GDPR & Cookies Policy

Controller vs Processor: For recruitment data uploaded by customers (applicant CVs, interview notes, candidate profiles), Winixco acts as a Data Processor, while the subscribing customer is the Data Controller. For user account data collected directly by Winixco (such as admin accounts), Winixco acts as the Data Controller.

We provide a DPA upon request or include it in our subscription agreements. The DPA covers:

• Permitted processing activities (hosting, storage, backups, customer support).
• Security measures including encryption, access controls, and logging.
• Sub-processor list and advance notification of changes.
• Support for data subject rights and data deletion/return upon contract termination.

We help customers fulfill GDPR data subject requests (access, correction, deletion, portability) for data processed on their behalf. Customers may contact support@winixco.com with request details and proof of identity where applicable.

For transfers of personal data from the EU to countries without adequacy decisions, we rely on legally recognized safeguards such as Standard Contractual Clauses (SCCs). Customers may request copies of applicable safeguards.

We use cookies and similar technologies to operate and secure the service, authenticate users, remember preferences, and perform analytics. Cookie preferences can be managed via browser settings or platform tools. Cookie categories include:

• Essential: Required for authentication and platform functionality.
• Performance & Analytics: Helps us understand usage and improve features.
• Marketing: Used only with user consent to deliver updates and product information.