top of page

Current as of 09 March 2026 

Privacy Policy

This Privacy Policy (the "Policy") governs the terms under which Confidios Labs Limited, with its registered office at 128 City Road, London, EC1V 2NX and registered in England and Wales with Company No. 16753122 ("we", "us", or "our"), processes personal data in connection with the operation and management of our website confidios.com (the "Site"). 

 

We take the protection of your personal data seriously. We always proceed in accordance with the provisions of data protection legislation, in particular, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and follow this Policy. 

 

With the Policy, we inform you about how, for what purposes and to what extent we use your personal data and what information about you as a user of the Site we may process. Please read this Policy carefully. By using our Site you acknowledge you have read and understood it. If you have any questions, please use the contact details in Section 14. 

 

​

1. Definitions 

 

For the purposes of this Policy, the following terms have the meanings set out below: 

 

"Personal data" means any information relating to an identified or identifiable living individual. 

"Data controller" means the entity that determines the purposes and means of processing personal data.  

"Data processor" means a natural or legal person that processes personal data on behalf of the data controller. 

"Data subject" means any identified or identifiable person whose personal data is processed, in this context, you, as a visitor or user of our Site. 

"Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and deletion. 

"Consent" means a freely given, specific, informed and unambiguous indication of agreement to the processing of personal data. 

"Legitimate interests" means a lawful basis for processing where the processing is necessary for our genuine business interests, provided those interests are not overridden by your rights and freedoms. 

 

​

2. Our data processing principles 

 

We always process your personal data in accordance with the following principles, as required by UK GDPR: 

​

  • Lawfulness, fairness and transparency: we process data lawfully, fairly, and in a transparent manner. 

  • Purpose limitation: we collect data for specified, explicit and legitimate purposes and do not process it in ways incompatible with those purposes. 

  • Data minimisation: we only process the personal data that is adequate, relevant and limited to what is necessary. 

  • Accuracy: we take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. 

  • Storage limitation: we retain personal data only for as long as necessary for the stated purposes or as required by law. 

  • Integrity and confidentiality: we protect personal data against unauthorised access, loss, or destruction using appropriate technical and organisational security measures. 

 

We maintain records of our processing activities as required by UK GDPR Article 30, and have carried out legitimate interests assessments where we rely on legitimate interests as our lawful basis. 

 

​

3. Personal data we collect 

 

We collect and process the following categories of personal data: 

 

a. Data you provide directly 

  • Identity and contact data: full name, email address, postal address, telephone number, job title, and company name 

  • Communications: messages submitted via our contact form, feedback, reviews, and survey responses 

  • Marketing preferences: your opt-in or opt-out choices for marketing communications 

 

b. Data collected automatically 

When you visit our Site, certain technical and usage data is collected automatically. Our server log files record: 

  • Your IP address 

  • Browser type, version, and preferred language 

  • Operating system type and version 

  • The website you navigated from and the website you navigate to after leaving 

  • Pages visited, date and time of access, and time spent on each page 

  • Volume of data transmitted between the server and your device 

  • Number of visits and average session duration 

 

Log file data is retained only as long as the purpose of processing lasts and is deleted promptly once it is no longer needed, except where retention is required for evidential or legal purposes. 

 

c. Data from cookies and tracking technologies 

Please see Section 6 for full details of the cookies and tracking tools we use and how to manage them. 

 

d. Special category data 

We do not intentionally collect special category data (including health, religious beliefs, ethnicity, biometric data, or sexual orientation) through our Site. Please do not submit such data unless we have specifically requested it and provided an appropriate lawful basis for processing it. 

 

​

4. Lawful basis for processing 

 

Under UK GDPR, we must identify a lawful basis before processing your personal data. We rely on the following bases: 

 

Legitimate interests 

Processing necessary for our genuine business interests, where these are not overridden by your rights, for example, operating and improving our Site, maintaining server security, and managing business and investor relationships. We have documented legitimate interests assessments for each such use case. 

 

Legal obligation 

Processing necessary to comply with a legal obligation, for example, retaining financial records for HMRC, or responding to lawful requests from regulators or courts. 

 

Consent 

Where we rely on your freely given and informed agreement, for example, to send you marketing communications, to place non-essential cookies on your device, or to store your contact details following submission of a download request form. You may withdraw your consent at any time (see Section 10). 

 

Contract 

Where we enter into a direct contractual relationship with you, for example, in connection with a client engagement or service agreement, we may process your personal data as necessary to perform that contract. This basis does not currently apply to general visitors to our Site. 

