Cookies First!

This website uses cookies to provide users with a high-quality, secure experience and content relevant to users needs and interests. By pressing the "agree" button, as well as by continuing to use this browser session, you confirm that you agree to the use of cookies. If you change your mind while using the website and you want to cancel your consent, you can always make the necessary changes to the browser settings and delete stored cookies. Our cookie policy is available here

log in | Sign up

Privacy policy 2.0

Effective Date – 23/06/2026

Last Updated Date -  23/06/2026

Version Number: 2.0 You can find the previous version here

1. Information about the data controller Colibrix One is the trading name of Colibrix Limited (“Colibrix One”) Colibrix Limited is incorporated in England (Company No. 12578874) with its registered address at Warnford Court, 29 Throgmorton Street, London, England, EC2N 2AT. Colibrix Limited is authorised by the United Kingdom Financial Conduct Authority as an Electronic Money Institution with FRN 927920.

As a regulated financial institution, we are required to process certain personal data to comply with the UK GDPR, Data Protection Act 2018 and other applicable laws.

2. Personal data we collect about you

Data protection laws primarily apply to individuals. While these laws generally do not extend to legal entities themselves (such as limited liability companies), they do apply to the individuals associated with those entities.

When providing Colibrix One products, we process personal data related to the Representatives and associated persons of the legal entity.

Personal data, or personal information, means any information about an identified or identifiable individual. It can include data that you provide to us (such as your name, address or contact details) and data that we collect about you during your interaction with our services (such as device information, IP address, etc.). It does not include anonymous data, which cannot be linked back to an individual.

We will collect and process personal data about you in the following ways:

2.1 Information You Provide to Us

The information we hold about you, or individuals associated with your business, is often supplied directly by you. This may occur when you register for a Colibrix One service, participate in promotions, or engage in online discussions. Such information may include:

  • Profile details: your name, email address, postal address, phone number, and any profile picture or avatar you choose to upload.
  • Personal information: your date of birth, passport details or other identification documents, national identification numbers, occupation, tax residency status, tax identification number, proof of address, and proof of residency.
  • Shareholder and director information: details about company shareholders, beneficial owners, and directors, including copies of identity documents, proof of address where required.
  • Financial information: bank account details, debit or credit card information, income data, and financial history.
  • Images and videos: photographs or videos you provide. We may process biometric data, including facial scan information generated during identity verification processes. Where biometric data is used for uniquely identifying an individual, we process such data only where permitted under Article 9 UK GDPR and applicable data protection law. This processing is undertaken for identity verification, fraud prevention, anti-money laundering compliance and other security purposes. Appropriate technical and organisational safeguards are applied to protect biometric data, including encryption, restricted access controls and retention limits.
  • Communications with us: emails, recorded phone calls, complaint submissions, chat conversations.
  • Personal circumstances: information indicating that you may require additional support or protection to help us meet regulatory obligations relating to vulnerable customers.
  • Source of funds or wealth: documentation such as bank statements, loan agreements, or equity contracts that helps verify the origin of your funds or assets.

If you do not provide information that is required by law or necessary for delivering our services, we may be unable to provide those services.

You can update your contact information at any time to ensure it remains accurate and up to date.

If you submit personal information about another individual, such as company shareholders, directors, authorized users, payment recipients, referred friends or any other person connected to Colibrix One you confirm that you have the necessary permission or legal basis to share that information and that the individual understands how their personal data will be used, including being informed of this notice where required.

2.2 Information We Collect Through Your Use of Our Services

When you use our services, we may automatically collect information including:

  • Transaction information: details of payments and transfers, including recipient information and the location from which transactions are initiated.
  • Device information: IP address, login credentials, browser type and version, time zone settings, operating system, device type, VPN usage, device identifiers (such as IMEI or MAC address), mobile network details, and mobile browser information.
  • Usage information: details about how you interact with our website or app, including pages viewed, searches performed, scrolling activity, clicks, and, where applicable, information about installed applications with remote access permissions.
  • Behavioural biometric data: patterns related to how you access and use our services, such as typing rhythm, keystroke dynamics, touch interactions, and mouse movements. This information helps detect fraud and unauthorized access attempts.

