Terms of use

TERMS OF USE

This website is the property of INNOVATION TO WIN, S.L. with NIF nº B67074948 and address at Diputació st., 211, 08011, Barcelona and Registered in the Mercantile Registry of Barcelona in Volume 46091 folio 143, page B-509.167 1st Registration.

For any question or proposal, please contact us at: info@intowin.es

This website is governed by the regulations exclusively applicable in Spain, being subject to it, both nationals and foreigners who use this website.

Access to our website by the USER is free and is subject to prior reading and full, express and unreserved acceptance of these GENERAL CONDITIONS OF USE in force at the time of access, which we ask you to read carefully. The USER when using our portal, its contents or services, accepts and expressly submits to the general conditions of use thereof. If the user does not agree with these conditions of use, he or she must refrain from using this portal and operating through it.

We can modify at any time the presentation and configuration of our website, expand or reduce services, and even delete it from the network, as well as the services and content provided, all unilaterally and without prior notice.

  1. INTELLECTUAL PROPERTY

All content, texts, images, trademarks, and source codes are owned by us or by third parties whose exploitation rights have been acquired and are protected by Intellectual and Industrial Property rights.

The user only has the right to private, non-profit use of the same, and needs express authorization to modify, reproduce, exploit, distribute or exercise any right belonging to its owner.

  1. ACCESS CONDITIONS

Access to our website is free and does not require prior subscription or registration.

The sending of personal data implies the express acceptance by the USER of our privacy policy.

The user must access our website in accordance with good faith, the rules of public order and these General Conditions of use. Access to our website is made under the sole and exclusive responsibility of the user, who will be liable in all cases for any damages that may be caused to third parties or to ourselves.

Taking into account the impossibility of control over the information, content and services contained in other web pages that can be accessed through the links that our web page may make available to you, we inform you that we are exempt from any responsibility for damages of any kind that may arise from the use of these web pages, outside our company, by the user.

  1. PRIVACY POLICY

Confidentiality and security are fundamental values of INNOVATION TO WIN, S.L. and, consequently, we are committed to guaranteeing the privacy of the User at all times and not to collect unnecessary information. Below, we provide you with all the necessary information about our Privacy Policy in relation to the personal data we collect, explaining:

  • Who is responsible for the processing of your data.
  • For what purposes we collect the data that we request.
  • What is the legitimacy for its treatment.
  • How long we keep them.
  • To which recipients your data is communicated.
  • What are your rights and how to exercise them.

 

  1. RESPONSIBLE: look for data in the heading.
  2. PURPOSES, LEGITIMATION AND CONSERVATION of the data processing sent through:
  • Contact form.

Purpose: To provide you with a means by which you can contact us and answer your requests for information, as well as send you communications about our products, services and activities, including by electronic means (email, SMS, etc.), if you tick the acceptance box.

Legitimation: The consent of the user when requesting information through our contact form and when checking the acceptance box for sending information.

Conservation: Once your request has been resolved through our form or answered by email, if you have not generated a new treatment, and if you have accepted to receive commercial shipments, until you request the cancellation of the same.

  • Sending emails.

Purpose: To answer your requests for information, respond to your requests, and answer your questions or doubts. In case of receiving your Curriculum Vitae, your personal and curricular data may be part of our databases to participate in our present and future selection processes.

Legitimation: The consent of the user when requesting information through the email address or sending us their data and CV to participate in our selection processes.

Conservation: Once your request is answered by email, if you have not generated a new treatment. In the case of receiving your CV, your data may be kept for a maximum year for future selection processes.

Obligation to provide us with your personal data and consequences of not doing so.

The provision of personal data requires a minimum age of 14 years or, where appropriate, the minimum age established by the applicable data protection regulations and / or have sufficient legal capacity to contract.

The requested personal data is necessary to manage your requests, register you as a user and / or provide the services you may contract, so if you do not provide them, we will not be able to serve you correctly or provide the service you have requested.

In any case, we reserve the right to decide whether or not to include your personal data and other information in our databases.

