PRIVACY POLICY – MIXCONIX.COM
Last Updated: August 14, 2025
This Privacy Policy explains how Mixconix SRL (“Mixconix”, “we”, “us”, “our”) processes personal data in connection with our websites, services, and interactions with customers, partners, candidates, and website visitors. It consolidates and adapts the structure and content of two detailed policy models provided by the customer, and is designed to meet the transparency requirements under Regulation (EU) 2016/679 (the “GDPR”) and applicable local laws.
1. Controller and Contact Details
mixconix.com SRL
CUI: RO 31654250
Registered office: Str. Brândușelor 74, Green Centre, Brașov, Romania
Privacy contact (preferred): office@mixconix.com
If appointed, the Data Protection Officer (DPO) can be contacted at the privacy address above. If no DPO is appointed, privacy matters are handled by Mixconix’s designated privacy lead.
2. Overview of Data Protection
This section provides a high-level overview of what happens to your personal data when you visit our website. Personal data means any information relating to an identified or identifiable natural person.
How we obtain data:
Purposes of processing (overview):
Your key rights (overview):
3. Purposes and Legal Bases of Processing
We process personal data for the following purposes and on the following legal bases (GDPR):
A1. Website security and integrity: Legitimate interests (Art. 6(1)(f)) in ensuring the resilience of our systems against incidents and unlawful acts, preserving availability, authenticity, integrity, and confidentiality.
A2. Pre-contractual and contractual steps: Contract (Art. 6(1)(b)) to respond to requests for quotes/information, enter into and perform contracts, conduct internal checks, and facilitate communication with customers; legal obligations may also apply (Art. 6(1)(c)).
A3. Newsletters: Consent (Art. 6(1)(a)) to send newsletters about our activities and sector news.
A4. Marketing and promotional offers; surveys: Consent (Art. 6(1)(a)) for marketing communications and market research.
A5. Disclosure to third parties for commercial purposes: Consent (Art. 6(1)(a)), where applicable.
A6. Compliance with legal obligations: Legal obligation (Art. 6(1)(c)) such as accounting, tax, anti-money laundering.
A7. Exercise or defense of legal claims: Legitimate interests (Art. 6(1)(f)) in establishing, exercising, or defending legal claims.
4. Categories and Sources of Personal Data
We may process the following categories of personal data:
Sources of data may include: the data subject, our websites and services (automatic collection), partners and processors acting on our instructions, and publicly available sources where permitted by law.
5. Hosting and Content Delivery Networks (CDN)
Our websites may be hosted by external providers. Personal data (e.g., IP addresses, contact requests, metadata, contract and contact information, page access data) may be processed on the host’s servers under a Data Processing Agreement (DPA).
For fast and secure delivery, we may use Content Delivery Networks (CDNs) such as Amazon CloudFront. A CDN routes information between your browser and our website via its distributed network and helps filter malicious traffic. CDNs may use cookies or similar technologies strictly for the purposes described in this Policy.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR) in ensuring secure, fast, and reliable service provision; and/or contract performance (Art. 6(1)(b)). International transfers, where applicable, are safeguarded by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
6. Cookies and Consent Management
We use cookies and similar tracking technologies for essential functionality, analytics, and marketing. A Consent Management Platform (CMP) may be used to obtain, store, and manage user consent for non-essential cookies. Cookies that are not strictly necessary are only set with your consent.
You can manage preferences in the cookie banner and in your browser. If cookies are disabled, some website features may not function properly. Details are provided in our Cookie Policy.
7. Server Logs and Contact Channels
Server logs: our systems automatically collect and store the following data in server log files:
Legal basis: legitimate interests (Art. 6(1)(f)) in technical operation, security, and optimization of the website.
Contact forms and email/phone requests: we process the data you provide to handle your inquiry. Legal basis: contract or pre-contractual steps (Art. 6(1)(b)); legitimate interests in effectively handling requests (Art. 6(1)(f)); or consent (Art. 6(1)(a)) where applicable.
