PRIVACY POLICY

Last updated: December 10th, 2025

 

Introduction

Data privacy is of high importance for FOREO, and we want to be open and transparent with the way we process your personal data. We are committed to protecting the privacy and security of our customers and site visitors. We, therefore, have a policy setting out the purpose for which your personal data will be collected, as well as how it will be processed and protected. You will also have the opportunity to monitor the process of data collection and manage the level of communication you would like with us.

This Privacy Policy details how FOREO manages your personal data, including its collection, usage, and protection. This applies when you engage with us, whether by using our website or mobile application, creating an account, purchasing products, or interacting with our customer service and marketing, regardless of your global location.

Your use of our online store and associated services signifies your acknowledgment and understanding of this Privacy Policy. If you do not agree with the terms outlined here, please refrain from using our website, app, or services.

 

Who is the controller of your personal data?

The controller of the personal data you submit to us and is responsible for your personal data under the applicable data protection law is FAQ Europe d.o.o., established and acting in accordance with the laws of Croatia.

The company details are as follows:

FAQ Europe d.o.o. 

Radnička cesta 202 

10 000 Zagreb Croatia 

Contact: privacy@foreo.com

 

Scope of this Privacy Policy

This Privacy Policy applies to:

  • Our websites, online stores, and web applications (together: the “Website”)
  • Our mobile applications (the “App”)
  • Customer service channels (email, chat, social media, where applicable)
  • Marketing communications and direct marketing
  • Any other online or offline interactions you may have with us in the context of our e‑commerce operations

This policy does not apply to third‑party websites, services, or applications that are linked to or from our Website or App but are not controlled by us.

 

Categories of Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

  • Identification and contact data: name, surname, email address, phone number, billing address, delivery address, country, user ID, and account login details. Optional: Date of birth, Gender, Preferred language, Time zone, Profile picture, Phone number, Country
  • Order and transaction data: products purchased, order history, payment status, payment method, invoice data and history.
  • Customer service data: content of communications with our customer service (via Salesforce, Salesforce Chat, Gmail, or other channels), warranty requests and related documentation, support tickets, and their resolution.
  • Technical and usage data: IP address, device type, operating system, browser type and version, unique device identifiers, log files, access times, pages viewed, clicks, referring/exit pages, approximate location derived from IP, and similar data generated by your use of the Website or App.
  • Cookie and tracking data: data collected via cookies, SDKs, tracking pixels, tags, and similar technologies used for analytics, personalization, security, and marketing (including via Cookiebot, Google Analytics, Wisepops, Noibu, Fastly, and other tools described below).
  • Demographic and inferred data: demographic and geo‑cultural characteristics inferred by analytical tools such as Namsor (e.g., likely gender, cultural origin, or region based on name and other context), as well as geolocation approximations from MaxMind.
  • Anti‑fraud data: information used to detect and prevent fraud, including risk scores, device and transaction fingerprints, IP‑based checks, behavioral patterns, and other data processed by Signifyd, MaxMind.
  • Marketing and communication data: subscription status, consent records, interaction with marketing messages, and data related to direct marketing by email, SMS, push notifications or in‑app messages.
  • Review and feedback data: product and service reviews, comments, ratings, and feedback you submit via Bazaarvoice or directly on our Website or App.

We do not intentionally collect special categories of personal data (such as health data, political opinions, religious beliefs, etc.) unless they are explicitly provided.

 

Purposes and Legal Bases for Processing

Where GDPR or similar laws apply, we rely on the following legal bases for processing your personal data. For users in other jurisdictions, our processing is based on your consent, on the necessity to perform a contract with you, to comply with legal obligations, and on our legitimate interests as described below, to the extent permitted under your local laws.

Purpose of Processing

Description

Legal Basis

Warranty claim handling

Managing and verifying warranty requests

Article 6(1)(b) GDPR – Performance of a contract

Customer service via Salesforce

Managing customer communications and case resolution

Article 6(1)(b) GDPR – Performance of a contract

Salesforce Chat support

Providing real‑time support through chat

Article 6(1)(b) GDPR – Performance of a contract

Customer communication via Gmail

Responding to customer inquiries

Article 6(1)(b) GDPR – Performance of a contract

Additional fraud prevention verification

Identity and transaction checks to prevent misuse

Article 6(1)(f) GDPR – Legitimate interest

AI Chat

Providing automated assistance and information through AI systems

Article 6(1)(b) GDPR – Performance of a contract

Direct marketing (message advertising)

Sending promotional messages about our products or services

Article 6(1)(a) GDPR – Consent 

Payment and subscription management 

Managing billing and renewal of paid subscriptions

Article 6(1)(b) GDPR – Performance of a contract

User account management

Creating and maintaining user profiles

Article 6(1)(b) GDPR – Performance of a contract

Online purchase management

Processing and fulfilling your web and app orders

Article 6(1)(b) GDPR – Performance of a contract

Antifraud protection 

Fraud detection and prevention during transactions

Article 6(1)(f) GDPR – Legitimate interest

Pop‑up messages 

Displaying marketing and informational pop‑ups

Article 6(1)(a) GDPR – Consent

Cookie management 

Managing cookie preferences and consent

Article 6(1)(f) GDPR – Legitimate interest; Article 6(1)(a) GDPR – Consent

Google Analytics

Statistical analysis of website traffic

Article 6(1)(a) GDPR (consent through CMP)

