Privacy Policy

About our Privacy Policy

We know how important it is for you to understand how we use your data. This Privacy Policy sets out how and why we collect, store, process, and share your personal data. We will always be transparent with you about how we process your personal data.

This Policy also tells you what your rights are in relation to the personal data you give to us. If you have any questions about this Privacy Policy or your rights under it, please contact:

 

Address: FORMULATRIX, Inc. 5 DeAngelo Drive, Bedford, MA 01730, United States

E-mail: info@formulatrix.com

 

We adhere to key data protection principles – such as fairness, transparency, data minimization, purpose limitation, and security – and strive to comply with privacy laws worldwide, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regulations. We also comply with emerging requirements, such as the EU Artificial Intelligence Act, to ensure that when we use AI systems, we do so with appropriate transparency and safeguards.

 

1. What personal data do we collect?

The personal data we collect from you directly can include your name, email address, telephone number (mobile or landline), date of birth, mailing address, your purchasing activity, your payment information, and any information you give us when you contact our customer services team (for example, via our website’s live chat or chatbot), when you engage with our social media platforms (for example, by tagging us in a post on Instagram), or when you submit a Formulatrix support inquiry. This includes any content of communications you send us, such as the details you provide through the live chat on our website.

If you are using a mobile device and shopping with us online or browsing our website, we may collect technical information, including your IP address or other device identifiers, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and other device information.

We may also, where we have a lawful basis to do so, collect personal data about you from third parties that provide us with additional publicly available information about you.

We strive to collect only the personal data necessary for the purposes described in this Privacy Policy, in accordance with the principle of data minimization.

 

2. When do we collect your personal data?

• When you purchase products and services from us online or over the phone.
• When you access our website. Our website also uses cookies. To learn more about the use of cookies and how you can manage them, please read our Cookie Policy.
• When you contact us, or we contact you to participate in surveys, competitions, or promotions.
• When you contact our customer support team online (for example, via our website’s live chat or AI chatbot) or over the phone.
• When you engage with us on social media (by mentioning/tagging us or by contacting us directly).
• When we identify you through publicly available sources or online prospecting activities, where there is a reasonable basis to believe you may have a legitimate interest in our products or services.

 

3. How do we use your personal data and what are our legal justifications for doing so?

We will only use your personal data for the purposes described below (or for closely related purposes that we have communicated to you). We will not use your personal information for any entirely new, unrelated purpose without notifying you or obtaining your consent, as required.

 

To make our products and services available to you

We use your personal data to provide you with the information, products, and services that you request or purchase from us. For example, we use your details to complete tasks and processes such as processing orders on our website, taking payment (where applicable), delivering your products or services, and communicating with you regarding the products and services you purchase from us. We also use your information to respond to your questions and comments about those products or services.

 

To provide customer service and support

We may also use your personal data to measure customer satisfaction and to provide customer service, including troubleshooting issues related to purchases or your service requests, or when you ask us questions on social media or through our website’s chat. Our website features an AI-powered chatbot (provided by Tidio) to assist you by answering common questions and capturing information for lead inquiries. We will always inform you when you are interacting with an automated virtual assistant, and you may speak with a human representative at any time. The chatbot does not make decisions about you that would have legal or significant effects; it is strictly a support tool to improve response times and help direct your inquiry. We rely on our legitimate interests in providing efficient customer support (and, implicitly, on your consent when you initiate a chat) as the lawful basis for processing your information via the chatbot. Importantly, this chatbot is the only AI system we use on our website.

We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data when you make an order for products or services. Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Whenever we rely on our legitimate interests, we will ensure that we balance those interests against your rights and expectations.

 

For administrative and internal business purposes

We may use your personal data for our internal business purposes, such as enhancing our site, improving our services and products, and identifying usage trends. We may also use your data to monitor website usage and ensure that our website is presented in the most effective and relevant manner for you and your device, including setting default options for you.

It is in our legitimate interests as a business to use your personal data in this way. For example, we want to ensure our website is user-friendly, functions properly, and that our products and services remain efficient and of high quality. We also want to make it easy for you to interact with us. Where we rely on our legitimate interests, we will always ensure that these interests are balanced against your privacy rights.

 

For security and legal reasons

We may use your personal data to:

• Ensure the personal and financial information you provide us is accurate.
• Conduct fraud checks or prevent other illegal activity.
• Protect our rights or property (or those of others).
• Comply with our legal and regulatory obligations.

