Customer privacy notice - Non-European Appendix

1.1          Overseas recipients of Personal Data

(a)        In the course of providing our products and services to you, we may disclose your Personal Data to the following overseas recipients:

i. companies within Cathay Pacific, our affiliates and their subsidiaries, and third party service providers that are located overseas who assist us in providing our travel (including transit) and associated services; and

ii. law enforcement agencies, regulatory authorities and governments for security, customs and immigration purposes.

(b)        These recipients may be located in any country to which you travel, or which you travel through, either with us or our partner airlines.

(c)        We may disclose your Personal Data to recipients in countries that you are travelling to or you are sending cargo to or from in order to provide travel, freight and reservation services. The overseas recipients includes recipients in countries through which you are transiting, or when you travel on flights operated by other airlines, or countries in which our service providers operate or have their headquarters.

(d)        We may also disclose your Personal Data to data processors (including operators of global travel distribution systems), customer service providers and third party marketing service providers. The regions in which these third parties are located include the European Union countries, Asia, North America, Australia, South America and Middle East.

1.2          Accessing and correcting your personal information

(a)        If you are a Cathay Membership Programme member or a Registered Account holder, you may seek to access the personal information that we hold about you, and seek to update or correct it by logging into your electronic account and editing your profile, preferences or settings. You may also seek to access or correct your personal information by contacting our customer representatives, or by contacting the Data Protection Office using the contact details in the Privacy Notice.

1.3          Complaints

(a)        You may request further information about the way we manage your Personal Data or lodge a complaint by contacting our Data Protection Officer using the contact details in section 8.4 of the Privacy Notice.

(b)        We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. In cases where further information, assessment or investigation is required, we will seek to agree an alternative timeframe with you.

(c)        If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au.

2.1          Consent and withdrawal of consent: 

Where you have consented to our use of your Personal Data, you may withdraw your consent to the use of your Personal Data.  You may do this by contacting us as set out in section 8.4 of the Privacy Notice.

We may continue to use and disclose your Personal Data where it is required to provide you with the services you have requested or that we have agreed to provide you, or in accordance with the law.

2.2          Marketing and profile information:

In connection with our marketing activities, we analyse some of the information that we collect about our customers (together with information about customers that we collect from our loyalty and other partners) to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of “segments”. To do this, we combine Personal Data that we have collected from customers directly together with Personal Data that we have collected from our affiliates and other partners, including Asia Miles, about our customers’ purchase history and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We will use the segment that you have been assigned to in order to tailor our marketing communications to include offers and content that are relevant to you.

2.3          Consent for electronic marketing communications:

We will only send you electronic communications in relation to marketing activities if you have provided express opt-in consent to do so.  This does not include transactional communications which facilitate or confirm purchases or services, or responses to inquiries from you.

2.4          Opting out of direct marketing:

You have the right to opt out of our direct marketing, and the underlying analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right, by contacting us in accordance with section 8.4 of the Privacy Notice, or opting-out or updating your e-mail subscriptions in accordance with section 8.2 of the Privacy Notice.

2.5          Using your Personal Data to make decisions: 

In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models.

2.6          Storage and access outside of Canada:   

Your Personal Data may be accessed and stored outside of Canada by staff or suppliers, transferred, and/or stored outside Canada.  Your Personal Data may be subject to access and disclosure to governmental and law enforcement authorities in those countries and in accordance with the laws of those countries.

2.7          Rights of access and correction: 

You have rights of access to and correction of your Personal Data, subject to exceptions in accordance with the laws of Canada.  We may charge you a reasonable fee in respect of certain access rights and will advise you of this in the course of any request.  You may exercise your rights by contacting us at the contact details in section 8.4 of the Privacy Notice.

2.8          Accountability:

If you have any concerns or questions about how we are collecting, using or disclosing your Personal Data, you may contact us in accordance with section 8.4 of the Privacy Notice. If you are not satisfied with how we resolve your questions or concerns, you may contact the Office of the Privacy Commissioner of Canada.

3.1          The following sentence shall be added to the introductory section of the Privacy Notice before the start of clause 1:

“For the purpose of the Privacy Notice, “Cathay Pacific” means Cathay Pacific Airways Limited, Hong Kong Dragon Airlines Limited, Cathay Holidays Limited (and its subsidiaries). Among these entities Cathay Pacific Airways Limited is responsible for handling your Personal Data and acts as a point of contact for any enquiries, complaints, data corrections or update requests”.

3.2          The first sentence of Section 5 (Who we share your Personal Data with) of the Privacy Notice is replaced by the following language:

“In certain circumstances, to the extent permitted by the Act on Protection of Personal Information of Japan (Act No.57 of 2003) and based on your consent if required by the law, we will disclose your Personal Data to third parties as described below:”

3.3          Processing of special categories of Personal Data

(a)        We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious or other beliefs.

(b)        We will typically ask you for your consent when collecting, handling or share with a third party this type of Personal Data, unless we are otherwise permitted to process such Personal Data under the Act on Protection of Personal Information of Japan (Act No.57 of 2003) (APPI).

3.4          Your rights

(a)        In addition to the Section 8 (Your rights) of the Privacy Notice, in certain circumstances, you may have the rights under the APPI to ask us to:

(i)         correct, add or delete Personal Data if the Personal Data held by us is not accurate;

(ii)        stop the use or sharing with a third party of, or delete, Personal Data if the use or sharing is against the rules of the APPI;

(b)        These rights are subject to certain exemptions to safeguard the life, body or assets of you or a third party (e.g. the prevention or detection of crime) and our interests, due to requirements of other laws or availability of less onerous options.

4.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Notice before the start of clause 1:

 “By providing us with your Personal Data and continuing to use our services, you agree to the processing of your Personal Data in accordance with the terms of this Privacy Notice, which may be amended or updated from time to time. ”

4.2          The following section 2.3 shall be added to the Privacy Notice:

“2.3 We will process sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when processing this type of Personal Data, unless we are otherwise permitted to process such sensitive Personal Data under the Malaysian Personal Data Protection Act 2010.“

5.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Notice before the start of clause 1:

“You consent to the collection, use and disclosure of your Personal Data as described in this Privacy Notice.”

6.1          The following section 2.3 shall be added to the Privacy Notice:

“2.3 We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to collect, process or use such Personal Data under Taiwan Personal Data Protection Law. “

6.2          The following section 4.2 shall be added to the Privacy Notice:

“4.2 Your Personal Data may be used in electronic form and/or hard copy form or in any appropriate manner.”

6.3          The following sentence shall be added to section 8.1:

“In addition to the above, you have the right (subject to exceptions and in accordance with Taiwan Personal Data Protection Law) to request a copy of your Personal Data held by us or require us to delete or cease the collection, processing or use of your Personal Data. You may exercise these rights by contacting us at the contact details in section 8.4 of the Privacy Notice.”