Privacy Policy

• PROTECTION OF PERSONAL DATA

  XO WAX d.o.o. Registered office: Ulica Juša Kramarja 21, Črenšovci, Slovenia, Registration: VAT ID: SI92407919, Company registration number: 8074399000 (hereinafter referred to as “XO WAX” or “we”), operator of the online store www.waxinglove.si, declares that all personal data (hereinafter referred to as “data”) is considered strictly confidential and is handled in accordance with the applicable legal provisions in the field of personal data protection.

  The protection of your personal data is of paramount importance to us, which is why we pay all necessary attention to personal data and its protection. In these principles of personal data processing (hereinafter referred to as “principles”), you will find information about what personal data we collect about you, on what legal basis we process it, for what purpose we use it, how long we store it, and to whom we may disclose it. The principles also inform you about your rights regarding the processing of your personal data.

  What personal data do we process?

  If you use the services of our online store or premises (i.e., stores and pick-up points), we process various types of data about you.

  1.1. If you make a purchase

  The most common data you provide us with is data obtained through the order form for goods or other services on our websites. This is mainly data that is necessary for the conclusion and execution of a purchase contract.

  The data required to fulfill your order can be divided into:

  identification data, first and last name, and in the case of a purchase by a company, also the company’s registration number and tax number;

  contact details, e-mail address, postal address, billing address, telephone number, bank account, payment details.

  data generated on the basis of the concluded contract, purchased products, scope of services provided, and customer segment.

  1.2. If you are registered

  If you want to enjoy all the benefits of a user account, you must first register on our website. Your user account is protected by a password that you have chosen yourself and to which we do not have access, so if you lose it, we cannot send you a new one or create one for you.

  Within your account, you have unlimited access to your personal data and can edit it if necessary. In your account, you can view the history of your completed orders, purchased products, and unfinished orders. In your user account, you can also save your payment card details, manage the delivery of news, and create a list of your favorite products, where you can save your favorite products.

  1.3. If you receive marketing messages from us

  You may receive marketing messages from us about products similar to those you have already purchased from us. You can always unsubscribe from receiving these messages via the unsubscribe link at the bottom of each email containing these messages. If you have a user account, you can also unsubscribe from receiving these messages in your account. Unsubscribing from receiving business messages is free of charge.

  If you are a registered customer, you may also receive marketing messages via text messages or push notifications. You can also receive push notifications containing marketing messages on social networks. Such processing complies with the principles of personal data processing of the specific social network. You can opt out of receiving messages through such channels at any time.

  If you receive such messages, we process the following data:

  identification data, specifically your name;

  contact details through which we can communicate with you, specifically your email address and telephone number;

  demographic data that we determine/identify based on your settings and online behavior; gender and preferred language.

  1.4. If you visit our websites or contribute to their content

  If you visit our websites, we store various information about you during your visit, such as your IP address, browser settings and preferred language, websites visited, including the time of your visit. We also observe your visits to the websites and which links you click on so that we can optimise the content displayed and offer you the articles and content you want.

  When you visit our websites using the web browser and device of your choice, we store and subsequently read cookie files, which are described in a separate section of these principles.

  In addition to cookies, we also process data about your online behavior, your IP address, data provided to us by your browser, specific resolution, your device’s operating system, including its version and language settings.

  We may also connect you to social networks, including automatic login to your account on a specific social network. For such connections, we use social media plugins on our websites, such as blogs, i.e., share buttons that allow you to share content on your profile. When you connect, personalized offers and targeted ads related to our websites may appear on social networks or other websites.

  Because we want you to be part of the world of beauty, we allow you to be active on our websites and contribute content, such as reviews of purchased items and their contribution, or comments on our blog posts. You do not need to have a user account to create such content, but your first and last name may be displayed if you enter them in the form. You are responsible for the content you enter and your activity on our websites, so please do not share personal information that you do not want to be publicly available.

  Our websites may contain links to other websites that we believe are practical and may contain useful information. Therefore, we would like to point out that the owners and operators of these sites may be other companies and organizations that process data in accordance with their own principles of personal data protection and security. Our company has no control over such processing and assumes no responsibility for the information, material, products, or services contained on or accessible through these websites.

