Privacy Statement

Effective Date: 9 October 2025

Last Updated: 9 October 2025

This Privacy Policy explains how flyBookapp (referred to as "Company," "we," "us," or "our") collects, uses, discloses, and otherwise processes Personal Data in connection with our website (flybookapp.com), applications, products, and services (collectively, the "Services"). We are committed to protecting your privacy and ensuring transparency over our data processing activities, particularly in compliance with global data protection frameworks.

1. Identity and Contact Information

We are responsible for processing your Personal Data.
Contact for Privacy Matters: Please contact us via the Contact us section on this website.

2. Personal Data We Collect

We collect Personal Data, which is any information that relates to an identified or identifiable individual. The specific data collected depends on how you interact with our Services.

Categories of Data Collected:

Identifiers: This includes your name, email address, phone number, physical address, unique personal identifiers (such as a customer number, IP address, and device ID), and online identifiers.

Commercial Information: This covers records of products or services you have purchased, obtained, or considered, or your purchasing or consuming histories or tendencies.

Financial Data: This includes payment card details (which are typically processed by a secure third-party payment processor), billing address, and bank details (for refunds or direct payments).

Internet or Network Activity: This encompasses your browsing history, search history, information on your interaction with our websites, applications, or advertisements, and cookie data.

Geolocation Data: This includes general location information (such as country and city derived from your IP address), or precise location (if provided via website and mobile app consent).

Professional/Employment Information: If you are a business customer or partner, this includes your job title, company name, and business contact details.

Inferences: We may create derived information used to create a profile about a consumer reflecting their preferences, characteristics, and attitudes.

Sources of Collection: We collect Personal Data directly from you (for example, when you register or make a purchase), automatically (for example, through website cookies and analytics), and from third parties (for example, social media platforms or business partners).

Sensitive Personal Data: We do not knowingly collect Sensitive Personal Data (such as health data, religious beliefs, or precise geolocation) unless it is explicitly required to provide a specific service you request, and only with your explicit consent where legally required.

3. How and Why We Use Your Personal Data

We use your Personal Data for the following business and commercial purposes:

Service Provision: To fulfill your orders, manage your account, process payments, and deliver customer service and support.

Service Improvement: To test, research, analyze, and develop new features, services, and products, and to monitor and analyze usage and activity trends.

Marketing and Advertising: To send you promotional communications about our products or services, and to display targeted advertising, subject to your legal consent or opt-out preferences.

Security and Fraud Prevention: To protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible, ensuring the integrity of our Services.

Compliance and Legal Obligations: To comply with legal and regulatory obligations, enforce our terms and conditions, and respond to lawful requests from public authorities.

Internal Operations: For internal business administration, financial record-keeping, and operational efficiency.

4. Legal Bases for Processing (For EU/UK Users)

For users in the European Union (EU) and the United Kingdom (UK), we rely on one or more of the following legal bases to process your Personal Data:

Consent: You have given us explicit, freely given, specific, informed, and unambiguous consent to process your Personal Data for a specific purpose. For example, subscribing to a newsletter.

Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. For example, processing your purchase order.

Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject. For example for tax, accounting, or audit laws.

Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms. These interests include for example, internal research, preventing fraud, network security.

5. Sharing and Disclosure of Personal Data

We may disclose your Personal Data to the following categories of third parties:

Service Providers: Suppliers and service providers assisting in our operations and providing services on our behalf, such as payment processors, website hosting companies, data analytics providers, and marketing platforms.

Business Partners: Joint marketing partners, products and service merchants, or collaborators involved in offering co-branded services or special promotions.

Corporate Transactions: A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.

Legal & Regulatory Authorities: Government or regulatory bodies where required by law, court order, or legal process, or to protect our rights, property, or safety.

6. International Data Transfers

Your Personal Data may be stored and processed in any country where we have facilities or where we engage service providers, including the United States and other locations outside of the European Economic Area (EEA) and the UK.

When transferring Personal Data out of the EEA or UK, we implement safeguards to ensure your data receives an adequate level of protection, such as:

Transferring data to countries deemed to provide an adequate level of protection by the European Commission or the UK Government.

Using legally-approved mechanisms, such as Standard Contractual Clauses (SCCs), adopted or approved by the European Commission or the UK Information Commissioner's Office (ICO), coupled with supplementary measures where required.

7. Data Security and Retention

Data Security: We implement appropriate technical and organizational measures designed to protect your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include for example, encryption of data in transit, access controls, internal security training.

Data Retention: We will retain your Personal Data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention period will depend on the type of data and the purpose of collection, until consent is withdrawn for marketing data.

8. Your Privacy Rights

Depending on your jurisdiction, you may have specific rights regarding your Personal Data.

For EU/UK Residents (GDPR/UK GDPR)

You have the following Data Subject Rights:

Right to be Informed: The right to clear and transparent information about how we process your data.

Right of Access: The right to obtain a copy of your Personal Data.

Right to Rectification: The right to have inaccurate data corrected.

Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your Personal Data in certain circumstances.

Right to Restriction of Processing: The right to prevent or suppress further use of your data.

Right to Data Portability: The right to receive your Personal Data in a machine-readable format and to transmit it to another controller.

Right to Object: The right to object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent: The right to withdraw consent at any time where processing is based on consent.

For US Residents (e.g., CCPA/CPRA)

Residents of certain US states have the following rights:

Right to Know: The right to request information about the categories and specific pieces of Personal Data we have collected.

Right to Delete: The right to request the deletion of your Personal Data, subject to certain legal exceptions.

Right to Correct Inaccurate Personal Data.

Right to Opt-Out of the Sale or Sharing (Targeted Advertising): The right to direct us not to sell or share your Personal Data.

Right to Limit Use and Disclosure of Sensitive Personal Information (if applicable).

Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by:

Emailing us through our Contact us page.

We will respond to all legitimate requests in accordance with applicable legal requirements.

9. Children's Privacy

Our Services are not directed at children under the age of 18. We do not knowingly collect Personal Data from children under this age without parental consent. If we become aware that we have inadvertently received Personal Data from a child without appropriate consent, we will delete such information from our records.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated policy on this page and revise the "Last Updated" date at the top of the policy. We will notify you of any material changes as required by law, via a prominent notice on our Service.

11. Contact Us and Complaints

If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us via our Contact us page.

Lodging a Complaint (For EU/UK Residents):

You may lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

UK Supervisory Authority: Information Commissioner's Office (ICO).

EU Supervisory Authority: The Data Protection Authority in your respective EU Member State.

Appendix: Cookie Policy

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

Types of Cookies Used: We use necessary, functionality, performance/analytics, advertising/targeting cookies.

Your Control: For users in the EU and UK, we obtain consent for non-essential cookies via a banner or a Cookie Consent Management Platform (CMP). US users can typically manage preferences via a 'Do Not Sell or Share My Personal Information' link.

How to Manage Cookies: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.