Privacy Policy

PRIVACY POLICY - FORMA BRANDS

FORMA BRANDS LLC (“FORMA BRANDS,” “we,” “us,” and “our”) is a cosmetics retailer with worldwide operations. We are committed to protecting the Personal Information we obtain about you when you interact with our website https://formabrands.com, www.morphe.com, and product-info.morphe.com (collectively, the “Sites”). This policy (the “Policy”) sets out how we collect, use, manage, transfer, disclose, and store information that is linked or reasonably linkable to an identified or identifiable individual (“Personal Information”) in the course of doing business. You agree that this Policy applies to you as an individual and is separate from, and does not amend or modify, any contractual arrangements between you or your organization and us, nor create any rights in you under any such contract.

By submitting your information to us, you agree to the processing set out in this Policy to the extent permitted by applicable law. Further notices highlighting certain uses we wish to make of your Personal Information together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Information from you.

The Sites may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your Personal Information. Please check those policies before you submit any Personal Information to such third-party websites.

  1. What Personal Information we collect

    As part of our operations we collect Personal Information. The specific Personal Information that we may collect or hold will depend on the context in which we collect it, and may include your name, telephone or mobile phone number, addresses, banking details, credit card information, tax file number, details of transactions you conduct through our Sites or through other channels and of the fulfilment of your orders, and any other Personal Information you or a person ostensibly authorized by you submits to us, such as biometric identifiers received from you, for example, as well any other information that we consider necessary (such as information about your opinions) to perform our functions and activities (which may include details of your visits to our Sites and information collected through cookies and other tracking technologies including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access).We use cookies on our Sites to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising, and analytics partners. To learn more about how we use cookies, please view our Cookie Policy.

    You may manage your choices by clicking Manage My Preferences,

  2. Special notice with respect to biometric information

    As mentioned above, we may collect information such as your facial geometry if you choose to use our Lightform, Extended Hydration Foundation Shade Finder feature or related features through the Sites. Any biometric data collected from you will be used to personalize your shopping experience by seeking to match you with your perfect shade. While your perfect shade will be saved to your account, we will only retain any biometric data for so long as necessary to determine your shade, after which this data is deleted.

  3. How we collect Personal Information

    We collect Personal Information in a number of ways, including:

    1. where you provide information directly to us, including through our Sites or when you participate in promotions or competitions run by us;
    2. where you interact directly with our employees and such other persons acting for us or on our behalf, such as our customer service team, including from electronic queries sent to us via email;
    3. where you provide information directly to us during a recruitment process;
    4. from third parties, such as our service providers;
    5. through referrals from individuals or other entities;
    6. through marketing and business development events;
    7. where you provide feedback to us;
    8. from related entities in our corporate group; and
    9. from publicly available sources of information.

    If you do not wish to disclose your Personal Information (such as cookies) to us, please note that some features of the Sites may not be available or operate as intended.

  4. Purpose of collection and use of Personal Information

    We collect, use and disclose Personal Information for the following purposes:

      1. providing and managing the delivery of our services, products, and Sites including processing orders and delivering products;
      2. collecting and disclosing Personal Information to our related companies in connection with our operations;
      3. researching and assessing our services and products to identify possible improvements, including collecting, using, and disclosing details about your usage patterns and interests;
      4. responding to an inquiry or request;
      5. conducting marketing activities including compiling and maintaining a mailing list and communicating with persons on those lists, including marketing our own products and services to you;
      6. fulfilling obligations to, and cooperating with, government authorities, courts, regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable us to comply with our regulatory requirements or to respond to regulators;
      7. resolving disputes or addressing complaints;
      8. protecting our property, rights, and security, and the rights, property, and security of third parties or the public in general;
      9. doing something that one would reasonably expect us to do using the information;

  5. How Personal Information is shared

    In conducting our operations, we may disclose some of your Personal Information to Personal Information may be shared with service providers and vendors that perform services on our behalf to carry out the uses of Personal Information described above in the section titled “Purpose of collection and use of Personal Information.”