  1.5. If you contact us by phone or social media

  If you contact our customer support by phone or email, we primarily process recordings of telephone conversations, as well as notes of email communications.

  If you contact us regarding your request via our websites or profile on selected social networks, such processing of your personal data is subject exclusively to the principles of personal data processing of the company that operates the specific social network.

  1.6. If you visit one of our stores

  Camera systems are installed in our stores and other premises to protect our legitimate interests in order to protect our and your property. If you visit our store, we will process camera recordings in which you may be recorded. The areas where cameras are installed are always appropriately marked with a warning sign.

1.7. If you set up an availability alert

If the product you are interested in is not available, we allow you to set up an availability alert for it. When the specific product is back in our warehouse, we will notify you by sending a message to the email address you provided, which we will process for this purpose.

1.8. If you rate on review portals

After receiving the goods, you may receive a request to rate them and your satisfaction via a selected review portal. All feedback is very important to us and we respect it, but it is up to you whether you decide to rate. In the event of such a review, we process and transfer the following data to the relevant partners:

contact details, the email address to which review notifications are sent;

data generated on the basis of the duration of the contract, i.e. the products purchased.

1.9. If you participate in a customer prize draw

We organize interesting prize draws for you via our websites or profiles on selected social networks, which you can participate in. The full text of the rules can be found here. The publication must be public, which means that we may publish selected information about the winner on our websites or profile on a specific social network. Any activity or communication with us via social networks and the processing of your personal data comply with the principles of personal data processing, for which the operator of the specific social network is responsible.

If you enter a prize contest, we process the following personal data:

identification data, such as your first and last name;

contact details, i.e., your social media profile or email address, which we need in case you win, as well as your postal address, postal code, billing address, and telephone number.

1.10. If you participate in user testing or other organized events

If you participate in user testing organized by us, we may process the following data:

identification data, such as your first and last name;

contact details, i.e., your email address and telephone number;

camera recordings, i.e., images of you.

We also organize various events for you, at which we may process the following data:

identification data, such as your first and last name, and, if necessary, your personal identification number and tax identification number;

contact details, i.e., your email address and telephone number.

We will inform you about the specific processing of personal data at each event.

For what purpose do we process personal data?

2.1. Purchase of goods and services

We most often process your personal data for the purpose of fulfilling a purchase contract so that we can successfully process your order, which was sent via our website, mobile application, or customer service line, and deliver the goods to you. Your email address and telephone number are used to send you an order confirmation, payment confirmation, electronic invoice, as well as to keep you informed about the status of your order and for any other individual communication relating to specific orders.

2.2. User account

If you are a registered user, we process your data for the purpose of managing your user account, within which we offer you a whole range of benefits.

2.3. Marketing offers

We send you commercial messages about products you have already purchased from us. You can always opt out of these commercial messages via the unsubscribe link at the bottom of each email containing such content. If you are a registered user, we also send you commercial messages via text messages or push notifications. You may also receive push notifications with commercial content on social networks. This processing complies with the principles of personal data processing of the specific social network. If you unsubscribe from receiving commercial messages, we will no longer use your electronic contact details for these purposes. Unsubscribing from receiving business messages is free of charge.

2.4. Customizing and designing content, ensuring better website performance

We want to tailor content to you and present you with goods that interest you, so we collect personal data to personalize the content and offers on our websites. The marketing offers you see may be selected based on other information we have collected about you from your contact and demographic data, popular items, and usage data in connection with our websites. We do not perform fully automated processing that would have any legal consequences for you.

We process data about your behavior/conduct on our websites, which allows us to obtain information that we can use to continuously improve our websites to make them as user-friendly as possible. We may also process your personal data to compile various statistics, such as tracking traffic or measuring the effectiveness of advertisements, as well as to test new features of our websites or mobile applications. Data about your online behavior/conduct is also important for preventing attacks on our websites.

You can create certain content on our websites. If you decide to write a review of the items you have purchased, we will process your personal data for the purpose of processing and displaying this review. If you log in to a discussion in our blog articles and write a comment, we will process your personal data for the purpose of processing and displaying this comment.

