Jump to main content

Data privacy and security policy

Forward To Friends – Open a New Window Print View more services Share this:

Cathay Pacific Customer Privacy Policy

This Cathay Pacific Customer Privacy Policy (“Privacy Policy”) discloses how Cathay Pacific Airways Limited (“Cathay Pacific,” “us” or “we”) collects, stores and handles the Personal Data of its customers (Cathay Pacific airline passengers, users of Cathay Pacific mobile services, users of Cathay Pacific freight services, and visitors to the cathaypacific.com website.

Cathay Pacific also offers the Marco Polo Club and the Asia Miles program. However, both of these programs have their own privacy policies, and your submission of any personal information as part either of these programs is subject to the particular program’s Privacy Policy. For more information about any of these programs, click the links above.

Please read the following Privacy Policy to understand how Cathay Pacific uses the Personal Data we may collect from you. By providing your Personal Data to us, you are consenting to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal information as described in this Policy.

At Cathay Pacific, we are committed to protecting your personal and data privacy. To ensure that you can make informed decisions and feel confident about supplying your Personal Data (as defined below) to us when using our website, mobile and other services, we provide this notice outlining our practices and the choices you have concerning how your Personal Data is being collected and used by us.

We request information from you in several areas of our website, mobile services and other channels that may be used to personally identify you (“Personal Data”), including but not limited to:

  1. Your personal information such as your name, gender, date of birth, passport or other personally identifiable number and information about your registered status with any of our subsidiaries, associated companies and/or business associates;
  2. Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers;
  3. Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date;
  4. Your business information such as company name, business title and associated contact information;
  5. Your travel details such as flight information, travel companions’ personal information, destination contact information, seat and meal preferences, flight and hotel preferences, and information related to traveler special needs;
  6. Your responses to market surveys and contests conducted by us or on our behalf.

Certain Personal Data (particularly relating to your personal information and contact information) are required for specific services and if you fail to supply such Personal Data as requested from each specific service, we may be unable to deliver you the services in full.

We may use the Personal Data you provided for one or more of the following purposes:

  1. To process and administer your reservation and/or travel services with or through us;
  2. To process and administer your reservation and/or use of our freight or shipping services;
  3. For your use of the online services available at any of our websites and/or through other telecommunication channels;
  4. For the supply of any products and/or services which we may offer to you or you may require from us from time to time including text message (SMS) alerts;
  5. For marketing, promotional and customer relationship management purposes, such as sending you updates on latest offers and promotions in connection with our products and services (please see Section 10 - "Notice on Direct Marketing" for details) and conducting market research;
  6. For identification and verification purposes in connection with any of the services or products that may be supplied to you;
  7. To contact you regarding your enquiries;
  8. For our frequent flyer and mileage programme;
  9. To administer contests and sweepstakes conducted by us or on our behalf;
  10. To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Hong Kong;
  11. To facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
  12. To improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
  13. To provide other airport and travel related services, such as duty free sales and travel packages.
  14. To process any baggage or loss claims.
  15. For the use of any of our subsidiaries, associate companies and/or business associates in connection with any of the above purposes and/or any other travel related and/or loyalty program related services such companies and associates may be offering to you from time to time.

We may from time to time use aggregate non-identifying information about our customers to better design our website and/or to improve our services and products. This means we may provide this information to third parties.  However, this information will never identify any single user in particular.

Except as provided below, we will not knowingly or intentionally use or share the Personal Data you provide to use in ways unrelated to the aforementioned purposes without your prior consent. 

You may request access to and correct your Personal Data held by us.  If you wish to obtain a copy of any of your Personal Data, if you believe that the Personal Data relating to you which we collect and maintain is incorrect, or if you believe that the Personal Data held by us was used beyond the scope of the purpose of use disclosed above or was acquired by fraudulent or unlawful means or provided to a third party without your prior consent, please write to us at the address below.

A request for access or correction to, or deletion of Personal Data or for information regarding policies and practices and kinds of Personal Data held by us must be in writing and sent to us via postal mail at the following address:

The Data Protection Officer
Cathay Pacific Airways Limited
6th Floor Cathay Pacific City,
8 Scenic Road,
Hong Kong International Airport, Lantau, Hong Kong

We may charge a reasonable fee for the processing of any data access request.

A cookie is an alphanumeric string of identifier that websites of the Cathay Pacific group companies including. CathayPacific.com, dragonair.com and asiamiles.com (“CX Group Sites”) use to transfer to the cookie file of the browser on your computer's hard disk. With the use of cookies, we can better serve you and/or maintain your information across multiple pages within or across one or more sessions. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

Two types of cookies are used on the CX Group Sites:

Session Cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site.

Persistent Cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

Cookies cannot be used by themselves to identify you.

Examples of How we use Cookies on our CX Group Sites

Session Cookies

  • To allow you to carry information across pages of our respective CX Group Site and avoid having to re-enter information, such as logging in for every page.
  • Within registration to allow you to access stored information.
  • During the booking process so that we can remember your selections.