 

 

5. How we use your personal data 

 

We use the personal data we collect to: 

​

  • Provide customer support and resolve disputes 

  • Improve and personalise your experience on our Site 

  • Send you marketing communications where you have consented, or where we have a legitimate interest to do so (you may opt out at any time) 

  • To fulfil requests for gated content and provide access to downloadable materials where you have submitted a request form on our Site; this processing is based on your consent given at point of submission and your details will not be used for broader marketing communications without your separate agreement 

  • Conduct analytics and generate anonymised, aggregated statistics 

  • Detect, investigate, and prevent fraudulent, unlawful, or abusive activity 

  • Operate and maintain the security of our systems 

  • Comply with our legal and regulatory obligations 

 

We will not use your data for automated decision-making or profiling that produces significant legal or similarly significant effects without first obtaining your explicit consent or establishing another lawful basis. Where we do use automated processing, we will inform you and provide the right to request human review. 

 

​

6. Cookies and tracking technologies 

 

We use cookies and similar technologies to help our Site function and to understand how it is used. Cookies are small text files stored on your device by your browser. 

 

Types of cookies we use: 

​

  • Strictly necessary cookies: essential for the Site to operate (e.g. maintaining your session and login state). These cannot be disabled as the Site cannot function without them. 

  • Analytics cookies: help us understand how visitors interact with our Site, including which pages are most visited and how users navigate. These are only placed with your consent. 

  • Functional cookies: remember your preferences (e.g. language settings) to improve your experience. 

  • Marketing cookies: used to track visits and deliver relevant advertising. These are only placed with your consent. 

 

Third-party tracking tools we use: 

 

In addition to cookies, we use the following third-party tools that may collect data about your activity on our Site: 

 

Google reCAPTCHA (Google LLC)  

Wix uses Google's reCAPTCHA service automatically on forms and sign-in flows to protect against spam and automated abuse. It collects IP address and behavioural data and transmits it to Google's servers in the US. This is a strictly necessary function and operates without requiring visitor consent. Google's privacy policy: policies.google.com/privacy. 

 

Google Analytics (Google LLC) 

We use Google Analytics to analyse Site usage. Google Analytics sets cookies and collects anonymised data on user behaviour. We have enabled IP address anonymisation so your IP is masked before data enters Google's collection network. You can opt out via the Google Analytics opt-out browser plugin at tools.google.com/dlpage/gaoptout. Google's privacy policy: policies.google.com/privacy. 

 

Managing your cookie preferences 

 

When you first visit our Site, you will be asked to consent to non-essential cookies via our cookie banner. You can update your preferences at any time through [your cookie settings link] or via your browser settings. Please note that disabling certain cookies may affect Site functionality. 

 

For more information about cookies, visit www.allaboutcookies.org or the ICO's guidance at ico.org.uk/cookies. 

 

​

7. Sharing your personal data 

 

We do not sell, rent, or trade your personal data. We may share it with the following categories of third parties, strictly on a need-to-know basis: 

​

  • IT and hosting providers: including Wix.com, which hosts our Site and stores data on secure servers behind a firewall 

  • CRM platform: contact and company data collected via our Site may be transferred manually to HubSpot, our customer relationship management system, for the purposes of managing investor and business relationships. HubSpot, Inc. is based in the United States; transfers are covered by appropriate safeguards under UK GDPR (see Section 9) 

  • Analytics providers: including Google Analytics, operating under anonymisation and data processing safeguards 

  • Email delivery providers: who send transactional and marketing emails on our behalf 

  • Professional advisers: including solicitors, accountants and auditors, under confidentiality obligations 

  • Law enforcement and regulators: where required or permitted by law, including HMRC, the FCA, or the ICO 

  • Successor organisations: in the event of a merger, acquisition or business sale, subject to equivalent data protection obligations 

 

All third-party processors are bound by data processing agreements and are required to act only on our documented instructions. We do not permit them to use your data for their own purposes. 

 

8. International data transfers 

 

Some of our third-party service providers operate outside the United Kingdom. Where we transfer your personal data internationally, we ensure appropriate safeguards are in place as required by UK GDPR, including: 

  • Transfers to countries with UK adequacy regulations in place 

  • Use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses 

  • Other lawful transfer mechanisms approved by the ICO 

 

For example, Google LLC and HubSpot, Inc. are based in the United States. Transfers to these providers are covered by appropriate IDTA or equivalent safeguards. You may request details of the specific safeguards in place by contacting us at support@confidios.com

 

9. How long we keep your data 

 

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Once data is no longer needed, we securely delete or anonymise it. 