 

In some cases, we use your personal data to comply with a legal obligation (such as responding to a lawful request from a law enforcement agency or regulator). In other cases (such as detecting fraud or ensuring security), we rely on our legitimate interests as a business to use your personal data. Where we rely on our legitimate interests, we will ensure that we balance these interests against your rights.

 

In relation to your Formulatrix customer account (if you have one)

We use your personal data to personalize your experience with Formulatrix. For example, we may:

• provide you with marketing material via post and/or email, but only if you have given us your consent to receive such marketing.
• process your registration details, account activity, and purchase history to analyze your shopping behavior and purchases. This may include information on products you have viewed, past transactions, and items you have added to your online basket. This analysis allows us to tailor your browsing experience to be more relevant to you.
• in some instances, send specific offers or rewards (for example, based on your spending habits, a special occasion like a birthday, or your geographic region).
• measure the effectiveness of our marketing campaigns and advertising.

 

We rely on your consent to send you postal or email marketing messages as a Formulatrix customer (we obtain this consent when you sign up, and you can change it at any time as described below). In other cases (for example, measuring the effectiveness of our marketing or personalizing your experience), we rely on our legitimate interests as a business to communicate with our customers in an engaging and efficient way. Again, whenever we rely on our legitimate interests, we will ensure we balance them against your rights.

 

To personalize your shopping experience and improve our operations

We use your personal data to:

• Allow you to create a profile on our website, which enables you to purchase our products and services online without having to re-enter your personal data each time you shop with us.
• Provide you with marketing material via email (in accordance with your preferences).
• Analyze how you purchase and what you purchase. This may include information regarding the products you have viewed, your transaction history, and the products you have added to your online basket. This helps us offer a browsing experience and product recommendations that are more relevant to you.

 

It is in our legitimate interests as a business to use your data in this way to enhance your shopping experience with us. This allows us to help you identify the products and services you may be seeking and avoids inundating you with information about products or services that are not relevant to you. When we send you marketing material via email as part of this personalized experience, we rely on our legitimate interests as a business, while always ensuring that your rights are protected.

For information on how we use cookies or similar technologies on our website, please see our Cookie Policy.

 

4. Who do we share your personal data with?

We will never sell any of your personal data to a third party. However, to provide our services to you, we share your personal data with our trusted third-party service providers and our group companies (affiliates), as outlined below. Whenever we share your personal data, we implement safeguards that require these organizations to keep it secure and to ensure that they do not use it for their own marketing or any purpose other than those we specify.

 

Other professional services

In certain circumstances, we may need to disclose your personal data to professional advisers or institutions. For example, we may provide information to our insurers if we believe it is required under our contractual relationship with our insurer, or to legal advisors for guidance on compliance or legal matters.

We work with carefully selected third parties to support our operations and enhance your experience. For example:

• We use HubSpot as our customer relationship management (CRM) and database hosting provider to securely store and manage contact information. Our team may manually enter the contact details you provide (for instance, via a form or through our chatbot) into HubSpot, along with information about how you interacted with our site — including source data such as how you first found us and the last touchpoint before you contacted us. This helps us manage leads and customer communications effectively.

 

• We use Tidio as our live chat and AI chatbot service provider to offer real-time customer support on our website. If you engage with our chat widget, the information you provide (such as your name, email, and chat conversation) is processed by Tidio on our behalf solely to assist you and for lead-capture purposes. Tidio is obligated to protect your data and process it only in accordance with our instructions, and its use of personal data is further governed by its privacy policy (see Tidio Privacy Policy).

 

• We also partner with marketing agencies and advertising partners that assist us in placing relevant content and advertisements for you on our website and on other websites, online media channels, and applications.

 

To deliver personalized content and advertisements and to enable functionality such as our chat support, we may use technologies such as pixels, cookies, and similar tracking tools. (Please refer to our Cookie Policy for more details on these technologies.)

We ensure that all third-party service providers acting on our behalf (including HubSpot, Tidio, and our advertising and analytics partners) are subject to contracts that require them to protect your personal data. They are not permitted to use your information for their own purposes, and may only process it for specified purposes in line with our instructions.

 

Transfer of your personal data outside the EEA – We are a global company, and we may need to transfer your personal data outside of the European Economic Area (EEA) (for example, to the United States, where some of our service providers are based) in situations such as:

• When you have requested a service or interaction that is fulfilled by one of our group companies or affiliates outside of the EEA.
• When we work with a supplier or service provider that processes some of its personal data outside of the EEA (for instance, our CRM or chatbot service providers may store data on servers in the U.S.).

