GDPR Compliance

Zorynex is committed to protecting the personal data of individuals in the European Economic Area (EEA), the United Kingdom and Switzerland in line with the EU General Data Protection Regulation (GDPR), the UK GDPR and the Swiss FADP. This page explains how we meet those obligations. It complements our Privacy Policy.

Depending on the context, Zorynex acts as a data controller (for our own account, billing and marketing data) or as a data processor (when handling candidate data on behalf of recruiter and company customers).

When we act as a processor, our processing is governed by our Data Processing Agreement.

We only process personal data where we have a lawful basis under Article 6 GDPR:

• Contract — to provide the Services you sign up for.
• Legitimate interests — to secure, maintain and improve the Services.
• Consent — for optional cookies and marketing communications.
• Legal obligation — to comply with applicable laws.

We apply the GDPR's core principles across the platform:

• Lawfulness, fairness and transparency in how we process data.
• Purpose limitation — data is used only for stated purposes.
• Data minimisation — we collect only what we need.
• Accuracy — you can correct your data at any time.
• Storage limitation — we retain data only as long as necessary.
• Integrity and confidentiality through security by design and by default.

If you are in the EEA, UK or Switzerland, you have the right to:

• Be informed about how your data is processed.
• Access your data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Erase your data (the right to be forgotten).
• Restrict or object to certain processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent and lodge a complaint with a supervisory authority.

Most rights can be exercised directly from your account settings. You can also email hello@zorynex.co.in. We respond within one month, with a possible extension for complex requests as permitted by the GDPR.

Where we transfer personal data outside the EEA, UK or Switzerland, we use appropriate safeguards such as European Commission adequacy decisions and Standard Contractual Clauses (with the UK Addendum where relevant), supported by additional technical and organisational measures.

We engage carefully vetted sub-processors (such as hosting, email and AI infrastructure providers) under written agreements that require GDPR-equivalent protections. We maintain a current list of sub-processors and notify customers of material changes under our DPA.

Our technical safeguards — encryption, access control, monitoring and breach response — are detailed on our Security page.

We maintain incident-response procedures and, where a personal-data breach is likely to result in a risk to individuals, we notify the relevant supervisory authority without undue delay and, where required, within 72 hours of becoming aware of it. Affected individuals are informed where the breach poses a high risk.

To exercise your rights or ask GDPR questions, email hello@zorynex.co.in or use our contact page.

Related policies

• Privacy Policy
• Data Processing Agreement
• Cookie Policy