    We will only disclose your Personal Information with the following third parties:

    1. With our Service Providers and Vendors: We may share your Personal Information with third parties such as outsourced service providers and vendors. Unless you have agreed otherwise, these parties are generally not allowed to use your Personal Information for any other purpose except to the extent permitted by contract. We take reasonable steps to ensure that such third parties are subject to confidentiality requirements and to obligations to process Personal Information in compliance with the same safeguards that we deploy. 
    2. When You Choose to Directly Share Your Information about Our Online Activities or Your Usage: When you use our Sites, certain features may allow you to make your usage and information and our content accessible to the public. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users. 
    3. With Our Professional Advisors: We may disclose your Personal Information to professional advisors such as our attorneys, accountants, and financial advisors.
    4. Third parties in connection with business transactions: Personal Information may be disclosed to third parties in relation to a corporate transaction, such as a merger, sale of any or all of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by an affiliate or third party, or in the event of a bankruptcy or related or similar proceedings.
    5. With Law enforcement, regulators and other parties for legal or contractual reasons: Personal Information may be disclosed to third parties, as required by law or subpoena, or if we reasonably believe such action is necessary to:
      1. Comply with the law and the reasonable requests of regulators, court orders, law enforcement, or other public authorities, such as a subpoena, government audit, or search warrant;
      2. Comply with Diversity Equity, and Inclusion (“DE&I”) obligations;
      3. Manage legal claims asserted against us;
      4. Comply with a contract, or as necessary to establish, exercise or defend against potential, threatened, or actual litigation;
      5. Protect us, your vital interests, or those of another person; and
      6. Investigate fraud or to protect the security or integrity of Success Factors or any products or services that we offers.
    6. With your consent: We will share your Personal Information with external third parties if we have obtained your consent to do so.

  6. Cross-Border Data Transfers

    From time to time, we may transfer your Personal Information to overseas recipients (including our related companies and any relevant third parties) if it is necessary to conduct our business. We currently have operations in the United States, Canada, Australia and in Europe and Personal Information is disclosed to recipients in those jurisdictions. We also use cloud-based solutions such as Shopify, NetSuite and EDI that store Personal Information securely primarily in the United States of America and Europe. We may from time to time expand our operations and/or change the cloud-based or other solutions used to store Personal Information.

    We take reasonable steps to ensure that the receiving party provides commitments relating to privacy and confidentiality which require the receiving party to limit its use of your Personal Information and to protect your Personal Information against misuse, loss and unauthorized access. Where you are based in the UK or elsewhere in the European Economic Area (EEA), and we transfer your Personal Information outside of the EEA, we will impose the same data protection safeguards that we deploy inside the EEA.

    We partner with Rakuten Advertising, who may collect Personal Information when you interact with our site. The collection and use of this information is subject to the privacy policy located here:

    https://rakutenadvertising.com/legal-notices/services-privacy-policy/

  7. Storage, security, and retention of Personal Information

    We have implemented reasonable technical, administrative, and organizational safeguards to secure your Personal Information. However, please note that no method of transmitting information is completely secure and we cannot guarantee the absolute security of your Personal Information.

    We keep Personal Information as long as it is reasonably necessary for the purposes described in this Policy or as otherwise required or permitted by law. Certain information may be retained until the time limit for any legal challenges has expired or in order to comply with regulatory requirements regarding the retention of such Personal Information. If you have provided us with Personal Information in the course of applying for employment with us, and your application has not been successful, we may keep your Personal Information in case a suitable role becomes available.

  8. Accessing, updating, and deleting your Personal Information

    We will take reasonable steps to ensure the Personal Information we hold is complete, up to date and accurate, so far as it is practicable for us to do so.

    Applicable data protection laws may give you the right to access, correct, or delete Personal Information that we hold about you. You may request to access or correct the Personal Information we hold about you by contacting our Privacy Officer. Please see the contact details below. We will comply with our obligations to provide you with access to your Personal Information and to correct any inaccuracies we are informed of in accordance with applicable data protection laws. Data subjects whose processing is based upon consent may withdraw that consent at any time.

