Energy that transforms

Integrated Report 2021

Strategic Framework

Information Privacy

Our Security Operations Center and the Technology Risk Committee guarantee the privacy of the information of our different Stakeholders.

GRI (103-1) We understand that both the personal information of our clients, as well as that associated with the energy service, they payments they make and the products they acquire with us, are for their exclusive use, and it is our responsibility to safeguard and handle them properly.  In this sense, at Celsia we guarantee our clients that their personal data is handled exclusively to provide the service or deliver the product for which they were provided.

DJSI (1.11.1, 1.11.2) GRI (103-2)

We have a Personal-Data Protection Policy, which includes the management of the information provided to us by both current and potential clients.

We socialize and train our teams in understanding the policy, understanding the risks and the responsibility in handling clients’ personal information.

Under this policy,we enable clients and attend any modification or elimination of their personal data from our commercial database.

DJSI (1.11.3) GRI (418-1) In 2021, we did not receive complaints or required related to violations of client privacy from third parties or regulatory bodies. The requests addressed were due to client requests for data updating, modifying or deleting information from the commercial database for the provision of the energy service or the products commercialized by Celsia.

GRI (103-3)
Requests attended to and managed
were due to client requests to update data
were associated with the modification or elimination of information from the database of our commercialized products

New Challenges

GRI (103-2)

These are our challenges in the short and medium term:

(0 to 2 years)
  • Ensure knowledge and Understanding of the Personal-Data Protection Policy throughout the Client Experience Team.
  • Comply with requests, complaints or claims presented by clients regarding the removal or updating, applying and leaving the record of what was requested.
  • Continue with the data-updating program from the relationship channels, ensuring the client’s authorization.
(3 to 5 years)
  • Implement a client self-management module, which will include the possibility of processing requests and complaints about personal-data protection directly from the Client Portal, allowing traceability of the status of their request.


Data breach:  A data-security breach occurs when personal data experiences a security incident that results in a breach of data confidentiality, availability or integrity.