Privacy Policy

Thank you for using our website! We (XLAB d.o.o) want to protect your privacy (hereinafter ‘’you’’, ‘’individual’’ and ‘’data subject’’), so please read the following Privacy Policy to better understand how we collect and use personal data. We collect and manage personal data with the goal of incorporating our company values: transparency, accessibility and usability. By using our Site, you agree to these Privacy Policy, which applies to your use of Site located at (hereinafter ‘’Site’’), including any content, functionality, products and services on or via Site. Should you disagree with some of the provisions herein, you can either leave the Site or contact us at [email protected].

All our activities are in accordance with the European legislation (Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR), Conventions of the Council of Europe and national legislation of the Republic of Slovenia (Zakonom o varstvu osebnih podatkov (ZVOP-1), Zakonom o elektronskem poslovanju na trgu (ZEPT) and all other relevant legislation).


Our protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to begin by explaining the terminology used.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

XLAB d.o.o.
Pot za Brdom 100
1000 Ljubljana


We process personal data only for the purposes for which it was collected and in accordance with this Privacy Policy. We take reasonable steps to ensure that the personal data we process is accurate, complete and current, but we depend on you to update or correct your personal data when necessary.

The lawful bases for processing personal data are set out in Article 6 of the GDPR. Whenever we process your personal data one of these below stated lawful bases applies for below stated purposes.

On the basis of explicit individual’s voluntary consent, we process personal data for below stated purposes:

  • processing request to access enterprise information or financial information
  • notifying individuals about company news, updates, information about related product or service , financial information and other information, that individual requests
  • to provide, maintain, improve, develop and protect our products and services
  • fulfilling your requests

We process personal data on the basis of contract when it’s necessary for below stated purposes:

  • concluding and implementing of the contract
  • informing individuals about successful orders
  • providing our products and services
  • resolving complaints

When necessary we process personal data on the basis of legal interests for below stated purposes:

  • optimization of the Site
  • to ensure the network and information security of the IT systems
  • to prevent fraud

We process personal data on the basis of legal obligation for below stated reason:

  • retention of personal data regarding the purchase in accordance with applicable law, such us a fulfilment of tax obligation

You have the option to opt out of this kind of processing in accordance with this Privacy Policy.


We ask for and collect the following personal data:

  • Name and Surname
  • e-mail address
  • IP address
  • company name, which enables identification of individual

We also process non-personal information:
We collect anonymous data from every visitor to monitor traffic and fix bugs. This information is used to help us understand who uses our website, to improve and market our website in general and our online products and services in particular. We collect information like web requests, the data sent in response to such requests, the browser type, the browser language, a timestamp for the request and other anonymous statistical data involving the use of our website. This information by itself cannot be used to identify or contact you. We may combine automatically collected and other non-personal information with personal data. In that case we will treat the combined information as personal data under this Privacy Policy and it will be used for marketing purposes.


We do not process personal data for automated decision making and profiling.


We are not in the business of selling your personal data.

We do share personal data with third parties which may be processors of your personal data only as set forth in this Privacy Policy. We share it with carefully selected business partners that we either control or are our external contractors and that are either subject to this Privacy Policy or that follow practices that are at least as restrictive as those described in this Privacy Policy or we have a data processing contract in accordance with GDPR requirements. We may share it with:

  1. Service providers as we use some other third-party service providers to offer or facilitate services on our behalf. These services may include, among other things, helping us to provide services that you request, create or maintain our databases, to research and analyze the people who request our services or products, services or information from us, taking care of the shipment of products to you, of communication or helping us respond to inquiries and send out emails on our behalf. We will share your personal data as necessary for such third-party services providers to provide the applicable service to us or on our behalf.
  2. We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your personal data to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your personal data may protect the rights, property, or safety of XLAB or another person. We will disclose personal data that that law enforcement agencies require in particular case to be disclosed.
  3. We may disclose your personal data to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of products or services or its users or to protect our property rights. We will disclose personal data to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose personal data that previously mentioned entities require in particular case to be disclosed.


We do not transmit your personal data to third countries. In case your personal data will be transmitted to other third countries we will notify you.


We are committed to protecting the online privacy of children and making the internet safe. We do not provide products and services to children, or knowingly collect or solicit personal data from children under 15 years of age. Any communication we get that is identified as being from a child under 15 will not be kept by us. We encourage parents or guardians of children under 15 to regularly check and monitor their children’s use of email and other activities online.


