Privacy Policy for Applicants

General
What interest does IXOPAY have in your data and for which purpose does IXOPAY process them?
To whom is your data passed on?
How long will your data be stored?
What rights do you have?
Contacting us

1. General

1.1. This Privacy Policy provides transparent information about the processing of your personal data by IXOPAY when you apply for a job at IXOPAY GmbH, Vorgartenstraße 206c, 1020 Vienna, Austria via our Website or by other means (e.g., via email). We are responsible for adequately protecting your personal data and therefore complies with all legal regulations for the protection, legal handling and secrecy of personal data, as well as for data security.

1.2. In this context, the legal entities processing personal data are:

IXOPAY GmbH, Vorgartenstraße 206c, 1020 Vienna, Austria (“IXOPAY AT”),
IXOPAY, Inc., 333 E Main St #396, Lehi, Utah 84043, United State (“IXOPAY US”)

as joint controllers under Art 26 GDPR. In this statement, we collectively refer to the joint controllers IXOPAY AT and IXOPAY US as “IXOPAY”, “we”, “us” or “our”.

1.3. The essence of the Joint Controllers’ arrangement under Article 26 GDPR is available here.

2. What interest does IXOPAY have in your data and for which purpose does IXOPAY process them?

Your applicant data (typically including name, address, mother tongue, place and date of birth, nationality, marital status, driving licence, e-mail, telephone number, general education and schooling, work experience, language and IT skills as well as other voluntary documents such as CV, motivation letter, photo, certificates) provided as part of an unsolicited or job-related application will be processed by IXOPAY solely for recruitment purposes. This includes evaluating and processing your application, as well as comparing it with job vacancies in the context of steps taken prior to entering into a contract, in accordance with Article 6 (1) (b) GDPR.

IXOPAY AT is subject to legal obligations, e.g. obligations under the Austrian Equal Treatment Act (GlBG), as well as tax or company law requirements. To fulfill these obligations, we process your personal data in accordance with Article 6 (1) (c) GDPR, but only to the extent required by the relevant laws.

Additionally, under Article 6 (1) (f) GDPR, we process your data based on IXOPAY’s legitimate interests. These interests primarily involve the establishment, exercise, or defense of legal claims. We also share your applicant data between IXOPAY Group entities, IXOPAY AT and IXOPAY US, for internal administrative purposes.

If none of the above legal bases applies, we will seek your consent pursuant to Art 6 (1) (a) GDPR. This is particularly relevant if we wish to contact you about other open positions beyond your specific application or retain your data for longer periods in our records.

3. To whom is your data passed on?

3.1 We cooperate with external service providers (processors) and transmit your personal data to them as necessary for the provision of services. Processors include in particular the following categories of IT service providers:

IT Service Providers: These include software and service providers for email and administrative activities, suppliers for special recruiting platforms, data centers, IT operations and hosting, and security service providers for physical and data security.
Project Management and IT Support: IT service providers and support teams assist with project management, requirement definition, software introduction, adaptation and development, and maintenance of IT systems.

We have entered into data processing agreements with our processors in accordance with Article 28 GDPR. These agreements oblige processors to strictly comply with applicable data protection laws and to process your data only to the extent required.

3.2. Additionally, we transmit your personal data to the following external recipients (controllers) as required:

External Third Parties: On the basis of our legitimate interests, we may share your data with auditors, tax consultants, insurance companies (in the event of an insurance claim), and legal representatives when necessary.
Authorities and Public Bodies: We may disclose your data to tax authorities and other public bodies to the extent required by law.

4. How long will your data be stored?

Your personal data will be deleted once IXOPAY no longer requires it for the purposes described above and no further legal retention periods apply.

If an employment relationship is established: We will retain your data for the duration of your employment and delete it after the termination of your engagement, following the expiry of legal retention obligations.
If an employment relationship is not established: Your data will be retained for seven months based on legitimate interests (in accordance with § 15 GlBG) and will be subsequently deleted. Any further processing requires your separate prior consent.

5. What rights do you have?

According to Art 15 ff GDPR you have the following data subject rights:

You have the right to access all your personal data that we process at any time.
Under certain conditions, you may request that your personal data be restricted, rectified or erased.
In certain cases, you have the right to data portability, allowing you to receive your personal data disclosed to us in a structured, current, and machine-readable format.
You have the right to object to the processing of your data for reasons arising from your particular situation. This includes objections to the processing of your data for direct marketing purposes, which are not relevant for the purposes of the processing at hand.
Where processing is based on consent, you can withdraw your consent at any time without giving reasons with effect for the future.
Also, you can lodge a complaint with the competent data protection authority.

6. Contacting us

If you have questions regarding this policy, or wish to exercise any of the data protection rights outlined above, feel free to contact IXOPAY at:

[email protected] or IXOPAY GmbH, Privacy Department, Vorgartenstrasse 206c, 1020 Vienna, Austria.

