Privacy Policy for Aena Shareholders and Investors | Aena

Privacy Policy for Aena Shareholders and Investors

What is the purpose of this document?

The purpose of this document is to notify you that your personal details are processed in accordance with Personal Data Protection laws, in particular, those of Regulation (EU) 679/2016 of the European Parliament and Council of 27 April 2016, relating to the protection of individuals with regards to the processing of personal data and free circulation of those data (General Data Protection Regulation (GDPR)).

Who is the data controller?

The data controller is Aena SME, S.A.

Address: Peonías, 12. 28042, Madrid.
C.I.F (Tax ID. number): A86212420
Companies Register of Madrid, Volume 28806, Folio 211, Section 8, Page M-518648.
Contact telephone: 913 211 000

What data types are processed?

The following types of data are processed:

  • identification details: name and surname(s), ID/foreigner number/passport; image, home address, age, date and place of birth, nationality.
  • contact details: email address, telephone number.
  • economic data: insurance contributions, pension plans, bank details, retirement details, income, revenue, payslip, tax deduction details, taxes, etc.
  • employment and curricular data: position, role, curriculum, academic background, specific qualifications.
  • family details: marital status, no. of children, partner and children.

Why do we process your personal data?

The personal data that you have provided to us or that you will provide to us at the time you begin your relationship with Aena SME, S.A., in your capacity as shareholder/investor in the latter, and those that may be collected or generated in the course of said relationship, will be processed by Aena SME, S.A. for the purposes detailed below:

  • correspondence with shareholders and investors: responding to queries and other kinds of correspondence, management of polls, management of institutional relations, management of shareholders’ meetings, etc.
  • internal control and management of compliance with the obligations deriving from the applicable regulations on the Securities Market, Transparency and Access to Public Information and Good Governance, and the Unified Code of Good Governance of Listed Companies.
  • video surveillance for safety of the facilities (when the meeting is held at Aena’s facilities SME, S.A.).

What is the basis for your data being processed?

Your personal data are treated on the basis that they are necessary for the correct execution of your contract with Aena, as well as for the fulfilment of legal obligations deriving from the regulations on listed companies and transparency. In such cases, we inform you of the obligation to provide mandatory data, for the development of the contract, or data required to comply with relevant legal obligations. Otherwise, the contract cannot be executed or signed, or Aena cannot comply with its legal obligations.

How long will we store your data for?

Your data will be stored for as long as you remain a shareholder and/or investor. They are subsequently stored for as long as claims and obligations may arise as a result of the processing of your data for the purpose for which they were collected.

Who receives your data?

It is anticipated that the following parties will receive your data::

  • other shareholders (pursuant to art. 116 of Royal Legislative Decree 1/2010) and notaries.
  • the Spanish Tax Agency (AEAT).
  • the Spanish National Stock Market Commission.
  • European Union bodies.
  • persons, institutions or authorities that may require them by law.

Likewise, your data may be published on the transparency portal of the Aena website as required by applicable legislation.

What security measures are guaranteed with regards to your data?

Aena S.M.E., S.A., as the data controller, will adopt the technical and organisational measures required to guarantee the security of the personal data provided, preventing their unauthorised alteration, loss, manipulation or access.

How do I go about exercising my rights?

Any data subject is entitled to receive confirmation as to whether or not his or her personal data are being processed. The General Data Protection Regulation also stipulates the following rights for the data subject:

  • access to his or her data.
  • requests for rectification or deletion of his or her data.
  • requests for limitation of data processing.
  • portability of his or her data.
  • objection to his or her data being processed.

Your requests will receive a response at the earliest possible opportunity, and in any case within one month from such time as the request is received. The aforementioned time period may be extended for another two months where necessary, in the event of possible complexities or a high volume of requests. Aena will notify the interested party of the extension within the first month from the time of the request

To exercise these rights, the data subject may contact us at the email address or by writing to Calle Peonías, No. 12, 28042 Madrid, or using the Procedures and Claims Portal (

How do I contact the Data Protection Officer?

If you have any doubt, please email our Data Protection Officer at

The interested party is also entitled to lodge a complaint with the Spanish Agency for Data Protection (AEPD), the control and oversight body for data protection in Spain.