Privacy Policy

Contact information

Updated at 2026-01-09

General

LYGG (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how your personal information is processed by LYGG, and how you can use your rights, how you can contact us and how we protect your personal information. This Privacy Policy applies to the personal information we process about you when you purchase or use our services, travel with us, visit our website and our other online services and use our application, LYGG, or otherwise interact with us (collectively, our “Service”).

We process personal data in accordance with the provisions of the European Union General Data Protection Regulation (“GDPR”) and other applicable data protection legislation.

Who is responsible for your personal data?

Controller: LYGG/Flyggit Oy (business id 3543956-6)

Don’t hesitate to contact us if you have any questions.

Contact information:

• Via Email: help@lygg.com
• Via this Link: contact us
• Via this Address: PL 3, 01361 VANTAA

How do we process your personal data?

We collect personal data about you primarily when you use our website or our services, for example when you book travel, fly with us, contact our customer service or use the LYGG Applications, subscribe to our newsletter, respond to a survey or fill out a form or otherwise interact with us.

We may also get information from our business partners, authorities or other third parties, who participate or are involved in delivering the services to you (for example airlines, travel agencies, airport operators, ground handlers, our subcontractors).

We may receive some information from third parties when you contact us. We also occasionally collect information that is made publicly available on social media or third-party websites. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

We may also collect personal data about you from the cookies on our website. You can read more about cookies on Cookie Policy.

What is the purpose for the processing of personal data?

The purposes of processing your personal data are:

• delivery of our products and services, administering and carrying out the travel you booked with us and fulfilment of our contractual and other promises and obligations
• customer service and communications, handling and taking care of the customer relationship
• optimization and personalization of your experience with us
• development and improvement of our services, including LYGG Applications
• protecting the security and safety of our services and customers
• marketing and promotion, including electronic direct marketing, and targeting advertising to market our products and services.

We process personal information also for the purposes of our legal obligations, such as compliance with accounting laws and requirements, and for detection and prevention of fraud, for compliance with our user terms and conditions and customer agreements, and for securing the continuation of our services (by back-up copies and log files).

What is the legal basis for the processing of personal data?

We process personal data on different legal basis depending on the circumstances and purposes of the processing:

• Contract (GDPR art. 6.1 (b)): When you order, purchase or use our services (e.g. travel bookings, booking changes, passenger identification, services at the airport, luggage transportation, special services requests), we process your personal data for the performance of the contract with us.
• Consent (GDPR art. 6.1 (a)): When you register for and use our services, including LYGG Applications, or we target online marketing or send you electronic marketing or we store cookies on your device or process location data, we may process your personal data based on your consent.
• Legal obligation (GDPR art. 6.1 (c)): We process your personal data in order to comply with our legal obligations, for example in connection with accounting and tax reporting or legal requirements in travel industry.
• Legitimate interest (GDPR art. 6.1 (f)): We may process your personal data if such processing is necessary for the purposes of our or a third party’s legitimate interests, such as customer service and communications, protection of personal information, fraud prevention. When the processing is based on legitimate interest, we assess our interest of processing personal information against the rights and interests of the individuals whose data is being processed. You have the right to object to such processing based on the legitimate interests.

What information do we process?

The personal information that we process depends on how and what extent you use our websites, applications and services. In the following you will find information on the categories of personal data processed by us:

Customers and passengers: identification and contact details, such as name / username, email addresses, password, phone number, credit card and other payment details, company details (company name, address, business-id/VAT number), traveller’s personal information required for travel documents such as flight tickets, including e.g. name, date of birth, gender, address, e-mail address, passport number, nationality etc., flight number, departure and destination, meals, special service requests, luggage information etc., travel plan and coordinates for transportation services, PNR (passenger name record) data.

LYGG Applications: name, username, contact details, address, email address, registration information, billing, payment and transaction data, order and service information, bookings, consents, other information given by you.

Website and social media: we track service usage and behaviour on our web pages (cookies) and LYGG Applications for service development and to offer you better service and customer experience. We also utilize the data for marketing and internal development.

Customer service: name, contact details, registration information, transaction, payment, billing, payment and transaction data, order and service information, bookings, consents, other information given by you, customer feedback.

Potential customers: company name and contact information, name and contact information.

Location (GPS) data may be used to offer location-based services and offerings, such as weather forecasts or to bring more targeted and relevant ads to potential customers.

How long do we keep your personal information?

We will save your personal data as long as it is necessary with regard to the purpose of the processing, unless a longer retention period is required by law, or we need it to protect our legal rights. Thereafter, we will delete the personal data within a reasonable timeframe or render the data anonymous. We evaluate the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that are required to ensure no incompatible, outdated or inaccurate personal data is stored taking into account the purpose of the processing. We correct or erase such data without delay.

Travellers and customers: if you book travel or other services through us, we will save your data for 5 years after the services have been completed.

Registered users: if you are a registered user of LYGG Applications, we will save your data during the time of being a registered user and for 2 years thereafter.

Web and online behaviour: please see our cookies section with respect to the data retention periods. Generally, we will save the data for a period up to 24 months.

Do we share the personal information with third parties?

We may share the personal data within LYGG group of companies (Corporate Affiliates). For purposes of this Privacy Policy, “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with LYGG, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

We may be subject to mandatory requirement to share passenger and travel related information, including personal information, in compliance with those mandatory requirements, e.g. with foreign authorities.