  1. RECIPIENTS OF YOUR DATA.

Your data is confidential and will not be transferred to third parties, unless there is a legal obligation.

  1. COOKIES

This website may use cookies but in no case do they process personal data, capture the user’s browsing habits, or are used for advertising purposes, and therefore they are exempt from compliance with the obligations established in article 22 of the Law of Services of the Information Society. However, the user consents to the use of cookies that allow us to communicate between the user’s equipment and the network, provide a service expressly requested by the user, user authentication or identification (session only), provide security to the user, media player sessions, load balancing sessions, customization of the user interface and plugins (plug-in) and sharing social content. In any case, the user, if she wishes, can deactivate and/or eliminate these cookies by following the instructions of her Internet browser.

  1. RIGHTS IN RELATION TO YOUR PERSONAL DATA.

Anyone can withdraw their consent at any time when it has been granted for the processing of their data. In no case, the withdrawal of this consent conditions the execution of the subscription contract or the relationships generated previously.

Likewise, you can exercise the following rights:

  • Request access to your personal data or its rectification when they are inaccurate.
  • Request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • Request the limitation of its treatment in certain circumstances.
  • Request opposition to the processing of your data for reasons related to your particular situation.
  • Request the portability of the data in the cases provided for in the regulations.
  • Other rights recognized in the applicable regulations.

Where and how to request your Rights:  Writing to the person in charge at their postal or electronic address (indicated in section A), indicating the reference “Personal Data”, specifying the right to be exercised and regarding which personal data.

In case of divergences with the company in relation to the processing of your data, you can file a claim with the Data Protection Agency (www.agpd.es).

  1. SECURITY OF YOUR PERSONAL DATA

With the aim of safeguarding the security of your personal data, we inform you that we have adopted all the necessary technical and organizational measures to guarantee the security of the personal data provided from its alteration, loss and unauthorized access or processing.

  1. UPDATING YOUR DATA
  1. It is important that in order for us to keep your personal data up to date, you inform us whenever there has been any change in them, otherwise, we are not responsible for their veracity. We are not responsible for the privacy policy regarding the personal data that you may provide to third parties through the links available on our website.This Privacy Policy has been modified on 07/07/2020 and can be modified to adapt to the changes that occur on our website, as well as legislative or jurisprudential modifications on personal data that appear, so it requires reading, every time you provide us with your data through this website.RESPONSIBILITIES

By making this website available to the user, we want to offer a quality service, using the utmost diligence in providing it, as well as in the technological means used. However, we will not be responsible for the presence of viruses and other elements that may in any way damage the user’s computer system.

We do not guarantee that the availability of the service will be continuous and uninterrupted.

The USER is prohibited from any type of action on our portal that causes an excessive operating overload to our computer systems, as well as the introduction of viruses, or installation of robots, or software that alters the normal operation of our website, or ultimately may cause damage to our computer systems.

The USER assumes all responsibility derived from the use of our website.

The USER acknowledges that he has understood all the information regarding the conditions of use of our portal, and acknowledges that they are sufficient for the exclusion of the error in them, and therefore, he accepts them integrally and expressly.

Intowin Security Policies and Architecture –

Simplified Version

Introduction
Intowin is a leading provider of innovative SaaS solutions dedicated to enhancing business processes through secure and reliable technology. Our flagship product, Andy, is designed to revolutionize food safety and hygiene management in the hospitality and food service industries. We implement industry-standard security protocols, multi-factor authentication (MFA), and role-based access controls to protect sensitive data. We also adhere to stringent data protection regulations such as GDPR.

Proximity, quality of service and results-oriented approach are our hallmarks. Therefore, aware of the significance of information security, and in line with the path set by our own identity, Intowin has promoted the establishment of an Information Security Management System in accordance with the ISO27001 requirements in order to identify, assess and minimize the risks to which your information and that of your clients is exposed, as well as to guarantee the fulfillment of the established objectives.