We appreciate your trust in sharing your personal data with us and are committed to protecting it. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures as well as physical security measures. We restrict access to personal data to our employees, service providers and agents who need to know that personal data in order to operate, develop or improve our services. We use secure socket layer (SSL) technology to encrypt and protect your personal data.

Note that our Site offers links to other websites not owned or operated by us. Your use of these third-party services is entirely optional and at your risk. We are not responsible for the privacy policies and/or practices of these third-party services.


We store your personal data for as long as it, in our discretion, remains relevant to its purpose. We may store anonymized information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law.

Retention for personal data may vary depending on the applicable sectoral legislation (eg. tax, accounting legislation). In the case where the applicable sectoral legislation establishes mandatory duration for retention of personal data, we will delete if after the expiration of that mandatory duration.

When personal data is no longer needed, we shall delete it using reasonable measures to protect the personal data from unauthorized access or use.


You can update or remove your personal data or opt- out at any time.

  • Updates: If you still wish to use our products and services and your relevant personal data (name, e-mail, postal address, telephone number, etc.) changes, please let us know at [email protected]
  • Personal data removal: If you wish to completely remove your data from our collections please send us a deletion request at [email protected]
  • Opt-out: If you don’t like to receive our newsletter or other marketing material e-mails, you can unsubscribe any time with the “unsubscribe” link within any marketing e-mail you receive from us. We’ll be sad to see you go, but we respect your privacy.

Any request that you send to [email protected] may take up to 10 days to process and become effective.

After receiving your withdrawal of consent, we will stop processing your personal data (e-mail address) and will delete it. We will let you know that your withdrawal was took into account.


In relation to your personal data that we process, you have the right:

  • To obtain confirmation whether we process your personal data;
  • To access personal data referring to you;
  • To rectification
  • To erasure (Right to be forgotten)
  • Of restriction of processing
  • To data portability
  • To object
  • To state that the decision based solely on the automated processing of your personal data, including the creating of profiles, that has legal effects relating to you or significantly affects you in a similar way, does not apply to you,
  • To withdraw data protection consent

For all stated rights, you may, at any time, contact us at:

  • Email: [email protected]
  • By regular post to the address XLAB d.o.o., Pot za Brdom 100, 1000 Ljubljana, Slovenia

In addition, you are free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use your right to object by automated means using technical specifications. We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, but you will be charged for each additional copy with a fee to cover cost of preparing the copy.

Right of confirmation and access

You have the right to obtain from us the confirmation as to whether or not personal data concerning to you is being processed. If it is, you have the right to obtain from us free information about your personal data stored at any time and a copy of this information.

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement

Right to erasure (Right to be forgotten)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • When you withdraw consent and where there is no other legal ground for the processing.
  • You lodge an objection to the processing and there are no legitimate grounds for processing.
  • The personal data have been unlawfully processed.
  • The personal data are those collected from children as part of information society services.

Insofar as we, the controller, made personal data public and we are required to delete them, we will take into account all available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

Right of restriction of processing

Each data subject shall have to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful and you oppose the erasure of the personal data and you demand instead the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but you require them to assert, exercise or to defend legal claims.
  • You have objected to processing and it has not yet been determined whether the legitimate grounds of the controller override yours.

Right to data portability

You have the to receive the personal data concerning you, which was provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent or contract and the processing is carried out by automated means.

Furthermore, in exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, if the task is carried out in public interest, if the processing if for the exercise of official authority vested in us or for our legitimate interest (or those of a third party). This also applies to profiling based on these provisions.

XLAB shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If XLAB processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to XLAB to the processing for direct marketing purposes, XLAB will no longer process the personal data for these purposes.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affecting you, as long as the decision is not is necessary for entering into, or the performance of, a contract between you and a us, or is not authorized by Union law to which we are subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent.

If the decision is necessary for entering into, or the performance of, a contract between you and XLAB, or it is based on your explicit consent, XLAB shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and contest the decision.

Right to withdraw data protection consent

You have the right to withdraw his or her consent to processing of his or her personal data at any time.

Right to appeal

Independent of the above stated rights and independent of other remedies you, as data subject, have the right to appeal to a supervisory authority if you believe that the processing of your personal data violates the data protection regulations.

If you have exercised the right to access and after our decision you believe, that received personal data is not personal data that you have demanded, or that you did not receive all the requested data, you can file, before filing complaint to the Information Commissioner, a reasoned complaint to XLAB within 15 days. We must provide a decision about this complaint as if it were a new request within five business days.