2.3 Information We Receive from Other Sources

We may also obtain information about you from external sources, including:

  • Financial institutions: banks and other financial service providers may share information with us.
  • Connected individuals: if you are associated with a Colibrix One Business customer, that customer may provide us with your information. This may include your name, account details, email address, date of birth, country of residence, identity documents, or additional verification information when required.
  • Advertising and analytics partners: these providers may supply information about how you discovered or interacted with our website and services.
  • Fraud prevention agencies and databases: we may verify information you provide against government records, company registries, fraud prevention databases, private data sources, or credit reference agencies to confirm identity and prevent fraud.
  • Publicly available sources: information from media reports, public registries, directories, and websites may be collected for enhanced due diligence, compliance, and Know Your Customer (KYB) purposes.

2.4 Information From Social Networks

If you sign in to our services using a social media account, we may receive the information needed to authenticate your identity, including your profile details, profile photo, and email address, in accordance with the relevant platform’s privacy policy.

When you visit our social media pages, platforms such as Linkedin may collect information about you and generate aggregated statistics. While we can view these overall analytics, we cannot access the underlying personal data or identify individual users from them.

We may also collect information you choose to share when interacting with us on social media, such as through posts, comments, tags, or private messages.

In some cases, we may review publicly available information from selected social media platforms or media sources as part of enhanced due diligence procedures.

3. General characteristics of our personal data processing

This Privacy Policy explains how we collect, use and protect your personal information when you interact with our services. By using our services, you agree to the practices described in this policy.

This Privacy Policy may be updated from time to time. Updates are posted on our website with the new effective date. Material changes may also be communicated via email.

We inform you that the personal data processing rules contained in this Privacy Policy apply only to the processing of personal data of natural persons.

In addition to these regulations, you can also familiarize yourself with the following additional personal data processing notices, available on the website:

  • Terms and conditions;
  • Cookie policy

We are aware that personal data is your value, and we will process it in compliance with confidentiality requirements and take care of the security of your personal data in our possession.

4. Purposes for which we will use your personal data - the ways we plan to use your personal data, along with the corresponding legal bases, are described below:

What we use your data for: To determine if you are eligible to use our services. We carry out checks to verify your, and “Authorised Users”, identity during onboarding in order to comply with Know Your Business “KYB” obligations under anti-money laundering laws. In some countries, as part of our KYB processes we extract face scan information (known as “biometric data”) from a selfie or video that you provide to compare with the picture of you on identity documents.

The legal basis for doing so: Legal obligations. Consent (for biometric data collection).

What we use your data for: To deliver our products and services to you, we will handle personal data when necessary to: Provide the services you have requested; Deliver customer support and monitor or record communications with you including phone calls for training and quality assurance purposes.

The legal basis for doing so: Legitimate interests. It is in our legitimate interests to help Colibrix One customers find each other and transfer money easily.

The main legal bases to be used to achieve these purposes are:

● conclusion and execution of the contract with the data subject (Article 6(1)(b) UK GDPR));

● Fulfilment of legal obligations (Article 6(1)(c) UK GDPR);

The controller’s legitimate interests (Article 6(1)(f) UK GDPR), for example, identifying you as a customer, client and/or contact person of a cooperation partner, ensuring communication with you.

What we use your data for: To maintain security and protect against fraud, we process personal data to:

• Prevent, identify, and safeguard against actual or suspected fraud, unauthorized transactions, claims, liabilities, and other financial or criminal activities. In certain circumstances, this may involve the collection of biometric data. To preserve the effectiveness of our fraud prevention measures, we may not be able to disclose all details of how these controls operate.

• Verify your eligibility to access and use our services.

• Support the safety and security of our services by monitoring suspicious, unusual, or potentially harmful activity.

The legal basis for doing so: Legal obligation. Legitimate interests. It is in our legitimate interests to detect, prevent, and investigate fraud, money laundering and other crimes to protect our business and our customers.

What we use your data for: Compliance with legal and regulatory obligations, protection of our business, and enforcement of our rights.

