1. Fundamental Principles
Flix Bag commits to respecting General Data Protection Regulation (GDPR) principles:
- • Lawfulness, fairness and transparency
- • Purpose limitation
- • Data minimization
- • Data accuracy
- • Storage limitation
- • Integrity and confidentiality
- • Accountability
2. Personal Data Collected
2.1 User Data
- • Identity: Surname, first name, address, phone number, email address
- • Identity documents: Passport, national identity card
- • Flight data: Plane tickets, itineraries
- • Financial data: Payment methods and transaction history
- • Location data: Addresses and geolocation data
2.2 Sensitive Data
- • Identity photos used for verification purposes
- • Medical documents (prescriptions) for certain specific packages
- • Encrypted payment data
3. Processing Purposes
Personal data is collected to:
- • Verify user identity
- • Match travelers and senders
- • Manage transactions and payments
- • Ensure delivery and route tracking
- • Provide customer service and manage disputes
- • Comply with legal and regulatory obligations
4. Retention Period
- • Account data: Retained for 3 years after last activity
- • Financial data: Retained for 10 years (legal obligation)
- • Flight data: Retained for 2 years after travel
- • Identity documents: Retained for 1 year after account deletion
5. Individual Rights
Every user has the following rights:
- • Right of access to their personal data
- • Right of rectification
- • Right to erasure ("right to be forgotten")
- • Right to restriction of processing
- • Right to data portability
- • Right to object
6. Data Security
Flix Bag implements strict security measures, including:
- • Encryption of sensitive data
- • Strong authentication for administrator access
- • Semi-annual security audits
- • Data breach management procedure
- • Confidentiality clauses applicable to all employees
7. Data Protection Officer (DPO)
- • Name:
- • Email: dpo@flixbag.com
The Data Protection Officer is responsible for GDPR compliance and ensures liaison with CNIL.