Privacy Policy
Privacy Policy of IDI SKINCARE LTD. t/a ID FORMULAS
Last updated: June 2026
Name of Institution: IDI Skincare Ltd. t/a ID Formulas (registered office at 10 Pembroke Place, Ballsbridge, Dublin 4, Ireland) (company number 757876) (“ID Formulas”).
Data Protection Officer/Contact:Conor Murphy - dpo@idformulas.com
This Privacy Policy describes how your personal information is collected, used and shared when you visit or make a purchase from www.idformulas.com (the “Site”).
ID Formulas operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the “Services”). Throughout our Site, the terms “we”, “us” and “our” refer to the ID Formulas and the term “you” refers to the individual accessing or using the Services, or the company, or the legal entity on behalf of which such individual is accessing or using the Service, as applicable. The ID Formulas website is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use and disclose your personal information when you visit, use or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Sale and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing and disclosure of your personal information.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use and disclosure of your information as described in this Privacy Policy.
Personal Information We Collect or Process
When we use the term “personal information” or “personal data”, we are referring to information or data that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:
Identity data,including title, date of birth and gender;
Contact details, including your name, address, billing address, shipping address, phone number and email address;
Financial information, including credit card, debit card and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details;
Account information, including your username, password, security questions, preferences and settings.
Transaction information,including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel, and your past transactions.
Technical data,including internet protocol (IP) address, your login data, browser type and version and other technology on the devices you use to access this Site;
Communications with us,including the information you include in communications with us, for example, when sending a customer support inquiry;
Device information,including information about your device, browser or network connection, your IP address, and other unique identifiers;
Usage information,including information regarding your interaction with the Services, including how and when you interact with or navigate the Services;
Marketing and communications data,including preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ usage data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Site to help improve the Site and our service offering.
Personal Information Sources
We may collect personal information from the following sources:
Directly from you,including when you create an account, visit or use the Services, communicate with us, subscribe to our service or publications, request marketing to be sent to you, give us feedback or contact us, enter a competition, promotion or survey or, by filling in online forms or by corresponding with us by post, phone or email, or otherwise provide us with your personal information;
Automatically through the Services,including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies; please see our cookie policy [LINK] for further details;
From our service providers, including when we engage them to enable certain technology, payment and delivery services, and when they collect or process your personal information on our behalf;
From our partners or other third parties.
How We Use Your Personal Information
Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:
Provide, tailor and improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
Marketing and advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
Security and fraud prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, to detect, investigate or take action regarding possible fraudulent, illegal, unsafe or malicious activity, to protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
Communicating with you. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
Legal reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.
Consent. We use your consent where we are asking you to confirm your marketing preferences to ensure we only contact you via the medium you have chosen. You will be asked to confirm that you are happy to provide your personal data and that you give permission to us to process your personal data. All of the details such as why we want your data will be shared, and will be provided at the time of asking you for consent. Where we are relying on consent you will usually see a tick box. You have the right to withdraw your consent at any time if you no longer want to be part of the processing activity. However, please note that any processing carried out before you withdraw your consent will remain valid. We may be unable to provide a certain number of our services to you if you withdraw your consent. In regard to seeking your specific consent to process personal data from your connected WHOOP account, Oura Ring account or other health wearable device account, see the attached consent form entitled “Consent to Process Health & Biometric Data for Special Categories under Article of GDPR”.
Performance of a contract with you.We may use your personal data where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example, to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
How We Disclose Personal Information
In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:
With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping);
With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalised advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. You can exercise your rights to opt-out of those uses here;
When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations;
With our affiliates or otherwise within our corporate group;
In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
Relationship with Shopify
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you.
Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. Laws in the European Economic Area (“EEA”) call these reasons “legitimate” interests. These “legitimate interests” include:
preventing risk and fraud;
answering questions or providing other types of support;
helping merchants find and use apps through our app store;
providing and improving our products and services;
providing reporting and analytics;
testing out features or additional services;
assisting with marketing, advertising, or other communications.
We may also process your personal information where you have provided your consent. At any time, you have a right to withdraw your consent by contacting us.
In addition, to help protect, grow and improve our business, we use certain Shopify-enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit theShopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information hereShopify Privacy Portal Link.
Third Party Websites and Links
The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.
Children’s Data
The Services are not directed at and are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of 18 years. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the “Last updated” date stated at the beginning of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 18 years of age. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.
Security and Retention of Your Information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, or altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business ‘need to know’. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security”. In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, provide you with Services, comply with legal obligations or with regulatory, tax, accounting or reporting requirements, or resolve disputes or enforce other applicable contracts and policies. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see “Your Rights and Choices” below for further information.
Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute and/or may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.
Right to access/know.You may have a right to request access to personal information that we hold about you.
Right to delete.You may have a right to request that we delete or remove personal information we maintain about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
Right of portability.You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
Right to opt out of sale or marketing or sharing for targeted advertising. Depending on where you reside, you may have a right to opt out of the “sale” or “share” of your personal information or to opt out of the processing of your personal information for purposes considered to be “targeted advertising”, as defined in applicable privacy laws. You can exercise your rights to opt out of those uses here. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the Site. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other “Do Not Track” signals that may be sent from your web browser or device.
Managing communication preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.
If You Reside in the UK or European Economic Area, and subject to exceptions and limitations provided by local law, you may exercise the following rights in addition to the rights outlined above:
Objection to processing and restriction of processing: You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.
Withdrawal of consent: Where we rely on consent to process your personal information, you have the right to withdraw this consent. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before its withdrawal.
You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visithttps://privacy.shopify.com/en.
We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorised them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights described in this Privacy Policy). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in those circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights described in this Privacy Policy). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below or by lodging your complaint with your local data protection authority. In Ireland, that is the Data Protection Commission (www.dataprotection.ie). For the European Economic Area, you can find a list of the responsible data protection supervisory authorities here.
International Transfers
Please note that we may transfer, store and process your personal information outside the country you live in.
If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognised transfer mechanisms like the European Commission’s Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection. You can request a copy of the safeguards we use by contacting us at info@idformulas.com.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date and provide notice as required by applicable law. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example, a new postal address or email address.
Third-party Links
Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you as described in this Privacy Policy, please email us at info@idofrmulas.com or contact us at 10 Pembroke Place, Ballsbridge, Dublin 4, D04 V1W6. For the purpose of applicable data protection laws, we are the data controller of your personal data.