Last updated on: 11/08/2025
1. General Information
The protection of your personal data is important to Flibco. This Privacy Notice explains how Flibco processes the personal data of its customers and other data subjects (referred to as “you”, “your”, or “yours”). It applies to all entities within the Flibco Group (“Flibco”, “we”, “us”, or “our”).
For the purposes of this Privacy Notice, FLIBTRAVEL International S.A. (a company registered in Luxembourg under registration no. B177392, with its registered office at 4 rue Laangwiss, L-4940 Bascharage) will act as the data controller. However, when you interact directly with a specific entity within the Flibco Group, that entity will act as the local data controller for processing activities directly related to its functions.
All entities within the Flibco Group are committed to upholding the highest standards of data protection in accordance with Regulation (EU) 2016/679 (“GDPR”). Where you engage with FLIBTRAVEL International UK Ltd, the processing of your personal data will be carried out in compliance with the UK Data Protection Act, the UK GDPR, and the UK Data Use and Access Act 2025, as applicable.
2. Personal data and data processing
When using the term “personal data” in this Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include, for example, your name, your contact details (e.g. email, phone number, language), information relating to your booking (e.g. booking reference number, travel itinerary, physical address you included to book the Door2Gate service, billing address).
We collect personal data directly from you, for example, when you book a transport service with us, use our website or our app, create a customer account (“Sign up”), contact us or subscribe to our newsletter. We may also receive your personal data from our agents or other parties who book a service or product for you. If you book a transport on behalf of someone else, you must have their consent to use their personal information.
We process your personal data only when you have given your consent, when it is necessary for the performance of a contract you have concluded with us, or for the fulfilment of a legal obligation to which we are subject. We may process personal data on the basis of our legitimate interest only if this interest is not overridden by your rights.
Categories of data, processing and purposes
We may collect and process the following categories of personal data about you:
| Processing activity/Purpose | Type of personal data |
|---|---|
| When you create an account on our website | Your name, surname and contact details including email address, telephone number, language and billing address |
| When you purchase our transport services, or when you choose an offer we make available on our website | Your name, email address, payment details |
| When you manage your booking directly through your account | Information about your bookings and travel itinerary. |
| When you request special care support by sending us an email at [email protected] | Whether you require special assistance relating to wheelchair support. |
| When you make a booking on behalf of other passengers | Information about other passengers in your booking, and the age range of any children that are part of your booking |
| When you purchase our transport or travel-related products or services through our agents | Information about your transaction, including your payment card details |
| When you contact us via the “Contact” form on the website or send us an email (e.g. to our DPO) | The communications you willingly exchange with us. |
| When you interact with us on social media | Any personal data contained in your posts and messages on our social media pages (e.g. LinkedIn; Instagram; TikTok; Facebook; YouTube; X) |
| When you reply to our requests for feedback or participate in our customer surveys | Your feedback |
| When you navigate on our website or when you use our mobile app | Information about how you use our website or our mobile app, such as your searches for voyages |
| When you subscribe to our newsletter | Your name and email address |
Sensitive personal data
In the course of providing services to you, we may collect information that could reveal your physical health. This type of information is considered “sensitive personal data” under data protection laws. We only collect it if you give us your clear consent and choose to share it with us yourself.
We may collect this information in the following circumstance:
- If you request special assistance or any accessibility requirement when booking our services, this could reveal information about your health (e.g. if you ask for a wheelchair).
3. Other Purposes
We may use your personal data also for the following purposes:
To fulfil our administrative purposes and protect our business interests
The business purposes for which we will use your information include accounting, billing and audit, credit/debit card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development.To comply with our legal obligations:
For example, to comply with our obligation to provide your information to national authorities, where required. We may also process your personal information in order to comply with our relevant legal obligations under the Luxembourg law of 16 May 2023 transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, when you choose to share such personal information by submitting a report through our Whistleblowing Channel. Our platform is provided by Whistleblower Software. For more information on how the platform will process your personal data, please refer to our dedicated Whistleblower Privacy NoticeTo enter into a employment contract with you
Should you send us a spontaneous job application via mail, we will process the personal information that you provide us with (e.g. your professional data and your CV), in order to take the steps to enter into an employment contract with you.
4. Job application
When you apply for a position at Flibco (either spontaneously or via our job portal), we collect and process your personal data, including identification, contact, and professional information (i.e. CV, motivation letter), to manage and assess your application, communicate with you during the recruitment process, and conduct reference checks where applicable. This processing is necessary to enter into the employment contract.
Your data is shared only with our HR team and relevant managers and is retained for up to two years after the recruitment process if you have consented, or as necessary to demonstrate fair and transparent recruitment practices.
5. Security of your personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.
This means that we adhere to high security standards in order to protect your payment card details when you share such details with us.
As described in this Privacy Notice, we may in some instances disclose your personal data to third parties. Where Flibco discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however, in some instances, we may be compelled by law to disclose your personal data to a third party, and have limited control over how it is protected by that third party.
6. Notification in the event of a breach of your personal data
In the unlikely event there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data (such as sending personal data to an incorrect recipient, or loss of availability of personal data), we are committed to taking an informed decision on whether to notify the relevant supervisory authority within 72 hours of becoming aware of such a breach. We commit to informing you without undue delay, in the event the personal data breach is likely to result in a high risk to your rights and freedoms.
