This Privacy Policy aims to inform users of the FlixBag platform (hereinafter "the Platform") of the conditions under which their personal data is collected, processed, used, stored and, where applicable, transferred by the company FlixBag, SASU with capital of 1,000 euros, registered in the Trade and Companies Register of Bourg-la-Reine under number [RCS], whose registered office is located at 53 rue Hoffmann, 92340 Bourg-la-Reine (hereinafter "FlixBag" or "the Data Controller").
FlixBag is a digital platform connecting travelers with excess luggage kilos with senders wishing to ship packages internationally at competitive rates. This activity involves processing sensitive personal data, particularly identity, payment and location data.
FlixBag commits to strictly respect applicable regulations regarding personal data protection, in particular Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (GDPR), Law No. 78-17 of January 6, 1978 amended relating to data processing, files and freedoms, as well as any local legislation applicable in the Platform's operating countries (European Union, French-speaking African countries, Canada, United States, China, India, Pakistan).
For the purposes of this Policy, the following terms have the meaning below:
The controller of personal data collected via the Platform is:
| Company name | FlixBag |
| Legal form | Simplified Joint Stock Company (SASU) |
| Share capital | 1,000 euros |
| Registered office | 53 rue Hoffmann, 92340 Bourg-la-Reine |
| RCS | Bourg-la-Reine [Number] |
| Legal representative | ARNAUD KINTOHOU |
| DPO Email | dpo@flixbag.com |
| Phone | +33 7 46 55 02 99 |
During registration, Platform use and transaction completion, FlixBag collects the following data categories:
Personal data is processed for the following purposes:
| Purpose | Description | Legal basis |
|---|---|---|
| User account creation and management | Registration, identity verification, profile management | Contract performance (Art. 6.1.b GDPR) |
| Traveler / Sender matching | Matching algorithm, proposal display | Contract performance (Art. 6.1.b GDPR) |
| Dynamic pricing (Smart-Pricing) | Automated price calculation via PNR/OCR extraction | Legitimate interest (Art. 6.1.f GDPR) |
| Payment and escrow management | Sequestration, release, refunds | Contract performance (Art. 6.1.b GDPR) |
| Flight tracking and notifications | Real-time tracking, automatic alerts | Contract performance (Art. 6.1.b GDPR) |
| Dispute and litigation management | Mediation, evidence, profile deactivation | Legitimate interest (Art. 6.1.f GDPR) |
| Rating and ranking | Star system, Regular status, 1-5 ranking | Legitimate interest (Art. 6.1.f GDPR) |
| Platform improvement | Statistics, behavioral analysis, optimization | Consent (Art. 6.1.a GDPR) |
| Commercial communication | Newsletters, promotional offers | Consent (Art. 6.1.a GDPR) |
| Legal obligations | Taxation, anti-money laundering, requisitions | Legal obligation (Art. 6.1.c GDPR) |
Personal data may be communicated to the following recipient categories, strictly limited to what is necessary to accomplish the purposes described above:
Authorized FlixBag personnel (customer service, technical team, management) within the limits of their respective duties.
As FlixBag operates internationally (European Union, French-speaking Africa, Canada, United States, China, India, Pakistan), personal data transfers to third countries may occur.
These transfers are framed by the following safeguards, in accordance with Chapter V of the GDPR:
For French-speaking African countries, FlixBag ensures compliance with local regulations regarding data protection, particularly the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention) and applicable national laws.
Personal data is retained for a period not exceeding that necessary for the purposes for which it is processed:
| Data category | Retention period |
|---|---|
| User account data | Duration of contractual relationship + 3 years after last activity |
| Identity data (KYC) | 5 years after account closure (anti-money laundering obligations) |
| Transaction data | 10 years (accounting and tax obligations) |
| Flight and PNR data | Transaction duration + 1 year |
| Tracking and geolocation data | 6 months after effective delivery |
| Dispute data | 5 years after final resolution |
| Rating/ranking data | Duration of contractual relationship |
| Cookies and trackers | 13 months maximum |
| Marketing data | 3 years after last contact |
At the end of these periods, data is permanently deleted or irreversibly anonymized for statistical purposes.
FlixBag implements appropriate technical and organizational measures to ensure a security level adapted to the risk, in accordance with Article 32 of the GDPR:
Access management policy based on least privilege principle, regular staff training on data protection, data breach notification procedures in accordance with Articles 33 and 34 of the GDPR (notification to CNIL within 72 hours and information to data subjects in case of high risk).
In accordance with Articles 15 to 22 of the GDPR and Articles 48 to 56 of the amended Data Protection Act, each User has the following rights:
These rights can be exercised by email at dpo@flixbag.com or by postal mail to FlixBag's registered office, accompanied by a copy of identity proof. FlixBag commits to respond within one month from receipt of the request. This period may be extended by two additional months considering complexity and number of requests.
In case of difficulty exercising their rights, Users can file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, or with the competent supervisory authority of their country of residence.
FlixBag uses cookies and similar technologies to ensure proper Platform operation, measure audience and personalize user experience. Cookie categories used are:
Users can manage their cookie preferences at any time via the cookie management banner integrated into the Platform or via their browser settings. Refusing non-essential cookies does not affect access to basic Platform functionalities.
FlixBag implements automated processing, including:
In accordance with Article 22 of the GDPR, Users have the right to request human intervention, express their viewpoint and contest the decision with FlixBag customer service.
The FlixBag Platform is exclusively intended for adults (18 years old or age of majority in country of residence). FlixBag does not knowingly collect personal data from minors. If FlixBag discovers that a minor's data has been collected, it will be immediately deleted.
FlixBag reserves the right to modify this Privacy Policy at any time, particularly to take into account legislative, regulatory or technical developments. Any substantial modification will be notified to Users by email and/or in-app notification at least thirty (30) days before its effective date.
Continued use of the Platform after the modified version takes effect constitutes acceptance of the new Policy.
For any question regarding this Policy or to exercise your rights, you can contact:
| Data Protection Officer (DPO) | Judicael AHYI |
| dpo@flixbag.com | |
| Postal address | FlixBag — DPO, 53 rue Hoffmann 92340 Bourg-la-Reine, France |
| Phone | +33 7 46 55 02 99 |
Done in Bourg-la-Reine, on 05/02/2026
For FlixBag company
ARNAUD KINTOHOU, President