We aim to give you the best experience possible – but also wish to respect your privacy. By clicking “I accept”, you agree to allow us to use cookies, which will help us deliver more personalised information. However, should you wish to disable this capability, or to learn more about our policy, please visit our Cookies policy. Thank you.
Please upgrade your web browser
You are using an unsupported browser. See our supported browsers to enjoy the very best experience of our site.

Legal and privacy

Cathay Pacific Customer Privacy Policy - Non-European Appendix

This Appendix applies if you are based in the following countries/regions during your interactions with us

1.1          Overseas recipients of Personal  Data

(a)        In the course of providing our products and services to you, we may disclose your Personal Data to the following overseas recipients:

i. companies within Cathay Pacific, our affiliates and their subsidiaries, and third party service providers that are located overseas who assist us in providing our travel (including transit) and associated services; and

ii. law enforcement agencies, regulatory authorities and governments for security, customs and immigration purposes.

(b)        These recipients may be located in any country to which you travel, or which you travel through, either with us or our partner airlines.

(c)        We may disclose your Personal Data to recipients in countries that you are travelling to or you are sending cargo to or from in order to provide travel, freight and reservation services. The overseas recipients includes recipients in countries through which you are transiting, or when you travel on flights operated by other airlines, or countries in which our service providers operate or have their headquarters.

(d)        We may also disclose your Personal Data to data processors (including operators of global travel distribution systems), customer service providers and third party marketing service providers. The regions in which these third parties are located include the European Union countries, Asia, North America, Australia, South America and Middle East.

1.2          Accessing and correcting your personal information

(a)        If you are a Marco Polo Club member or a Registered Account holder, you may seek to access the personal information that we hold about you, and seek to update or correct it by logging into your electronic account and editing your profile, preferences or settings.  You may also seek to access or correct your personal information by contacting our customer representatives, or by contacting the Data Protection Office using the contact details in the Privacy Policy.

1.3          Complaints

(a)        You may request further information about the way we manage your Personal Data or lodge a complaint by contacting our Data Protection Officer using the contact details in section 8.4 of the Privacy Policy.

(b)        We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. In cases where further information, assessment or investigation is required, we will seek to agree an alternative timeframe with you.

(c)        If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au.

2.1          Consent and withdrawal of consent: 

Where you have consented to our use of your Personal Data, you may withdraw your consent to the use of your Personal Data.  You may do this by contacting us as set out in section 8.4 of the Privacy Policy. 

We may continue to use and disclose your Personal Data where it is required to provide you with the services you have requested or that we have agreed to provide you, or in accordance with the law.

2.2          Marketing and profile information:

In connection with our marketing activities, we analyse some of the information that we collect about our customers (together with information about customers that we collect from our loyalty and other partners) to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of “segments”. To do this, we combine Personal Data that we have collected from customers directly together with Personal Data that we have collected from our affiliates and other partners, including Asia Miles, about our customers’ purchase history and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We will use the segment that you have been assigned to in order to tailor our marketing communications to include offers and content that are relevant to you.

2.3          Consent for electronic marketing communications:

We will only send you electronic communications in relation to marketing activities if you have provided express opt-in consent to do so.  This does not include transactional communications which facilitate or confirm purchases or services, or responses to inquiries from you.

2.4          Opting out of direct marketing:

You have the right to opt out of our direct marketing, and the underlying analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right, by contacting us in accordance with section 8.4 of the Privacy Policy, or opting-out or updating your e-mail subscriptions in accordance with section 8.2 of the Privacy Policy.

2.5          Using your Personal Data to make decisions: 

In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models.

2.6          Storage and access outside of Canada:   

Your Personal Data may be accessed and stored outside of Canada by staff or suppliers, transferred, and/or stored outside Canada.  Your Personal Data may be subject to access and disclosure to governmental and law enforcement authorities in those countries and in accordance with the laws of those countries.

2.7          Rights of access and correction: 

You have rights of access to and correction of your Personal Data, subject to exceptions in accordance with the laws of Canada.  We may charge you a reasonable fee in respect of certain access rights and will advise you of this in the course of any request.  You may exercise your rights by contacting us at the contact details in section 8.4 of the Privacy Policy.

2.8          Accountability:

If you have any concerns or questions about how we are collecting, using or disclosing your Personal Data, you may contact us in accordance with section 8.4 of the Privacy Policy.  If you are not satisfied with how we resolve your questions or concerns, you may contact the Office of the Privacy Commissioner of Canada.

3.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

“You consent to the collection, use and disclosure of your Personal Data as described in this Privacy Policy.”

3.2          Sensitive personal data

We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious beliefs. We will ask you for your consent when collecting and handling this type of Personal Data.

