HomeLegal

Privacy & Cookie Policy (UK GDPR)

2.1 Who We Are

FORMA is a limited company registered in England & Wales. We are the data controller for information collected via our website.

2.2 Data We Collect

  • Identity Data – name, postal address, email, phone
  • Transaction Data – purchased items, payments, order history
  • Technical Data – IP address, browser type, device (via cookies)
  • Marketing Data – your preferences if you opt‑in to newsletters

2.3 Lawful Bases

PurposeType of DataLawful Basis
Fulfil ordersIdentity, TransactionPerformance of a contract
Payment processingIdentity, TransactionLegitimate interest & legal obligation
Marketing emailsIdentity, MarketingConsent (opt-in)
Site analyticsTechnicalLegitimate interest (site improvement)

2.4 Third‑Party Processors

  • Stripe – payments
  • Resend – transactional emails
  • Google Analytics 4 – site analytics (IP anonymised)

All processors comply with UK GDPR and, where located outside the UK, rely on appropriate safeguards (e.g., SCCs).

2.5 Data Retention

We retain order data for 6 years to satisfy tax regulations. Marketing data is kept until you unsubscribe.

2.6 Your Rights

  • Access, rectification, erasure, restriction, data portability, objection
  • Withdraw consent at any time (marketing)
  • Lodge a complaint with the ICO (ico.org.uk)

2.7 Cookies

We use essential cookies for cart functionality and analytics cookies for GA4. On your first visit, a banner lets you accept or manage preferences.

Cookie Table

NamePurposeExpiryType
_gaGoogle Analytics2 yearsAnalytics

2.8 Contact

Email privacy@forma.co.uk for privacy queries.