Privacy Policy

Privacy Policy

1. General provisions

This Policy of Personal Data Processing (hereinafter the «Policy») is based on the Federal Law of Russia no. 152-FZ on Personal Data approved on 27 July 2006 (hereinafter the «Law on Personal Data») and describes how Personal Data are processed by Wax&Go LLC and Wax&Go KMS LLC (hereinafter the «Processor») and what measures are taken to protect these data.
1.1. Human rights and civil rights and liberties, including the right to personal and family privacy, are of utmost importance for the Processor and will be respected particularly in the field of Personal Data Processing.
1.2. This Policy applies to all data the Processor may obtain on visitors of

2. Main definitions

2.1. «Automated Personal Data Processing» means computer-assisted processing of Personal Data.
2.2. «Blocking of Personal Data» means temporary suspension of Personal Data Processing with the exception of cases when it is necessary to rectify such data.
2.3. «Website» means graphics and information along with software and databases needed to publish them online on
2.4. «Personal Data Information System» means databases with Personal Data along with software and hardware to process it .
2.5. «Depersonalization of Personal Data» means actions that make it impossible to attribute Personal Data to a specific User or another personal data subject (hereinafter the «Data Subject») without obtaining additional information.
2.6. «Processing of Personal Data» means any action or set of actions, whether computer-assisted or not, performed on Personal Data; this includes collection, recording, systematization, accumulation, storage, rectification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data.
2.7. «Processor» means a government or municipal authority, or a legal or natural person that organizes and/or performs Personal Data Processing independently or together with other entities and defines the goals of Personal Data Processing, the scope of Personal Data to be processed, and the actions performed on Personal Data.
2.8. «Personal Data» means any information, which directly or indirectly refers to a specific or identifiable User of
2.9. «Personal Data Permitted for Distribution by Data Subject» (hereinafter «Personal Data Permitted for Distribution») means Personal Data, the access to which was granted by the Data Subject to the general public under the Law on Personal Data.
2.10. «User» means any visitor of
2.11. «Provision of Personal Data» means any action aimed to disclose Personal Data to a person or a group of persons.
2.12. «Distribution of Personal Data» means any action aimed to disclose or transfer Personal Data to the general public or to inform the general public about such data; this includes publication in mass media and telecommunication networks and otherwise granting access to such data.
2.13. «Cross-border Transfer of Personal Data» means transfer of Personal Data from the national territory to a foreign government authority or to a foreign natural or legal person.
2.14. «Destruction of Personal Data» means any action that results in permanent erasure of Personal Data so that it is impossible to recover its content in a Personal Data Information System; this includes physical destruction of media with Personal Data.

3. Rights and obligations of the Processor

3.1. The Processor may:
— obtain reliable information and/or documents with Personal Data from Data Subjects; — continue to process Personal Data without the Data Subject’s consent in cases stipulated in the Law on Personal Data even when the Data Subject withdraws its consent to Personal Data Processing; — define the scope of measures that are necessary and sufficient to comply with the Law on Personal Data and with regulations approved under this Law unless the Law on Personal Data or other federal laws provide otherwise.
3.2. The Processor shall:
— on the request of Data Subjects, provide information on processing of their Personal Data; — make sure that Personal Data is processed in accordance with the current Russian laws; — respond to inquiries and requests of Data Subjects and their lawful representatives as stipulated in the Law on Personal Data; — provide information required by the authorities in charge of the protection of rights of data subjects within 30 days after the delivery of such requests; — publish this Policy and ensure free access to it; — take legal, organizational, and technical measures to protect Personal Data from unauthorized or accidental access, destruction, change, blocking, copying, provision, distribution, and other inappropriate actions; — to stop processing and transfer (distribution, provision, access) of Personal Data, and to destruct such data when it is required by the Law on Personal Data and in a way described in this Law; — perform other obligations under the Law on Personal Data.

