Cookies First!

This website uses cookies to provide users with a high-quality, secure experience and content relevant to users needs and interests. By pressing the "agree" button, as well as by continuing to use this browser session, you confirm that you agree to the use of cookies. If you change your mind while using the website and you want to cancel your consent, you can always make the necessary changes to the browser settings and delete stored cookies. Our cookie policy is available here

Privacy policy

1. Information about the data controller

Our name is COLIBRIX LIMITED (“we”, “us”, “our”), registration number: 12578874, legal address: Warnford Court, 29 Throgmorton Street, London, England, EC2N 2AT.

You can contact us by writing to the following electronic mail address: info@colibrix.co.uk

2. Contact information for communication on personal data protection issues

If you have any questions regarding this notice or the processing of your personal data, you can contact us using the communication channels indicated in the previous point (point 1) or by contacting our personal data protection specialist by writing to the following electronic mail address: data@colibrix.co.uk

 

3. General characteristics of our personal data processing

This Privacy Policy explains how we collect, use, and protect your personal information when you interact with our services. By using our services, you agree to the practices described in this policy.

This Privacy Policy may be updated from time to time. Updates are posted on our website with the new effective date. Material changes may also be communicated via email.

We inform you that the personal data processing rules contained in this Privacy Policy apply only to the processing of personal data of natural persons.

In addition to these regulations, you can also familiarize yourself with the following additional personal data processing notices:

We are aware that personal data is your value, and we will process it in compliance with confidentiality requirements and take care of the security of your personal data in our possession.

 

4. For what purposes do we process your personal data and what is the legal basis for processing personal data?

We will process your personal data only according to previously defined legitimate purposes, including:

 

a. of services, as well as for the fulfilment and provision of the obligations specified in the contract (including the cooperation agreement) -

 

Within the framework of this purpose, we would also need to identify you, provide an appropriate payment calculation and ensure the payment process, contact you in matters related to the provision of the service and/or the execution of the contract (including sending invoices), in certain cases also ensure the collection of unpaid payments.

 

For this purpose and for the sub-purposes indicated above, we may need at least the following personal data: name, surname, personal identification number, address (object address, postal address, invoice delivery address), bank account number of the customer, customer and/or cooperation partner contact person; telephone number, address (postal address, billing address), e-mail address.

 

The main legal bases to be used to achieve these purposes are:

  • conclusion and execution of the contract with the data subject ( [1]point b of the first part of Article 6 of the General Data Protection Regulation);
  • Fulfilment of legal obligations (Article 6, Part One, Clause c of the General Data Protection Regulation);
  • The controller's legitimate interests (Article 6, Part One, Clause f of the General Data Protection Regulation), for example, identifying you as a customer, client and/or contact person of a cooperation partner, ensuring communication with you.

 

b. Fulfilment of the requirements set forth in regulatory acts regarding the provision of services or fulfilment of the requirements set forth in other normative acts

 

Within the scope of this purpose, we would need to fulfil both the requirements of financial and reporting regulatory acts, as well as the requirements of the accounting law, the requirements of the archive law and the requirements set forth in other regulatory acts.

 

For this purpose, we may need to process the following personal data: name, surname, personal identification number, address;

 

The main legal bases to be used to achieve these purposes are:

  • Fulfilment of legal obligations (Article 6, Part One, Clause c of the General Data Protection Regulation).

 

c. AML, fraud prevention activities

 

Within the scope of this purpose, we would need to identify, examine, prosecute and prevent crime and fraud, as well as to verify Customer and identify his eligibility for the requested services and ability for management of the account. Scope also includes such goals as managing risk internally for the Company and externally for the Customers and providing information to authorities upon request.

 

For this purpose, we may need to process the following personal data: name, surname, personal identification number, date of birth, nationality, address, financial information, risk assessment data.

 

The main legal bases to be used to achieve these purposes are:

  • Fulfilment of legal obligations (Article 6, Part One, Clause c of the General Data Protection Regulation);
  • conclusion and execution of the contract with the data subject (point b of the first part of Article 6 of the General Data Protection Regulation);
  • The controller's legitimate interests (Article 6, Part One, Clause f of the General Data Protection Regulation);
  • The public interest (Article 6, Part One, Clause e of the General Data Protection Regulation).

 

d. Provision of marketing activities

 

We may send you commercial communications, e.g., publish materials from public events organized by us.

 

For this purpose, we may need at least the following personal data: name, surname, telephone number, e-mail address of the customer, customer and/or cooperation partner.

 

The main legal bases to be used to achieve these purposes are:

  • consent of the data subject (point a of Article 6 of the first part of the General Data Protection Regulation);
  • conclusion and execution of the contract with the data subject (point b of the first part of Article 6 of the General Data Protection Regulation);
  • The controller's legitimate interests (Article 6, Part One, Clause f of the General Data Protection Regulation), for example, to ensure communication.

