Privacy Policy

Last updated: February 1, 2025.

This Privacy Policy has been created to help you better understand how we collect, use, protect, transfer, and otherwise process your Personal Data. Our Privacy Policy applies to our website (https://xonox.io), our mobile application, other services and features we provide, and your communication with us. It does not apply to websites or services that we do not control, nor does it apply to the online stores and websites of our users.

The pronouns "we," "our," and "us," as well as the name Xonox in this document, refer to the contracting party Xonox. The pronouns "you" and "your" refer to the contracting party, the User.

This Privacy Policy is incorporated into and forms an integral part of the Terms of Service of Xonox. Terms written with capital letters have the meanings assigned to them in the "Definitions" section or in the Terms of Service. We recommend that you read this Privacy Policy carefully and take the time to familiarize yourself with it.

1. Definitions

"Usage Information" – data collected during your use of our services and features.
"Browser Information" – information provided by the browser, including IP address, page URL, device information, and other data, including cookies.
"Device Information" – information may include the device's identification number, model, manufacturer, and operating system version.
"Security Information" – a collection of data required for account access, such as login credentials and passwords, as well as other similar information.
"Store Information" – information related to your online store, its products, and its materials.
"Account Information" – data related to how and when access is made to the Xonox account, as well as a set of performed actions.
"Contact Information" – personal or business information such as name, surname, company name, email address, mailing address, postal code, phone number, and social media profiles.
"Payment Information" – includes, for example, credit card information or other payment-related data.
"Transaction Information" – data related to transactions that occur on our platform, including information about products, orders, delivery, contact details, and payment information.

"Automated Decision-Making" – a decision-making process carried out by automated means without human involvement.
"Processing" – any operation or set of operations (including automated) performed on personal data. Processing includes, among other things, collection, organization, modification, recording, retrieval, storage, transfer, and use.
"Controller" – the entity that determines the purposes and means of processing personal data.
"Processor" – an organization that processes personal data on behalf of the Controller.
"Visitor" – an individual interacting with us or our website.
"Seller" – an individual or entity using (or having used) our platform's services. In the Terms of Service, this is referred to as the Online Store Owner.
"Buyer" – a legal or natural person interacting with a Seller's online store through the Xonox platform.
"Mobile Application" – our official mobile app.
"Sensitive Personal Data" – any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric data for the unique identification of a person, or data concerning health, sexual life, and/or sexual orientation.
"Cookies" – a small file stored on your computer, often containing an anonymous unique identifier, accessible only to the website that placed it, and not to other sites.

2. Sellers, Potential Sellers

2.1. Information Collection. When a Seller or potential Seller interacts with us or our website, such as creating an Online Store, registering, subscribing to newsletters, or making transactions, Xonox may collect and control information including: Account Information, Browser Information, Contact Information, Payment Information, Device Information, Security Information, Transaction Information, Usage Information, and may set cookies.
2.2. Use of Information. As the Controller, we use this information to provide Sellers with support, improve our services, verify identities, detect and prevent fraud, conduct advertising and marketing, process billing, resolve incidents related to the use of our services, enhance and personalize our services, comply with legal or contractual obligations, and in other cases with your consent. We may occasionally use Automated Decision-Making to facilitate or assist with these actions, such as detecting fraudulent account creation during registration for our services.
2.3. Information Sharing. Subject to confidentiality obligations where applicable, we may disclose certain information, including Account Information, Contact Information, Support Information, and Transaction Information. We may share information with third-party service providers to assist in the execution of our business operations and obligations for which they have contracted to assist us, or with third-party product providers when you enable features and functionalities that are outside of our control.

3. Visitors

3.1. Information Collection. When Visitors browse our website or interact with us in any way, we may collect and control: Browser Information, Contact Information, and Usage Information.
3.2. Use of Information. As the Controller, we use this information to provide our services, as well as to improve and personalize communications. We may use this information in other instances with your consent.
3.3. Information Sharing. Subject to applicable confidentiality obligations, we may disclose certain information, including Account Information, Contact Information, Support Information, and Transaction Information. We may share information with third-party service providers to assist in the execution of our business operations and obligations for which they have contracted to assist us, or with third-party product providers when you enable features and functionalities that are beyond our control.

