Logo

Privacy policy

Effective Date: January 1, 2026
Last Updated: February 12, 2026

This Privacy Policy governs the processing of personal data of users of the website owned by AFLG GROUP, S.L., in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, and Law 34/2002 on Information Society Services and Electronic Commerce.

Access to and use of the website implies express acceptance of this Privacy Policy.

Data Controller

In compliance with Articles 13 and 14 of Regulation (EU) 2016/679, users are informed that personal data will be processed by:

  • Company: AFLG GROUP, S.L.
  • Tax ID: B10942043
  • Registered address: Paseo de la Habana, 26 – Floor 3 – Door 4, 28036 Madrid, Spain
  • Email: legal@flipworld.com

The Data Controller guarantees lawful, fair, and transparent processing in accordance with the principles set out in Article 5 of the GDPR and implements appropriate technical and organizational measures pursuant to Articles 24 and 32 thereof.

Personal Data Collected

The following categories of personal data may be collected:

Data provided by the user

  • Full name
  • Contact details (email address, phone number, postal address)
  • Date of birth
  • Travel document information
  • Billing information necessary for managing bookings
  • Travel preferences and special services requests
  • Customer service communications
  • Marketing preferences

Data collected automatically

  • IP address
  • Device and operating system information
  • Browser type
  • Website usage and navigation data
  • Cookies and similar technologies

Data obtained from third parties

  • Travel agencies or intermediaries
  • Payment service providers acting as independent data controllers
  • Loyalty programs
  • Public authorities when legally required

Purpose of Processing

Personal data will be processed for the following purposes:

  • To manage bookings and contracted services
  • To facilitate payment processing through external payment service providers
  • To provide customer support
  • To facilitate communication with travel service providers
  • To comply with legal and regulatory obligations
  • To improve service quality and user experience
  • To send marketing communications where legally permitted
  • To prevent fraud and ensure security

Legal Basis for Processing

The processing of personal data is based on:

  • The performance of a contract or pre-contractual measures
  • Compliance with applicable legal obligations
  • Legitimate interest of the data cController
  • User consent, where required

Data Recipients

Personal data may be disclosed to:

  • Service providers (technology, payment processing, customer support)
  • Travel-related service providers (incluiding operating airlines and other intermediaries where necessary for service delivery)
  • Public authorities and regulatory bodies
  • Marketing and analytics providers

Under no circumstances will personal data be sold.

Payment Processing

Payments made through the website are processed by authorized external payment service providers.

The data controller does not store or have access to full payment card details. These providers act as independent data controllers and comply with applicable security standards, including PCI DSS.

International Data Transfers

Where international data transfers take place, they will be carried out in accordance with Regulation (EU) 2016/679, through appropriate safeguards such as adequacy decisions or Standard Contractual Clauses approved by the European Commission.

Data Retention

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal obligations, resolve liabilities, and adhere to applicable regulations.

Cookies and Tracking Technologies

The website uses cookies and similar technologies to:

  • Ensure proper website functionality
  • Analyze user navigation
  • Personalize the user experience
  • Deliver tailored content and advertising

Users may configure or reject cookies through their browser settings or via the tools provided on the website.

Data Security

The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of Regulation (EU) 2016/679.

However, users should be aware that security measures on the Internet are not completely infallible.

User Rights

Users may exercise the following rights:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection
  • Withdrawal of consent

Requests may be sent to: legal@flipworld.com

Users also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) if they believe their data is not being processed in accordance with applicable law.

Children’s Data

The services are not directed to children under 14 years of age. Personal data of minors will not collected without the consent of their legal guardians, except where necessary for service provision.

Third-Party Links

The website may contain links to third-party websites. The data controller assumes no responsibility for the privacy policies or content of such websites.

Changes to this Policy

The data controller reserves the right to modify this Privacy Policy to reflect legal or regulatory changes. Any updates will be communicated on this page with reasonable notice.