2.5. Customer support and communication

We are constantly striving to improve the services offered by our customer service so that we can respond to your requests as quickly as possible and fulfill them. Therefore, we need your personal data to successfully process your requests or resolve any issues with the sale. If you contact us by phone, we will record your phone call after giving you prior notice, which helps us provide even better service.

We also use the personal data we collect to communicate with you and to personalize our service. For example, we may contact you by phone, email, mobile app, or other means to remind you that you have items in your shopping cart or to help you complete your order. We will also notify you of the current status of your request, order, or complaint, or we will receive additional information from you for this purpose. We may also notify you that certain steps are necessary to keep your user account active.

2.6. Camera recordings

We install cameras in our stores and other premises to protect our legitimate interests and our and your property.

2.7. Product availability alert

If you set up a availability alert for an item that is out of stock, we will notify you as soon as the item is back in stock by sending a message to the email address you provided.

2.8. Determining satisfaction on review portals

In connection with your purchase, you may also receive a request for a review on a selected review portal. In this case, the purpose of the processing is to determine satisfaction.

2.9. Customer prize games

If you decide to participate in our prize game, we will process your personal data for the purposes of conducting the prize game and, in the event of a win, for public announcement and contact.

2.10. User testing and event organization

If you participate in our user testing program, we will process your personal data for the purposes of testing new or existing functionalities of our systems.

If you participate in an event organized by us, we will process your personal data for the purpose of planning, conducting, and evaluating the organized events.

2.11. Service improvement

We use your personal data to continuously improve our services and systems, including adding new features. We also process personal data for informed decisions using aggregate analysis and business intelligence, based on our legitimate interest arising from the freedom of economic initiative and based on the urgent need to improve the services we offer in order to remain competitive. To ensure adequate protection of your rights and interests, we use personal data that is anonymized to the greatest extent possible for these purposes.

2.12. Protection, security, and dispute resolution

We may also process your personal data to ensure the protection and security of our customers and systems, to enforce our rights and legal claims, to detect and prevent fraud, to resolve disputes, or to enforce our agreements. Furthermore, we may also process personal data for the purposes of any checks carried out by public authorities.

On what legal basis do we process personal data?

We process personal data to varying degrees and for various purposes, as detailed in Articles 1 and 2 above, either:

a) without your consent, on the basis of the performance of a contract, the fulfilment of a legal obligation or our legitimate interests;

b) with your consent

The types of processing that we may perform without your consent depend on the purpose of the processing in question and the role you play in relation to us – whether you are just a visitor to our website, a customer, or a registered user. Your personal data may also be processed if you are the recipient of goods or services you have ordered, if you communicate with us, or if you visit our store.

3.1. Execution of the purchase contract or MyNotino club contract

If you make a purchase or place an order with us, a draft purchase contract is created, which is concluded when we accept the draft by sending the ordered goods. In order to successfully execute this purchase agreement or other agreement related to goods or services, we need a large part of your personal data, which you provide via the order form. The specific data we process in this case is listed in Article 1, paragraphs 1 and 5.

If you register with us, we process your data so that we can manage your user account. The contract on which our processing is based is created when you open your user account. In the event of account cancellation in accordance with the terms and conditions, we will cease to process personal data for this purpose. The specific data we process in this case is listed in the second paragraph of Article 1.

3.2. Compliance with legal obligations

We also have to comply with certain obligations imposed on us by applicable law. If we process your personal data on the basis of the performance of these obligations, we do not need to obtain your consent for such processing. On this legal basis, we process your identification and contact details, as well as information about your orders. The specific data we process in this case are listed in the first paragraph of Article 1.

3.3. Consent

For the purpose of sending marketing messages via email, we may process your personal data on the basis of your consent. We process them on the basis of your consent if we do not process them on the basis of a legitimate interest or for the performance of the MyNotino club contract. You may revoke your consent at any time and unsubscribe from receiving commercial messages. The specific data we process in this case is listed in the third paragraph of Article 1.

