Last updated 17.5.2021
1. Lawful grounds for data processing
We process your personal data as it is necessary for executing our services for you as beneficiary of our services. In addition, we use data to other legitimate interests and or a third-party interest, including fraud detection and prevention, development, and analytics purposes.
2. The type of information we collect
Information collected directly from you
Basic personal details. Including your telephone number and email address.
Additional personal details. When you subscribe to our periodic Plan including the pay-as-you-go model, we will also ask you for your name, email address and street address, and passport information. In addition, we can ask for information on devices, home country, language, credit card details and other payment details. This information is needed to ensure we can process your payment. We also use third party payment processors who will request, and process details related to your chosen payment method.
Verification data. Some parts of the services require us to perform additional verifications, such as verifying your place of residence, either automatically or manually. In order to perform these additional verifications, we may request you to provide additional details such as, but not necessarily limited to, your personal identity number, your photo or your driver's license and passport details.
Information collected through your use of the services
When you use the services, we collect information that helps us to provide the services to you. This information includes the following:
Your transactions with us.
Positioning and location data.
Other data. We may also collect so called non-personal data. By non-personal data, we mean all other information we collect that does not enable you to be identified. We may collect data such as, but not limited to your IP address, access times, browser or application type, what pages you have visited and the sites linked from.
Our application is in frequent contact with our service, to provide door-to-door travel capabilities, guidance and other services, for example to check for updates or to send us information relating to service usage. Additionally, we may invite you to join campaigns or research programs where detailed information is collected.
Lygg services are typically intended for general audiences. FlyMaas does not knowingly collect personal data of children without permission of the legal guardians.
Information collected by third-party
We also provide our Services to companies and other partners. In some cases, the employer pays for the Service and the right person need to be identified so that the employee benefit can be properly targeted. In this case, your employer will tell us, with your permission, your name, phone number, email address, and the name of your employer. We may also obtain the same minimum and relevant personal information from other partners for the purpose of targeting discounts and special services to the right person.
3. The purposes for which the information is used
We mainly use the data you provide to offer you our service. For this purpose, we need to collect personal data. We have noted above the specific purposes for which we collected certain types of personal data.
In order to ensure that we can continue innovating, we would also like you to know and accept that we can collect personal data for the general purposes of i) providing you with our services, ii) making it possible for you to set up an account with us, iii) enabling us to develop, improve and manage our services by better understanding our customers, iv) keeping you informed about our services v) fraud detection and prevention and vi) contacting you in specific cases related to issues you might be experiencing with our services vii) for historical or scientific research or for statistical purposes. Additionally, we may assign a scientific or statistical research task to a third party we consider reliable. In these cases, it is possible that the researcher obtains your personal data also from other sources.
It is also possible that we are able to further simplify your life by providing you with personalised marketing or recommendations, unless you let us know that you do not wish to receive such marketing. If you explicitly agree, by opt-in consent, it is also possible that your data is used for the purpose of providing you with offers from our partners that suit you and your needs.
4. Storing of your personal data
We can store and process your personal data on third party servers. If we transfer some personal data outside of European Economic Area, we ensure that such transfer is effected on a manner which is compliant with Data Protection Law. By using our services, you give us consent to store, process and transfer your personal data outside of your country of residence to the countries where our Hosting Providers are located. Your personal data is stored for no longer than is necessary for the purposes for which the personal data is processed.
5. Disclosure of the information to third parties
Third parties are used to provide payment and related administration services. We can share your payment method details with these Payment Providers so that they can process your payment. This processing may take place in the United States, and by sharing your payment details with us you accept to the transfer of such details to the United States. These third parties can also collect data from you, which they will process in accordance with their own processes and privacy policies.
Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA).
Apart from Hosting Providers and Payment Providers, we may disclose your personal data to third parties provided:
- the disclosure is reasonably necessary to provide you with the services;
- the disclosure is reasonably necessary for the purpose of development and maintenance of our services;
- the disclosure is reasonably necessary for us to be able to enforce our Terms of Service;
- the disclosure is reasonably necessary for the purposes of detecting and preventing fraud or security breaches; or
- the disclosure is made at the request of a public authority;
- the disclosure is made in accordance with applicable law.
If we sell, buy, merge or otherwise reorganise our businesses this may involve disclosing personal data to prospective or actual purchasers and their advisers.
We may share data or anonymised statistical data to selected third parties.
6. Your rights
You have the right to obtain a confirmation that we are processing your personal data and the right to know what information we have collected about you. You also have the right to have incorrect, incomplete, inaccurate, unnecessary or outdated data removed or rectified and, under certain conditions, to restrict or object the use of personal data according to applicable legislation. You may also make a request to have your data moved to another system if it is technically feasible and, under certain conditions, to withdraw your previously given consent to processing your personal data. Some of the information you provide will be accessible via the services themselves and you can view, edit or delete that information at any time.
7. General information
The name of the data controller is FlyMaas Oy, business id: 3167078-7, with a registered address at
Cookies, web beacons and other similar technologies to operate and improve our website and offering are used.
Our domains may do also include third party elements that set cookies on behalf of a third party, for example relating to third party social network and web analytics providers.
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed.
9. Data Security
Internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments are in place. We ensure the ongoing confidentiality, integrity, availability and resilience of processing our services. Also, we limit access to our data bases containing personal data to authorised persons having a justified need to access such information.
As we innovate and develop our services, we can introduce new or alternative data security measures to protect data.