ZZorynex
Legal

Data Processing Agreement

For business customers processing candidate data on Zorynex. This DPA sets out our roles, security commitments, sub-processors and the safeguards we apply to your data.

Last updated June 23, 2026Questions? Contact our team

1. Introduction#

This Data Processing Agreement ("DPA") forms part of the agreement between Zorynex("Processor") and the customer ("Controller") that uses the Services to process personal data (the "Agreement"). It applies where Zorynex processes personal data on the Controller's behalf and reflects the requirements of the GDPR, UK GDPR and comparable data-protection laws. Capitalised terms not defined here have the meaning given in our Terms & Conditions.

2. Definitions#

Controller
The party that determines the purposes and means of processing personal data.
Processor
Zorynex, processing personal data on the Controller's documented instructions.
Data subject
The individual to whom the personal data relates, e.g. a candidate.
Sub-processor
A third party engaged by the Processor to assist in processing.

3. Roles & scope of processing#

The Controller determines the purposes and means of processing; Zorynex processes personal data only on the Controller's documented instructions, including as set out in the Agreement and this DPA.

Nature & purpose

Processing is carried out to provide the Services — including hosting candidate profiles, powering job matching and AI features, facilitating applications and communications, and delivering analytics.

Categories of data & data subjects

  • Data subjects: candidates, recruiters, hiring-team members and other authorised users.
  • Data categories: identity and contact details, profile and resume data, application and messaging data, and usage data.

4. Processor obligations#

Zorynex agrees to:

  • Process personal data only on the Controller’s documented instructions.
  • Ensure persons authorised to process data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures.
  • Assist the Controller with data-subject requests and compliance obligations.
  • Notify the Controller without undue delay on becoming aware of a personal-data breach.
  • Delete or return personal data at the end of the engagement, as instructed.

5. Sub-processors#

The Controller authorises Zorynex to engage sub-processors (such as hosting, email and AI infrastructure providers) to support the Services. We impose data-protection obligations on each sub-processor that are no less protective than this DPA, remain responsible for their performance, maintain a current list of sub-processors, and give the Controller advance notice of new sub-processors so they may object on reasonable grounds.

6. Security measures#

Zorynex maintains a security programme appropriate to the risk, including encryption in transit and at rest, access controls, network protection, logging and monitoring, and regular testing. Details are described on our Security page.

The Controller is responsible for configuring its account and managing its users' access appropriately.

7. International transfers#

Where processing involves transferring personal data outside the EEA, UK or Switzerland, the parties rely on an adequacy decision or the European Commission's Standard Contractual Clauses (with the UK Addendum where applicable), which are incorporated into this DPA by reference, together with appropriate supplementary measures.

8. Data-subject requests#

Taking into account the nature of the processing, Zorynex provides tools and, where needed, reasonable assistance to help the Controller respond to requests from data subjects to exercise their rights under applicable law. If we receive a request directly, we will, where lawful, refer the data subject to the Controller.

9. Breach notification#

On becoming aware of a personal-data breach affecting Controller data, Zorynex will notify the Controller without undue delay and provide information reasonably available to help the Controller meet its own notification obligations to regulators and data subjects.

10. Audits#

Zorynex makes available information necessary to demonstrate compliance with this DPA and allows for and contributes to audits, including inspections, conducted by the Controller or an auditor it mandates, subject to reasonable notice, confidentiality and frequency limits, and our security and operational requirements.

11. Return & deletion of data#

On termination of the Services, and at the Controller's choice, Zorynex will delete or return the personal data it processes on the Controller's behalf and delete existing copies, unless retention is required by law. Backups are purged on our standard rotation schedule.

12. Contact & how to sign#

To request a counter-signed copy of this DPA for your organisation, contact hello@zorynex.co.in or reach out via our contact page.

Related policies

This document is provided as clear, generic boilerplate to illustrate Zorynex's approach. It is not legal advice. Please review and adapt it with qualified counsel before relying on it in production.

Build your career on a platform you can trust.

Privacy-first by design, secure by default. Create your free Zorynex account and take control of your data.

Get started free Our security practices