    When we ask for information from you, you are given the opportunity to ‘opt-in’ to receive additional information, such as Site announcements, product reviews, promotional information, product sampling opportunities and research requests from us and to allow us to share your contact information with certain of our trusted partners and customers. Users who no longer wish to receive these communications, or who do not want their contact information shared as described herein, may stop receiving them by following the Unsubscribe instructions included in any communication or by following the Access procedures above.

    Please note that certain Site functionality may not work as intended in the event you elect to withdraw your consent, request that we delete your Personal Information, or opt out of certain collection practices.

  9. Privacy of children

    Our Sites are not intended for children under the age of 13 years. In addition, we do not knowingly collect any personal data from children under the age of 13 years. The children's products that we may offer for sale on our Sites are intended for purchase by adults only. In the event that we discover that we have inadvertently collected Personal Information from an individual under the age of 13 years, we will promptly delete such data. If you have reason to believe that we have inadvertently collected Personal Information from a child under 13 years, please contact us as directed below.

  10. Direct marketing practices

    From time to time, we may use your Personal Information for direct marketing purposes (for an indefinite period). Where required by law, we will ask for your consent before conducting any of these types of marketing. This includes sending you updates about our products and offerings. When we contact you, it may be by mail, telephone, email or SMS. Where we use or disclose your Personal Information for the purpose of direct marketing, we will:

    1. inform you if we intend to use your information for such purposes;
    2. allow you to ‘opt out’ or, in other words, allow you to request not to receive direct marketing communications; and
    3. comply with any such request by you to ‘opt-out’ of receiving further communications within a reasonable time frame.
    4. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you. You may ask to be removed from our marketing lists at any time by clicking the unsubscribe link or by directly contacting us. If you don’t wish to receive direct marketing materials, contact our Privacy Officer using the details set out at the end of this Privacy Policy.

  11. Questions and complaints

    FORMA BRANDS LLC is the data controller in respect of your Personal Information under this Policy. If you have a question about how we handle Personal Information, or wish to lodge a complaint about our management of Personal Information (including if you believe that we have managed your Personal Information in breach of applicable privacy laws), you may contact our Privacy Officer:

    Attention: Privacy Officer
    FORMA BRANDS LLC
    22 4th street, suite 400
    san francisco, ca 94103  
    Email: hello@formabrands.com
    Telephone: (877) 366-7743

    The Privacy Officer will co-ordinate the investigation of any complaint and any potential resolution of a complaint. In order to be sure that we understand the details and nature of your question or complaint, we may ask you to put your question or complaint in writing. We will aim to resolve all complaints as soon as practicable for us to do so.

  12. Changes to this Policy

    We may change this Policy at any time. Please refer back to this Policy periodically to review any updates. If we make material changes to this Policy we will notify you by publication on our Sites unless otherwise required by law. The revised version of the Policy will be effective at the time we post it, which time will be indicated at the end of this Policy.

  13. Additional Information for California Residents

    California Civil Code Section 1798.100 et seq., as amended by California Privacy Rights Act, (collectively, the “CPRA”), requires us to provide the following information.

    This section of the Policy describes the Personal Information we collect or process about California residents in connection with the application materials and the use the online activities, how we use, share, and protect that Personal Information, and what your rights are concerning your Personal Information that we collect or process.

    1. Personal Information we Collect, Disclose, and For What Purpose

      In the past 12 months, Forma has collected the Personal Information discussed above in the section titled “What Personal Information we collect.” Additionally, in the past 12 months, we have collected and disclosed following categories of Personal Information with the following categories of third parties for a business purpose:

      Category of Personal Information 

      Categories of Third Parties to whom the information is disclosed for Operational Business Purposes    

      Business Purpose for Disclosure 

      Personal Identifiers: Information such as your name; username; email address; mailing address; IP-address; and date of birth.

       

      Affiliates; Service Providers, vendors; professional advisors; third parties in connection with contractual obligations. 

      To provide the for Site functionality, communication and shipping of product. And For our marketing purposes with opt in. 

      Internet or other network activity information: 

      Information regarding your interaction with the online activities and other applications; precise geolocation information; links you use or web pages you visit; other applications; browser type; internet Service Provider (ISP); cookies. 

      Affiliates; vendors; professional advisors; legal authorities, We don’t actively send to these. 