3.3          Storage and access outside of China:  

Your Personal Data may be accessed and stored outside of China by staff or suppliers, transferred, and/or stored outside China.

3.4          Using your Personal Data to make decisions:

In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models. Under certain circumstances, you may have the right to restrict how we process your Personal Data for these decision making process.

3.5          Additional rights:

In addition to section 8 of the Privacy Policy, you have the right to:

(a)   subject to certain conditions, request deletion of your Personal Data;

(b)   where processing is based on consent, withdraw the consent;

(c)   where services are provided to you via an account, cancel your account; and

(d)   request a copy of your Personal Data;

 

You may exercise these rights by contacting us at the contact details in section 8.4 of the Privacy Policy.

 

3.6          Accountability:

If you have any concerns or questions about how we are collecting, using or disclosing your Personal Data, or are not satisfied with how we resolve your questions or concerns, please contact us in accordance with section 8.4 of the Privacy Policy. 

4.1          The following sentence shall be added to the introductory section of the Privacy Policy before the start of clause 1:

“For the purpose of the Privacy Policy, “Cathay Pacific” means Cathay Pacific Airways Limited, Hong Kong Dragon Airlines Limited, Cathay Holidays Limited (and its subsidiaries). Among these entities Cathay Pacific Airways Limited is responsible for handling your Personal Data and acts as a point of contact for any enquiries, complaints, data corrections or update requests”.

4.2          The first sentence of Section 5 (Who we share your Personal Data with) of the Privacy Policy is replaced by the following language:

In certain circumstances, to the extent permitted by the Act on Protection of Personal Information of Japan (Act No.57 of 2003) and based on your consent if required by the law, we will disclose your Personal Data to third parties as described below:”

4.3          Processing of special categories of Personal Data

(a)        We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious or other beliefs.

(b)        We will typically ask you for your consent when collecting, handling or share with a third party this type of Personal Data, unless we are otherwise permitted to process such Personal Data under the Act on Protection of Personal Information of Japan (Act No.57 of 2003) (APPI).

4.4          Your rights

(a)        In addition to the Section 8 (Your rights) of the Privacy Policy, in certain circumstances, you may have the rights under the APPI to ask us to:

(i)         correct, add or delete Personal Data if the Personal Data held by us is not accurate;

(ii)        stop the use or sharing with a third party of, or delete, Personal Data if the use or sharing is against the rules of the APPI;

(b)        These rights are subject to certain exemptions to safeguard the life, body or assets of you or a third party (e.g. the prevention or detection of crime) and our interests, due to requirements of other laws or availability of less onerous options.

5.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

 “By providing us with your Personal Data and continuing to use our services, you agree to the processing of your Personal Data in accordance with the terms of this Privacy Policy, which may be amended or updated from time to time. ”

5.2          The following section 2.3 shall be added to the Privacy Policy:

“2.3 We will process sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when processing this type of Personal Data, unless we are otherwise permitted to process such sensitive Personal Data under the Malaysian Personal Data Protection Act 2010.“

6.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

“You consent to the collection, use and disclosure of your Personal Data as described in this Privacy Policy.”

7.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

You consent to the collection and use of your Personal Data in accordance with the terms of this Privacy Policy

7.2          The following clause shall be added to the Privacy Policy as section 5.7:

5.7 Names of third party recipients of your Personal Data and description of their processing work

The names of third parties that will process your Personal Data on our behalf and descriptions or their work are as follows. This list may be amended or updated from time to time.

Service Provider (Trade Name) Description of Work

Swissport Korea

Ground handling service in Incheon Intl Airport including check-in, reservation and ticketing, providing notice of change, ticket sales, guiding use of lounge by members, assistance in membership subscription and response to queries on mileage service, etc.

Asiana Airlines

Ground handling services in Busan and Jeju Intl Airport including check-in, reservation and ticketing, providing notice of change, assistance in membership subscription and response to queries on mileage service, etc.

ISG

To process product order and arrange delivery service, etc.

DHL

Delivery service for purchased products, etc.

SMS transmission/messaging service providers

(http://www.cathaypacific.com/cx/ko_KR/hidden-pages/pop-up/flight-messaging/mobile-phone-service-provider.html)

SMS transmission for notification or reminders on flights, etc.

First Data Korea

Payment transaction for domestic-purchased tickets, etc.

World Pay

Payment gateway for overseas-purchased and internet-purchased tickets, etc.

