Privacy Policy

Last updated: April 19, 2026

1. Introduction

Flavor d.o.o. ("Company", "we", "us") operates the Forbono platform. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Service, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Croatian data protection law.

2. Data Controller

The data controller for personal data processed through the Service is:

Flavor d.o.o.
Email: hello@forbono.com
Website: https://forbono.com/

3. Data We Collect

3.1 Account Data (Business Owners)

When you register for an account, we collect:

  • Full name (first and last name)
  • Email address
  • Business name and type
  • Subscription plan and payment information
  • Website content you create (business descriptions, service listings, working hours)
3.2 End-User Data (Your Clients)

When your clients book appointments through your Forbono website, we process on your behalf:

  • Client name
  • Email address and/or phone number
  • Appointment details (date, time, service selected)
  • Any notes or preferences provided during booking
3.3 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on the Service
  • Referring URL
  • Cookie identifiers (see our Cookie Policy)

4. Legal Basis for Processing

We process personal data on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): Processing account data is necessary to provide the Service under our Terms of Service.
  • Legitimate interest (Art. 6(1)(f) GDPR): Analytics and service improvement, fraud prevention, and security.
  • Consent (Art. 6(1)(a) GDPR): Marketing communications and non-essential cookies.
  • Legal obligation (Art. 6(1)(c) GDPR): Tax and accounting records, responding to legal requests.

5. How We Use Your Data

  • To create and manage your account and subscription
  • To provide, operate, and maintain the Service
  • To process payments and send billing-related communications
  • To send appointment reminders and notifications (on your behalf to your clients)
  • To provide customer support
  • To analyse usage patterns and improve the Service
  • To detect and prevent fraud or security incidents
  • To comply with legal obligations

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Payment processors: To handle subscription payments securely (e.g., Stripe).
  • Email/SMS providers: To send appointment reminders and notifications on your behalf.
  • Hosting providers: Our servers are hosted within the European Union.
  • Analytics providers: For aggregated, anonymised usage statistics.
  • Legal authorities: When required by law or to protect our rights.

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

7. Data Processor Role

When you use Forbono to manage your clients' appointments, we act as a data processor on your behalf. You remain the data controller for your clients' personal data. You are responsible for:

  • Having a lawful basis to collect your clients' data
  • Informing your clients about how their data is processed
  • Responding to data subject requests from your clients

8. Data Retention

  • Active accounts: Data is retained for the duration of your subscription.
  • Cancelled accounts: Account data is retained for 30 days after cancellation, then permanently deleted.
  • Financial records: Payment and invoice data is retained for 11 years as required by Croatian tax law.
  • Technical logs: Server logs are retained for a maximum of 90 days.

9. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability — receive your data in a structured, machine-readable format (Art. 20)
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent at any time for consent-based processing (Art. 7(3))

To exercise any of these rights, contact us at hello@forbono.com. We will respond within 30 days.

10. International Data Transfers

Your data is stored and processed within the European Economic Area (EEA). If any data transfer outside the EEA is required, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Regular backups with encryption
  • Incident response procedures

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

13. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The relevant authority in Croatia is:

Agencija za zaลกtitu osobnih podataka (AZOP)
Website: azop.hr

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance.

16. Contact

For questions about this Privacy Policy or to exercise your data protection rights:

Flavor d.o.o.
Email: hello@forbono.com