4. Buyers

4.1. Information Collection. When Buyers interact with a Seller's Online Store through the Xonox platform, we may collect and process: Contact Information, Browser Information, Security Information, and Transaction Information.
4.2. Use of Information. As the Processor, we use this information to provide our services to Sellers, offer support, and manage risks and fraud. The Seller is the Controller of this information, and Buyers with any questions regarding our use of this information should contact the Seller. We may also use certain information as the Controller to improve and personalize our services, as well as manage risks and fraud.
4.3. Privacy Policy for Sellers. Sellers are required to:

  • Provide their Buyers with terms of use and a privacy policy outlining their privacy practices and how the Seller, Xonox, and applicable third parties collect and process Buyers' personal data. Published legal documents must comply with all applicable laws and regulations;
  • Process personal data in accordance with applicable laws and, where required by such laws, notify Buyers and obtain their informed consent for the use and access to their personal data by Xonox and other third parties. Ensure that Buyers have the ability to withdraw their consent to access and use their Confidential Personal Data at any time.

5. Legal Basis for Processing (EEA Residents)

5.1. Legal Basis. Generally, we process your personal data when (a) we need the personal data to fulfill our contract with you, (b) the processing is carried out in our legitimate interests and does not override your rights, or (c) we have your consent. In some cases, we may also have a legal obligation to process your personal data, or we may need the data to protect your vital interests or those of another person.
5.2. Notification. If we request that you provide personal data to comply with legal requirements or to fulfill our contract with you, we will clearly inform you at the relevant time and let you know whether the provision of your personal data is mandatory or not, as well as the possible consequences of failing to provide your personal data.
5.3. Legitimate Interest. If we process your personal data based on our legitimate interests (or those of a third party), we may rely on such interests. For example, we may rely on our legitimate interests when responding to your requests, improving and personalizing our platform, conducting marketing, or for detecting or preventing illegal activities (e.g., verifying your identity, preventing fraud).
5.4. Questions. If you have any questions or need further information regarding the legal basis for which we collect and use your personal data, please contact us using the contact details provided below.

6. Communications

6.1. Marketing Communications. We may send marketing messages to existing and potential Sellers and visitors via email, phone, and social media. You can opt out of receiving marketing communications from us at any time.
6.2. Transactional Communications. We send certain mandatory messages, such as notifications or account-related information. You cannot opt out of receiving these messages if you have an active account on our Platform.

7. Sharing of Information

Our Services rely on various Third-Party service providers and Third-Party product providers. Occasionally, we may need to share Personal Data with these Third-Party service providers to support our Services and deliver essential functionality. We may also provide access to, transfer, disclose, and/or store Personal Data with your consent, at your request, under contract, or in the circumstances described below.
7.1. Compliance. If we have a good faith belief that it is necessary to: (a) comply with applicable laws or respond to valid legal processes, including from law enforcement or other governmental agencies; or (b) protect the rights or property of Xonox, including enforcing the terms that govern the use of our services.
7.2. Protection. If we have a good faith belief that it is necessary to: (a) protect Sellers, Potential Customers, Buyers, Visitors, or others, such as preventing spam or attempts to deceive us or users of our services, or in response to security threats or harm to any individual; or (b) safeguard and maintain the security of our products, including preventing or halting attacks on our computer systems or networks.
7.3. Affiliates. We may transfer Personal Data within the Xonox corporate group for the purposes described in this Privacy Policy.
7.4. Third-Party Service Providers. We work with third-party service providers, including data processors, contractors, and other businesses, to assist us in delivering, supporting, and improving our Services and conducting our business as outlined in this Privacy Policy.
7.5. SDKs and APIs. We may integrate third-party libraries, such as Software Development Kits (SDKs) or Application Programming Interfaces (APIs), into our applications (including mobile apps) for purposes described in this Privacy Policy.
7.6. Payment Processing. We transfer payment data to banks and other organizations that process payment transactions and payment information or provide other financial services, as well as to prevent fraud and reduce credit risk.
7.7. Your Interaction with Third Parties. When interacting with our Services, you may link or engage Third-Party products, such as third-party websites, services, scripts, social media, apps, or other third-party features. Integrating Third-Party products may allow Third-Party providers to access or process your Personal Data or allow Xonox to access data, including Personal Data, from these Third-Party product providers. Xonox does not control or endorse these Third-Party products, and we are not responsible for the privacy or security of any information you provide to Third-Party product providers. When interacting with Third-Party product providers, their respective privacy policies and terms apply. We recommend reviewing the privacy policy of Third-Party providers before engaging with them.
7.8. Change of Control. We may transfer Personal Data to actual or potential acquirers, their representatives, and other relevant parties in the course of negotiations related to a corporate transaction, including: a sale, merger, acquisition, restructuring, bankruptcy, or similar proceedings.

