXUS ENERGÍA, S.A. refers the subscribers of its official page on the social networks through hyperlinks.


Exercise of rights


As a consequence of the processing of your personal data by our company, current legislation grants you the following rights:

Right of access: you will have the right to know the personal data that we process about you in accordance with the purposes regarding which we have informed you.

Right of rectification: you will have the right to be able to rectify any data that is inaccurate or incomplete.

Right of deletion: you may request that your personal data be deleted from our systems.

Right of opposition: you may oppose the processing of your data in relation to direct marketing activities, as well as for personal reasons, unless the grounds for the processing is the legitimate interest.

Right to limit processing: you may request that processing be limited where its accuracy is contested or when it is illegal and you oppose the deletion of your personal data, and request instead that its use be limited. Also, when data is no longer required for processing, but you need it for the preparation, exercise or defence of claims.

Right to the portability of your data: you will have the right to obtain a copy of all the data that you have provided us with and, when technically feasible, you will have the right to request that your personal data be transmitted to another data controller.

You may exercise these rights by contacting our company’s Data Protection Officer using one of the following options, attaching a copy of your ID or equivalent document:

  1. By email to
  2. By postal mail addressed to C/Consell de Cent, nº 42, 08014, Barcelona.

If you have any queries or suggestions in relation to the processing of your personal data, you can also contact the addresses provided for the exercise of your rights.

You also have the right to file a claim with the Spanish Data Protection Agency (AEPD), the competent data protection authority in Spain.


On information security


NEXUS ENERGÍA uses information security techniques generally accepted in the industry, such as firewalls, access control procedures and cryptographic mechanisms, all in order to prevent unauthorised access to data. To achieve these purposes, the user/client accepts that the provider obtains data for the purposes of the respective authentication of access controls.