We may process your personal data to:

• Comply with applicable legal and regulatory requirements, including responding to lawful requests from public authorities and government bodies, which may be located outside your country of residence;

• Meet our obligations related to determining your tax status and ensuring compliance with relevant tax regulations;

• Prevent, detect, and protect against actual or suspected fraud, unauthorized transactions, claims, liabilities, and other financial or criminal activities, including conducting or supporting investigations where appropriate;

• Recover amounts owed to us, including through insurance claims, and mitigate or limit potential losses or damages;

• Enable third parties or financial institutions to recover funds that were mistakenly sent to you or transferred as a result of fraudulent activity;

• Verify the accuracy of information you provide and enforce the terms of our Agreement;

• Investigate, manage and resolve complaints and disputes;

• Protect our employees by preventing and addressing incidents involving abusive, threatening or aggressive behavior.

Within the scope of this purpose, we would need to fulfil both the requirements of financial and reporting regulatory acts, as well as the requirements of the accounting law, the requirements of the archive law and the requirements set forth in other regulatory acts. For this purpose, we may need to process the following personal data: name, surname, personal identification number, address.

The legal basis for doing so: Legitimate Interests (it is in our legitimate interests to protect our business, customers and employees from harm).

The main legal bases to be used to achieve these purposes are: Fulfilment of legal obligations (Article 6(1)(c) UK GDPR).

What we use your data for: Marketing and analytics.

We may process your personal data to:

• Personalize marketing communications about our products and services to make them more relevant to your interests and preferences;

• Measure and evaluate the effectiveness of our advertising campaigns and deliver advertising that is more relevant to you;

• Inform you about other products and services that are similar to those you already use and that we believe may be of interest to you;

• Administer and manage promotions, contests, and other marketing activities related to our products and services.

The legal basis for doing so: Legitimate interests. It is in our legitimate interests to let our customers know about our products and services which may interest them, to personalize marketing communications and to understand the effectiveness of our advertising.

Consent where we are required to collect your consent by law, including when we use your device location to send you personalized updates.

The main legal bases to be used to achieve these purposes are:

● consent of the data subject (Article 6(1)(a) UK GDPR);

● The controller’s legitimate interests (Article 6(1)(f) UK GDPR), for example, to ensure communication.

What we use your data for: Maintaining and enhancing our services.

We may process your personal data to:

Manage and operate our services, including for internal business purposes such as operational management, planning, auditing, troubleshooting, data analysis, testing, research, statistical evaluations, and surveys;

Support the development and improvement of our systems and products, including collaborating with third-party providers to enhance the services they deliver to us;

Continuously improve our services and ensure they are delivered and presented in the most efficient and effective manner;

Utilize Artificial Intelligence (AI) technologies, including machine learning models and generative AI large language models (LLMs), to enhance service quality, operational efficiency, and our fraud and financial crime prevention efforts. We will clearly notify customers whenever they are interacting directly with an AI-powered system, such as a virtual or automated assistant.

The legal basis for doing so: Legitimate interests. It is in our legitimate interests to maintain, develop and improve our services.

What we use your data for: AML, fraud prevention activities.

Within the scope of this purpose, we would need to identify, examine, prosecute and prevent crime and fraud, as well as to verify Customer and identify his eligibility for the requested services and ability for management of the account. Scope also includes such goals as managing risk internally for the Company and externally for the Customers and providing information to authorities upon request. For this purpose, we may need to process the following personal data: name, surname, personal identification number, date of birth, nationality, address, financial information, risk assessment data.

The legal basis for doing so: The main legal bases to be used to achieve these purposes are:

● Fulfilment of legal obligations (Article 6(1)(c) UK GDPR);

● conclusion and execution of the contract with the data subject (Article 6(1)(b) UK GDPR);

● The controller’s legitimate interests (Article 6(1)(f) UK GDPR).

What we use your data for: Prevention of threats to security, property interests and other important legitimate interests of us or third parties.

Within the framework of this purpose, we may record telephone conversations, engage data processors to carry out certain functions on our behalf, disclose information to courts, regulators and other public authorities where required, and exchange information within our group of companies, in each case in order to protect our legitimate interests. For this purpose, we may need to process at least the following personal data: Customer’s, customer’s and/or cooperation partner’s contact name, surname, address, contact details and other data necessary for this purpose;

The legal basis for doing so: The main legal bases to be used to achieve these purposes are:

● The controller’s legitimate interests (Article 6(1)(f) UK GDPR), for example, for the purposes of detecting criminal offenses, for ensuring debt collection.