Persistent Cookies

  • To compile anonymous, aggregated statistics that allow us to understand how users use CX Group Sites, and to help us improve the structure of  CX Group Sites. We cannot identify you personally in this way.
  • To store your chosen country homepage destination.

Third Party Cookies

  • To determine and track website traffic coming in from advertisement banners that have been placed on third parties' websites.

List of major Cookies that are essential for a desirable navigation experience on CX Group Sites

Cookie Name Purpose
country_lang_cookie Used to record your country of residence and your preferred language choice.
Marco Polo Club_userid_cookie Used to remember the login ID of Marco Polo Club member when "Remember this no." option is selected during login.
session cookie Cookies that will expire at the end of session or after idling for 30 minutes. Used to maintain the transaction with CX Group Site.
TRACKER_CX / TRACKER_KA Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.
CoreID6 Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.

List of major Cookies that are set by third-parties on CX Group Sites

DoubleClick Used for the purpose of serving our Internet advertisements on other [third party] websites. Some of our web pages may contain electronic images that allow us to track user interactions on these pages. They may also report back some information to DoubleClick about the interaction performed.

Used for the purposes of understanding more about visitors on CX Group Sites then apply this understanding to provide web environments that save visitors time and make the sites easier to use. This data could include search engine referral, affiliate referrals, traffic driven by banner ads or other promotions, visitor navigation around the site, popular pages, processed or abandoned transactions and sales conversions. It also receives certain technical information, such as the visitor's browser version and operating system. Ticket booking information will be captured such as IP address, MARCO POLO CLUB membership number, Asia Miles membership number, login name and email address. All information about individual visitors to a web site belongs to Cathay Pacific. IBM Coremetrics is not allowed to disclose individual information collected for Cathay Pacific to any other IBM Coremetrics client.

On CX Group Sites Coremetrics is used in conjunction with CoreID6 for online web analytics.

Below technologies are used by IBM Coremetrics on CX Group Sites:

Session Cookie: The "Session" cookie exists only for the lifetime of the current browser session. The Session cookie will exist from the point at which the first tag is received from the website until 1) the visitor closes all browser windows for the browser in question or 2) more than 30 minutes pass without receiving a data collection tag from the browser session. One or more "sessions" may be associated with a "visitor".

Visitor Cookie: The "Visitor" cookie persists after the visitor closes all browser windows. The "Visitor" cookie contains a cookie ID referenced by Coremetrics to identify a visitor returning to the site across multiple "sessions".

Web Beacon: Also known as a "clear GIF", "pixel tag", "data tag" or "image tag". It is a mechanism by which a small section of code that is placed on web site pages to execute an image request to IBM data collection servers. Web beacons facilitate the transfer of data by requesting and delivering the transparent graphic GIF image from IBM Coremetrics to relevant CX Group Site.

Opt-Out Options

If you do not want IBM Coremetrics to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a web site tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of the products and/or services at our web site.

IBM Coremetrics offers two methods by which visitors can opt-out of data collection associated with their online activities:

1) "Anonymous Visitor" and

2) "Total Opt-Out" (which are both discussed below).

For either of these options to take effect, you must first accept a cookie from this site which will allow us to recognize you with a random and unique alphanumeric identifier so that we can honor your opt-out selection. If you do not accept this cookie, or later delete it, we cannot honor your request to opt-out and you will continue to be served cookies.

Anonymous Visitor

Your IBM Coremetrics cookie contains a random and unique alphanumeric identifier. If you select the "Anonymous Visitor" option, then your cookie will be modified to read "anonymous", meaning that IBM Coremetrics will continue to collect or receive data about your experience on CX Group Sites. However, such data will be presented as part of a pool of general, anonymous visitors.

Total Opt-Out

If you select "Total Opt-Out", then your cookie will be modified to read "opt-out", meaning that no data will be collected about you on the relevant CX Group Site. IBM Coremetrics will in such cases record that a "Total Opt-Out" election has been made, so that aggregated totals of "Total Opt-Out" elections can be calculated and recorded. Once you make your selection, a dialog box should appear to confirm that your opt-out choice was successful. The opt-out will remain in effect for as long as the cookie remains on your hard drive. If you remove this cookie from your hard drive (for instance, if you reinstall or update your browser or choose to delete all cookies), you will need to renew your opt-out selection.

Remember, if you choose to opt out of the Site Analytics cookie [from a particular CX Group Site] you will need to do so the first time you visit such site which provide opt-out to avoid having your information collected by that site. Further, if you use more than one web browser or computer, you will need to opt-out in each one. Please note that if you upgrade your browser to a new version (including, but not limited to, Microsoft's Internet Explorer 8.0), you may need to opt out again.

You can click here to understand IBM Coremetrics privacy policy in details.

Please click here if you wish to opt-out from data collection associated with IBM Coremetrics.

Remarks:  Rejecting cookies may affect your ability to use of some of the services on CX Group Sites.

Disabling / Enabling Cookies

All browser releases from 4.0 and beyond have a "cookie filter" imbedded in the Privacy settings.

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features on our site if cookies acceptance have been disabled completely.

Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

You need to set each browser, on each device you use to surf the web. You should repeat this procedure with each one if you use multiple browsers (e.g., Safari, Internet Explorer, Firefox, Google Chrome, etc.). Similarly, if you connect to the web from multiple devices (e.g., work and home), you need to set each browser on each device. However, if you disable cookies or refuse to accept a request to place a cookie, it is possible that some parts of this website, and certain areas of the website for which you need to log in, will not function properly, and the advertising you receive when you visit this website may not be advertisements tailored to your interests.

Whilst currently we are only using cookie in the ways we have stated out, new cookies will be implemented as necessary in order to better serve you.

Log Files

We may collect information regarding your IP address, browser type, domain name and access time. This information is used for our own research purposes and is separated from the Data. We do not link IP addresses to any personal information. In rare instances, IP addresses may be used to assist in deterring and/or preventing abusive or criminal activity on the website.

This website contains links to other sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy statements of other websites. We have no control over Personal Data that you submit to or receive from these third parties.

To maintain the accuracy of the Personal Data, as well as to prevent unauthorised access and ensure the correct use of Personal Data, we have implemented appropriate physical, technical, and administrative measures to safeguard and secure the Personal Data we collect.

For example, we use Secure Socket Layer (SSL) protocol—an industry standard for encryption over the Internet—to protect in transmission the Personal Data we collect online.  When you type in sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet.  All electronic Personal Data that we maintain is securely stored and further protected through our use of appropriate access controls.  When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted.

In addition, to better protect certain Personal Data, some areas of the cathaypacific.com website or our mobile services channels are inaccessible unless you supply individually identifiable and verifiable information, such as your The Marco Polo Club / Asia Miles™ Membership Number and Password, or log in using your User ID and PIN.

As stated above, in some instances we may entrust Personal Data to third party service providers (including service providers outside of your jurisdiction), binding them to protect the security of Personal Data and only to use it for the purposes we specify. 

Cathay Pacific is a global airline company with operations, offices, affiliates and business partners located worldwide.  As such, the Personal Data you submit to us in one country may be transferred, used, processed, stored and accessed worldwide in one or more additional countries, as described in this Privacy Policy. 

In addition, we may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you.  We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, "Purposes for which the Personal Data are Collected and Used."

The entities with whom we may share your Personal Data include but are not limited to:

  1. any Cathay Pacific group companies, including but not limited to, Hong Kong Dragon Airlines, Asia Miles Ltd., Cathay Holidays Limited, Cathay Pacific Catering Services (HK) Ltd and Hong Kong Airport Services Ltd.;
  2. any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to Cathay Pacific in connection with the operation of its business;
  3. other business associates such air carriers, land or sea transport operators, loyalty program operators and other companies involved in providing customer service or fulfilling customer requests;
  4. credit reference agencies;
  5. credit, debit and /or charge card companies and/or banks;
  6. government or non-government authorities, agencies and/or regulators;
  7. medical professionals, insurers and clinics/hospitals.

Where permitted by applicable local law, we may also disclose your Personal Data to third parties:  (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities (such as immigration and customs control and/or border control agencies); (v) with your express consent, or, (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our subsidiaries or associated companies, or to protect the life, body or property of an individual. This also applies when we have reason to believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Cathay Pacific or as part of a corporate reorganization or stock sale or other change in corporate control.

Please be advised that the Personal Data that Cathay Pacific collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction.  By submitting personal information to Cathay Pacific or using any Cathay Pacific website, you understand and consent to such transfer. 

We will post on our website at www.cathaypacific.com any changes to this policy with the effective data of the changed policy, so that you can be informed of the way we collect and use your Personal Data any time you so choose.  If at any point we decide to use the Personal Data you submitted under this current policy in a way that differs materially from the privacy policy that applied at the time of that submission, you will be notified and given the opportunity via the website, email or in writing to opt out or otherwise prevent such usage.

Occasionally, we may use your personal data (including your name and contact details) to send you marketing communications such as emails containing news, offers, promotions and joint marketing offers about our travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals.  However, we will first obtain your consent before doing so. Please see below on how to provide us with your consent.

We may also provide your personal data (including your name and contact details) to third parties including our marketing partners, travel service partners for the purpose of marketing their products and services to you, including travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals.  Again, we will only do this if you provide us with your consent.

You may indicate your consent to the above by the following ways:

  1. when providing us with your personal data through our website or a form, ticking boxes indicating your consent; or
  2. when providing us with your personal data through the telephone, tell our customer representative that you consent

You may opt-out from receiving marketing communications at any time, free of charge, by:

  1. following the opt-out instructions contained in the communications;
  2. writing to us at the address listed above, under Section 4 – “How to Access or Correct Your Personal Data”; or
  3. updating your email subscriptions at http://www.cathaypacific.com/cx/en_HK/latest-offers/subscribe-offers/newsletter-subscription.html

Any personal data provided to or gathered by Cathay Pacific is controlled primarily by Cathay Pacific.

All Personal Data that has been collected from you will only be stored for a limited duration that is relevant to the purpose for which it was processed and for as long as required by applicable law.

This notice is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.