We also require your consent when you wish to post a review of purchased goods, post a comment on a blog, set up availability alerts, or participate in user testing or other events. In these cases, too, you can of course revoke your consent at any time. The specific data we process in this case is listed in paragraphs 4, 7, and 10 of Article 1.

3.4. Legitimate interest

We also process your personal data on the basis of legitimate interest in order to improve and adapt the services we offer, to determine whether an order has been executed in accordance with your expectations, and to promote the products and services we offer more effectively. This mainly concerns the data specified in paragraphs 4 and 5 of Article 1.

On the basis of legitimate interest based on direct marketing, we may also send you marketing messages in connection with similar products that you have purchased from us. However, this is only on condition that you do not object to such processing. The specific data we process in this case is listed in the third paragraph of Article 1.

Our legitimate interest also includes the protection of legal claims, internal records, and the monitoring of the proper provision of our services. In this case, we process all categories of personal data listed in Article 1.

Our legitimate interest also includes sending a request for an evaluation of the purchase made via a selected evaluation portal or an evaluation of our customer prize games. The specific data we process in this case are listed in paragraphs 8 and 9 of Article 1.

The processing of your personal data on the basis of legitimate interest also takes place when you visit our stores, which are monitored by a camera system for the protection of property. You may object to such processing at any time. The specific data we process in this case is listed in the sixth paragraph of Article 1.

To whom do we transfer personal data?

In most cases, we process your personal data for our own purposes as the controller, which means that we determine the above-mentioned purposes for collecting your personal data, the means of processing, and their appropriate implementation.

We share your personal data with our partners when necessary for the performance of a purchase contract, for example to ensure payment or transport, on the basis of a legitimate interest, or if you have given your prior consent to the transfer.

We also pass on your personal data to our processors, who of course comply with the legal requirements for the protection of personal data. These processors process personal data in accordance with our instructions, and such processing does not affect your rights. With your consent, we may also transfer your personal data to social networks or marketing tool operators to display targeted advertising on other websites.

• 4.1. Categories of users

We may share your personal data with the following entities:

• • companies and processors of the waxinglove.si group in the context of fulfilling the purchase contract for the implementation of internal processes and procedures;
  • payment service providersfor the purpose of processing payments based on your order, i.e. the performance of the purchase agreement;
  • carriers for the purpose of delivering your ordered products or services and resolving complaints, including withdrawal from the purchase agreement;
  • suppliers of goods or service centers in connection with complaints about your ordered goods or services;
  • partners who provide marketing communications,who are subject to confidentiality requirements and may not use your personal data for any other purpose;
  • marketing tool operators who help us tailor offers and content to the user;
  • social networks if you communicate with us or share content with us through interfaces;
  • providers of tools for user communication with you or an external call center;
  • partners who conduct customer satisfaction surveys;
  • technology suppliers and cloud service providers;
  • legal or financial representatives, courts for the processing of tax documentation, debt collection, or other reasons arising from the performance of our legal obligations;
  • public authoritiesin the event of exercising our rights (e.g., the police).

If third parties use your personal data within the scope of their legitimate interests, we are not responsible for such processing. Any such processing is governed exclusively by the personal data processing principles of the companies or persons concerned.

• 4.2. Transfer of data from the EU

When transferring your personal data to our processors, in some cases we may also transfer personal data to third countries that are not part of the European Union and do not provide an adequate level of protection for personal data. However, we will only carry out such a transfer if our processor undertakes to comply with the standard contractual clauses issued by the European Commission, which are available here.

1. How long do we process personal data and how is it secured?

• 5.1. Duration of processing

We primarily process your personal data for the duration of our contractual relationship, i.e., the purchase contract. We are obliged to process this personal data, which is necessary for the performance of all our obligations, regardless of whether these obligations arise from the contract concluded between us or from generally binding legal regulations, for as long as required by the relevant legal regulations. For example, in the case of issued invoices, we as the controller are obliged to store your information for at least 10 years from the date of issue.

We primarily process personal data for the duration of the contractual relationship, i.e., the purchase contract. In addition, we process personal data for as long as necessary to fulfill all our obligations arising from the concluded contract or generally binding legal regulations. For example, as the controller, we are required to store your information for at least 10 years for our issued invoices.