Web traffic optimization 

Processing website data for faster, secure delivery

Article 6(1)(f) GDPR – Legitimate interest

E‑commerce monitoring 

Detecting and solving technical errors in the web store

Article 6(1)(f) GDPR – Legitimate interest

Product and service reviews 

Collecting and publishing verified customer reviews

Article 6(1)(f) GDPR – Legitimate interest

Transactional emails

Sending order confirmations, delivery updates, and invoices

Article 6(1)(b) GDPR – Performance of a contract

Business analytics 

Internal performance reporting and business metrics

Article 6(1)(f) GDPR – Legitimate interest

Geolocation 

Identifying approximate user location for fraud prevention

Article 6(1)(f) GDPR – Legitimate interest

Demographic analytics 

Analytical identification of demographic and cultural data to understand market trends

Article 6(1)(f) GDPR – Legitimate interest

Product delivery

Preparation and dispatch of purchased goods

Article 6(1)(b) GDPR – Performance of a contract

 

Cookies and Similar Technologies

We use cookies, SDKs, pixels, and similar technologies on our Website and App for:

  • Essential functions (e.g., maintaining your session, shopping cart, security)
  • Preferences (e.g., language, region)
  • Analytics and performance (e.g., Google Analytics, Noibu)
  • Marketing and personalization (e.g., Wisepops, marketing pixels)
  • Consent management (Cookiebot)

When required by applicable law, we will obtain your consent before placing non‑essential cookies or similar technologies on your device. You can withdraw or change your consent at any time through the Cookiebot cookie banner or settings tool.

For detailed information about the cookies and similar technologies we use, please refer to our Cookie Policy, which forms part of this Privacy Policy.

 

How we collect information about you

  • You directly, when you place an order, create an account, contact customer service, submit a review, or otherwise interact with us.
  • Your use of our Website and App, through cookies, analytics tools, and similar technologies.

  • Our service providers and partners, such as payment service providers, anti‑fraud service providers (Signifyd, MaxMind), analytics providers (Google Analytics, Noibu, Tableau), marketing and consent tools (Cookiebot, Wisepops, Bazaarvoice, Recurly), and logistics partners involved in product delivery.

     

How We Share Your Personal Data

We share your personal data with:

  • Service providers (processors) that process data on our behalf, including:

    - Customer service platforms: Salesforce, Salesforce Chat, email systems (e.g. Gmail)

    - Payment and subscription providers: Recurly, payment gateways, and acquiring banks

    - Anti‑fraud and security providers: Signifyd, MaxMind, Fastly, other security vendors

    - Analytics and business intelligence providers: Google Analytics, Noibu, Tableau, Namsor

    - Marketing and consent management providers: Cookiebot, Wisepops, email/SMS marketing platforms, Bazaarvoice

    - IT hosting, infrastructure, and cloud providers

  • Logistics and delivery partners, for shipping and returns processing
  • Professional advisors, such as lawyers, auditors, and consultants, where necessary for legal and business purposes
  • Public authorities, regulators, and law enforcement, where required by applicable law or necessary to protect our rights or the rights of others

We do not sell your personal data for monetary consideration. Where local law defines “sale” more broadly (e.g., certain US state laws), we comply with additional notice and opt‑out requirements, as applicable.

 

International Data Transfers

Because we operate globally and use international service providers, your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Where required by GDPR or equivalent laws, we implement appropriate safeguards for international data transfers, such as:

  • Adequacy decisions by the European Commission for certain countries
  • Standard Contractual Clauses (SCCs) approved by the European Commission or other competent authorities
  • Additional technical and organizational measures (e.g., encryption, pseudonymization)

You can contact us for more information about the safeguards used for specific transfers.

 

How long do we keep your personal data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • During the term of your contract or user account
  • For the duration of legal limitation periods and mandatory retention periods (e.g., tax and accounting records)
  • For as long as necessary to resolve disputes and enforce our agreements
  • For the duration of valid consents or until you withdraw them, whichever occurs earlier, unless longer retention is legally required or permitted

After the applicable retention period expires, personal data will be deleted, anonymized, or aggregated in a way that no longer allows identification.

 

What are your rights

Where GDPR or similar data protection laws apply, you may have the following rights, subject to applicable legal conditions:

  • Right of access – to obtain confirmation whether we process your data and receive a copy of your personal data.
  • Right to rectification – to request correction of inaccurate or incomplete personal data.
  • Right to erasure – to request deletion of your personal data, for example, where it is no longer necessary, you withdraw consent, or you object to processing.
  • Right to restriction of processing – to request that we limit processing of your personal data under certain circumstances.
  • Right to data portability – to receive your personal data in a structured, commonly used, and machine‑readable format and to transmit it to another controller, where technically feasible.
  • Right to object – to object to processing based on our legitimate interests, and to object at any time to processing for direct marketing purposes.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time; this will not affect the lawfulness of processing carried out before withdrawal.
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, subject to certain exceptions.

To exercise your rights, please contact us at privacy@foreo.com. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.

 

Security of Personal Data

We implement appropriate technical and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption and pseudonymization where appropriate
  • Access controls and authentication procedures
  • Regular security assessments and monitoring
  • Staff training and internal policies on data protection

However, no system is completely secure. You are responsible for keeping your account credentials confidential and for using appropriate security measures on your devices.

 

Children’s Privacy

Our Website, App, and services are not directed to children under the age of 16 (or the minimum age required by applicable local law), and we do not knowingly collect personal data from children in this age group without appropriate parental consent.

If you believe that a child has provided personal data to us without the necessary consent, please contact us so that we can take appropriate steps to delete such data.

 

Updates to our Privacy Notice

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make material changes, we will take appropriate measures to inform you, such as posting a prominent notice on our Website or sending you a notification if required by law. The “Last updated” date at the top of this Privacy Policy indicates when it was last revised.

How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at: privacy@foreo.com.

We will respond to your request as soon as reasonably possible and within the time limits set by applicable law.