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may complain to the competent state authority: Information Commissioner of the Republic of Slovenia (Zaloška 59, 1000 Ljubljana, telephone: 01 230 97 30, fax: 01 230 97 78, e-mail: [email protected]).


While we strive to protect your personal data, we cannot guarantee its absolute security. Despite our efforts, there remains the possibility that personal data may be accessed, altered, disclosed, or destroyed due to a security breach. In the unlikely event of a breach of security, and we have a way and (if required) your permission to do so, we will notify you by email if your personal data was involved in any way. We are not responsible for the functionality, privacy, or security measures of any other organization.

If the event of breach of security occurs, we shall inform the competent supervisory authority, unless if it did not endanger the rights and freedoms of individuals. When there is a suspicious doubt that a crime was committed, we will inform the police and/or prosecutor's office.


Cookies are small text files placed on your hard drive. We use cookies or similar technologies (pixels etc.) to personalize your online experience and improve our services to you.

We use first-party cookies for the sole purpose of remembering your preferences which enable you to smoothly browse through our websites on every visit, and to validate the form submission requests. These cookies do not collect any personal data form you, and they are not used for any kind of profiling or tracking.

Besides the essential and functional cookies that are either required for the service to work correctly or improve the user experience, we use some third-party cookies to provide analytics, measurement, marketing and advertising services. Your use of these third-party services is entirely optional and at your own risk. We are not responsible for the cookies, cookie policies, and/or cookie practices of these third-party services, and you are fully responsible for reading and understanding their privacy and cookie policies. You can read more about the specific services below.

Here is a list of cookies that we use. We have listed them here, so you can decide whether you would like to opt-out or not.


We share information with a limited number of third-party service providers who collect, store, use, process and transfer information about your activity on our websites in accordance with their Privacy Policies.



We use product analytics tool called PostHog on and to understand how users interact with our website. PostHog collects data on user action (the referral URL, content viewed and the content interacted with). This data helps us improve the website’s functionality and user experience by identifying areas for improvement and understanding how users navigate the site. For more information and to opt-out of PostHog tracking visit their Privacy Policy.


Our website uses Pingdom, a single-platform solution from SolarWinds, LLC to help monitor the availability and performance of websites, servers, and web applications. Any data transmitted to and processed by Pingdom is anonymized immediately and it is not possible to establish a link to an identified person in this connection.

You can read more about Pingdom privacy policy here.


Google reCAPTHCA is used on our websites to protect them from spam and abuse. reCAPTCHA uses advanced risk analysis techniques to tell bots and humans apart. You can find more information about reCAPTCHA here. You can read which data is collected by Google and what this data is used for here.

Advertising and remarketing

Google Ads

We use Google Ads, a service provided by Google, to display ads on the Google search results page and other websites and platforms that are part of the Google Display Network. Google Ads uses cookies and other tracking technologies to measure ad performance, target specific audiences, and optimize ad campaigns.

We may also use Google Ads remarketing to advertise our products and services online, allowing us to tailor our marketing to better suit your needs and only display ads that are relevant to you. Third-party vendors, including Google, use cookies to serve ads based on your past visits to our website. As always, we respect your privacy and we don’t collect any identifiable information through the use of Google’s or any other third-party remarketing system. If you do not wish to see our ads, you can always opt out by visiting Google’s Ads Settings or the Network Advertising Initiative opt-out page.


We have integrated components of the LinkedIn Corporation on our Site.

LinkedIn Insight Tag is a piece of lightweight JavaScript code that you can add to your website to enable in-depth campaign reporting and unlock valuable insights about your website visitors. You can use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with your ads.

LinkedIn provides under the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under LinkedIn Cookie Policy. The applicable privacy policy for LinkedIn is available here.


To enhance your viewing experience, we use YouTube videos on this website. By clicking play at each video, you agree to accept YouTube cookies. Please be aware these cookies may collect your personal information. For more information, please refer to YouTube’s privacy policy.


You can modify your browser settings to control whether your computer accepts or declines cookies. If you choose to decline cookies, you may not be able to use certain interactive features of our Site. Note that you can always go back and delete cookies from your browser; however, that means that any settings or preferences controlled by those cookies will also be deleted and you may need to recreate them.


We may amend this Privacy Policy sometimes. Use of personal data we collect now is subject to the Privacy Policy in effect at the time such personal data is used. If we make changes in the way we collect or use personal data, we will notify you by posting an announcement on Site. You are bound by the changes to the Privacy Policy when you use services after such changes have been first posted. This Privacy Policy was last updated on 9.4.2024.