Logo
A Way How
HomeGRCContact
Logo
A Way How

Privacy and Cookie Policy

1. Data Controller

Controller: A Way How SL
Tax ID: (In formation)
Address: Barcelona, Spain
Contact: https://www.awayhow.com/contact

2. Scope of Application

This Privacy and Cookie Policy regulates the processing of personal data through the website and associated SaaS service, primarily aimed at business clients (B2B), regardless of the country from which the service is accessed.

3. Data Processed

The following data may be processed when using the service:

  • Technical identifiers necessary for service access (tokens).
  • Microsoft Azure tenant identifier (Tenant ID).
  • Technical data derived from service usage (e.g., language configuration).

Under no circumstances will data be processed for profiling, marketing, or advertising purposes.

4. Purpose of Processing

The processed data is used exclusively to:

  • Enable secure access to the service.
  • Identify the business client (tenant).
  • Maintain the user session.
  • Remember functional preferences, such as language.
  • Ensure the proper functioning and security of the platform.

5. Legal Basis for Processing

The legal basis for data processing is:

  • The performance of a contract or the application of pre-contractual measures (art. 6.1.b GDPR).
  • The legitimate interest of the controller in ensuring the security and proper functioning of the service (art. 6.1.f GDPR).

6. Data Retention

Data will be retained:

  • While a contractual relationship or service usage exists.
  • For the time necessary to comply with legal obligations.
  • Tokens and cookies have a limited and configurable duration, in accordance with their technical purpose.

7. Cookies Used

This website uses only technical and functional cookies, necessary for the proper functioning of the service.

Types of Cookies Used

  • Preference cookies:
    Allow remembering user settings, such as language.

Consent

In accordance with Article 22.2 of the Information Society Services Act (LSSI-CE), user consent is not required for the use of these cookies, as they are strictly necessary for the provision of the requested service.

8. Information Security

The controller applies appropriate technical and organizational measures to ensure data security, including, among others:

  • Use of secure connections.
  • Tokens with limited expiration.
  • Cookies marked as secure, when applicable.
  • Access control and protection measures against unauthorized access.

9. Transfer of Data to Third Parties

Data is not transferred to third parties, except when legally obligated or when necessary for the provision of the service (e.g., technological infrastructure used for system hosting), with such providers acting as data processors under corresponding legal agreements.

10. Rights of Data Subjects

Data subjects may exercise the following rights, when applicable:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection

These rights may be exercised by submitting a written request using the contact information indicated in section 1.

11. Policy Modifications

The controller reserves the right to modify this policy to adapt it to legislative updates or changes in the service. Modifications will be published on this same page.

12. Applicable Legislation

This policy is governed by Regulation (EU) 2016/679 (GDPR) and applicable Spanish legislation regarding data protection and information society services, without prejudice to the application of other regulations when legally required.

13. International Users

The service may be used by business clients located outside the European Union. The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 (GDPR) as a reference standard for data protection and, when applicable, in accordance with the data protection regulations of the client's country of residence.