4. Rights and obligations of Data Subjects

4.1. Data Subjects may:
— receive information on processing of their Personal Data unless federal laws provide otherwise. This information will be provided by the Processor in an accessible form and will not contain Personal Data of other Data Subjects unless there are legal grounds for such disclosure. The scope of information and the procedures to obtain this information are described in the Law on Personal Data; — request the Processor to rectify, block, or destruct their Personal Data if such data is incomplete, obsolete, inaccurate, unlawfully obtained, or not necessary for the declared goals of Personal Data Processing, and also take measures to protect their rights under the law; — set their conditions before granting consent to process Personal Data for the purposes of promotion and marketing of goods, works, and services; —withdraw their consent to Personal Data Processing; — appeal to the authorities in charge of the protection of rights of data subjects or to the court on inappropriate actions or inaction of the Processor in respect of processing of their Personal Data; — exercise other rights under the Russian laws.
4.2. Data Subjects shall:
— make sure that the Personal Data provided to the Processor are reliable; — notify the Processor when it is necessary to rectify (update, change) their Personal Data.
4.3. Provision of invalid data or data of other Data Subjects without their consent may have legal consequences under the Russian law.

5. The following Personal Data of Users may be processed:

5.1. Full name.
5.2. Email.
5.3. Phone numbers.
5.4. Web analytics services (Yandex.Metrica, Google Analytics etc.) used on the Website may collect and process anonymized data on visitors (this includes cookies).
5.5. The data mentioned above constitute Personal Data described in this Policy.
5.6. The Processor shall not process special categories of Personal Data (this includes race, origin, political, religious and philosophical beliefs, and private life).
5.7. Personal Data Permitted for Distribution, which belong to special categories described in Clause 1 Article 10 of the Law on Personal Data, may be processed in a way that complies with prohibitions and conditions stipulated in Article 10.1 of the Law on Personal Data.
5.8. To process Personal Data Permitted for Distribution, a separate consent is required in addition to the consent to Personal Data Processing as stipulated in Article 10.1 of the Law on Personal Data and in other regulations. The form of such separate consent shall be established by the authorities in charge of the protection of rights of data subjects.
5.8.1 An explicit User’s consent given to the Processor is required to process Personal Data Permitted for Distribution.
5.8.2 No later than three working days after receiving such consent, the Processor shall publish information on prohibitions and conditions of processing of Personal Data Permitted for Distribution.
5.8.3 Transfer (distribution, provision, access) of Personal Data Permitted for Distribution shall be terminated at any time on the Data Subject’s request. Such request shall include the Data Subject’s full name, contact details (phone number, email, or mailing address), and the list of Personal Data that are subject to such termination. The Personal Data contained in the request may be processed only by the Processor, to which the request was sent.
5.8.4 The consent to processing of Personal Data Permitted for Distribution expires at the moment when the request described in Clause 5.8.3 of this Policy is delivered to the Processor.

6. Principles of Personal Data Processing

6.1. Personal Data Processing shall be fair and lawful.
6.2. Personal Data Processing shall be limited to pre-defined specific and lawful goals; it is not allowed to process Personal Data when it is incompatible with the goals of the collection of such data.
6.3. It is not allowed to merge databases with Personal Data processed for incompatible goals.
6.4. Only those Personal Data shall be processed that are necessary to achieve the goals of such processing.
6.5. The scope and content of Personal Data to be processed shall comply with the declared goals of such processing. It is not allowed to process Personal Data that are unnecessary for the achievement of these declared goals.
6.6. When Personal Data is processed, it shall be accurate, sufficient and appropriately updated to achieve the goals of such processing. The Processor shall delete or rectify incomplete or inaccurate data.
6.7. Personal Data shall be stored in a form that allows identification of the Data Subject and shall not be stored longer than it is necessary for the goals of processing if other period is not stipulated by federal laws or an agreement to which the Data Subject is a party, a beneficiary, or a guarantor. When the goals of processing are achieved or when it is no longer necessary to achieve these goals, the processed Personal Data shall be destructed or depersonalized unless federal laws provide otherwise.

7. Goals of Personal Data Processing

7.1. Personal Data of Users will be processed in order to:
— notify Users by email; — execute, implement, and terminate civil agreements; — provide Users with services, information and/or materials on
7.2. The Processor may notify Users about new products and services, special offers, and events. Users can at any moment refuse to receive such notifications by sending an email with the subject line «Opt out of notifications about new products, services and special offers» to
7.3. Depersonalized data on Users’ actions on the Website collected by web analytics services are used to improve the quality of the Website and its content.

8. Legal grounds for Personal Data Processing

8.1. The Processor may have the following legal grounds for Personal Data Processing:
— agreements between the Processor and the Data Subject; — federal laws and other regulations in the field of personal data protection; — User’s consent to process their Personal Data and Personal Data Permitted for Distribution.
8.2. The Processor will process only Personal Data received through dedicated forms on or by email. When Users enter their Personal Data in these forms and/or send it to the Processor, they express their consent to this Policy.
8.3. The Processor will process User’s depersonalized data if User’s browser settings allow this (i.e. cookies and JavaScript are turned on).
8.4. Data Subjects make free and independent decisions in their own interest on whether to provide their Personal Data.

