Privacy Policy

This Privacy Policy describes how Form & Function Consulting, LLC (“we,” “us,” or “our”) collects, uses, and protects data across our public marketing website and our B2B application.

By distinguishing between our public-facing site and our authenticated service, we ensure that our privacy practices align with the specific nature of your interaction with us.

1. Scope and Definitions

This policy applies to two distinct areas:

Key Definitions

  • Customer: The legal entity (typically a business) that has entered into a Master Service Agreement (MSA) or similar contract with Form & Function.

  • Authorized User: An individual (typically an employee or contractor of a Customer) who has been provisioned an account to access the Service.

  • Customer Data: Any data, information, or material provided or submitted by a Customer or its Authorized Users to the Service.

2. Our Role: Controller vs. Processor

  • Data Controller: The Company acts as a “Data Controller” (or the equivalent under applicable law) for: (a) Personal Data collected on our Marketing Site; (b) Personal Data collected for our marketing database (e.g., business contact information of clients and prospects); and (c) basic account management data used for provisioning and billing purposes (e.g., names and work emails of Authorized Users).

  • Data Processor: The Company acts as a “Data Processor” (or the equivalent under applicable law) for Personal Data ingested into the Application. This includes employee information provided by our Customers in connection with our management and personnel consulting services. Our processing of such Personal Data is governed by the Data Processing Agreement (“DPA”) (if applicable) and/or MSA executed with each Customer.

3. Collection of Personal Data

We collect Personal Data in various ways, including directly from you, from your organization, and from third parties. The types of Personal Data we collect generally include business contact information such as name, business email address, business mailing address, business phone number, job title, and employer name. We do not intentionally collect sensitive personal data such as birth dates, driver’s license numbers, governmental identification numbers, financial account information, or health information.  We may aggregate and/or de-identify Customer Data for analytical and benchmarking purposes. Such de-identified data does not constitute Personal Data and is not subject to this Policy.

Marketing Site Visitors

When you visit our Marketing Site, we may collect the following information:

  • Technical Information: We use Google Analytics and similar tools to collect technical and usage information such as browsing history, domain name, IP address, browser type, date and time of each visit, and pages visited. This data is generally aggregated and anonymous; we do not use it to identify individual visitors. Most web browsers permit you to block or delete cookies. However, our Marketing Site may not function properly if you set your browser to reject our cookies.

  • Direct Communications: If you contact us directly via email (e.g., to hello@form-function.co or privacy@form-function.co ), subscribe to our newsletter,respond to a survey, or otherwise communicate with us, we collect your email address and the content of your communication solely to respond to your inquiry and manage our relationship with you.

  • Cookies and Similar Technologies: Cookies are small files that a site transfers to your computer’s hard drive through your web browser that enable our systems to recognize your browser and capture and remember certain information. We use functional cookies necessary for site performance and analytical cookies via Google Analytics. You may manage your cookie preferences through your browser settings or our cookie banner, if applicable. 

4. The B2B Application (Authorized Users)

The Application is a professional tool provided to our business Customers for management and personnel consulting services.

  • Account Provisioning: Accounts are provisioned manually by the Company. We do not support self-registration. We collect account information such as name, business email address, job title, and employer to set up and administer accounts.

  • Billing Information: We do not use third-party payment processors on our Marketing Site or Application. All billing is handled via separate professional invoices directly with Customers.

  • Customer Data: In connection with our consulting services, we may process information related to employees of our Customers (e.g., names, job titles, business contact information, compensation data, locations) strictly as instructed by the Customer pursuant to our DPA and/or MSA. We act as a Data Processor with respect to such Customer Data.

Marketing Database

We maintain a marketing database containing business contact information (e.g., name, business address, business email, and business telephone number) of our Customers and prospective Customers. This database is used solely for business-to-business marketing purposes to inform these individuals about our Services. We market our Services only to businesses and business professionals, not to consumers. We act as a Data Controller with respect to Personal Data in our marketing database.

