Privacy Notice for Applicants

Privacy Notice for Applicants

Privacy Notice for Applicants

1.        General

1.1 This Privacy Notice provides transparent information about the processing of your personal data when you apply for a job at any entity of the IXOPAY Group (as defined in our Privacy Notice) via our Website or by other means (e.g., via email or Workday). We are responsible for adequately protecting your personal data and therefore comply with all legal regulations for the protection, legal handling and secrecy of personal data, as well as for data security.

1.2 In this context, the legal entities processing personal data are:

  • IXOPAY GmbH, Vorgartenstraße 206c, 1020 Vienna, Austria (“IXOPAY AT”),

  • IXOPAY, Inc., 333 E Main St #396, Lehi, Utah 84043, USA (“IXOPAY US”)

as joint controllers under Art 26 GDPR (including when performing centralized recruitment and human resources activities on behalf of our IXOPAY Group affiliates). In this statement, we collectively refer to the joint controllers IXOPAY AT and IXOPAY US as “IXOPAY”, “we”, “us” or “our”.

1.3 The essence of the Joint Controllers’ arrangement under Article 26 GDPR is available here.

2.        What interest does IXOPAY have in your data and for which purpose does IXOPAY process them?

2.1 Your applicant data (typically including name, address, mother tongue, place and date of birth, nationality, marital status, driving licence, e-mail, telephone number, general education and schooling, work experience, language and IT skills as well as other voluntary documents such as CV, motivation letter, photo, certificates) provided as part of an unsolicited or job-related application will be processed by us solely for recruitment purposes. This includes evaluating and processing your application, as well as comparing it with job vacancies across the IXOPAY Group in the context of steps taken prior to entering into a contract, in accordance with Article 6 (1) (b) GDPR.

2.2 We are subject to legal obligations, e.g. obligations under applicable US employment laws, the German General Equal Treatment Act (AGG), the Austrian Equal Treatment Act (GlBG), as well as tax or company law requirements. To fulfill these obligations, we process your personal data in accordance with Article 6 (1) (c) GDPR, but only to the extent required by the relevant laws.

2.3 Additionally, under Article 6 (1) (f) GDPR, we process your data based on our legitimate interests. These interests primarily involve the establishment, exercise, or defense of legal claims. We also share your applicant data between IXOPAY Group entities for internal administrative purposes and centralized, full-scope human resources management.

2.4 If none of the above legal bases applies, we will seek your consent pursuant to Art 6 (1) (a) GDPR. This is particularly relevant if we wish to contact you about other open positions beyond your specific application or retain your data for longer periods in our records.

3.        To whom is your data passed on?

3.1 We cooperate with external service providers (processors) and transmit your personal data to them as necessary for the provision of services. Processors include in particular the following categories of IT service providers:

  • IT Service Providers: These include software and service providers for email and administrative activities, suppliers for special recruiting platforms, data centers, IT operations and hosting, and security service providers for physical and data security.

  • Project Management and IT Support: IT service providers and support teams assist with project management, requirement definition, software introduction, adaptation and development, and maintenance of IT systems.

We have entered into data processing agreements with our processors in accordance with Article 28 GDPR. These agreements oblige processors to strictly comply with applicable data protection laws and to process your data only to the extent required.

3.2 Additionally, we transmit your personal data to the following external recipients (controllers) who are each subject to strict contractual or statutory confidentiality and data secrecy commitments:

  • Recruiters: We collaborate with external recruitment agencies and headhunters to assist us with our hiring processes based on our legitimate interests.

  • External Third Parties: On the basis of our legitimate interests, we may share your data with IXOPAY Group auditors, tax consultants, insurance companies (in the event of an insurance claim), and legal representatives when necessary.

  • Authorities and Public Bodies: We may disclose your data to tax authorities and other public bodies to the extent required by law.

4.        How long will your data be stored?

Your personal data will be deleted once IXOPAY no longer requires it for the purposes described above and no further legal retention periods apply.

  • If an employment relationship is established: We will retain your data for the duration of your employment and delete it after the termination of your engagement, following the expiry of legal retention obligations.

  • If an employment relationship is not established: Your data will be retained for seven months based on legitimate interests (in accordance with applicable equal treatment and anti-discrimination laws) and will be subsequently deleted. Any further processing requires your separate prior consent.

5. International Data Transfers

Where applicant personal data is transferred to or accessed by recipients in countries outside the European Economic Area that are not subject to an adequacy decision of the European Commission, such as IXOPAY US, we implement appropriate safeguards to protect your data. In particular, we rely on the EU Standard Contractual Clauses along with supplementary technical and organizational measures. If you have any questions or need further information concerning the relevant safeguards, please contact us at [email protected].

6.        What rights do you have?

Depending on applicable law (including the GDPR), you have the rights set forth in the “Your Rights” Section of our Privacy Notice.

7.        Contacting us

If you have questions regarding this policy, or wish to exercise any of the data protection rights outlined above, feel free to contact IXOPAY at:

  • [email protected] or IXOPAY GmbH, Privacy Department, Vorgartenstrasse 206c, 1020 Vienna, Austria.

To enable us to process your request regarding your above-mentioned rights and to ensure that personal data are not disclosed to unauthorized third parties, please direct the request with clear identification of your person and with a brief description of the extent to which your above-mentioned rights are exercised.

8. Notice to California Residents 

This section applies only to California residents for purposes of compliance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “California Privacy Laws”). In the previous twelve month period, we have collected, used, and disclosed certain personal data of California applicants solely for the recruitment and human resources purposes described in Section 2.

California applicants have the right to request access to, correction of, and deletion of their personal data, and the right not to be discriminated against for exercising these rights. We do not "sell" the personal data of California applicants, nor do we "share" it for cross-context behavioral advertising purposes. To exercise your rights under California Privacy Laws, please contact us at [email protected]. All requests should include appropriate information to allow us to verify your identity.

Version: 23 February 2026

The Future is Agentic.
Are You Ready?

As commerce shifts from clicks to agents, your infrastructure must be protocol-agnostic. IXOPAY acts as the neutral trust layer, orchestrating identity and value across the fragmenting landscape of AI agent protocols.

Contact Sales