8. Automated Decision-Making

Certain personal data may be used in Automated Decision-Making to help us assess accounts for risk, fraud, or abuse. In accordance with applicable law, we may provide you with information underlying the automated decision-making process and correct any inaccuracies.

9. Cookies

9.1. Use. Xonox and its third-party service providers use cookies and similar tracking technologies ("cookie files") to recognize you when you visit our website, remember your preferences, and provide you with a personalized experience. When you visit our websites, we or an authorized third party may place a cookie on your device that stores information, including personal data, about your online activities over time and across different websites. Cookies allow us to track usage, make inferences about browsing preferences, and improve and customize your browsing experience.
9.2. Active Time. We use both session and persistent cookies on our websites. Persistent cookies remain on your computer after you log out, while session cookies are deleted once you close your web browser. Your browser allows the website to access only the cookies it has set, not those set by other websites.
9.3. Types.

  • Necessary. These cookies are essential for the proper functioning of our website.
  • Functional. These cookies provide enhanced functionality. Some features may become unavailable without these cookies.
  • Analytical. These cookies provide statistical information on website usage. For example, they allow web analytics that help us improve our site.
  • Targeting. These cookies are used to create profiles or personalize content to improve your experience.

9.4. Management. You can access cookie settings through the cookie settings link at the bottom of the webpage. You can also disable cookies via your device or browser settings. Disabling cookies may affect your ability to use our website. For example, we may not recognize your computer or mobile device, and you may be required to log in each time you visit our website. The method for disabling cookies may vary depending on your device and browser, but it is generally available in the settings or security settings.
9.5. Additional Resources. To learn more about cookies, including how to view which cookies have been set, as well as how to manage and delete them, visit https://allaboutcookies.org or https://aboutcookies.org.

10. Protection and Storage of Information

10.1. Information Protection. We maintain administrative, technical, and physical security measures designed to reasonably protect personal data from unauthorized access, disclosure, alteration, loss, and misuse. These security measures include access control, encryption, and firewalls. Unfortunately, no method of internet transmission, data transfer, or electronic storage is completely secure, so we cannot guarantee absolute security of personal data.
10.2. Your Responsibilities. While we strive to ensure the security of our website and services, you are responsible for securing and maintaining the confidentiality of your passwords and account information. We are not responsible for the protection of personal data transferred to a third party through an authorized connection to your account.
10.3. Storing. We use and store your personal data as long as necessary and for the purpose for which it was provided, including any purposes described in this Privacy Policy (e.g., for services, products, or interactions you have requested or initiated; for communication with you; for billing, advertising, and marketing; for improving user experience such as troubleshooting, optimization, and personalization; and for compliance with legal, contractual, and regulatory obligations). We may also use and store information for other purposes to which you have consented, such as in response to price or hiring inquiries, or when there is a legitimate business interest.

11. Accountability and Safeguards for Data Transfer

11.1. Data Transfer. We provide services globally. To deliver our services, it may be necessary to transfer personal data outside the country or province where the data was originally collected/received. Such international data transfers may involve the flow of data from certain countries or regions to other countries or regions that have different and potentially less stringent privacy laws. To address this, Xonox strives to maintain appropriate internal and external data protection measures, including (a) relying on legally or contractually adequate mechanisms for the lawful transfer of data across borders in accordance with applicable laws; and (b) requiring third parties, including applicable processors and vendors, to provide at least the same level of data protection and usage restrictions as those maintained by Xonox and required by applicable laws.
11.2. Standard Contractual Clauses. For data transfers to third countries outside the EU/EEA, we also use the Standard Contractual Clauses adopted by the EU Commission in Commission Implementing Decision (EU) 2021/914 of June 4, 2021, as a transfer mechanism, and implement additional safeguards where necessary. We use these Standard Contractual Clauses with the amendments made by the UK's Addendum on international data transfers for data transfers outside the UK.
11.3. Measures to Remedy Breaches. If we become aware that personal data is not protected in accordance with our agreement or is processed outside the legal basis for processing, we will take reasonable measures to protect your information and/or halt its unlawful processing.