IBM

To process marketing email broadcast & Coremetrics tracking on cx.com

DXC

Provide IT Infrastructure level support to all servers in CX data centre in Hong Kong

IBM ASM

Provide application support to a list of applications in CX data centre in Hong Kong

MillionTech

CX - IPOSS – Integrated point of sales system (CX inflight sales backend system)

 

KA -IPOSS – KA integrated point of sales system (KA inflight sales backend system)

 

IPOW – Internet preflight order website (CX inflight sales website backend system) 

AWS

Cloud service

OpenJaw

Travel retail platform for Asia Miles

ICLP

Application that handles Non-Air redemption in Asia Miles.com

Amadeus

Amadeus is the Internet application for passenger to book flights online 

IER

Multi-purpose Kiosk (CUSS) - Self Service machine for check-in or boarding pass fulfilment 

SITA

SITA AirCOM Server is an application  for Air-Ground Message Handling and Re-distribution (ACARS Messages)

Google Analytics

A web analytics service (SaaS) to track page views and visits

Novatti

eVoucher Management System 

Salesforce

Salesforce Automation Tool - a CRM (customer relationship management) tool developed by Salesforce.com to store and handle customer contacts.

Customer Feedback and Compensation System (CFCS) – a Salesforce Service Cloud solution that provides a stable and effective solution with due consideration of maintaining the normal daily operations of the Customer Relation Department operations; and to capture customer feedback and service recovery costs for analysing service failures to correct problems areas and drive product improvement.

CHAMP

Cargo Service System for Carrier and Handling

Atlassian

Confluence is a Knowledge Management System to provide IT support infos in CX environment

Tealium

For Tag management

Ayden

Payment gateway

Alipay

Payment service 

Microsoft

Multiple services e.g.

·      Cloud Storage

·      Office 365 

Silverpop

(Acquired by IBM)

Marketing automation & email marketing software

Mainframe

Application used to keep flight manifest data of all CX and KA flights and perform auto-tracking and retro claim processing for oneworld and Asia Miles partners

 

7.3          The following paragraph shall be replaced section 7.3 (Retention Period) of the Privacy Policy:

7.3 Retention Period

 

Our retention periods for Personal Data are based on business needs and legal requirements. We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, we may retain: (i) certain transaction details (e.g. flight history) and correspondence until the time limit for claims arising from the transaction with us has expired (which is typically between 6 to 10 years after the relevant transaction occurred, and in some cases much less than this); or (ii) certain data to comply with regulatory requirements regarding the retention of such data. Where Personal Data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised data) or securely destroy the data. [To be updated from time to time.]

 

7.4          The following sentence shall be added to section 8.1:

“If you are under the age of 14, your legal guardian will have the rights under section 8.”

8.1          The following section 2.3 shall be added to the Privacy Policy:

“2.3 We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to collect, process or use such Personal Data under Taiwan Personal Data Protection Law. “

8.2          The following section 4.2 shall be added to the Privacy Policy:

“4.2 Your Personal Data may be used in electronic form and/or hard copy form or in any appropriate manner.”

8.3          The following sentence shall be added to section 8.1:

“In addition to the above, you have the right (subject to exceptions and in accordance with Taiwan Personal Data Protection Law) to request a copy of your Personal Data held by us or require us to delete or cease the collection, processing or use of your Personal Data. You may exercise these rights by contacting us at the contact details in section 8.4 of the Privacy Policy.”

9.1          California Privacy Rights

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to request a notice that identifies the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes and provides contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this information, please submit a written request by contacting us at the contact details in section 8.4 of the Privacy Policy.

9.2          Children

Other than information required to complete a booking, we do not knowingly collect personal identifiable information from children under the age of 13. If we learn that we have collected Personal Data from a child under the age of 13, we will take reasonable steps to delete that information. Where required by applicable law, we may ask a parent or guardian for consent before we provide a product or service to a minor.

9.3          Your Rights And Choices

You may have additional rights and choices regarding how we process your personal information.  Those additional rights and choices are listed below.

We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.  We will try to comply with your request as soon as reasonably practicable.

Please note that your exercise of these rights is subject to limitations and we may reject your request.

Access and correction: You may access the information we maintain about you.  You may request access to correct any errors in your personal information.

Deletion: You may request that we delete your personal information.  Please note, we may be required by legal or other reasons to retain your personal information.

 Do Not Sell My Personal Information: To the extent that we sell customer data, you may have the right to direct us to stop selling your personal information if we are doing so.

Please contact us using the contact details in section 8.4 of the Privacy Policy if you would like to exercise any of these rights or request more information.  Where required by applicable law, we will notify you if we reject your request and notify you of the reasons we are unable to honor your request.

9.4          The following sentence shall be added to section 9:

In relation to web browser-based do-not-track (“DNT”) signals, because there is not yet a consensus on how companies should respond to web browser-based DNT mechanisms in Europe, the US and California, we do not explain how we respond to web browser-based DNT signals at this time.”