Privacy Policy

Effective date: 25 May 2018
Version: 2.0

1. Introduction

Flybits is a platform used by businesses to create personalized and relevant digital experiences for their consumers. At Flybits, the privacy and security of our customers (businesses) and their end-users (consumers) are of utmost importance. Flybits is committed to protecting the data you share with us.

This Privacy Policy explains:

  • What information we collect about individual End-Users (defined below)
  • The reasons why we collect Personal Data (defined below)
  • How we use Personal Data
  • Who we share Personal Data with
  • The choices we offer that allow you to access, update and remove Personal Data

Please read this Privacy Policy carefully. By using or accessing the Service (defined below), you acknowledge that you have read, understood, and agree to be bound to all the terms and conditions of this Privacy Policy, and the “Terms of Service” or other Customer agreement (collectively, “User Agreement”) that is applicable to the Service.

If you do not agree to this Privacy Policy and the applicable User Agreement, please exit, and do not access or use, the Service.

For the purposes of this policy, Flybits (Collectively, “Flybits, our, we”), defines the “Customer” as an entity that subscribes to a license to use Flybits products and services in any marketing capacity, and the term “End-User” as any individual who uses the Customer’s product or services provided and/or powered by Flybits (collectively, “Service”). This Privacy Policy describes how Flybits collects, discloses, stores, and uses information that could individually identify End-Users (“Personal Data”) in connection with the Service. This Privacy Policy (“Privacy Policy”) also sets forth the privacy practices to be fulfilled by Flybits and its Customers.

Any information stored on the Flybits platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. Flybits implements and maintains appropriate technical, security and organisational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

2. End-Users

If you are an End-User who consumes the Service provided to you by our Customer, then this section is relevant for you.

By using the Service, you consent to the collection and use of your Personal Data as described in this Privacy Policy. If you do not agree with the terms in this Privacy Policy, you may choose not to use the Service. If required by applicable law, the Customer may seek your explicit consent to process Personal Data collected or volunteered by you. Kindly note that your consent is entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of the Service may not be possible.

2.1 Collection and Use of Personal Data

Flybits may collect, record and analyze Personal Data about usage on the Service in order to provide you with a personalized digital experience, superior service, and operational security.  The Personal Data that we collect is determined solely by our Customer. Our Customer may choose not include all the types of Personal Data mentioned below in their use of the Service.

Flybits does not condone the collection or use of Personal Data without permission from an End-User. We work with our Customers to ensure their use of the Service clearly asks for your permission to collect and use Personal Data.

Flybits will not retain Personal Data longer than is necessary to fulfill the purposes for which it was collected for our Customers or as required by applicable laws or regulations.

2.2 Personal Data that we may collect

Personal Data that we collect may include:

Session Activity:  Any engagement that takes place on the Service, such as pageviews and/or button clicks, duration of time spent on the Service, and user-inputted data including answers that you submit via surveys provided by the Service.

Sensory Data:  Any data captured from sensors on your mobile device such as accelerometer, battery level, network connectivity, calendar availability, geolocation via GPS, or other location data from external hardware such as beacons.

Public Data: Publicly available information about you from social media such as Interests, Follower Count, Page “Likes”, and other similar information.  

Customer Information: Information that our Customers own about End-User personas, such as “first-time user”, “inactive user”, etc. Please note that in order to protect End-User privacy, all personally identifiable information (e.g. customer segments and/or personas) are pseudonymized/de-identified through a method called “tokenization”.

User Account Information: Information that authenticates you when you log in to the Service, and/or helps to maintain web session security while using the Service, such as your email address, password, and IP address.

2.3 Usage and Performance Information

We also collect usage and performance information that we aggregate or de-identify so that it no longer personally identifies an End-User. These tools help us to learn more about how the End-Users use the Service, in addition to allowing us to monitor operational security.

Examples include:

Log Data: Information that is automatically recorded by the Service such as IP addresses, device and browser type, operating system, and other statistics.

Mobile Device Identifiers: Information stored on your mobile device that track certain data and activities occurring on or through your device (such as usage and traffic data).

Cookies: Information that is temporarily stored on your device when using the Service, and/or information that is stored on your device for a period of time after you leave the Service. These tools may be used to keep an accurate account of how often you use the Service, or to store your preferences when you return to the Service.

2.4 Opt-in and Consent

In order to give you full control of your privacy settings, End-Users will not be opted-in to Service by default. Customers must allow End-Users to voluntarily opt-in the Service, provided that the End-User agrees to this Privacy Policy and our Terms of Service. As an End-user, you can choose to opt-out of Service at any time.

By accepting the terms of this Privacy Policy, you indicate that you are over the age of 18 or equivalent.

Please note that the Service is not intended for children under the age of 13 (16 in the EU), and therefore, Flybits and its Customer do not knowingly acquire or receive Personal Data from children under the age of 13 (16 in the EU). If the Customer later learns that any End-User of the Service is under the age of 13 (16 in the EU), the Customer will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.

2.5 Purpose of Collecting Personal Data

Personal Data may be used in order to access the Service, and/or to providing relevant and personalized digital experience for End-Users in the Customer’s Service. It is the Customer’s responsibility to ensure that collection and processing of Personal Data is done in accordance with applicable law. Flybits will not process Personal Data for other purposes or by other means than instructed by its Customers.