      To ensure compliance with company policies; to create and maintain cybersecurity controls; to ensure compliance with legal obligations. 

      Commercial information:  

      Transaction information, purchase history, products or services purchased, obtained, or considered. 

      Affiliates, vendors and Service Providers. 

      For our marketing purposes and to provide the Sites. 

      Geolocation data such as IP location 

      Affiliates, vendors, Service Providers. 

      To provide Sites and marketing.

      It is stored within Shopify against each order. Google will also use this data for audiences, not exposed on for a induvial from Google.

      Inferences drawn from any of the Personal Information listed above to create a profile or summary about an individual’s preferences, for example.

      Affiliates, vendors, Service Providers. 

      To provide Sites and marketing. 

      Please note we do not collect information on the Sites that qualifies as Sensitive Personal Information under the CPRA.

    2. Opt-out Preference Signals

      We recognize Global Privacy Control signals where legally required. A Global Privacy Control (“GPC”) is a browser setting that a user can set in order to send a signal to each website visited regarding the user’s privacy preferences, such as not to share or sell user’s Personal Information. If your browser or browser extension has GPC enabled, we will automatically recognize that signal and opt you out of the sale of your personal information.

    3. Your Rights as a California Resident

      Requests to Know

      You have the right to request that we disclose:

      • The categories of Personal Information we collect;
      • The categories of sources from which we collect your Personal Information;
      • Our business or commercial purpose for selling or collecting your information;
      • The categories of Personal Information sold or shared about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom information was sold; and
      • The specific pieces of Personal Information we have collected about you.

      Our delivery of this information may take place electronically or by mail. We are not required to provide Personal Information to you more than twice in a 12-month period.

      Right to Correct your Personal Information

      If you find that we maintain any inaccurate Personal Information, you have the right to request that we correct such inaccuracy.

      Requests to Delete

      You have the right to request that businesses delete any Personal Information collected about you. Upon receiving a verified request to delete your Personal Information, we will do so unless otherwise authorized by law.

      The Right to Opt-out of the Sale or Sharing of your Personal Information

      You have a right to opt-out of the sale or sharing of your Personal Information as such terms are defined by the CPRA.

      We may disclose cookie data with third party analytics providers order to provide and maintain the Online Activities. Such a disclosure may constitute a “sale” for purposes of the CPRA. We have made such disclosures in the past 12 months. If you wish to limit these disclosures, you may do so via the “Do Not Sell or Share My Personal Information” link in the footer of the Sites. However, we do not “share” your Personal Information as the term is defined by the CPRA. Please note that we do not knowingly sell or share the information of individuals under the age of sixteen (16) without parental consent.

      We offer our customers marketing incentive programs that provide certain benefits, such as coupons for signing up for our mailing lists or SMS messaging, rebate programs, and promotional events that may require you to opt into marketing communications. To provide you with this benefit, we process your Personal Information, such as name, email address, phone number, product purchase history, and address. Because opting into our marketing incentive programs involves the collection and processing of Personal Information, the programs may qualify as “financial incentive” under the California Privacy Rights Act, or other similar incentives. Please be aware that the value of your Personal Information to us corresponds to the value of the coupon or benefit that you receive when you consent to receiving marketing communications, minus the expenses associated with offering those coupons or benefits. You may opt out of these incentive programs at any time by contacting us using the contact information in this Privacy Policy or by replying “STOP” to any SMS message, as applicable.

      Right to Non-Discrimination

      You have the right not to be discriminated against for the exercise of your California privacy rights described above.

    4. Authorized Agents

      You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.

    5. How to Exercise these Rights

      If you wish to submit a request to exercise one or more of the rights listed above you can do this by emailing us at hello@formabrands.com, using our webform, or contacting us at (877) 366-7743. Please include your question or concerns in your letter to us. We will respond to verifiable requests for disclosure or deletion of Personal Information free of charge, within 45 days of receipt.

      In order to protect your privacy and the security of your information, we verify consumer requests by requesting identification documents and other documentation necessary to confirm your identity to the extent permitted by law. Any additional information you provide will be used only to verify your identity and not for any other purpose.

Last updated: September 27, 2024