Sign in

Privacy Policy

Applies to WAX Events (wax.events) and XFC (xfc.world). UK GDPR

Jump to:

Who we are & contact What we collect How we use your data Our lawful bases Sharing & processors Cookies & analytics How long we keep data Security Your rights (UK GDPR) International transfers Children Changes to this policy How to contact us

Who we are & how to contact us

This policy explains how we handle personal data across the following websites (the “Websites”):

For the purposes of UK data protection law, the controller for your personal data is the operator of the relevant Website listed above. If you have any questions or requests about this policy or your personal data, contact us at:

Email: jordan@waxgroup.co.uk

What we collect

Information you provide

  • Identity & contact details (name, email, phone).
  • Billing & order details (billing address, order contents, ticket or membership information).
  • Marketing preferences (your choices about newsletters and event updates).
  • Support communications (messages you send us).

Information we collect automatically

  • Technical data (IP address, device and browser type, approximate location) via cookies and similar tech.
  • Usage data (pages viewed, actions taken) for analytics and site performance.

Payment cards: We use Stripe to process payments. Your card details are sent directly to Stripe and are not stored on our Websites.

How we use your data

  • To fulfil orders and provide services (tickets, memberships, customer support, order updates).
  • To operate and secure our Websites (troubleshooting, analytics, fraud prevention).
  • Marketing (optional) – only if you opt in at checkout or subscribe to our newsletter. You can unsubscribe at any time.
  • Legal and compliance – record‑keeping, tax and accounting obligations.

We do not use cookies for personalisation; our cookies are functional and analytics only.

Our lawful bases

  • Contract – to process your order and provide your tickets, memberships, and related services.
  • Legitimate interests – to run, protect, and improve our Websites, prevent fraud, and understand aggregate usage.
  • Consent – for email marketing/newsletters and placing non‑essential cookies (where required).
  • Legal obligation – to keep records necessary for tax and accounting.

Sharing & processors

We share personal data with trusted service providers who process it on our behalf, strictly under contract:

Payments – Stripe

We use Stripe to process payments. Stripe acts as a payment processor and receives payment details directly. We do not store card numbers on our servers.

Learn more: stripe.com/privacy

Email & newsletters – MailerLite

If you opt in to marketing or subscribe, your name and email are stored in MailerLite to send newsletters and updates.

Learn more: mailerlite.com/legal/privacy-policy

Analytics & pixels

We use analytics tools and pixels (e.g., Google Analytics, Meta Pixel) to understand how our sites are used and to measure campaign performance.

We may also share data with professional advisers (legal, accounting) and authorities where required by law. We do not sell your personal data.

Cookies & analytics

We use a cookie banner/consent tool. You can manage your preferences at any time via Cookie Settings (this link will open your site’s cookie manager if installed).

Cookie categories we use

  • Strictly necessary – required for the site to function (e.g., checkout, security).
  • Analytics – to measure site traffic and performance (no personalisation).

Most browsers let you block cookies or set alerts. Blocking some cookies may impact site functionality.

How long we keep data

  • Orders & billing records: kept for up to 6 years to meet tax and accounting obligations.
  • Support communications: typically up to 2 years after resolution.
  • Marketing records: until you unsubscribe or we delete inactive contacts.
  • Analytics data: retained according to our analytics providers’ settings.

We will also keep data where necessary to establish, exercise, or defend legal claims. When no longer needed, we securely delete or anonymise it.

Security

We use industry‑standard safeguards including SSL/TLS encryption, access controls, and secure service providers. While no system is 100% secure, we work to protect your information and review our measures regularly.

Your rights (UK GDPR)

You have the right to request:

  • Access to your personal data.
  • Correction of inaccurate or incomplete data.
  • Deletion of your data (where it’s no longer needed or you withdraw consent).
  • Restriction or objection to certain processing.
  • Portability – to receive your data in a usable format or have it sent to another controller.
  • Withdraw consent at any time (e.g., for marketing).

To exercise any rights, email jordan@waxgroup.co.uk. We may ask for information to verify your identity. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

International transfers

Some providers may process data outside the UK. Where this happens, we use appropriate safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses) to protect your information.

Children

Our Websites and services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

Changes to this policy

We may update this policy from time to time. Significant changes will be posted on this page.

Last updated: 19 August 2025

How to contact us

For privacy questions or requests, email jordan@waxgroup.co.uk.

 

homepage

all events

fighter registration

your xfc account

Ticket-alt Facebook-f Youtube

Newquay Sports & Community Centre, Tretherras Road, TR7 2SL

xtreme fighting championship