8. Third-Party Tools and Integrations
We may use the following categories of tools and services:
Google Tag Manager
A tag management system to deploy analytics and marketing tags. GTM does not itself create user profiles or store cookies but may collect IP addresses to enable tag delivery. Legal basis: legitimate interests (Art. 6(1)(f)); consent (Art. 6(1)(a)) where required.
Google Analytics
Used to analyze website usage (e.g., pages accessed, session duration, device/OS, approximate geolocation). Technologies such as cookies or device identifiers may be used. We implement IP anonymization wherever feasible. Legal basis: legitimate interests (Art. 6(1)(f)) to optimize services and marketing; or consent (Art. 6(1)(a)) where required. International transfers rely on SCCs, as applicable.
Google Ads (incl. Conversion Tracking) and Remarketing
Used for interest-based advertising and measuring campaign effectiveness. Legal basis: legitimate interests (Art. 6(1)(f)) and/or consent (Art. 6(1)(a)) where required.
Meta (Facebook) Pixel
Helps measure conversions and build audiences for advertising on Meta platforms. Joint controller arrangements may apply for collection and transmission; subsequent processing by Meta is subject to Meta’s policies. Legal basis: legitimate interests (Art. 6(1)(f)) and/or consent (Art. 6(1)(a)).
LinkedIn Insight Tag
Provides conversion measurement, audience insights, and retargeting for LinkedIn ads. Legal basis: legitimate interests (Art. 6(1)(f)) and/or consent (Art. 6(1)(a)).
YouTube (Privacy-Enhanced Mode)
Embedded videos may set cookies or similar technologies when played. We use privacy-enhanced mode where available. Legal basis: legitimate interests (Art. 6(1)(f)) in presenting content attractively; and/or consent (Art. 6(1)(a)).
CRM (e.g., HubSpot)
Used to manage customer relationships, interactions, and marketing workflows. Legal basis: contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f)); consent (Art. 6(1)(a)) for marketing where required.
Online Forms (e.g., Typeform)
Data entered in online forms is stored by the form provider and shared with us to process your request. Legal basis: contract/pre-contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), or consent (Art. 6(1)(a)).
Workflow Automation (e.g., Zapier)
Used to connect and synchronize tools. Depending on configuration, personal data may be processed to automate tasks. Legal basis: legitimate interests (Art. 6(1)(f)) and/or consent (Art. 6(1)(a)).
9. Registration on the Website
If registration is available, data you provide will be used to enable and administer your account and to notify you of important changes. Legal basis: consent (Art. 6(1)(a)) and/or contract (Art. 6(1)(b)). Data are stored while the account is active and thereafter as required by law.
10. Newsletter and Direct Marketing
To subscribe to our newsletter, we collect your email address and confirmation that you are the owner of the address provided. Processing is based on your consent (Art. 6(1)(a)). You may withdraw consent at any time via the ‘Unsubscribe’ link.
We may also use postal addresses for compliant postal advertising based on legitimate interests (Art. 6(1)(f)). You can object at any time, and we will cease processing unless we have overriding legitimate grounds or legal obligations.
11. Online Audio and Video Conferences
We use conference tools (e.g., Microsoft Teams, GoToMeeting/GoToWebinar) for online meetings and webinars. These providers process metadata (e.g., IP address, device info, time of access) and content exchanged (e.g., recordings, chat). Legal basis: contract (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)); consent (Art. 6(1)(a)) for recordings where required.
12. Job Applications
If you apply for a job, we process your application data (contact and communications data, application documents, interview notes) for recruitment decisions. Legal basis: Art. 6(1)(b) (contract) and applicable local employment law; consent (Art. 6(1)(a)) if you agree to be included in a talent pool. Retention: generally up to 6 months after closure unless longer storage is required for legal claims; longer with your consent.
13. Social Media Presence
We maintain pages on platforms such as Facebook, LinkedIn, Instagram, and YouTube. When you visit these pages, the platform may process your personal data under its own privacy policy. Depending on the platform, joint controller arrangements may apply for certain processing activities (e.g., insights).