12. Data Subject Rights

12.1. Overview. In accordance with applicable law and depending on your jurisdiction, you may have certain rights regarding your personal data. At Xonox, we value your privacy and strive to take reasonable steps to allow you to access, correct, delete, transfer, and restrict or object to the use of your personal data. When data collection is based on your consent, we provide you with notice at the time of collection and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal, as permitted by applicable law. If permitted by applicable law, you may also have the right to lodge a complaint with a supervisory or regulatory authority if you believe that the processing of your personal data infringes upon your rights. Exercising certain rights, including requests for the deletion of personal data, may be restricted under certain circumstances and may negatively affect our ability to provide services to you.

Several jurisdictions have adopted privacy laws that codify certain rights. The purposes and requirements of these laws align with our longstanding commitment to data protection and transparency, including the general principles, disclosures, and data subject rights outlined in this Privacy Policy. Depending on the jurisdiction, these laws provide citizens with the following rights:

  • Access and review of information
  • Correction of inaccurate information
  • Deletion of information
  • Opting out of the sale of personal data
  • Opting out of cross-context behavioral or targeted advertising
  • Opting out of the use of personal data for profiling
  • Receiving notifications about data processing methods within the company
  • Limiting or objecting to certain types of processing
  • Non-discrimination when exercising privacy rights
  • The ability to contact Xonox’s privacy protection team
  • The right to appeal or file a complaint if the company refuses to delete, correct, or provide information

12.2. Sale of Data. Xonox does not sell personal data, as defined by law.
12.3. Profiling. Xonox does not engage in profiling, as defined by law.
12.4. Targeted Advertising. Xonox may use targeted advertising, as defined by law, as part of our marketing efforts. We target individuals who we believe may be interested in our products and services, including existing and potential Sellers and Visitors. In cases where required by law, we provide mechanisms for consent or opting out of these practices. Xonox does not process sensitive information for targeting individuals for advertising purposes.
12.5. Sellers and Visitors. Sellers may update and manage many types of personal data collected by Xonox directly within their accounts. Please contact us if you are a Visitor or otherwise cannot access or modify your personal data within your account.
12.6. Buyers. We act as a processor or service provider for our Sellers. Buyers should contact the Sellers directly regarding their personal data, as Sellers act as the Controllers, and Xonox cannot act on requests without the Seller's authorization. Upon proper identification, we can forward Buyers' requests to Sellers, but we cannot act on them.
12.7. How to Exercise Your Rights. To exercise your rights under this section or submit a request to delete your personal data, please contact us using any convenient and accessible method.
12.8. Authentication. To protect your personal data, we may need to verify your identity using a method appropriate to the type of request you are making. We may also require that your authorized agent have written consent from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal data. We reserve the right to decline requests to the extent permitted by applicable law.

13. Contact Information

Xonox is committed to addressing complaints regarding our collection or use of your personal data in accordance with applicable law. Individuals with inquiries or complaints regarding our Privacy Policy should first contact Xonox at:

privacy@xonox.io
or
Xonox
Box 4005
Burjassot 46100
Spain

Requests will be handled by the appropriate department within Xonox. We will respond to any inquiries or complaints without undue delay and in accordance with applicable law.

We strongly encourage you to contact us to resolve any issues you may have regarding our data processing practices; however, applicable law may allow you to file a complaint with your competent data protection authority (i.e., the authority in your place of residence, place of work, or the place of the alleged infringement).

14. Children

Our Services and website are not intended for children or individuals who are under the legal age of majority as defined by applicable law. We do not knowingly collect or use personal data of children. If you are a parent or guardian and believe that we have collected information about your child in a manner not permitted by law, please contact us at privacy@xonox.io. We will delete the data as required by applicable law.

15. Updates

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate steps to inform you, based on the significance of the changes made. If substantial changes are made to this Privacy Policy, we will notify you and obtain your consent if required by applicable data protection laws. You can check the "Last Updated" date at the top of this Privacy Policy to see when it was last updated.