Our Data Protection Officer can be reached at [email protected] or IXOPAY, Inc., Attn: Legal Department, P.O. Box 521068, Tulsa, Oklahoma 74152-1068.

The EU Representative of IXOPAY, Inc. is: The Document Warehouse, Document Park, Castle Road, Sittingbourne, Kent, ME10 3JP, +44 (0)208 092 4555, [email protected].

To enable us to process your request regarding your above-mentioned rights and to ensure that personal data are not disclosed to unauthorized third parties, please direct the request with clear identification of your person and with a brief description of the extent to which your above-mentioned rights are exercised.

Partner	Name	Description	Duration
IXOPAY GmbH	cookiesConsent	Cookie Banner. Stores your cookie settings.	12 Months
IXOPAY GmbH	Visitor Filter	User centric security cookie to detect authentication abuses. Filters out computer/bot generated Website requests.	30 Minutes
Google Ireland Limited	reCAPTCHA	User centric security cookie to detect if a human being or a computer is making a specific entry in our contact or newsletter form.	6 Months
Cloudflare Inc.	Security Cookie	Used by Cloudflare (Website Security Network) to identify trusted web traffic, and protect our website against malicious activity (see Cloudflare's Cookie Informations).	30 minutes

Partner	Name	Description	Duration
Google Ireland Limited	Google Analytics	Cookies are used to collect data on how visitors interact with our website. It helps us analyze website traffic and user behavior, providing insights to improve user experience. It uses identifiers like Client IDs to track user interactions across sessions (also see Google Privacy & Terms).	2 years
Microsoft Ireland Operations Limited	Clarity	Analytical service capturing your interactions on the Website such as how the page has rendered and what interactions you had on the Website (surfing behavior: mouse movements, clicks, scrolls). Microsoft collects or receives personal data from us to provide Microsoft Advertising (see Microsoft Privacy Statements). Sensitive content such as passwords, usernames, and user input are masked before sending to Microsoft.	12 months
Dealfront Group GmbH	Leadfeeder	Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated Dealfront Group GmbH / Analytical service that collects the visitor IP address to detect corporate visits and their geographic location. Dealfront only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visitor data is aggregated on the company level (no reference to natural persons). Via a connection to Google Analytics, Dealfront shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Dealfront also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn).	24 months
Salesforce, Inc.	Salesforce Account Engagement (Pardot)	Salesforce cookies are used to support the functionality and performance of our customer relationship management (CRM) system. They help maintain session continuity, track user preferences, and store authentication details to ensure a secure and seamless user experience. These cookies also assist in tracking user interactions to improve service delivery and customer support. Also see Salesforce Cookie Information.	24 Months
ZoomInfo Technologies LLC	ZoomInfo	ZoomInfo uses cookies to enhance its B2B intelligence services by collecting and organizing data about website visitors. These cookies help track user sessions, visitor interactions, and company-level engagement to provide businesses with insights into potential leads and decision-makers. The data collected by these cookies is used solely for business-related purposes, namely lead generation and improving targeted marketing efforts.	730 days

Partner	Name	Description	Duration
Google Ireland Limited	Google Ads	Google Ads uses conversion cookies to track and measure the effectiveness of advertisements across our website and those of our marketing and advertising partners. These cookies help assess how visitors interact with our ads, enabling us to optimize campaigns and enhance targeting.	3 months
Microsoft Ireland Operations Limited	Universal Event Tracking (UET)	Conversion-cookie set by the service Microsoft Advertising for assessing advertisement efficiency across our Websites and on websites of our marketing- & advertising partners. This cookie helps monitor user interactions and conversions, providing insights to optimize ad performance. The cookie and your IP address are transmitted to Microsoft with each HTTP request, not just through UET.	13 Months
Wistia, Inc.	Video Player	Video hosting platform that collects and analyzes data on video performance and user interaction, offering insights to help users better understand how their content is being consumed.	1 Day
6sense Insights, Inc.	6sense Predictive	6sense uses cookies to track and analyze visitor interactions, providing predictive insights and identifying potential business opportunities. These cookies collect information on user sessions, visitor behavior, and company identification. The data collected, including session activity and user identifiers, supports marketing and sales efforts by enabling targeted engagement strategies.	24 Months
Salesloft, Inc.	Salesloft CRM	Salesloft is a sales engagement platform that uses cookies to track user interactions, manage customer relationships, and streamline sales operations. These cookies enable session tracking, secure authentication, and multi-site tracking. For example, when a recipient clicks a link tracked by Live Web Tracking on scout.salesloft.com, it allows Salesloft to track activity across different websites, providing insights into customer engagement.	1000 Days

Privacy Policy for Applicants