What we use your data for: To ensure the proper provision of services. As part of this purpose, we would need to maintain and improve technical systems and IT infrastructure, use technical and organizational solutions that can also use your personal data (for example, monitoring cookies), with the aim of ensuring proper service provision.

The legal basis for doing so: The main legal bases to be used to achieve these purposes are the controller’s legitimate interests (Article 6(1)(f) UK GDPR).

What we use your data for: Understanding if you need extra support. We process your personal data to help you if your personal circumstances indicate that you may need extra assistance (for example if you have suffered a bereavement or are experiencing financial difficulties); In some countries, it’s a legal requirement for us to proactively identify and assist vulnerable customers.

The legal basis for doing so: Consent where we are required to collect your consent by law.

     5. Who could access your personal data?

We take appropriate measures to process your personal data in accordance with applicable laws and to ensure that your personal data is not accessed by third parties who do not have an appropriate legal basis for processing your personal data. If necessary, your personal data could be accessed by:

  1. our employees or directly authorized persons who need it for the performance of work duties;
  2. personal data processors in accordance with the services they provide and only to the extent necessary, such as auditors, financial management and legal consultants, database developer/technical maintainer, other persons who are related to the provision of the administrator's services;
  3. in cases specified in the legal acts of state and municipal authorities, for example, law enforcement authorities, municipalities, tax authorities, sworn bailiffs;
  4. third parties, carefully assessing whether there is an appropriate legal basis for such data transfer, such as debt collectors, courts, out-of-court dispute resolution institutions, bankruptcy or insolvency administrators, third parties that maintain registers (for example, register of citizens, registers of debtors, etc.).
  5. affiliated companies within the COLIBRIX ONE ONE group may access information who may assist in providing our services to you, improving our operations, and supporting business functions such as customer support, technology, marketing, fraud prevention and compliance. We may also share your information with other Colibrix One One group companies for the purpose of marketing similar products and services to you.
  6. regulators, including the FCA and HMRC, and with law enforcement or other authorities as required by law.
  7. service providers such as IT infrastructure, payment processors, auditors, and security monitoring providers, under contractual agreements or legitimate interests;
  8.  banks and other financial institutions we work with to provide you our services. Unless indicated otherwise, these third parties act as independent, separate data controllers who determine why and how they will process your data;
  9. fraud prevention agencies and providers of fraud prevention services to prevent, detect, or protect against actual or suspected fraud, unauthorised transactions, claims, liability, and financial or other crimes, including conducting or co-operating with investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so, or where required by law;
  10. third parties or financial institutions: to recover debt or in relation to your insolvency or to allow them to recover money received by you in error or due to fraud;

With Your Consent: In some cases, we may share your information with other third parties when you provide explicit consent to do so.

If you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can contact us.

6. Which cooperation partners in personal data processing or personal data processors do we choose?

We take appropriate measures to ensure the processing, protection and transfer of your personal data to data processors in accordance with applicable laws. We carefully select personal data processors and, when transferring data, we evaluate its necessity and the amount of data to be transferred. The transfer of data to processors is carried out in compliance with the requirements of confidentiality and secure processing of personal data.

We can cooperate with the following categories of personal data processors:

  1. outsourcing accountants, auditors, financial management and legal consultants;
  2. IT infrastructure, database owner/developer/technical maintainer;
  3. other persons involved in the provision of our services;

 

7. International Data Transfers

Colibrix One may need to transfer your personal data to countries outside the UK or the European Economic Area (EEA). Laws in these countries may offer different levels of data protection.

When transferring your data, we take measures to comply with data protection laws applicable to those transfers. In particular where a transfer is to a country with data protection regulations that do not offer an equivalent level of data protection to your country, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice.

We ensure your privacy is protected according to UK and EEA law. Transfers from the EEA to the UK: We rely on UK GDPR adequacy regulations (under Article 45 of the UK GDPR)

  • Transfers outside the UK or EEA: We only transfer personal data if:T he country has been recognized as providing adequate data protection (under Article 45 of the UK GDPR); or
  • We use an appropriate UK transfer mechanism, such as the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU standard contractual clauses, supported by a transfer risk assessment; or
  • A specific legal exception applies.

If these safeguards cannot be used, we will not transfer your personal data unless another lawful mechanism allows it. Any changes to these arrangements will be reflected in updates to this Privacy Policy.