We may engage trusted third-party service providers to perform functions and provide services to us to carry out your travel or otherwise perform services, including e.g. airlines, ground handlers, travel agencies and agents, freight forwarders and other companies involved in the provision of services to you or services of which you will make use of. We engage IT services providers and developers and other services providers and parties for hosting and maintaining our servers and the app, database storage and management, e-mail management, storage, marketing, credit card processing, customer service and fulfilling orders for products and services you may purchase. We will share your personal information, and possibly some non-personal information, with these third parties to enable them to perform these services for us and for you.

Your personal information is mainly processed by, but not limited to, these third-party service providers under their privacy policy: Amazon Web Services Infrastructure within EU, Expo, Apple, Google, Dun & Bradstreet Hoovers (potential customers), Pipedrive (potential customers), Stripe (IP-address, user identification, email address, name, credit card number, bank account information), Sentry.io (IP-address, technical user identification, error/analytics data), Matomo Analytics (IP-address, technical user identification).

We may share the information that we collect with third parties such as advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we think may interest you.

We may also share it with our current and future affiliated companies and business partners, and if we are involved in a merger, asset sale or other business reorganization, we may also share or transfer your personal information to our successors-in-interest in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.

We may share personal data for analytics purposes with third parties such as web analytics partners, application developers, and ad networks. If your IP address is shared, it may be used to estimate general location and other technographics such as connection speed, whether you have visited the app in a shared location, and type of the device used to visit the app. They may aggregate information about our advertising and what you see on the app and then provide auditing, research and reporting for us and our advertisers.

We may also disclose personal information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate in order to respond to claims, legal process (including subpoenas), to protect our rights and interests or those of a third party, the safety of the public or any person, to prevent or stop any illegal, unethical, or legally actionable activity, or to otherwise comply with applicable court orders, laws, rules and regulations.

How do we protect your information?

We implement a variety of technical and organizational security measures to protect your personal information against loss, abuse or unauthorized access.  These measures include for instance the use of a secure server, Secure Socket Layer (SSL) technology to protect the connection from the user’s device, encryption technology, firewalls, access controls, and industry standard encryption.

Could my information be transferred to other countries?

LYGG is incorporated in Finland, and the processing of personal data is primarily carried out in Finland and in the EU/EEA countries. However, the personal data may be sometimes transferred to countries that are not members of the EU or the EEA and that do not ensure a satisfactory level of security for personal data. Such transfers will be carried out in accordance with the applicable data protection laws, including GDPR, such as on basis of EU’s adequacy decisions and standard contractual clauses or similar mechanisms allowing such data transfers.

You may access the European Commission adequacy decisions here.

You may access the standard contractual clauses here.

What are your rights and how you can use them?

Under the GDPR, you have the following rights:

Withdrawal of consent

If we process information about you based on your consent, for example through cookies or in the LYGG Applications, you have the right to withdraw your consent at any point in time. We will then terminate the processing of the personal data that is based on your consent.

Right of correction

If your personal data that LYGG processes are incorrect or incomplete, you can call our customer service that will help you correct or complete your data. You can find the contact information in this Privacy Policy.

Right to restrict the processing

In certain circumstances, you have the right to restrict our use of your personal data, which means you can limit the way we use your personal data. This is an alternative to requesting the erasure of your data. This means that we will stop using the data except for storing it.

Right to access

You have the right to request a copy of your personal data.

Right to complain

If you are uncertain as to how we process your personal data or have any complaints, you are welcome to contact our customer service. You also have the possibility of submitting a grievance to the Finnish Data Protection Authority or the data protection authority of your country.

Right to object

You have the right to raise an objection at any point in time to the processing of your personal data that is based on our legitimate interest.

Right to data portability

You have the right to request to receive your personal data that we process in a machine-readable format, which you have the right to transfer to another company. This can be done if you want to reuse your personal data for your own purposes across different services.

Right to be forgotten

Your right to be forgotten means that you can request that we delete the personal data we have about you. Upon request, we will do so without undue delay, unless we are legally required to process the information, e.g. for financial or accounting purposes, or we have another lawful reason to continue processing the data, e.g. for carrying out a requested travel.

You should present your request for exercising any of the your rights in the manner described in section 2 of this Privacy Notice. We may need to request additional information from you to help us confirm your identity and ensure your right to exercise any of your other rights.

Cookies

We use cookies on our websites (e.g. https://www.lygg.com/). When you visit our website for the first time, you can decide which cookies we are allowed to use. Find out more about the cookies used and manage your preferences from our Cookie Policy.

LYGG uses Cookies to enhance the performance and functionality of our app and website and identify the areas of our website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We track service usage and behaviour on our web pages (use cookies) for service development and to offer you better service and customer experience. We also utilize the data for marketing and internal development.

We use Cookies to enhance the performance and functionality of our app and website. Web browsers may be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all and you may also lose some saved information (e.g. saved login details, site preferences). Disabling a cookie or category of Cookie does not delete the Cookie from your browser, you will need to do this yourself from within your browser, you should visit your browser’s help menu for more. We use Matomo Analytics for web usage tracking. Matomo Analytics collects and stores data on your use of the services, including but not limited to; time of visit, site pages visited or opened and for how long are they used, the Internet Protocol (IP) address and information on the device used to access the site.

We may also use other third-party data analytics service providers. These service providers may use cookies, web beacons and other technologies to collect information about your use of the services. Analytics service providers enable us to collect, monitor and analyze data regarding the use of the services, in order to understand how users use the services and to increase the functionality and user-friendliness of the services, as well as to better tailor the services to users’ needs. Accordingly, some automatically collected data is shared with third party service providers, who have their own privacy notices/policies applicable to their operations.

Third-party services

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by LYGG. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

Changes to our privacy policy

We may amend and update this Privacy Policy at our discretion so that the policy accurately reflects our practices and policies. The latest updated version of the Privacy Policy will always be available on our website.