 

e. Prevention of threats to security, property interests and other important legitimate interests of us or third parties

 

Within the framework of this purpose, we would need to conduct video surveillance of our territory, buildings and other properties, make recordings of telephone conversations , use personal data processors for the provision of various functions, if necessary, disclose information to courts and other state institutions, exchange information within the group of companies, use the rights granted by regulatory acts the right to ensure their legitimate interests.

 

For this purpose, we may need to process at least the following personal data: Customer's, customer's and/or cooperation partner's contact name, surname, personal identification number, facility address, declared number of residents at the address, personal appearance (picture), location and time, and other data as needed;

 

The main legal bases to be used to achieve these purposes are:

  • The controller's legitimate interests (point f of the first part of Article 6 of the General Data Protection Regulation), for example, for the purposes of detecting criminal offenses, for ensuring debt collection.

 

f. To ensure the proper provision of services

 

As part of this purpose, we would need to maintain and improve technical systems and IT infrastructure, use technical and organizational solutions that can also use your personal data (for example, monitoring cookies), with the aim of ensuring proper service provision.

 

The main legal bases to be used to achieve these purposes are:

  • The controller's legitimate interests (Article 6, Part One, Clause f of the General Data Protection Regulation).
  •  

5 . Who could access your personal data?

We take appropriate measures to process your personal data in accordance with applicable laws and to ensure that your personal data is not accessed by third parties who do not have an appropriate legal basis for processing your personal data.

 

If necessary, your personal data could be accessed by:

  1. our employees or directly authorized persons who need it for the performance of work duties;
  2. personal data processors in accordance with the services they provide and only to the extent necessary, such as auditors, financial management and legal consultants, database developer/technical maintainer, other persons who are related to the provision of the administrator's services;
  3. in cases specified in the legal acts of state and municipal authorities, for example, law enforcement authorities, municipalities, tax authorities, sworn bailiffs;
  4. third parties, carefully assessing whether there is an appropriate legal basis for such data transfer, such as debt collectors, courts, out-of-court dispute resolution institutions, bankruptcy or insolvency administrators, third parties that maintain registers (for example, register of citizens, registers of debtors, etc.).
  5. Affiliated companies within the COLIBRIX group may access information for operational support and risk monitoring.
  6. regulators, including the FCA and HMRC, and with law enforcement or other authorities as required by law.
  7. service providers such as IT infrastructure, payment processors, auditors, and security monitoring providers, under contractual agreements or legitimate interests.

 

6. Which cooperation partners in personal data processing or personal data processors do we choose?

We take appropriate measures to ensure the processing, protection and transfer of your personal data to data processors in accordance with applicable laws. We carefully select personal data processors and, when transferring data, we evaluate its necessity and the amount of data to be transferred. The transfer of data to processors is carried out in compliance with the requirements of confidentiality and secure processing of personal data.

We can currently cooperate with the following categories of personal data processors:

  1. outsourcing accountants, auditors, financial management and legal consultants;
  2. IT infrastructure, database owner/developer/technical maintainer;
  3. other persons involved in the provision of our services;

 

Personal data processors may change from time to time, which we will also update in this document.

 

7. Are your personal data sent to countries outside the European Union (EU) or the European Economic Area (EEA)?

Colibrix Limited may need to transfer your personal data to countries outside the UK or the European Economic Area (EEA). Laws in these countries may offer different levels of data protection.

When transferring your data, we always ensure your privacy is protected according to UK and EEA law.

Transfers from the EEA to the UK: We rely on UK GDPR adequacy regulations (under Article 45 of the UK GDPR)

Transfers outside the UK or EEA: We only transfer personal data if:

    • The country has been recognised as providing adequate data protection (under Article 45 of the EU GDPR); or
    • We use legally-approved standard contractual clauses; or
    • A specific legal exception applies.

If these safeguards cannot be used, we will not transfer your personal data unless another lawful mechanism allows it. Any changes to these arrangements will be reflected in updates to this Privacy Policy.