14. Recipients of Personal Data
Access to personal data is limited to personnel and contractors who require it for their role, and to processors providing services to us (e.g., hosting, analytics, marketing, CRM, communications). All processors are bound by contractual obligations under Art. 28 GDPR.
15. International Data Transfers
Where data is transferred outside the EEA, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses, supplemented by risk assessments and additional measures where required.
16. Retention Periods
We apply the principle of storage limitation (Art. 5(1)(e) GDPR). Illustrative periods:
17. Security Measures
We employ technical and organizational measures appropriate to the risk, including encryption in transit, network segmentation, access controls, multi-factor authentication for privileged accounts, vulnerability management, logging and monitoring, regular backups, and vendor due diligence.
18. Your Rights
19. How to Exercise Your Rights
Submit requests to office@mixconix.com We will respond without undue delay and within one month, extendable by two months for complex or numerous requests. We will verify your identity where necessary.
20. Information on Transfers to Non-EEA Countries
Some providers may be located in countries without an adequacy decision. In these cases, we rely on SCCs and implement additional measures. However, such jurisdictions may have laws permitting authorities to access personal data. We assess and mitigate these risks where possible.
21. Changes to this Policy
We may update this Policy from time to time to reflect legal, technical, or business developments. The current version will be available on our website and will indicate the date of the latest update.
Appendix A – Processors and Tools (Illustrative)
Provider / Tool
Purpose
Data Categories
Legal Basis / Safeguards
Hosting Provider / CDN (e.g., AWS CloudFront)
Hosting, content delivery, security
IP, usage/technical data
Art. 6(1)(f); SCCs where applicable
Consent Management Platform (e.g., OneTrust CookiePro)
Cookie consent collection and storage
Consent preferences, IP, device info
Art. 6(1)(c) & (f); consent records
Google Tag Manager
Tag deployment
IP (limited), tag metadata
Art. 6(1)(f); consent where required
Google Analytics
Web analytics
Usage/technical data, pseudonymous IDs
Art. 6(1)(f) or 6(1)(a); SCCs
Google Ads / Conversion / Remarketing
Advertising and measurement
Pseudonymous IDs, usage data
Art. 6(1)(f) or 6(1)(a); SCCs
Meta (Facebook) Pixel
Advertising audiences and measurement
Pseudonymous IDs, usage data
Art. 6(1)(f) or 6(1)(a); joint controller collection
LinkedIn Insight Tag
Advertising audiences and measurement
Pseudonymous IDs, usage data
Art. 6(1)(f) or 6(1)(a); SCCs
YouTube
Embedded videos
Usage/technical data, cookies when played
Art. 6(1)(f) or 6(1)(a)
CRM (e.g., HubSpot)
Lead and customer management, marketing
Identification, contact, interactions
Art. 6(1)(b), 6(1)(f), 6(1)(a)
Forms (e.g., Typeform)
Collect form submissions
Identification, contact, content of forms
Art. 6(1)(b), 6(1)(f), 6(1)(a)
Workflow Automation (e.g., Zapier)
Integrations and data flows
Varies per workflow
Art. 6(1)(f), 6(1)(a)
Conferencing (e.g., Microsoft Teams, GoTo)
Online meetings/webinars
Contact, metadata, content
Art. 6(1)(b), 6(1)(f); 6(1)(a) for recordings
Note: Replace illustrative providers with your actual vendors. Ensure a DPA (Art. 28 GDPR) is in place with each processor.
Appendix B – Retention Schedule (Illustrative)
Data Category
Retention Period
Rationale
Contracts and invoicing
10 years
Statutory accounting/tax retention
Customer support tickets
3 years from closure
Limitation periods for claims
Marketing / newsletter
Until withdrawal or 2 years inactivity
Consent and best practice
Server logs
Up to 12 months
Security and troubleshooting
Recruitment
6 months after closure; longer with consent
Defence against claims; talent pool consent
Appendix C – Data Subject Request (DSR) Workflow
Appendix D – Security Controls (Summary)