Whenever we transfer personal data internationally, we ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

Where personal data is transferred:

  • from the EEA to the UK, we rely on the European Commission's adequacy decision for the United Kingdom under Article 45 of the EU GDPR;
  • to a country recognised as providing an adequate level of protection under Article 45 of the UK GDPR;
  • under the ICO's International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any supplementary measures required following a transfer risk assessment; or
  • where another lawful transfer mechanism or derogation applies.

If none of these safeguards is available, we will only transfer personal data where permitted by applicable law.

More information about the third parties to whom we may transfer personal data, their locations, and the contractual arrangements in place to comply with applicable data protection laws can be provided to you if you send a request contacting us.

8. How long will we store your personal data?

Your personal data is stored for as long as its storage is necessary according to the relevant purposes of personal data processing, as well as in accordance with the requirements of applicable legislation. When evaluating the duration of storage of personal data, we take into account the applicable requirements of regulatory acts, aspects of the performance of contractual obligations, your instructions (e.g. in the case of consent), as well as our legitimate interests. If your personal data is no longer needed for the specified purposes, we will delete or destroy them

Below we indicate the most common retention periods for personal data:

  1. personal data necessary for the fulfillment of contractual obligations - we will store until the contract is fulfilled and until other storage terms are fulfilled (see below);
  2. personal data that must be stored in order to fulfill the requirements of legal acts, we will store the terms specified in the relevant regulatory acts, for example, the Companies Act 2006 stipulates that supporting documents must be kept for a period of 10 years from the end of the financial year to which they relate. Personal data obtained for anti-money-laundering and counter-terrorist-financing purposes are retained for five years following the end of our business relationship with you or the completion of an occasional transaction, in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.;
  3. In order to prove the fulfillment of our obligations, we will store the data for the general claim limitation period, in accordance with the claim limitation periods defined in the laws and regulations: Limitation Act 1980: This is the primary statute governing limitation periods for most civil claims in England and Wales. Some key limitation periods under the Limitation Act 1980 include:
    • Six years for claims based on simple contracts (e.g., debts, breach of contract).
    • Three years for claims in tort (e.g., personal injury, negligence).
    • Twelve years for claims related to specialty contracts (e.g., deeds).
    • Five years for KYC and CDD records following the end of the business relationship or completion of an occasional transaction, unless a longer retention period is required or permitted by applicable law.
  4. Consumer Rights Act 2015: This legislation sets out specific limitation periods for certain consumer claims, such as:
    • Six years for claims for breach of contract related to goods or services.
    • Five years for claims for faulty goods under the Consumer Rights Act. 

We will always delete data that is no longer required by a relevant law or jurisdiction in which we operate. We do this automatically, so you don’t need to contact us to ask us to delete your data. Deletion methods include shredding, destruction and secure disposal of hardware and hard-copy records, and deletion or over-writing of digital data.

 

9. What are your rights as a data subject regarding the processing of your personal data?

 Under UK data protection law, you have the following rights regarding your personal data, which you can exercise free of charge:

  1. Right of access - you have the right to request a copy of the personal data we hold about you.
  2. Right to rectification - you can ask us to correct any inaccuracies or incomplete information in your personal data.
  3. Right to erasure (Right to be forgotten) - you may request that we delete your personal data where applicable, for example if it is no longer necessary for the purposes it was collected, or if you withdraw your consent.
  4. Right to restrict processing - you can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  5. Right to data portability - you may request a copy of the personal data you provided to us in a structured, commonly used, and machine-readable format. You can also request that we transmit this data to another data controller where technically feasible.
  6. Right to object - you have the right to object to:
  • Processing of your personal data for direct marketing purposes (including profiling);
  • Processing carried out for our legitimate interests, unless we have compelling grounds to continue processing;
  • Processing for other specific purposes where applicable under UK GDPR.
  1. Rights related to automated decision-making - where we take a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you, you have the right to be informed, to obtain human intervention, to express your point of view and to contest the decision, in accordance with Articles 22A to 22D of the UK GDPR. Where such a decision would be based on special category data, we will take it only with your explicit consent or where another condition in Article 22C of the UK GDPR applies.
  2. Right to withdraw consent - If you have provided consent for processing your personal data, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

How to exercise your rights

To exercise any of these rights, please contact us using one of the following methods:

  • By email: data@Colibrix One.co.uk
  • By post: COLIBRIX LIMITED, Warnford Court, 29 Throgmorton Street, London, EC2N 2AT

Please provide:

  • Your full name and contact details
  • Any relevant customer or account reference number
  • The right you wish to exercise and the information your request relates to
  • Any additional identification information we may reasonably request

Upon receiving your request, we may ask for additional verification to ensure the security of your personal data. We will respond within the timeframes required by law (usually within 1 month).