 

8. How long will we store your personal data?

Your personal data is stored for as long as its storage is necessary according to the relevant purposes of personal data processing, as well as in accordance with the requirements of applicable legislation. When evaluating the duration of storage of personal data, we take into account the applicable requirements of regulatory acts, aspects of the performance of contractual obligations, your instructions (e.g. in the case of consent), as well as our legitimate interests. If your personal data is no longer needed for the specified purposes, we will delete or destroy them

Below we indicate the most common retention periods for personal data:

  1. personal data necessary for the fulfillment of contractual obligations - we will store until the contract is fulfilled and until other storage terms are fulfilled (see below);
  2. personal data that must be stored in order to fulfill the requirements of legal acts, we will store the terms specified in the relevant regulatory acts, for example, the Companies Act 2006 stipulates that supporting documents must be kept for a period of 6 years from the end of the financial year to which they relate;
  3. In order to prove the fulfillment of our obligations, we will store the data for the general claim limitation period, in accordance with the claim limitation periods defined in the laws and regulations: Limitation Act 1980: This is the primary statute governing limitation periods for most civil claims in England and Wales. Some key limitation periods under the Limitation Act 1980 include:
    • Six years for claims based on simple contracts (e.g., debts, breach of contract).
    • Three years for claims in tort (e.g., personal injury, negligence).
    • Twelve years for claims related to specialty contracts (e.g., deeds).
  4. Consumer Rights Act 2015: This legislation sets out specific limitation periods for certain consumer claims, such as:
    • Six years for claims for breach of contract related to goods or services.
    • Five years for claims for faulty goods under the Consumer Rights Act.
    •  

9. What are your rights as a data subject regarding the processing of your personal data?

 Under UK data protection law, you have the following rights regarding your personal data, which you can exercise free of charge:

a. Right of access

You have the right to request a copy of the personal data we hold about you.

b. Right to rectification

You can ask us to correct any inaccuracies or incomplete information in your personal data.

c. Right to erasure (Right to be forgotten)

You may request that we delete your personal data where applicable, for example if it is no longer necessary for the purposes it was collected, or if you withdraw your consent.

d. Right to restrict processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.

e. Right to data portability

You may request a copy of the personal data you provided to us in a structured, commonly used, and machine-readable format. You can also request that we transmit this data to another data controller where technically feasible.

f. Right to object

You have the right to object to:

  • Processing of your personal data for direct marketing purposes (including profiling);
  • Processing carried out for our legitimate interests, unless we have compelling grounds to continue processing;
  • Processing for other specific purposes where applicable under UK GDPR.

g. Rights related to automated decision-making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

h. Right to withdraw consent

If you have provided consent for processing your personal data, you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

How to exercise your rights

To exercise any of these rights, please contact us using one of the following methods:

  • By email: data@colibrix.co.uk
  • By post: COLIBRIX LIMITED, Warnford Court, 29 Throgmorton Street, London, EC2N 2AT

Please provide:

  • Your full name and contact details
  • Any relevant customer or account reference number
  • The right you wish to exercise and the information your request relates to
  • Any additional identification information we may reasonably request

Upon receiving your request, we may ask for additional verification to ensure the security of your personal data. We will respond within the timeframes required by law (usually within 1 month).

ICO Guidance on Your Rights:

You can find official guidance from the UK Information Commissioner’s Office (ICO) here: ICO – Your Data Rights

 

10. Where can you submit a complaint related to issues related to personal data processing?

If you have any questions or objections regarding our processing of your personal data, we invite you to contact us first.

 

If you still believe that we have not been able to mutually resolve the problem and you believe that we still violate your right to personal data protection, you have the right to file a complaint with the Information Commissioner's Office. You can find samples of submissions to the Data State Inspection and other related information on the website of the Information Commissioner's Office (https://ico.org.uk/make-a-complaint/).

You also have the right to lodge a complaint with a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA

 

11. Why do you need to provide us with your personal data?

Primarily, we collect your information to fulfill our contractual obligations, fulfill our legal obligations and to pursue our legitimate interests. In these cases, obtaining certain information is necessary for us to achieve the relevant purposes, therefore, failure to provide such information may jeopardize the initiation of business relations or the performance of the contract. If the data will not be required necessarily, but their submission could help to improve the service, or offer you favorable contract conditions and/or offers, we will indicate at the time of data collection that the provision of data is voluntary.

In addition, we would like to inform you about the main regulatory requirements regarding the processing of personal data:

  1. Data Protection Act 2018 (DPA 2018);
  2. UK General Data Protection Regulation (UK GDPR), which incorporates the principles and requirements of the EU GDPR into UK law.
  3. Additionally, there are specific regulations and guidance issued by the Information Commissioner's Office (ICO), the UK's independent regulator for data protection.

12. How do we obtain your personal data?

We can obtain your personal data in one of the following ways:

  1. in the process of concluding a mutual agreement, obtaining data from you;
  2. if the contract is concluded with a third party and it has indicated you as a contact person;
  3. from you, if you submit any submissions, e-mails, call us;
  4. from you if you sign up for our services online;
  5. from you by authorizing on the website www.colibrix.co.uk
  6. on the website www.colibrix.co.uk , using cookies;
  7. third party databases, for example when evaluating your creditworthiness, to achieve this purpose;
  8. in relevant cases, from video surveillance recordings.

 

13. Are your personal data used in automated decision-making?

We do not use your data for automated decision-making.

 

[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)