HomeLegal
Legal Information
Privacy & Cookie Policy (UK GDPR)
2.1 Who We Are
FORMA is a limited company registered in England & Wales. We are the data controller for information collected via our website.
2.2 Data We Collect
- Identity Data – name, postal address, email, phone
- Transaction Data – purchased items, payments, order history
- Technical Data – IP address, browser type, device (via cookies)
- Marketing Data – your preferences if you opt‑in to newsletters
2.3 Lawful Bases
| Purpose | Type of Data | Lawful Basis |
|---|---|---|
| Fulfil orders | Identity, Transaction | Performance of a contract |
| Payment processing | Identity, Transaction | Legitimate interest & legal obligation |
| Marketing emails | Identity, Marketing | Consent (opt-in) |
| Site analytics | Technical | Legitimate interest (site improvement) |
2.4 Third‑Party Processors
- Stripe – payments
- Resend – transactional emails
- Google Analytics 4 – site analytics (IP anonymised)
All processors comply with UK GDPR and, where located outside the UK, rely on appropriate safeguards (e.g., SCCs).
2.5 Data Retention
We retain order data for 6 years to satisfy tax regulations. Marketing data is kept until you unsubscribe.
2.6 Your Rights
- Access, rectification, erasure, restriction, data portability, objection
- Withdraw consent at any time (marketing)
- Lodge a complaint with the ICO (ico.org.uk)
2.7 Cookies
We use essential cookies for cart functionality and analytics cookies for GA4. On your first visit, a banner lets you accept or manage preferences.
Cookie Table
| Name | Purpose | Expiry | Type |
|---|---|---|---|
| _ga | Google Analytics | 2 years | Analytics |
2.8 Contact
Email privacy@forma.co.uk for privacy queries.