The purpose of collecting Personal Data will vary as set up by Flybits’ Customers. As Flybits provides a recommendation service to a wide group of businesses, the purpose may vary greatly. For End-Users in the EEA, the Customer will be the “Controller”, as defined in the Directive and the GDPR. The purpose will consequently be defined by Flybits Customer.

2.6. Links to other sites

Please be aware that while using the Service, End-Users can follow links to other websites that are determined by our Customers. Flybits is not responsible for the content or privacy policies of these other sites.

2.7 Sharing Personal Data

Flybits collects Personal Data for our Customers in order to provide a relevant and personalized digital experience to the End-User, or, to allow our Customer to learn from and analyze End-User engagement patterns on the Service. Flybits does not share any Personal Data with any third-parties.

2.8. End-User Inquiries and Privacy Choices

We have kept this Privacy Policy simple and transparent for your understanding, as your privacy is important to us, but if you’re not familiar with terms such as “cookies”, “IP addresses” or “accelerometer”, “tokenization”, etc., please contact us using the emails available at the bottom of this Privacy Policy.

If you are a citizen of the EU, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, including but not limited to the ability to request a copy and/or deletion of your Personal Data.  Please note that if you request the deletion of information required to provide the Service to you, your affiliated account will be deactivated and you will lose access to the Service.

If you wish to inquire about your Personal Data that may have been collected to allow you to access the Service, and/or to provide you with personalized digital experience on our Customer’s Service, please contact us.  

Please note that as Flybits is a Data Processor, it does not own the Personal Data used or stored on our products and services but processes it on behalf of its Customer.

3. Our Customers

In order to provide services to its Customers, Flybits collects certain types of data from Customers and End-Users. This section will describe how data is collected and used by Flybits as well as geographical differences that affect this policy. Data entered or transferred into Flybits by Customers may include login ID, profile and persona attributes, and other similar  information.

The Customer may also provide any of its proprietary data about customer personas, as defined in the section above titled “Collection of Personal Information”.  Flybits advises that all personally identifiable information and other sensitive Personal Data is tokenized to ensure data security and protect End-User privacy.

3.1 Geographical location

Flybits offers services in a number of data regions. A Flybits “Data Region” is a set of data centers located within a defined geographical area where Customer and End-User data is stored. Data will not be transferred outside its current country boundary without the expressed consent of the Customer.

3.2 Processing in the European Economic Area (EEA)

Flybits adheres to the GDPR as of May 25th, 2018. Consequently, Flybits processes all data provided by its Customers in its European Data Region, in the European Economic Area (EEA) only.

All data collected through a Customer’s Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services (“Hosting Provider”). Flybits has a data processing agreement (“DPA”) in place with Hosting Provider, ensuring compliance with the GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data internally in the EEA is done in accordance with DPA.

For Customers located in Flybits’ European Data Region, all processing of Personal Data is performed in accordance with privacy rights and regulations known as the General Data Protection Regulation (GDPR), and Flybits’ processing will take place in accordance with the GDPR.

If you or your organization are required under the European Union’s General Data Protection Regulation (GDPR) to enter into a contract, or other binding legal act under EU or Member State law, with your data processors, A copy of Flybits’ Data Processing Agreement is available upon request.

3.4 Controller

Flybits processes Personal Data both as a Processor and as a Controller, as defined in the GDPR.

3.5 Processing in the United States Of America (US)

For Customers with accounts in the Flybits US Data Region, Flybits processes data solely in data centers located in the US. Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Customer’s Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services. Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

3.6 Processing in Canada

For Customers with accounts in the Flybits Canada Data Region, Flybits processes data solely in data centers located in the United States of America or Canada. Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Customer’s Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services. Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with Canadian provincial or federal laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

3.7 Processing in South America

For Customers with accounts in our South America Data Region, Flybits processes data solely in data centers located in Brazil. Flybits has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s and/or the End-User’s Personal Data in Flybits’ possession. Flybits will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s and/or End-User’s Personal Data.

All data collected through the Customer’s Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services. Flybits’ contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Flybits’ policy is to protect and safeguard any personal information obtained by Flybits in accordance with South American laws governing the protection of personal information and data. Accordingly, Flybits adheres to practices and policies that aim to safeguard the data.

3.8 Retention and deletion

Flybits will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For End-User’s Personal data, Flybits Customers have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. For End-User data, End-Users will  have the right to extract or delete their End-User data upon request to Customer. Log data shall not be deleted upon request to ensure operational security.

4. Acceptance of these Conditions

We assume that all End-Users of a Customer’s Service Flybits and Customers using the Flybits platform have carefully read this document and agree to its contents. If someone does not agree with this Privacy Policy, they may choose not to use our Customer’s Service. We reserve the right to change our Privacy Policy as necessary. Continued use our Customer’s Service after having been informed of any such changes to these conditions implies acceptance of the revised Privacy Policy.

5. Our Legal Obligation to Disclose Personal Information

We will reveal an End-User’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Flybits or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property.

Flybits also shall comply with any government or law enforcement entity investigation that provides proper law enforcement warrants and subpoenas.

6. Flybits Data Protection Officer

Flybits has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:

Flybits Inc
Attn: Data Protection Officer
175 Bloor Street EastToronto, ON M4W 3R8
Canada

Email for dataprotectionofficer@flybits.com

7. For Further Information

If you have any further questions regarding the data Flybits collects, or how we use it, then please feel free to contact us by email at: legal@Flybits.com.