Legal & Compliance

Privacy Policy

Last Updated: December 13, 2025

1. Introduction

Qiralyx ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our AI-powered recruitment platform viRecruit.

We are a company based in Nuremberg, Germany, and we process personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Qiralyx

Nuremberg, Germany

Email: adm@qiralyx.com

3. Information We Collect

We collect the following types of information:

3.1 Information You Provide

Contact Information: Name, email address, phone number, company name
Account Information: Username, password, profile information
Communication Data: Messages, inquiries, and feedback you send to us
Job Application Data: Resumes, cover letters, interview responses (when using viRecruit)

3.2 Automatically Collected Information

Usage Data: Pages visited, time spent, click patterns, browser type, device information
Technical Data: IP address, browser type, operating system, device identifiers
Cookies and Tracking: See our Cookie Policy section below

4. How We Use Your Information

We use your personal data for the following purposes:

To provide and maintain our services
To process and respond to your inquiries and requests
To improve our website and services
To send you administrative information and updates
To comply with legal obligations
To protect our rights and prevent fraud
For analytics and performance monitoring (with your consent)
For marketing purposes (with your consent)

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Consent: When you have given clear consent for specific processing activities
Contract Performance: To fulfill our contractual obligations to you
Legal Obligation: To comply with applicable laws and regulations
Legitimate Interests: For our legitimate business interests, provided they don't override your rights

6. Data Sharing and Disclosure

We may share your information with:

Service Providers: Third-party vendors who assist us in operating our services (e.g., hosting, analytics, email services)
Business Partners: With your consent, we may share data with trusted partners
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets

We ensure all third parties process your data in accordance with GDPR and our data processing agreements.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your data, we will securely delete or anonymize it.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

GDPR Compliance

Qiralyx is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. We have implemented comprehensive data protection measures to ensure your rights are protected.

Our GDPR Commitment

We process personal data lawfully, fairly, and transparently
We collect data only for specified, explicit, and legitimate purposes
We minimize data collection to what is necessary
We ensure data accuracy and keep it up to date
We implement appropriate technical and organizational security measures
We respect your rights and facilitate their exercise

Data Protection Measures

Encryption of data in transit (TLS/SSL) and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures
Regular data protection impact assessments (DPIAs)

Data Processing Records

We maintain detailed records of our data processing activities as required by Article 30 of the GDPR, including:

Categories of data subjects and personal data
Purposes of processing
Categories of recipients
Data retention periods
Security measures implemented

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

1. Right of Access (Article 15)

You have the right to obtain confirmation as to whether we process your personal data and access to that data, including information about the purposes, categories, recipients, and retention periods.

2. Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data we hold about you.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when it's no longer necessary, you withdraw consent, or it's been unlawfully processed, subject to certain exceptions.

4. Right to Restrict Processing (Article 18)

You can request that we limit how we use your personal data in certain circumstances.

5. Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller.

6. Right to Object (Article 21)

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7. Right to Withdraw Consent (Article 7)

When processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred.

German Supervisory Authority: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: adm@qiralyx.com

We will respond to your request within one month (or two months for complex requests) as required by GDPR.

Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our website. This Cookie Policy explains what cookies are, how we use them, and your choices regarding cookies.

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember your preferences and improve your browsing experience.

Types of Cookies We Use

1. Necessary Cookies

These cookies are essential for the website to function properly. They cannot be disabled and are set in response to actions you take, such as setting privacy preferences or filling in forms.

2. Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve our website's functionality and user experience.

3. Marketing Cookies

These cookies are used to deliver personalized advertisements and track campaign performance. They may be set by our advertising partners to build a profile of your interests.

Managing Cookies

You can manage your cookie preferences at any time by clicking the cookie settings icon in the bottom corner of our website or by adjusting your browser settings. However, disabling certain cookies may affect website functionality.

Contact Us

If you have any questions about this Privacy Policy, GDPR compliance, or wish to exercise your data protection rights, please contact us: