FORMA BRANDS LLC is a cosmetics retailer with worldwide operations. We are committed to the protection of your personal information in accordance with applicable privacy laws, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). This policy (the “Policy”) sets out how we collect, use, manage, transfer, disclose, and store personal information in the course of doing business. You agree that this Policy applies to you as an individual and is separate from, and does not amend or modify, any contractual arrangements between you or your organization and us, nor create any rights in you under any such contract. The examples contained in this Policy are illustrations only and are not intended to be exhaustive.
By submitting your information to us, you agree to the processing set out in this Policy. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided to you when we collect personal information from you.
Our website may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check those policies before you submit any personal information to such third-party websites.
In this Policy: "personal information" means any information or opinion about a living natural person (whether or not true), including information that can reasonably be used to identify a specific natural person; "we," "us," "our," and "FORMA" are references to FORMA BRANDS LLC and its related companies from time to time; and "you" and "your" means a natural person whose personal information we have collected.
- What personal information we collect
As part of our operations we collect personal information. The specific personal information that we may collect or hold will depend on the context in which we collect it, and may include your name, telephone or mobile phone number, addresses, banking details, credit card information, tax file number, details of transactions you conduct through our website or through other channels and of the fulfilment of your orders, and any other personal information you or a person ostensibly authorized by you submits to us, as well any other information that we consider necessary (such as information about your opinions) to perform our functions and activities (which may include details of your visits to our website and information collected through cookies and other tracking technologies including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access).
- How we collect personal information
3.1 We collect personal information in a number of ways, including:
(a) where you provide information directly to us, including through our website or when you participate in promotions or competitions run by us;
(b) where you interact directly with our employees and such other persons acting for us or on our behalf, such as our customer service team, including from electronic queries sent to us via email;
(c) where you provide information directly to us during a recruitment process;
(d) from third parties, such as our service providers;
(e) through referrals from individuals or other entities;
(f) through marketing and business development events;
(g) where you provide feedback to us;
(h) from related entities in our corporate group; and
(i) from publicly available sources of information.
3.3 If you do not wish for your personal information to be collected in a way anticipated by this Policy, we will accommodate your request. If we do comply with your request, or you choose to not provide your personal information to us, or you provide us with inaccurate or incorrect information, we may not have sufficient information to conduct our business and we may be limited:
(a) in our ability to properly conduct our operations, including providing products and services to you;
(b) in our ability to keep you informed about your orders or our business;
(c) in considering your application for employment with us; and
(d) in our ability to respond to an inquiry or request.
- Purpose of collection and use of information
4.1 We collect, use and disclose personal information for the primary purpose of conducting our business, which includes:
(a) providing and managing the delivery of our services and products, including processing orders and delivering products;
(b) collecting and disclosing personal information to our related companies in connection with our operations;
(c) in the case of potential employees, assessing a person’s application for employment with us, and verifying your details and contacting your references;
(d) researching and assessing our services and products to identify possible improvements, including collecting, using, and disclosing details about your usage patterns and interests;
(e) responding to an inquiry or request;
(f) compiling and maintaining a mailing list and communicating with persons on those lists, including marketing our own products and services to you. Please see section 7.4 of this Policy for further information about this, including how to opt-out of marketing communications;
(g) fulfilling obligations to, and cooperating with, government authorities, courts, regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable us to comply with our regulatory requirements or to respond to regulators;
(h) resolving disputes or addressing complaints;
(i) protecting our property, rights, and security, and the rights, property, and security of third parties or the public in general;
(j) doing something that one would reasonably expect us to do using the information;
(k) disclosing business-related data and information (including personal information) to potential buyers or other successors (and their advisors) in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, insolvency, liquidation, or similar proceedings;
(l) where you otherwise provide your consent, whether express or implied; and
(m) where otherwise required by law.
- How information is shared
5.1 In conducting our operations, we may share some of your personal information with, or receive personal information from, third parties such as outsourced service providers and contractors. Unless you have agreed otherwise, these parties are not allowed to use your personal information for any other purpose except to assist in conducting our business. We take reasonable steps to ensure that such third parties are subject to confidentiality requirements and to obligations to process personal information in compliance with the same safeguards that we deploy. In particular, we may disclose your personal information:
(a) to third-party technology providers including Shopify and NetSuite which are online solutions we use to process customer orders and manage internal human resource functions;
(b) to couriers and other logistics service providers to deliver products and services to you;
(c) through Electronic Data Interchange (EDI);
(d) in the case of employees, to third parties that manage our payroll system;
(e) to any other third parties carrying out our functions;
(f) to other service providers or referral partners in order to provide our services to you, or to assist our functions or activities (such as law firms);
(g) where you otherwise provide your consent, whether express or implied; and
(h) where otherwise required by law.
5.2 From time to time, we may transfer your personal information to overseas recipients (including our related companies and any relevant third parties) if it is necessary to conduct our business. We currently have operations in the United States, Canada, Australia and in Europe and personal information is disclosed to recipients in those jurisdictions. We also use cloud-based solutions such as Shopify, NetSuite and EDI that store personal information securely primarily in the United States of America and Europe. We may from time to time expand our operations and/or change the cloud-based or other solutions used to store personal information.
5.3 We take reasonable steps to ensure that the receiving party provides commitments relating to privacy and confidentiality which require the receiving party to limit its use of your personal information and to protect your personal information against misuse, loss and unauthorized access. Where you are based in the UK or elsewhere in the European Economic Area (EEA), and we transfer your personal information outside of the EEA, we will impose the same data protection safeguards that we deploy inside the EEA.
5.4 By acknowledging this Policy, you hereby expressly consent to our transfer of your personal information as described in this section 5.
- Storage, security, and retention of personal information
6.1 Where we hold your personal information, we will take reasonable steps to ensure that the information is secure and may only be accessed by authorized persons. Where we store your personal information electronically on our database, we use secure servers and there are restrictions as to who has access to that information through password protection. All hardcopies of personal information are stored in secure areas. Please notify us immediately if you believe there has been any unauthorized access to your information.
6.2 Although we take reasonable steps, we do not control how a third-party partner may use your data. Please note that third party recipients of personal information may have their own privacy policies and we are not responsible for their actions, including their handling of personal information.
6.3 We keep personal information as long as it is reasonably necessary for the purposes described in this Policy or otherwise in compliance with our or our service providers’ data retention policies. Certain information may be retained until the time limit for any legal challenges has expired or in order to comply with regulatory requirements regarding the retention of such personal information. If you have provided us with personal information in the course of applying for employment with us, and your application has not been successful, we may keep your personal information in case a suitable role becomes available. Where applicable, if any personal information that we hold is no longer required for the purpose for which it was collected and no applicable law requires us to retain that information, we will take reasonable steps to de-identify or destroy the information.
- Accessing, updating, and deleting your information
7.1 We will take reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.
7.2 Applicable data protection laws may give you the right to access, correct, or delete personal information that we hold about you. You may request to access or correct the personal information we hold about you by contacting our Privacy Officer. Please see the contact details below. We will comply with our obligations to provide you with access to your personal information and to correct any inaccuracies we are informed of in accordance with applicable data protection laws.
7.3 Data subjects whose processing is based upon consent may withdraw that consent at any time; however, we will not be able to provide or continue to provide services or marketing communications to the data subject. Please make request to withdraw consent pursuant to the instructions above.
7.4 When we ask for information from you, you are given the opportunity to ‘opt-in’ to receive additional information, such as site announcements, product reviews, promotional information, product sampling opportunities and research requests from us and to allow us to share your contact information with certain of our trusted partners and customers. Users who no longer wish to receive these communications, or who do not want their contact information shared as described herein, may stop receiving them by following the Unsubscribe instructions included in any communication or by following the Access procedures above.
- Privacy of children
8.1 Our websites are not intended for children under the age of 13 years. In addition, we do not knowingly collect any personal data from children under the age of 13 years. The children's products that we may offer for sale on our websites are intended for purchase by adults only. No-one under the age of 13 years should provide any personal data through our websites.
- Direct marketing
9.1 From time to time, we may use your personal information for direct marketing purposes (for an indefinite period). Where required by law, we will ask for your consent before conducting any of these types of marketing. This includes sending you updates about our products and offerings. When we contact you, it may be by mail, telephone, email or SMS. Where we use or disclose your personal information for the purpose of direct marketing, we will:
(a) inform you if we intend to use your information for such purposes;
(b) allow you to ‘opt out’ or, in other words, allow you to request not to receive direct marketing communications; and
(c) comply with any such request by you to ‘opt-out’ of receiving further communications within a reasonable time frame.
- Questions and complaints
10.1 FORMA BRANDS LLC is the data controller in respect of your personal information under this Policy,
10.2 If you have a question about how we handle personal information, or wish to lodge a complaint about our management of personal information (including if you believe that we have managed your personal information in breach of applicable privacy laws), you may contact our Privacy Officer:
Attention: Privacy Officer
FORMA BRANDS LLC
22 4th Street, Suite 400
San Francisco, CA 94103
Telephone: (877) 366-7743
10.3 The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. In order to be sure that we understand the details and nature of your question or complaint, we may ask you to put your question or complaint in writing. We will aim to resolve all complaints as soon as practicable for us to do so.
- Changes to this Policy
We may change this Policy at any time. Please refer back to this Policy periodically to review any updates. If we make material changes to this Policy we will notify you by publication on our website. The revised version of the Policy will be effective at the time we post it, which time will be indicated at the end of this Policy. You agree to be bound by any modified or amended versions of this Policy.
Last updated: August 30th, 2018