In order to meet your requirements and provide quality services to users, we process your personal data from the conclusion of our contractual relationship, including one year after the end of the warranty period for the purchased goods, for the purpose of resolving any disputes.

If you communicate with us through our customer service, we store personal data from the communication for two years, including recordings of monitored calls.

If you give your consent to receive marketing communications, this consent is valid for four years or until revoked. Your consent to be notified of the availability of goods you are tracking is valid until we send you availability information, but no longer than one year or until revoked. Consent given by submitting your review is valid for six years or until revoked. If you create content as part of our blog posts, your consent, which is given by posting your comment on such a post, is valid for two years or until revoked. If you decide to participate in user testing or another event we organize and give us your consent, we will process your personal data for one year or until revoked, including any audiovisual recordings.

If you participate in our prize game, we process your personal data for one year. If you visit our store or other premises and their surroundings at our company, we process camera recordings for 90 days from the date of recording.

In other cases, the duration of the processing of your personal data is based on the purpose of the processing or is specified by binding legal regulations in the field of personal data protection. After the specified processing periods have expired, your personal data will be automatically deleted.

• 5.2. Security

The personal data we have collected and are processing about you is transmitted to us in encrypted form using the SSL (secure socket layer) encryption system. This system ensures that your personal data is secure when your browser communicates with our server. We protect our websites and other systems we work with using appropriate technical and organizational measures against the loss and destruction of your personal data, against unauthorized access to your personal data, and against other changes and dissemination.

We regularly improve this security and also require our processors to provide evidence of the compliance of their systems with the GDPR.

If you register, access to your user account is only possible by entering the selected password. We do not have access to your password, as we store it in an encrypted form that even we cannot decrypt.

It is essential that you do not disclose your login details to third parties. Once you have finished using your user account, we recommend that you log out, especially if you share the device you are using with other users. We are not responsible for any misuse of your password, unless we are directly responsible for the situation.

1. How do we use cookies?

We use cookies to ensure the proper functioning of our websites and to make our offer useful, interesting, and enjoyable for you. The use of cookies requires the support of your web browser. Our websites also work without cookies, but to a very limited extent without the possibility of using some basic functions.

Cookies are a standard tool for storing information related to the use of websites.

Cookies are small text files that are automatically created when you visit a website and are stored on your computer, smartphone, or other device. Some cookies allow us to link your activities on our websites until you close your browser. When you close your browser window, these cookies are automatically deleted.

Other cookies remain in your browser or device for a certain period of time and are reactivated each time you visit our websites. In addition to cookies, we also use tracking pixels, which are small images invisible to the average user that work in a similar way to cookies. The length of time a cookie is stored in your browser or device depends on the cookie settings and your browser. We store the data obtained from cookies for a maximum of one year.

• 6.1. Which cookies do we use?

The cookies we use on our websites can be divided into two basic types:

• • Temporary, or “session cookies,” which are deleted immediately after you leave our website;
  • Persistent, or “persistent cookies,” which remain in your browser or device for a certain period of time or until you manually delete them.

Cookies can also be divided according to their functionality:

• • Essential cookiesare technical and functional cookies that are important for the basic functioning of the website. Without these cookies, you would not be able to add items to your shopping cart, place orders, or log in to your user account.
  • Analytical cookies help us improve the user experience of our websites by understanding how users use them. They also allow us to analyze the effectiveness of different sales channels.
  • Targeting cookies are used to tailor the content of advertisements and ensure that they are appropriately targeted.

In practice, we use the above cookies, for example, to:

• • ensure that the shopping cart works properly so that you can complete your order as easily and quickly as possible,
  • store your login details so that you do not have to re-enter them,
  • tailoring our websites to your requirements as much as possible by tracking your visits, your movement through the websites, and the functions you use,
  • obtaining information about the advertisements you view so that we do not show you advertisements for goods that do not interest you in the future.