 

Countries outside the EEA may not have the same data protection laws as the UK/EU, so your personal data might not be protected by the exact same standards. However, whenever we transfer your personal data to a country outside the EEA, we will ensure that appropriate safeguards are in place to protect your information as if it were processed within the EEA and in accordance with the principles described in this Privacy Policy. For example, we may use EU Commission-approved standard contractual clauses, rely on adequacy decisions, or implement other legal mechanisms to ensure your data remains secure.

 

5. Your rights

You have certain rights regarding your personal information and its handling. In accordance with applicable law, you are entitled to:

• Have your personal data processed in a fair, lawful, and transparent way.
• Be informed about how your personal data is being used (which is one reason we provide you with this Privacy Policy).
• Access the personal data we hold about you.
• Require us to correct any mistakes or inaccuracies in your personal data.
• Require us to delete your personal data in certain situations, for example, if the data are no longer necessary for the purposes for which they were collected and we have no legal obligation to retain them.
• Request that we transfer or port your personal data to you or to another service provider in a simple, structured, and commonly used format.
• Object at any time to the processing of your personal data for direct marketing purposes.
• Be informed when you are interacting with an automated system (for example, our AI chatbot) rather than a human, and choose to communicate with a human if you prefer.
• Be informed if a decision affecting you is based solely on automated processing (including profiling), and to object to or request human review of automated decisions that produce legal or similarly significant effects on you.
• Object in certain other situations to our continued processing of your personal data (for instance, where we process data based on legitimate interests and your particular situation gives you grounds to object).
• Restrict or temporarily halt our processing of your personal data in certain circumstances (for example, while a complaint about data accuracy or processing is being resolved).

 

We will not discriminate against you for exercising any of these rights. For instance, we will not deny you our services or provide you a different level of service just because you exercised your privacy rights.

Additionally, if you are a resident of California (USA), you have certain additional rights under the California Consumer Privacy Act (CCPA) and its amendments, including the California Privacy Rights Act (CPRA). These include the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources of that information, the business purposes for collecting or sharing the information, and the categories of third parties with whom we share personal information. You also have the right to request that we delete any personal information we have collected from you (subject to some exceptions allowed by law), and the right to opt out of the “sale” or “sharing” of your personal information (please note: as stated above, we do not sell your personal data to third parties). We will not retaliate or discriminate against you in any way for exercising these rights.

 

6. Changing your preferences (opting out of marketing communications)

If you no longer wish to be contacted by us about our products or services (or for other marketing purposes), you can inform us at any time to update your preferences. For example, you may unsubscribe from our marketing emails by clicking the “unsubscribe” link in those emails or by contacting us directly to request removal from our mailing list.

We also want to ensure that all the information we have about our customers is accurate and up to date. If you find that any personal data we have about you is incorrect or requires updating (for instance, if you change your name, address, or email), please notify us so we can correct and update our records. If you have created an online account or profile on our website, you may log in and update certain personal details yourself.

 

7. Security and retention of your personal data

Security of your personal data

We take the security of your personal data very seriously. We have implemented various strategies, controls, and measures (including physical, technical, and administrative safeguards) to protect your data from unauthorized access, loss, or misuse, and we maintain close review of these measures. This means that your data is protected and is only accessible to employees or contractors who need it to perform their job duties. We also maintain strict physical controls within our facilities to prevent unauthorized access to personal data.

 

Retention of your personal data

In general, we will only retain your personal data for as long as it is necessary to fulfill the purposes described in this Privacy Policy (unless a longer retention period is required or permitted by law). This means the duration of our retention of your data may vary depending on the type of data and the reason we collected it. We have established internal policies and review processes to determine appropriate retention periods, ensuring that we do not keep personal data longer than needed. We also take into account legal requirements, statute of limitations for potential claims, and regulatory guidance when determining retention periods. When your personal data is no longer needed, we will ensure it is either securely deleted or anonymized.

Throughout the time we hold your data, we continue to ensure its security. We also consider the security of your personal data when sharing it with third-party service providers, as described above, and require those third parties to handle your data with due care and appropriate protection.

 

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal obligations, or the services we provide. If we make significant changes, we will notify you (for example, by posting a prominent notice on our website or, if appropriate, by contacting you directly via email or other means). We encourage you to review this Policy periodically to stay informed about how we are protecting your information. The “Last updated” date at the top of this Policy indicates when the latest changes were made.