The company reserves the right to charge a reasonable fee or refuse to comply with the request only if it is manifestly unfounded or excessive.

ICO Guidance on Your Rights:

You can find official guidance from the UK Information Commissioner’s Office (ICO) here: ICO – Your Data Rights

 If you are dissatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO):

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk

10. Where can you submit a complaint related to issues related to personal data processing?

If you have any questions or objections regarding our processing of your personal data, we invite you to contact us first.

From 19 June 2026, you also have a statutory right to complain to us directly about how we handle your personal data. We will acknowledge any such complaint within 30 days of receipt and keep you informed of the outcome.

If you still believe that we have not been able to mutually resolve the problem and you believe that we still violate your right to personal data protection, you have the right to file a complaint with the Information Commissioner's Office. You can find samples of submissions to the      Information Commissioner’s Office and other related information on the website of the Information Commissioner's Office (https://ico.org.uk/make-a-complaint/).

You also have the right to lodge a complaint with a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.

11. Why do you need to provide us with your personal data?

Primarily, we collect your information to fulfill our contractual obligations, fulfill our legal obligations and to pursue our legitimate interests and other purposes mentioned above. In these cases, obtaining certain information is necessary for us to achieve the relevant purposes, therefore, failure to provide such information may jeopardize the initiation of business relations or the performance of the contract. If the data will not be required necessarily, but their submission could help to improve the service, or offer you favorable contract conditions and/or offers, we will indicate at the time of data collection that the provision of data is voluntary.

In addition, we would like to inform you about the main regulatory requirements regarding the processing of personal data:

  1. Data Protection Act 2018 (DPA 2018);
  2. UK General Data Protection Regulation (UK GDPR), which incorporates the principles and requirements of the EU GDPR into UK law.
  3. Additionally, there are specific regulations and guidance issued by the Information Commissioner's Office (ICO), the UK's independent regulator for data protection.

12. How do we obtain your personal data?

We may obtain personal data from:

  • you directly;
  • authorised representatives;
  • beneficial owners;
  • corporate customers;
  • banks and payment institutions;
  • credit reference agencies;
  • fraud prevention agencies;
  • sanctions and watchlist providers;
  • publicly available sources;
  • regulators and law enforcement authorities;
  • on the website www.Colibrix One.co.uk , using cookies;
  • other publicly available sources.

      

13. Are your personal data used in automated decision-making?

We may carry out automated processing of your personal data, including for fraud prevention, anti-money-laundering screening and assessing creditworthiness. Where a decision producing legal effects concerning you, or similarly significantly affecting you, is based solely on automated processing, we apply the safeguards required by Articles 22A to 22D of the UK GDPR, including notifying you and enabling you to obtain human intervention, to express your point of view and to contest the decision. We do not take such solely automated decisions on the basis of special category data unless you have given explicit consent or another condition in Article 22C of the UK GDPR applies.. “UK GDPR” means Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, and as amended (including by the Data Protection Act 2018 and the Data (Use and Access) Act 2025)

14. Cookies

Our website use small files known as cookies, along with similar technologies. These help us distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to improve our services and make sure that the ads you see online are more relevant to you and your interests. For more information about the cookies and technologies we use, as well as their purposes, see our Cookie Policy.

15. Changes to our Privacy Notice

To keep up with changing legislation, best practice, and changes in how we process personal information, we may revise this notice at any time. In the case of significant or material changes to this notice, we will let you know.

16. Contact

Please send any questions, comments or requests about this notice to our team at data@colibrix.co.uk. You can also refer your request to our Data Protection Officer.

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you may have the right to lodge a complaint. You can make a privacy complaint by writing to data@colibrix.co.uk. In addition, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws.