Jump to main content
You have turned off cookies for this site. Please enable cookies for a better browsing experience.

Data Privacy and Security Policy

This Cathay Holidays Customer Privacy Policy ("Privacy Policy") discloses how Cathay Holidays Limited ("Cathay Holidays", "us" or "we") collects, stores and handles the Personal Data of its customers (Cathay Holidays customers, users of Cathay Holidays services, and visitors to the Websites (as defined below)).

Please read the following Privacy Policy to understand how Cathay Holidays uses the Personal Data we may collect from you.

By providing your Personal Data to us, you are consenting to this Privacy Policy and the collection, use, access, transfer, storage and processing of your personal information as described in this Policy.

Our Commitment to Protecting Your Privacy

We are committed to protecting your personal and data privacy. To ensure you can make informed decisions and feel confident about supplying personally identifiable information ("Personal Data") relating to you when using Cathay Holidays sub site on the Cathay Pacific website and/or through Cathay Holidays reservation offices and other services (such as other electronic and telecommunication channels) this notice outlines Cathay Holidays Limited online information practices and the choices you have concerning how the Personal Data is being collected and used.

We collect and process only information that we need to administer our business, to provide you with the highest quality service and to offer various opportunities which may be of interest to you.

This privacy statement is in compliance with the Personal Data (Privacy) Ordinance of the Hong Kong SAR.

The Personal Data We Collect

We request information in several areas of the Websites and other online and offline channels, including but not limited to, when you:

  • submit reservation request forms;
  • use the "Forward to friends" service;
  • participate in our special marketing programmes and contests;
  • make instant online booking in Websites;
  • share via Facebook, Twitter and other social media.

The types of Personal Data we collect, depending on the specific part of the Websites, are:

  • Contact information of the person making the reservation:

o   Title

o   Family name

o   Given name

o   Email address

o   Telephone number(s) (primary and other)

o   Fax number(s)

o   Delivery Address

  • Traveller(s)'s information (where applicable) - number of traveller(s), and for each traveller (where applicable), their:

o   Title

o   Family name

o   Given name

o   Age group for adults, specific age of children and infants

o   Asia Miles membership number

  • Travel details:

o   Name of package or hotel programme

o   Flight information (where applicable):

-  Departure city

-  Destination

-  Departure date

-  Return date

-  Flight preferences (time or flight number)

-  Carrier (KA or CX)

o   Hotel selection (where applicable):

-  Check-in date

-  Check-out date

-  Number of rooms and room type

-  Hotel room special request

-  Hotel Name

o   Date and time preferences of included tours or activities (where applicable)

o   Indication of interests in optional add-ons (where applicable)

  • Credit card information:

o   Credit card type

o   Name of cardholder

o   Credit card number

o   Expiry date

o   Billing Address

o   Credit card Security code

  • Sender and recipient(s)'s information for "Forward to friends" form:

o   Name of sender

o   Email address of sender

o   Email address(es) of recipient(s)

o   Personal message

Certain Personal Data (particularly relating to your personal information and contact information) are required for specific services and if you fail to supply the Personal Data as requested from each specific service, we may be unable to deliver you the online services in full.

The Way We Use Your Personal Data

We may use the Personal Data you provided for one or more of the following purposes:

  • To process your request to purchase our product(s) and service(s);
  • To confirm your travel arrangements;
  • To fulfil your request when you use our online services;
  • To contact you regarding your enquiries;
  • For the operations of the service providers including delivery of associated benefits and services;
  • For our own marketing purposes, such as sending you updates on our latest offers and promotions; please see the Section "Notice on Direct Marketing" below for details
  • For identification and verification purposes in connection with any of the services or products that may be supplied to you;
  • For frequent flyer and mileage programme;
  • For your use of the online services available at any of the Websites and/or through other telecommunication channels;
  • For the supply of any products and/or services which we may offer to you or you may require from us from time to time including text message (SMS) alerts;
  • To administer contests and sweepstakes conducted by us or on our behalf;
  • To disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Hong Kong;
  • To facilitate the payment for products and services we provided, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
  • To improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties);
  • For the use of any of our associate companies and/or business associates in connection with any of the above purposes and/or any other travel related and/or loyalty program related services such companies and associates may be offering to you from time to time.

We will not share the Personal Data of users with outside party, except to the extent necessary to complete the order/request on the purchase of our product(s) and service(s), and to fulfill your request when using our online services.

We use aggregate non-identifying information about our customers to better design the Websites. This means that we may provide this information to third parties. However, this information will never identify any single user in particular.

We will never use or share the Personal Data provided to us online in ways unrelated to the purposes aforementioned without your prior consent.

How to Access or Correct Your Personal Data

You may request access to and correct your Personal Data held by us.  If you wish to obtain a copy of any of your Personal Data, if you believe that the Personal Data relating to you which we collect and maintain is incorrect, or if you believe that the Personal Data held by us was used beyond the scope of the purpose of use disclosed above or was acquired by fraudulent or unlawful means or provided to a third party without your prior consent, please write to us at the address below.

A request for access or correction to, or deletion of Personal Data or for information regarding policies and practices and kinds of Personal Data held by us must be in writing and sent to us via postal mail at the following address:

The Data Protection Officer
Cathay Holidays Limited
5th Floor, Central Tower, Cathay Pacific City,
8 Scenic Road. Hong Kong International Airport, Lantau, Hong Kong

We may charge a reasonable fee for the processing of any data access request.

Use of Cookies on CX Group Sites

A cookie is an alphanumeric string of identifier that websites of the Cathay Pacific group companies including. CathayPacific.com, dragonair.com and asiamiles.com (“CX Group Sites”) use to transfer to the cookie file of the browser on your computer's hard disk. With the use of cookies, we can better serve you and/or maintain your information across multiple pages within or across one or more sessions. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

Two types of cookies are used on the CX Group Sites:

Session Cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site.

Persistent Cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

Cookies cannot be used by themselves to identify you.

Examples of How we use Cookies on our CX Group Sites

Session Cookies

  • To allow you to carry information across pages of our respective CX Group Site and avoid having to re-enter information, such as logging in for every page.
  • Within registration to allow you to access stored information.
  • During the booking process so that we can remember your selections.

Persistent Cookies

  • To compile anonymous, aggregated statistics that allow us to understand how users use CX Group Sites, and to help us improve the structure of CX Group Sites. We cannot identify you personally in this way.
  • To store your chosen country homepage destination.

Third Party Cookies

  • To determine and track website traffic coming in from advertisement banners that have been placed on third parties' websites.

List of major Cookies that are essential for a desirable navigation experience on CX Group Sites

Cookie Name Purpose
country_lang_cookie Used to record your country of residence and your preferred language choice.
Marco Polo Club_userid_cookie Used to remember the login ID of Marco Polo Club member when "Remember this no." option is selected during login.
session cookie Cookies that will expire at the end of session or after idling for 30 minutes. Used to maintain the transaction with CX Group Site.
TRACKER_CX / TRACKER_KA Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.
CoreID6 Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.

List of major Cookies that are set by third-parties on CX Group Sites

DoubleClick Used for the purpose of serving our Internet advertisements on other [third party] websites. Some of our web pages may contain electronic images that allow us to track user interactions on these pages. They may also report back some information to DoubleClick about the interaction performed.

Used for the purposes of understanding more about visitors on CX Group Sites then apply this understanding to provide web environments that save visitors time and make the sites easier to use. This data could include search engine referral, affiliate referrals, traffic driven by banner ads or other promotions, visitor navigation around the site, popular pages, processed or abandoned transactions and sales conversions. It also receives certain technical information, such as the visitor's browser version and operating system. Ticket booking information will be captured such as IP address, MARCO POLO CLUB membership number, Asia Miles membership number, login name and email address. All information about individual visitors to a web site belongs to Cathay Pacific. IBM Coremetrics is not allowed to disclose individual information collected for Cathay Pacific to any other IBM Coremetrics client.

On CX Group Sites Coremetrics is used in conjunction with CoreID6 for online web analytics.

Below technologies are used by IBM Coremetrics on CX Group Sites:

Session Cookie: The "Session" cookie exists only for the lifetime of the current browser session. The Session cookie will exist from the point at which the first tag is received from the website until 1) the visitor closes all browser windows for the browser in question or 2) more than 30 minutes pass without receiving a data collection tag from the browser session. One or more "sessions" may be associated with a "visitor".

Visitor Cookie: The "Visitor" cookie persists after the visitor closes all browser windows. The "Visitor" cookie contains a cookie ID referenced by Coremetrics to identify a visitor returning to the site across multiple "sessions".

Web Beacon: Also known as a "clear GIF", "pixel tag", "data tag" or "image tag". It is a mechanism by which a small section of code that is placed on web site pages to execute an image request to IBM data collection servers. Web beacons facilitate the transfer of data by requesting and delivering the transparent graphic GIF image from IBM Coremetrics to relevant CX Group Site.

Opt-Out Options

If you do not want IBM Coremetrics to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a web site tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use of some of the products and/or services at our web site.

IBM Coremetrics offers two methods by which visitors can opt-out of data collection associated with their online activities:

1) "Anonymous Visitor" and

2) "Total Opt-Out" (which are both discussed below).

For either of these options to take effect, you must first accept a cookie from this site which will allow us to recognize you with a random and unique alphanumeric identifier so that we can honor your opt-out selection. If you do not accept this cookie, or later delete it, we cannot honor your request to opt-out and you will continue to be served cookies.

Anonymous Visitor

Your IBM Coremetrics cookie contains a random and unique alphanumeric identifier. If you select the "Anonymous Visitor" option, then your cookie will be modified to read "anonymous", meaning that IBM Coremetrics will continue to collect or receive data about your experience on CX Group Sites. However, such data will be presented as part of a pool of general, anonymous visitors.

Total Opt-Out

If you select "Total Opt-Out", then your cookie will be modified to read "opt-out", meaning that no data will be collected about you on the relevant CX Group Site. IBM Coremetrics will in such cases record that a "Total Opt-Out" election has been made, so that aggregated totals of "Total Opt-Out" elections can be calculated and recorded. Once you make your selection, a dialog box should appear to confirm that your opt-out choice was successful. The opt-out will remain in effect for as long as the cookie remains on your hard drive. If you remove this cookie from your hard drive (for instance, if you reinstall or update your browser or choose to delete all cookies), you will need to renew your opt-out selection.

Remember, if you choose to opt out of the Site Analytics cookie [from a particular CX Group Site] you will need to do so the first time you visit such site which provide opt-out to avoid having your information collected by that site. Further, if you use more than one web browser or computer, you will need to opt-out in each one. Please note that if you upgrade your browser to a new version (including, but not limited to, Microsoft's Internet Explorer 8.0), you may need to opt out again.

You can click here to understand IBM Coremetrics privacy policy in details.

Please click here if you wish to opt-out from data collection associated with IBM Coremetrics.

Remarks:  Rejecting cookies may affect your ability to use of some of the services on CX Group Sites.

Disabling / Enabling Cookies

All browser releases from 4.0 and beyond have a "cookie filter" imbedded in the Privacy settings.

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features on our site if cookies acceptance have been disabled completely.

Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

You need to set each browser, on each device you use to surf the web. You should repeat this procedure with each one if you use multiple browsers (e.g., Safari, Internet Explorer, Firefox, Google Chrome, etc.). Similarly, if you connect to the web from multiple devices (e.g., work and home), you need to set each browser on each device. However, if you disable cookies or refuse to accept a request to place a cookie, it is possible that some parts of this website, and certain areas of the website for which you need to log in, will not function properly, and the advertising you receive when you visit this website may not be advertisements tailored to your interests.

Whilst currently we are only using cookie in the ways we have stated out, new cookies will be implemented as necessary in order to better serve you.

Log Files

We may collect information regarding your IP address, browser type, domain name and access time. This information is used for our own research purposes and is separated from the Data. We do not link IP addresses to any personal information. In rare instances, IP addresses may be used to assist in deterring and/or preventing abusive or criminal activity on the website.

Our Commitment to Personal Data Security

To maintain the accuracy of all Personal Data, as well as to prevent unauthorized access and to ensure the correct use of the Personal Data, we have carried out appropriate physical, electronic and managerial measures to safeguard and secure the Personal Data we collect online. We use Secure Socket Layer (SSL) protocol - an industry standard for encryption over the Internet that protects Personal Data. When you type in sensitive information such as credit card details, it will be automatically converted into code before being securely dispatched over the Internet.

All electronic Personal Data that we maintain is securely stored and further protected through our use of appropriate access controls.  When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted.

In addition, to better protect certain Personal Data, some areas of the Cathay Holidays sub site on the Cathay Pacific website or other electronic and telecommunication channels are inaccessible unless you supply individually identifiable and verifiable information, such as your The Marco Polo Club / Asia Miles™ Membership Number and Password, or log in using your User ID and PIN.

As stated above, in some instances we may entrust Personal Data to third party service providers (including service providers outside of your jurisdiction), binding them to protect the security of Personal Data and only to use it for the purposes we specify.

Notice on Direct Marketing

Occasionally, we may use your Personal Data (including your name and contact details) to send you marketing communications such as direct mail, email, telephone and SMS containing news, offers, promotions and joint marketing offers about our travel services and packages. However, we will first obtain your consent before doing so. Please see below on how to provide us with your consent.

We may also provide your Personal Data (including your name and contact details) to third parties including our marketing partners and travel service partners for the purpose of marketing their products and services to you, including travelling, banking, entertainment, accommodation, transportation, household, apparel, food & beverages, insurance, fashion, education, health and wellness, social networking, media and high-end customer products or services. Again, we will only do this if you provide us with your consent.

You may indicate your consent to the above by the following ways:

  • when providing us with your Personal Data through the Websites or a form, ticking a box/ boxes indicating your consent; or
  • when providing us with your Personal Data through the telephone, tell our customer representative that you consent

You may opt-out from receiving marketing communications at any time, free of charge, by:

  • following the opt-out instructions contained in the communications; or
  • writing to our Data Protection Officer at 5th Floor, Central Tower, Cathay Pacific City, 8 Scenic Road. Hong Kong International Airport, Lantau, Hong Kong

Links to Other Sites

This website contains links to other sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy statements of other websites. We have no control over Personal Data that you submit to or receive from these third parties.

Changes to Privacy Statement

We post new or updated statements in this section if we deem it necessary to change any part of our privacy statement. That way you are always informed of the way we collect and use the Personal Data. If at any point we decide to use the Personal Data you submitted under this current statement in the revised condition, you will be given the opportunity to opt out or otherwise prevent from such usage.

Disclosure and Transfer of Personal Data

We may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you.  We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section "The Way We Use Your Personal Data."

The entities with whom we may share your Personal Data include but are not limited to:

  • any Cathay Pacific group companies, including but not limited to, Cathay Pacific Airways Limited, Hong Kong Dragon Airlines, Asia Miles Ltd., Cathay Pacific Catering Services (HK) Ltd and Hong Kong Airport Services Ltd.;
  • any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to Cathay Holidays Limited in connection with the operation of its business;
  • other business associates such air carriers, land or sea transport operators, hotels, tour operators, loyalty program operators, insurance companies and other companies involved in providing customer service or fulfilling customer requests;
  • credit reference agencies;
  • credit, debit and /or charge card companies and/or banks;
  • government or non-government authorities, agencies and/or regulators;
  • medical professionals, insurers and clinics/hospitals.

Where permitted by applicable local law, we may also disclose your Personal Data to third parties:  (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities (such as immigration and customs control and/or border control agencies); (v) with your express consent, or, (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our associated companies, or to protect the life, body or property of an individual. This also applies when we have reason to believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Cathay Holidays Limited or as part of a corporate reorganization or stock sale or other change in corporate control.

Please be advised that the Personal Data that Cathay Holidays Limited collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction.  By submitting personal information to Cathay Holidays Limited or using any Cathay Pacific website, you understand and consent to such transfer. 

Data Controller

Any Personal Data provided to or gathered by Cathay Holidays is controlled primarily by Cathay Holidays Limited.

Retention of Data

All Personal Data that has been collected from you will only be stored for a limited duration that is relevant to the purpose for which it was processed and for as long as required by applicable law.

This notice is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.