7. Retention of your Personal Data
We will keep your Personal Data no longer than the reasonable time necessary for the purposes as set out in this Privacy Notice and for satisfying any legal or regulatory requirements. At the end of these data retention periods, your Personal Data will be permanently deleted or fully anonymized.
For further information on how to delete your account please consul this page: https://www.flibco.com/en/personal-data-cancellation-process.
Cookies or other tracking technologies
In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website and app, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.
For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website.
We also use cookies in our website, mobile app or in our emails. Cookies are small pieces of information stored by your browser on your computer’s hard drive. They enable you to navigate on our website or app and allow us to provide features such as remembering aspects of your last search to make future searches faster. You can refuse and delete cookies if you wish; while certain cookies are necessary for viewing and navigating on our website or app, most of the features will still be accessible without cookies.
• Category 1: Strictly Necessary Cookies
These Cookies enable services you have specifically asked for.
These Cookies are essential in order to enable you to navigate Flibco Websites and use its features, such as accessing secure areas of the website. Without these Cookies, services you have asked for, such as e-billing, may not be provided.
• Category 2: Performance Cookies
These Cookies collect anonymous information on the pages visited.
These Cookies collect information about how visitors use Flibco Websites, for instance which pages visitors go to most often, and if they get error messages from web pages. These Cookies do not collect information that identifies a visitor. All information these Cookies collect is aggregated and therefore anonymous. It is only used to improve how Flibco Websites work.
• Category 3: Functionality Cookies
These Cookies remember choices you make to improve your experience.
These Cookies allow Flibco Websites to remember choices you make (such as your username, language, or travel preferences) and provide enhanced, more personal features. For instance, reminding you to check-in online. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
• Category 4: Marketing Cookies
These Cookies use information about your browsing in order to make advertising more relevant to you and your travel needs.
These Cookies are used to deliver adverts more relevant to you and your travel needs. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our digital advertising campaigns. They are placed by third-party advertising networks on our behalf and with Flibco permission. They remember that you have visited Flibco Websites and this is shared with other organizations such as media owners.
Category 5: External media
Our website may include content from third parties, such as videos accessible via YouTube. When you view or interact with this content, third-party providers may place cookies on your device to enable the content to function properly and to collect usage information in accordance with their own privacy and cookie policies. We recommend reviewing the cookie policies of these third parties for more information on how they use your data.
You can refuse the use of these cookies should you wish via our Cookie Banner.
8. Sharing of your personal data
Your personal data may be shared with other companies within our Flibco Group.
We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:
- Airports, government authorities, law enforcement bodies and regulators when this is necessary to get you to your destination or is required by law. For example, for specific travel routes we are required by law to provide border control agencies with information that relates to your travel documents and to your travel itinerary. This information is known as “Advance Passenger Information”.
- Credit and debit card companies. Flibco shares some of your personal data, which includes information about your method of payment, to the credit or debit card company that issued the card you used to make your booking. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.
- National authorities
We may disclose your personal data when this is required by the law of any jurisdiction to which an entity of the Flibco Group may be subject. Through our website we provide links to third party websites (e.g. YouTube) which are subject to separate privacy notices. Please be aware that this Privacy Notice does not apply to such websites and Flibco is not responsible for your information that third parties may collect through these websites.
- International sharing:
Your personal data collected under this Privacy Notice are stored within the European Union and are only accessed within the EU and the United Kingdom. We do not transfer your personal data to any company located in a country that does not provide an adequate level of data protection as recognised by the European Commission or the relevant UK authorities.
9. Your rights
To summarise, you are entitled to the following rights granted to you by applicable data protection regulations, namely:
- right to access your personal data supplied and, where applicable, obtain a copy of these data
- right to request that your data is rectified or corrected if you find them incomplete or incorrect
- right to have your data deleted, unless there is a compelling legitimate reason to justify storing them
- right to object at any time to the processing of your data including the possibility to opt-out, unless a legitimate reason prevails over your interests and rights and freedoms
- right to request that the processing of your data be restricted
- right to the portability of some data, i.e. the right to receive them in a structured format that is commonly used and machine readable so they may be sent to another “data controller”
We shall endeavor to respond to your request promptly and within one month of receipt of the request. Depending on the complexity of the request and the number of requests to handle, we have the ability to extend this response time by two additional months. You shall be notified of such an extension and of the reasons for the delay within one month of receipt of the request. We reserve the right to reject the request if, on the basis of said request, we are unable to identify you or if the request is deemed excessive or unfounded. You shall be notified of the reasons for refusal within one month of receipt of the request. We may also require the payment of reasonable fees in the case of unfounded or excessive requests, especially if they are repetitive.
You can exercise your rights (e.g. request the deletion of all your personal data from our database) by sending an e-mail to our Data Protection Officer at [email protected]
If you are not satisfied with the handling of your request, you are also entitled to file a complaint with the Commission Nationale pour la Protection des Données (information available on the website www.cnpd.public.lu) or with the competent supervisory authority at your normal place of residence (e.g. the UK ICO at https://ico.org.uk/make-a-complaint/.
We may periodically update this Privacy Notice to reflect changes in our data protection practices or relevant laws.
This Privacy Notice has last been updated on: 11/08/2025.
10. Contact information
Questions, comments and requests regarding this Privacy Notice shall be addressed to our Data Protection Officer at [email protected].
Flibco Group includes the following legal entities:
- FLIBTRAVEL International S.A
- FLIBTRAVEL International Italy SRL
- FLIBTRAVEL International UK Ltd
- SL Belgium S.A