5. Use of Personal Data

We use Personal Data for legitimate business purposes, including the following:

  • Delivery of Services and Fulfillment of Requests. We may use Personal Data to: (a) register you for the Application or Services; (b) activate and deliver Services to you or your organization; (c) provide you with information about Services that were ordered; (d) allow you to access the Application; (e) provide you with customer service or technical support; (f) manage our contractual relationship with you or your organization; or (g) comply with our legal obligations.

  • Marketing Communications. From time to time, we may use Personal Data to inform you of products, programs, services, and promotions that we believe may be of interest to you. We only market our Services to businesses and business professionals. You may opt out of receiving marketing communications at any time as described in Section 8 below.

  • Other Business Purposes. We may use Personal Data for other business purposes, such as data analysis (to improve the efficiency of our Services), providing customer service or technical support, customizing and improving the content and layout of the Marketing Site or the Application, development of marketing and promotion plans and materials, statistical analysis of user behavior, product development, market research, administering individual accounts, and meeting regulatory requirements.

  • Administrative Communications. We reserve the right to use Personal Data to send you important information regarding our Services, your account status, changes to this Policy, or any other policies, agreements, or transactions relevant to your use of the Services. Because this information may be important to your use of the Services, you may not opt-out of receiving such communications.

6. We Do Not Sell Your Personal Data

The Company does not sell, rent, or trade your Personal Data to third parties for monetary consideration. We do not share your Personal Data with advertisers or data brokers. We do not use Personal Data for any purpose other than providing and improving the Services for our contracted Customers, conducting our business operations, and as otherwise described in this Policy. 

7. How We Share Information

We may share your Personal Data in the following circumstances:

  • Service Providers and Sub-processors. We may provide Personal Data to third-party service providers who assist us in operating our Services, providing technical infrastructure, or conducting general business operations. These service providers are contractually obligated to protect your Personal Data and use it only for the purposes for which it was disclosed. 

  • Legal Compliance and Protection. We may share Personal Data when we believe disclosure is appropriate to comply with the law or legal process, enforce our policies, respond to claims, or protect our rights, property, or safety, or that of others.

  • Business Transfers. We may transfer your Personal Data to any successor company through a corporate transaction such as a merger, acquisition, sale of assets, or similar transaction.

  • With Customer Consent. As a Data Processor, we may share Customer Data  as otherwise directed or authorized by our Customers in accordance with our contractual agreements.

8. Your Rights and Choices

General Rights

We support the rights of individuals to access, correct, update, or delete their Personal Data. Depending on your location and applicable law, you may have the following rights:

  • Right of Access: You have the right to request information about the Personal Data we hold about you and to obtain a copy of such data.

  • Right to Correction: You have the right to request correction of any inaccurate Personal Data we hold about you.

  • Right to Deletion: You have the right to request deletion of your Personal Data, subject to certain legal and contractual limitations.

  • Right to Data Portability: Where applicable, you have the right to receive your Personal Data in a portable format for transmission to another company.

  • Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the “unsubscribe” link in any marketing email or by contacting us at privacy@form-function.co.

  • Right to Withdraw Consent: Where we process your Personal Data based on your consent, you have the right to withdraw such consent at any time.

Exercising Your Rights

To exercise any of the rights described above, you may contact us at privacy@form-function.co. For your protection, we may need to verify your identity before implementing your request. We will respond to your request consistent with applicable law and within a reasonable timeframe. 

Please note: (a) we may need to retain certain information for recordkeeping purposes, contractual obligations, or legal obligations; (b) if you are an Authorized User, requests regarding Customer Data should typically be directed to your employer (the Customer); and (c) there may be residual information that remains within our databases and records pursuant to our archiving processes, which will not be subject to active processing.

9. Data Security

We have established reasonable organizational and technical measures designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments. However, no electronic transmission, storage, or processing of information can be entirely secure, and you assume all risk of loss, unauthorized access to, or misuse of your information transmitted to or stored by us.  When using the Application, one effective security measure is protecting your password. Do not use any common passwords and do not share your password with others.

10. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the context of the Services we provide and our legal obligations. When Personal Data is no longer required, we will securely delete or anonymize it.

11. International Data Transfers

Personal Data is primarily stored on servers located in the United States. If you are located outside the United States (including in the European Union or United Kingdom), please be aware that information you provide may be transferred to, stored in, and processed in the United States. By using our Services or providing Personal Data to us, you consent to the transfer of your information to the United States.

Where required by applicable law, we use appropriate transfer mechanisms such as standard contractual clauses approved by the European Commission to safeguard the transfer of Personal Data from the European Economic Area, United Kingdom, or Switzerland to the United States or other jurisdictions.

12. California Privacy Laws

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”). These rights include:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of Personal Data we have collected about you, the categories of sources from which the Personal Data was collected, the business or commercial purpose for collecting the Personal Data, and the categories of third parties with whom we share Personal Data.

  • Right to Delete: You have the right to request deletion of your Personal Data, subject to certain exceptions.

  • Right to Correct: You have the right to request correction of inaccurate Personal Data.

  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your Personal Data. However, as stated above, we do not sell Personal Data.

  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA rights.

To exercise these rights, please contact us at privacy@form-function.co. We may need to verify your identity before processing your request. Only you, or a person authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data.

California “Shine the Light” Law: California residents may request a list of third parties to which we have disclosed Personal Data for their direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send an email request to privacy@form-function.co with “California Shine the Light Rights” in the subject line.

13. European Union and United Kingdom Privacy Rights

If you are located in the European Union (“EU”), the United Kingdom, or another jurisdiction with laws substantially similar to the EU’s General Data Protection Regulation (“GDPR”), you have the following additional privacy rights:

  • Right of Access, Restriction of Processing, and Erasure: You may contact us to request information about the Personal Data we have collected from you and to request the correction, modification, or deletion of such Personal Data.

  • Right to Withdraw Consent: When we process your Personal Data based on your consent, you have the right to withdraw it at any time.

  • Right to Object: You have the right to object at any time to receiving marketing or promotional materials from us, as well as the right to object to any processing of your Personal Data based on your specific situation.

  • Right to Data Portability: You have the right to data portability of your Personal Data.

  • Right Not to be Subject to Automated Decision-Making: We do not make automated decisions using your Personal Data that may negatively impact you.

  • Right to Lodge a Complaint: If you consider that the processing of your Personal Data infringes your privacy rights under the GDPR, you have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence, place of work, or place of the alleged infringement.

We rely on the following legal grounds to process Personal Data of individuals in the EU and UK:

  • Performance of a Contract: We may need to collect and use your Personal Data to enter into a contract with you and to perform Services that you request.

  • Legitimate Interests: We may use your Personal Data for our legitimate interests to provide and improve our Services.

  • Compliance with Legal Obligations: We may use your Personal Data as necessary to comply with our legal obligations.

  • Consent: Some uses of your Personal Data are subject to your consent, such as marketing email communications.

14. Third-Party Websites and Links

Our Marketing Site or Application may contain links to other websites or services operated by third parties. Please be aware that we do not endorse and are not responsible for the privacy practices of such third-party sites, and this Policy does not apply to them. We encourage you to review the privacy policies of any third-party websites you visit.

15. Children and Minors

Our Marketing Site, the Application, and our Services are not directed to minors or children under the age of 18, and we do not knowingly collect Personal Data from any individual under the age of 18. If you are under the age of 18, please do not use our Services or provide any Personal Data to us.

16. Changes to This Policy

We reserve the right to change this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. You are encouraged to regularly review this Policy. If we make material changes to this Policy, we will notify Customers via email or by posting a prominent notice on the Marketing Site. Your continued use of our Services after any changes to this Policy constitutes your acceptance of such changes.

17. Contact Information

If you have any questions regarding this Privacy Policy or how we process your Personal Data, or if you would like to exercise any of your privacy rights, please contact us: privacy@form-function.co