 

Our standard retention periods are: 

  • Contact form and correspondence data: retained for 2 years from resolution of the matter 

  • Marketing consent records: retained for 3 years from your last interaction, or until consent is withdrawn 

  • Server log files: deleted promptly once no longer required for operational or security purposes, subject to any legal hold 

  • Cookie and analytics data: per the retention periods set by each third-party provider (see Section 6) 

 

Where we process data based on consent, we will erase it promptly upon withdrawal of that consent, unless another lawful basis applies. Where you object to processing based on legitimate interests and no overriding grounds exist, we will also erase the relevant data. 

 

You may request early deletion of your data, see Section 10 for your rights. 

 

10. Your rights under UK GDPR 

 

As a data subject, you have the following rights. These are not absolute and may be subject to exemptions in certain circumstances. We will respond to any request within one calendar month of receipt (extendable by a further two months for complex requests, with notice). 

 

a. Right to be informed 

You have the right to be informed about how we collect and use your personal data, in a clear and accessible manner. This Policy fulfils that obligation for our Site. 

​

b. Right of access (Subject Access Request) 

You may request a copy of the personal data we hold about you, together with information about how and why we process it. The first copy is provided free of charge. 

​

c. Right to rectification 

You have the right to ask us to correct inaccurate or incomplete personal data. We will also notify any third parties to whom the data has been disclosed of any corrections, unless this is impossible or involves disproportionate effort. 

​

d. Right to erasure ('right to be forgotten') 

You may ask us to delete your personal data where: 

  • The data is no longer necessary for the purpose it was collected 

  • You withdraw consent and there is no other lawful basis for processing 

  • You object and there are no overriding legitimate grounds 

  • The data has been unlawfully processed 

  • Erasure is required to comply with a legal obligation 

 

Exceptions apply where processing is necessary for legal claims, freedom of expression, compliance with a legal obligation, public interest, or scientific/historical research. We will inform you if an exemption applies and advise you on further options. 

​

e. Right to restriction of processing 

You may ask us to pause (but not delete) processing of your personal data in specific circumstances, for example, while we verify the accuracy of data you have contested, or pending the outcome of an objection.

 

f. Right to data portability 

Where processing is based on consent or contract and carried out by automated means, you may ask us to provide your personal data in a structured, commonly used, machine-readable format, or to transmit it directly to another controller where technically feasible. 

​

g. Right to object 

You may object at any time to processing based on legitimate interests, citing grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims. You have an absolute right to object to processing for direct marketing purposes; we will stop immediately upon receipt of such an objection. 

​

h. Rights related to automated decision-making 

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces significant legal or similarly significant effects on you, unless that processing is necessary for a contract, authorised by law, or based on your explicit consent. 

 

To exercise any of these rights, please contact us in writing at support@confidios.com. We do not charge for exercising your rights, though we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive. If you are not satisfied with our response, you may complain to the ICO (see Section 14). 

 

​

11. Data Security 

 

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include: 

​

  • Encryption of data in transit using TLS/SSL 

  • Secure server infrastructure and firewall protection provided by our hosting partner (Wix.com) 

  • Access controls restricting data access to authorised personnel only 

  • Data processing agreements with all third-party processors 

  • Regular security reviews and staff awareness training 

 

Whilst we take all reasonable steps to protect your data, no method of transmission over the internet is entirely secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately at support@confidios.com

 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, as required by UK GDPR. 

 

​

12. Third-party links and children's privacy 

 

Third-party links 

Our Site may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy policies before submitting any personal data to them. 

​

Children's privacy 

Our Site is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe we have inadvertently done so, please contact us and we will delete it promptly. Where any of our services are or become directed at children or young people, we will comply with the ICO's Age Appropriate Design Code (Children's Code). 

 

​

13. Changes to this privacy policy 

 

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated Policy on this page with a revised "Last updated" date, and where appropriate by direct notification (e.g. by email). 

 

We encourage you to review this Policy periodically. Your continued use of the Site after any update constitutes acknowledgment of the revised Policy. 

 

​

14. Contact us 

 

For any questions, concerns, or requests relating to this Policy or your personal data, please contact our data protection lead: 

 

Confidios Labs Limited 

128 City Road, London, United Kingdom, EC1V 2NX 

Email: support@confidios.com 

 

If you are dissatisfied with our response to any data concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: 

  • Telephone: 0303 123 1113 

  • Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

​

​

bottom of page