Contact us
Newxel Privacy Policy

Privacy Policy

Last updated: 30.09.2025

1. Introduction

Newxel LTD, a company registered under the laws of Cyprus under registration number HE 367977 with
its registered office at Charalampou Mouskou, 20, ABC Business Centre, 1st floor, Flat/Office 108, 8010,
Paphos, Cyprus and its affiliated companies (together referred to as “Newxel”, “we”, “us”, “our”) is
committed to transparency and the secure handling of your data in compliance with global regulations,
including the General Data Protection Regulation (GDPR).

Newxel LTD is the Controller for processing described in this Policy. Where a Newxel affiliate acts as a
controller or joint controller for a specific product, page, or engagement, it will be identified at the point
of collection.

This document describes the types of information Newxel collects and records, the purposes for which it
is processed and how it is protected.

2. Scope

This Policy applies to personal data processed in connection with our website(s), online services, social
media pages, and (as relevant) recruitment and professional/business outreach. Cookies and non-essential
trackers are addressed in a separate Cookies Policy.

3. Website and Online Services — Personal Data and Purposes

We store the data of users of our Site for the purpose of analysis and statistics. This data includes
information about your activities on the Site, such as pages viewed, time spent on the page, date and time
of visit, resources used and other analytical information. Where analytics data is not irreversibly
anonymised, we treat it as personal data and process it under GDPR with a valid legal basis and retention
limits.

We do not rely solely on consent for all identifiable information collected via the Site. Depending on
context, we may rely on legitimate interests (e.g., responding to enquiries, operating a secure Site) or
performance of a contract/steps at your request; consent is used where required (e.g., non-essential
cookies/marketing — see the Cookies Policy).

We process and transfer personal data only where permitted by law and subject to appropriate safeguards.

We may use the information collected to:
● Provision, support and improvement of the Site and Services.
● Personalize your experience and match your individual needs.
● Respond to your customer service inquiries.
● Sending you notifications, updates and other communications related to your use of the Site and
Services.
● Improving our marketing and advertising activities.
● Analysis of the use of the Site and Services, improvement of the content and functionality of the
Site and Services.
● Detection and prevention of fraudulent transactions and other illegal activities.
● Creating statistical data and conducting research based on information collected from users and
visitors.

You may object to marketing emails at any time; each email includes an unsubscribe option or a link to
manage preferences.

We retain personal data only as long as necessary to fulfil the purposes described, taking into account
business needs, legal/regulatory obligations, the maintenance of contractual/customer relationships, and
the time needed to resolve disputes, establish legal defences and conduct audits. After this period, we
delete or irreversibly anonymise data unless retention is required by law or otherwise duly justified.

4. Recruitment and Business Outreach

In addition to data collected via the Site, Newxel may also process personal data of candidates and
professional contacts for recruitment and business outreach purposes.

Categories of personal data of candidates:

● Name and surname.
● Contact details (email, phone number).
● Current position, employer, skills, professional background.
● Information made publicly available on professional sources (e.g., professional profiles, portfolio
sites, official company websites, public directories).
● CVs, cover letters and other documents voluntarily provided.
● Communication history with us.

Business prospect data (for outreach to potential clients):

● Name
● Job title
● Employer
● Business contact details
● Communication metadata (e.g., delivery status or response) relating to our messages.

We do not intentionally collect special-category data for recruitment or business development. If you
provide special-category data (e.g., in a CV), we will not use it unless a lawful basis applies (such as your
explicit consent) or we are legally required to do so.

Sources of personal data:

● Directly from you (e.g., when you apply for a vacancy, send us your CV, communicate with us)
● From publicly available professional sources (e.g., professional profiles, portfolio sites, official
company websites, public directories)
● Third-party professional information services used to support recruitment and professional
outreach
● From referrals provided by clients or partners.
Where we obtain data from sources other than you, we provide the privacy information required by law at
first contact, and, in any case, before any disclosure of your data to a client. We also offer a simple way to
opt out.

Purposes of processing:

● Identifying and contacting potential candidates for vacancies.
● Assessing candidates and presenting profiles to clients on an appropriate legal basis (including
your consent where required).
● Establishing and maintaining professional relationships with business partners or clients. This
includes outreach to potential clients for business development and B2B marketing.
● Documenting and managing recruitment and outreach processes.

Legal basis:

● Legitimate interest (Art. 6(1)(f) GDPR).
● Consent (Art. 6(1)(a) GDPR).
● Legal obligation (Art. 6(1)(c) GDPR).
Where we rely on legitimate interests, we balance our interests against your rights and freedoms,
minimise data, and provide an easy opt-out.

Retention period:

● Candidate data:

➢ If cooperation is accepted (candidate engaged as a Contractor): upon the start of
the engagement, further processing (including retention) is governed by Section 5. Contractors and Subcontractors.
➢ If an offer/opportunity is declined and no deletion is requested: we retain
personal data no longer than necessary, typically up to 24 months after the
decision/last interaction, to consider future opportunities and maintain process
records.
➢ If there is no response to outreach: we retain personal data for a maximum of
12 months from our last message, after which we delete or anonymise the data.

● Business contact data (customers/partners): retained for the duration of the professional
relationship or until you object. For prospects (no existing relationship), we typically retain up to
24 months from the last interaction unless you object earlier. Retention and outreach practices
may vary depending on applicable national e-privacy rules.

