HomeLegal
Legal Information
Privacy & Cookie Policy (UK GDPR)
2.1 Who We Are
FORMA is a limited company registered in England & Wales. We are the data controller for information collected via our website.
2.2 Data We Collect
- Identity Data – name, postal address, email, phone
- Transaction Data – purchased items, payments, order history
- Technical Data – IP address, browser type, device (via cookies)
- Marketing Data – your preferences if you opt‑in to newsletters
2.3 Lawful Bases
Purpose | Type of Data | Lawful Basis |
---|---|---|
Fulfil orders | Identity, Transaction | Performance of a contract |
Payment processing | Identity, Transaction | Legitimate interest & legal obligation |
Marketing emails | Identity, Marketing | Consent (opt-in) |
Site analytics | Technical | Legitimate interest (site improvement) |
2.4 Third‑Party Processors
- Stripe – payments
- Resend – transactional emails
- Google Analytics 4 – site analytics (IP anonymised)
All processors comply with UK GDPR and, where located outside the UK, rely on appropriate safeguards (e.g., SCCs).
2.5 Data Retention
We retain order data for 6 years to satisfy tax regulations. Marketing data is kept until you unsubscribe.
2.6 Your Rights
- Access, rectification, erasure, restriction, data portability, objection
- Withdraw consent at any time (marketing)
- Lodge a complaint with the ICO (ico.org.uk)
2.7 Cookies
We use essential cookies for cart functionality and analytics cookies for GA4. On your first visit, a banner lets you accept or manage preferences.
Cookie Table
Name | Purpose | Expiry | Type |
---|---|---|---|
_ga | Google Analytics | 2 years | Analytics |
2.8 Contact
Email privacy@forma.co.uk for privacy queries.