9. Conditions of Personal Data Processing

9.1. Personal Data is processed with the consent of Data Subjects.
9.2. Personal Data Processing is necessary for the Processor to perform functions, rights, and duties under the Russian law and international agreements of Russia.
9.3. Personal Data Processing is necessary to deliver justice, to comply with decisions of courts, government authorities, and public officials under the Russian law on executory proceedings.
9.4. Personal Data Processing is necessary to implement an agreement, to which the Data Subject is a beneficiary or a guarantor, or to execute an agreement on the initiative of Data Subject, or to execute an agreement, to which the Data Subject will be a beneficiary or a guarantor.
9.5. Personal Data Processing is necessary to exercise rights and lawful interests of the Processor and third parties or in the public interest on the condition that this will not violate the rights and liberties of the Data Subject.
9.6. Personal Data Processing can be performed if the Data Subject grants access to such data to the general public (hereinafter «Publicly Available Personal Data») or on the Data Subject’s request.
9.7. Personal Data Processing can be performed when federal laws require to publish or disclose such data.

10. Collection, storage, transfer, and other types of Personal Data Processing

The Processor will protect processed Personal Data by legal, organizational, and technical means to fully comply with legal requirements in the field of personal data protection.
10.1. The Processor will take all necessary measures to protect Personal Data and to prevent unauthorized access to it.
10.2. User’s Personal Data will under no circumstances be transferred to third parties unless this is required by the current law or unless the Data Subject permitted such transfer by the Processor to a third party in order to fulfill obligations under a civil agreement.
10.3. Users can update Personal Data by sending an email with the subject line «Update of personal data» to
10.4. Personal Data will be processed until the goals, for which it was collected, are achieved unless an agreement or the current law provide otherwise.
Users can at any moment withdraw their consent to Personal Data Processing by sending an email with the subject line «Withdrawal of consent to personal data processing» to
10.5. Data collected by third-party services (payment systems, telecommunication systems, service suppliers etc.) is stored and processed by such parties (processors) in accordance with their own user agreements and privacy policies, and Data Subjects and/or Users shall read these documents. The Processor bears no responsibility whatsoever for actions of third parties including actions of service suppliers mentioned in this clause.
10.6. Restrictions and conditions, which were set by Data Subjects in regard of transferring (except for access) and processing of Personal Data Permitted for Distribution, shall not apply if Personal Data is processed in government or public interests defined by the Russian law.
10.7. The Processor will ensure confidentiality of Personal Data Processing.
10.8. The Processor will store Personal Data in a form that allows identification of the Data Subject and no longer than it is necessary to achieve the goals of Personal Data Processing unless federal laws or an agreement, to which the Data Subject is a beneficiary or a guarantor, provide otherwise.
10.9. Personal Data Processing can be terminated when the goals of such processing are achieved, when the Data Subject’s consent to such processing expires, when the Data Subject withdraws its consent, or when unauthorized processing of Personal Data is revealed.

11. Actions performed by the Processor on Personal Data

11.1. The Processor may collect, record, systematize, accumulate, store, rectify (update, change), extract, use, transfer (distribute, provide, access), depersonalize, block, delete, and destruct Personal Data.
11.2. The Processor may perform Automated Personal Data Processing with or without obtaining and/or transferring the data by telecommunication networks.

12. Cross-border transfer of Personal Data

12.1. Before cross-border transfer of Personal Data occurs, the Processor shall make certain that the foreign country, to which the Personal Data are to be transferred, reliably protects the rights of Data Subjects.
12.2. If the foreign country, to which the Personal Data will be transferred, does not meet the requirements mentioned above, the Data Subject’s written consent is required to perform cross-border transfer of their Personal Data and/or to implement an agreement, to which the Data Subject is a party.

13. Privacy of Personal Data

The Processor and other persons that have access to Personal Data shall not disclose such data to third parties and shall not distribute them without Data Subject’s consent unless federal laws provide otherwise.

14. Final clauses

14.1. Users can request clarifications on processing their Personal Data by sending an email to
14.2. This document will reflect any changes in the Policy of Personal Data Processing by the Processor. The current version is in force until a new version is published.
14.3. The current version of the Policy is publicly available on