Opt-out:

If we contact you by email regarding recruitment or business opportunities, each message will include a
clear way to opt out.

Use of automated tools (including AI)

We use automated tools, including AI-assisted search, to discover publicly available professional
information about potential candidates (e.g., name, role, skills, professional profiles and portfolio links)
from sources such as professional networks and public websites. We process this data to assess role fit
and contact you about relevant opportunities under our legitimate interests. We do not use solely
automated decisions that produce legal or similarly significant effects. You can object to this processing
or opt out of outreach at any time (see “GDPR and Your Rights”). We do not intentionally collect special-
category data; where such information appears in public sources, we do not use it for recruitment
decisions and will remove it.

5. Contractors and Subcontractors

In addition to candidates and business contacts, Newxel processes personal data of contractors,
subcontractors engaged by Newxel to deliver services to Newxel or to our clients (“Contractors”).

Categories of personal data

 Identification and contact: name, professional email/phone, professional profile links;
residential/mailing address;
● Government ID / right-to-work: passport or national ID details/copies (where required),
visa/permit status, right-to-work evidence, document expiry dates.
● Professional information: role, skills/tech stack, CV/portfolio, certifications.
 Contract and financial: bank/IBAN or other payment identifiers, invoicing details, tax numbers
(where required by law).

We do not process special-category data unless permitted by law and supported by an appropriate
legal basis (e.g., explicit consent or legal requirement).

Sources of personal data

We obtain Contractor personal data directly from you during onboarding, contracting, and in the course
of our cooperation. We do not collect Contractor data from third-party sources.

Purposes of processing

1. Cooperation under the service agreement

Legal bases: performance of a contract (GDPR Art. 6(1)(b)); legal obligations such as
tax/accounting where applicable (Art. 6(1)(c)); and legitimate interests for operational administration
(Art. 6(1)(f)).;

2. Transfer of information to the Controller’s clients for the benefit of which Contractors provide
services. Clients act as separate controllers or joint controllers, as applicable; roles are set out in
contractual arrangements.

Legal bases: performance of a contract (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

3. Talent opportunities: We may retain your contact details and role/skills information to inform you
about future vacancies that may match your profile.

Legal bases: our legitimate interests in maintaining a professional network and offering relevant
opportunities (Art. 6(1)(f)). You may object at any time by emailing [email protected] or using
any unsubscribe instructions we provide; this will not affect your agreement with us.

Retention

We retain Contractor personal data only for as long as necessary for the purposes set out in this Section,
taking into account applicable statutory retention duties and the need to establish, exercise, or defend
legal claims. Where law sets a specific period (e.g., for tax/accounting records), we retain data for that
period; otherwise we apply proportionate retention based on operational necessity and then delete or
irreversibly anonymise it. We may keep a minimal suppression record (contact and opt-out status) to
honour future objections.

6. Who Can Have Access to Your Personal Data

We may share the collected information with third parties under the following circumstances:

● To service providers, contractors or other third parties who provide services to us or on our
behalf. These providers process personal data on our instructions under data processing
agreements and must implement appropriate security measures.
● To clients (for candidate presentation and for providing services to clients) on an appropriate
legal basis (e.g., consent where required, or contract/legitimate interests where applicable).
● To comply with legal obligations, such as responding to a subpoena or court order.
● To protect our rights, property, or safety, and the rights, property, or safety of others.

7. Data Transfer Across Borders

Your personal data may be transferred outside the EEA/UK. We use legally recognised transfer
mechanisms and apply technical and organisational measures appropriate to the risk.

8. GDPR and Your Rights

Under GDPR, you have the following rights regarding your personal data:

● The right to access your personal data processed by the company.
● The right to request the correction or deletion of your personal data where the data is no longer
necessary, you withdraw consent, you successfully object to our processing, or deletion is
required by applicable law.
● The right to object to the processing of your personal data for direct marketing purposes and
recruitment outreach.
● The right to request the restriction of the processing of your personal data in certain
circumstances.
● The right to receive your personal data in a structured, commonly used and machine-readable
format and to transfer this data to another controller (data portability).
● The right to withdraw your consent at any time (where processing is based on consent).
● The right to file a complaint with the relevant supervisory authority if you believe that your rights
on data protection have been violated.

Where we rely on legitimate interests, you may object at any time on grounds relating to your particular
situation.

To exercise your rights, please contact us at [email protected].

We respond within one month (extendable by two months for complex or numerous requests) and may
need to verify your identity. You may object to direct marketing—including related profiling—at any
time, and you can withdraw consent without affecting prior processing.

9. Information Security

We take appropriate technical and organizational measures to help protect information about you from
loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. While no transmission
over the Internet is completely secure or error-free, we regularly review and update our measures to
ensure a level of security appropriate to the risks.

10. Use by Children

We do not knowingly collect personal data from anyone under 16 (or a lower age where permitted by
local law, but never below 13). If you are under this age, please do not provide personal data. If we learn
that a child’s personal data has been provided to us, we will delete it.

11. Changes to the Privacy Policy

This Privacy Policy may be updated from time to time, in particular due to changes in our services or
legal requirements. We encourage you to periodically review this policy for updated information about
our privacy practices.

Contact [email protected]