Some cookies, including their content, may collect information that may subsequently be used by third parties who, for example, directly support our advertising activities (so-called “third-party cookies”); For example, information about products purchased on our websites may be displayed to an advertising agency as part of the display and customization of advertising banners on the websites displayed to you. These cookies are available to third parties in anonymized form, which means that you cannot be identified from this data.

• 6.2. How can you restrict cookies?

Cookie settings are part of your web browser, and most browsers automatically accept cookies in their default settings. You can completely reject cookies or restrict them to selected types of cookies via your browser. However, this will limit the functionality of our websites and you will not be able to use our features to their full extent, including logging into your user account.

You can also use your browser’s anonymous mode, which will not completely prevent the use of cookies, but will better anonymize them and will not store your browsing history.

Information about cookie settings can be found at the links below or in other browser documentation:

• Chrome
• Firefox
• Internet Explorer
• Android
• iPhone and iPad

An effective tool for managing cookies can also be found at https://www.youronlinechoices.com/sl/.

1. What are your rights and how can you exercise them?

Just as we have our rights and obligations when processing your personal data, you also have your rights that you can exercise. These rights include:

• 7.1. Right of access

You have the right to request free information about the processing of your personal data – what data we process about you, for what purpose and for how long, where we obtain your data and to whom we disclose it. As part of your right of access, you can also request that we send you a structured, machine-readable format of the processed data. After verifying your identity, we will be happy to create a copy for you. You can send your request to the email address of the data protection officer (hereinafter referred to as the “Data Protection Officer”) info@waxinlove.si.

• 7.2. Right to rectification

If you find that the personal data we process is incorrect or incomplete, you have the right to request its rectification. We will be happy to rectify or supplement your data without undue delay. Please send your request to the email address of the authorized person info@waxinlove.si.

• 7.3. Right to erasure

In certain cases, you may exercise your right to erase your personal data that we process. We will delete or anonymize your personal data without undue delay. However, this does not apply to data that we need to fulfill our legal obligations, if we are required to store it by law (e.g., to fulfill an order that has already been placed), or to protect our legitimate interests. Personal data will also be deleted if it is no longer needed for a specific purpose or if its storage is not permitted for other reasons specified by law. You can request the deletion of your personal data from an authorized person via the email address info@waxinlove.si.

• 7.4. Right to restriction of processing

In certain cases, you may also exercise your right to restrict the processing of your personal data. You may request that certain data no longer be subject to further processing for a limited period of time. You can request the restriction of the processing of personal data from the authorized person via the email address info@waxinlove.si.

• 7.5. Right to portability

You have the right to obtain from us all personal data that you have provided to us and that we process on the basis of your consent. We will provide you with your personal data in a structured and machine-readable format. We will be happy to prepare the data in this format if you send your request to the email address of the authorized person info@waxinlove.si.

• 7.6. Right to object to processing

You have the right to object to the processing of personal data that occurs on the basis of our legitimate interest. If the processing is for marketing purposes, we will stop processing your personal data without undue delay; in other cases, we will do so after reassessing our legitimate interests and your rights and reasons. You can submit your objection to processing via the email address of the authorized person info@waxinlove.si.

• 7.7. Right to lodge a complaint

Exercising the rights and procedures listed above does not limit your right to lodge a complaint with the competent supervisory authority. You may exercise this right in particular if you believe that we are processing your personal data unjustifiably or in violation of generally binding legal regulations. The authority responsible for resolving customer complaints is the Office for Personal Data Protection, located at Dunajska cesta 22, 1000 Ljubljana.

1. Contact us

If you have any questions, comments, or requests regarding these Principles of Processing Your Personal Data, you can contact the Authorized Person for Personal Data Protection at any time at info@waxinlove.si. Your request will be processed without undue delay, at the latest within 30 days. In exceptional cases, particularly in connection with the complexity of your request, we reserve the right to extend this period by a further two months. We will notify you of any such extension and the reasons for it.

You can also contact us at the address or customer service line listed at the bottom of these principles.

Contact: XO WAX d.o.o., Ulica Juša Kramarja 21, 9232 Črenšovci, Slovenia

User support: info@waxinlove.si.

1. Validity

These personal data protection principles are valid and effective from March 1, 2025.