PERSONAL DATA

New Way informs you about its Privacy Policy regarding the processing and protection of personal data.

We guarantee compliance with current regulations on personal data protection, as reflected in Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD GDD). We also comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons (GDPR) and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce.

DATA PROTECTION OFFICER

As part of its commitment to privacy and data protection, New Way has appointed a Data Protection Officer, whose details and contact details are indicated below.

privacy@newway.com

PRINCIPLES APPLIED TO DATA PROCESSING

When processing personal data, we will apply the following principles, which comply with the requirements of the European Data Protection Regulation:

• Principle of legality, fairness, and transparency: consent will be required (except in cases where another legitimate ground under Article 6 of the GDPR applies) for the processing of personal data for one or more specific purposes, about which we will inform you in advance with absolute transparency.
• Principle of data minimization: only the data strictly necessary for the corresponding purpose(s) will be requested.
• Principle of retention limitation: data will be kept for the time strictly necessary for the purpose(s) of processing. You will be informed of the corresponding retention period according to the purpose.
• Principle of integrity and confidentiality: the security, confidentiality, and integrity of the data are guaranteed. New Way takes the necessary precautions to prevent unauthorized access or misuse of the data by third parties.

DATA COLLECTED AND PURPOSE OF PROCESSING

The personal data and the purpose of processing will be, depending on each case:

Data Subjects: STUDENTS

• Data Processed: Identification data (name, surname, ID, etc.), contact information (email, WhatsApp, etc.), bank details (account number, bank card, etc.), image, and other data (provided by the data subject in open forms or communications).
• Legal grounds: Fulfillment of the contractual relationship between New Way and the student, legitimate interest, and, where applicable, consent.
• Purpose of Processing: Manage the services, information, and/or products requested, send communications of interest (if the data subject has provided the appropriate authorization), collaborate, where appropriate, in the recovery of the student's debts with the financial institution, and comply with the legal obligations applicable to the data controller.

Interested parties: JOB APPLICANTS

• Data processed: Identification data (name, surname, ID number, etc.), data included in the CV (studies, work experience, hobbies, etc.), contact information (email, WhatsApp, etc.), other data (provided by the interested party in open forms or communications)
• Legal grounds: Consent.
• Purpose of processing: To manage the selection process.

Interested parties: EMPLOYEES

• Data processed: Identification data (name, surname, ID number, etc.), data included in the CV (studies, work experience, hobbies, etc.), contact information (email, WhatsApp, etc.), bank details (account number, account holder, SEPA mandate), image, and other data (provided by the interested party in open forms or communications)
• Legal grounds: Fulfillment of the contractual relationship between New Way and the employee, and, where applicable, consent.
• Purpose of processing: Manage the rights and obligations related to the contractual relationship.

Data Subjects: SUPPLIERS

• Data processed: Identification data (name, surname, ID, etc.), contact information (email, WhatsApp, etc.), bank details (account number, billing, etc.), other data (provided by the data subject in open forms or communications).
• Legal grounds: Fulfillment of the contractual relationship between New Way and the supplier and, where applicable, consent.
• Purpose of processing: Administrative, accounting, and tax management, monitoring and control of the business relationship, and, in general, compliance with the legal obligations of companies.

RIGHTS

Any data subject has the right to obtain confirmation as to whether or not New Way is processing personal data that concerns them.

Data subjects have the right to access their personal data, as well as request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Data subjects may send a letter to New Way by email to privacy@newway.com, attaching a photocopy of their identification document, at any time and free of charge, to:

• Obtain confirmation as to whether personal data concerning them is being processed.
• Request access to stored data.
• Request restriction of processing.
• Object to processing.
• Request portability of your data.
• Revoke consents granted.
• Rectify inaccurate or incomplete data.
• Request deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Likewise, the data subject has the right to effective judicial protection and to file a complaint with the supervisory authority, in this case, the Spanish Data.
• Protection Agency (WWW.AEPD.ES) if they consider that the processing of their personal data violates current regulations.

RETENTION PERIOD

The personal data provided and obtained during the relationship between the data subject and New Way will be retained for the minimum period necessary for the proposed purpose and, in any case, for a maximum period of 5 years from the last confirmation of interest, until consent is withdrawn or as long as a legal provision requires, in which case they will be duly blocked and deleted when no longer required.

PERSONAL DATA SECURITY

To protect personal data, New Way takes all reasonable precautions and follows industry best practices to prevent its loss, misuse, improper access, disclosure, alteration, or destruction.

If international data transfers occur, they would be covered by a European Commission adequacy declaration or equivalent mechanism.

For those entities that access our information under a contractual relationship and/or service provision, New Way adopts the appropriate measures pursuant to Article 28 of EU Regulation 2016/679 (GDPR).

COOKIES

Cookies may be used during the provision of website services. Cookies are physical files containing personal information stored on the user's device. Users can configure their browser to prevent the creation of cookies or to be warned about them. Please review our cookie policy through the link found on this website.

If you choose to leave our website via links to websites not belonging to our entity, New Way is not responsible for the privacy policies of said websites or for the cookies they may store on the user's computer.

You can modify your consent for the installation of these cookies at any time. You can change your choices at any time by clicking on the Cookie Policy – New Way (newway.uk)

DISTRIBUTION OF DATA TO THIRD PARTIES

The data processed by New Way may be disclosed to third parties when required by law.

New Way also employs service providers for whom data disclosure is required in various business areas (administration, accounting, taxation, marketing, labor, etc.). The relationship with these companies is regulated by Article 28 of EU Regulation 2016/679 of April 27 of the European Parliament and of the Council (GDPR). Data accessed by these companies will only be used for necessary business purposes and will not be retained for any subsequent purpose.