The main objective of this Security Policy is to establish a model of action that allows us to develop a corporate culture, a way of working and making decisions at Intowin, as well as to ensure that information security and respect for personal data are a constant:  

  • Preserving the confidentiality of our clients’ information, preventing its disclosure and access by unauthorized persons.  
  • Maintaining the integrity of our clients’ information, ensuring its accuracy and preventing its deterioration.
  • Ensuring the availability of our clients’ information, in all media and whenever necessary.  

The Management, for its part, especially values and establishes as a main criterion for the estimation of its risks the assessment of the availability and confidentiality of its information and even more so that of its clients. Thus, it is committed to developing, implementing, maintaining and continuously improving its Information Security Management System (ISMS) with the objective of continuous improvement in the way we provide our services and in the way we treat our clients’ information.

 

2. Security Architecture
Our security architecture includes multiple layers of protection such as network security, application security, and data security to ensure comprehensive defense against cyber threats.

2.1 Network Security

We use Virtual Private Cloud (VPC) and VPN Authentication to create isolated network environments and ensure secure access. Security Groups and Network ACLs are implemented to control inbound and outbound traffic.

2.2 Application Security
We employ secure development practices, conduct regular code reviews and testing, and utilize Web Application Firewalls (WAF) to protect our applications from common web exploits and attacks.

2.3 Data Security

Data is encrypted at rest and in transit using advanced encryption standards. Strict access controls are implemented to ensure that only authorized users can access sensitive data. Regular backups and quick recovery measures are in place to ensure data integrity.

2.4 Identity and Access Management
We use AWS Identity and Access Management (IAM) to define fine-grained permissions and enforce multi-factor authentication (MFA) for accessing critical resources.

2.5 Continuous Monitoring and Improvement
Continuous monitoring using AWS CloudWatch and CloudTrail ensures that all activities and changes within our AWS environment are logged to detect and respond to potential threats. Regular security audits and reviews are conducted to ensure compliance with security policies.

3. Security Policies
We have established comprehensive security policies covering access control, data protection, incident response, and user awareness training. Regular backups and a disaster recovery plan are in place to ensure service continuity.

4. Regulatory Compliance and Security Standards
We ensure full compliance with GDPR, conducting regular security assessments and implementing measures to protect personal data. We address the OWASP Top 10 security risks through comprehensive application security measures.

5. Threat Monitoring and Detection
Advanced threat detection systems and tools are used to monitor for suspicious activities and potential security incidents. AWS CloudWatch, AWS Security Hub, and AWS Config are utilized for continuous monitoring and compliance assessment.

6. Incident Response
Our incident response plan includes established procedures for identifying, managing, and mitigating security incidents. Clear communication protocols ensure timely and transparent communication with all relevant stakeholders during a security incident.

No More Guesswork. No More Paper. No more Chaos!
Andy: The Smarter Way to Run Today’s Food Service Operations.

Start now

No More Guesswork. No More Paper. No more Chaos!
Andy: The Smarter Way to Run Today’s Food Service Operations.

Start now
Functions
Digital HACCP
Tasks Management
Digital Checklists
Temperature Sensors
Operational Timers
Food labeling
Product Timers
Incident Management
Preventive Maintenance
Food & Operational Audits
Control Panel
Resources
Andy Talks
About Andy
Blog
Shop
Help centre
Legal
Legal terms
Contract conditions
Terms of use
Cookie policy
Contact
932 715 644
684 46 60 17
Log inStart now
LinkedInYouTubeSpotify

© 2025 – Intowin

Functions
Food labelling
HACCP
Digital checklists
Incident management
Cleaning and hygiene plans
Preventive maintenance
Control panel
Food safety audit
Temperature sensors
Product timers
Operational timers
Resources
Andy Talks
About Andy
Blog
Shop
Help centre
Start for free
Legal
Legal terms
Contract conditions
Terms of use
Cookie policy
Contact
932 715 644
684 46 60 17
Log inStart now
LinkedInYouTubeSpotify

© 2025 – Intowin

Back To Top