Please upgrade your web browser
You’re using a browser that we don’t support. To get the best experience using our site, we recommend you upgrade to a newer browser – please see our supported browsers list.

Customer privacy policy - Non-European Appendix

Cathay Pacific Customer Privacy Policy - Non-European Appendix

This Appendix applies if you are based in the following countries/regions during your interactions with us

1.1          Overseas recipients of Personal Data

(a)        In the course of providing our products and services to you, we may disclose your Personal Data to the following overseas recipients:

i. companies within Cathay Pacific, our affiliates and their subsidiaries, and third party service providers that are located overseas who assist us in providing our travel (including transit) and associated services; and

ii. law enforcement agencies, regulatory authorities and governments for security, customs and immigration purposes.

(b)        These recipients may be located in any country to which you travel, or which you travel through, either with us or our partner airlines.

(c)        We may disclose your Personal Data to recipients in countries that you are travelling to or you are sending cargo to or from in order to provide travel, freight and reservation services. The overseas recipients includes recipients in countries through which you are transiting, or when you travel on flights operated by other airlines, or countries in which our service providers operate or have their headquarters.

(d)        We may also disclose your Personal Data to data processors (including operators of global travel distribution systems), customer service providers and third party marketing service providers. The regions in which these third parties are located include the European Union countries, Asia, North America, Australia, South America and Middle East.

1.2          Accessing and correcting your personal information

(a)        If you are a Cathay Membership Programme member or a Registered Account holder, you may seek to access the personal information that we hold about you, and seek to update or correct it by logging into your electronic account and editing your profile, preferences or settings. You may also seek to access or correct your personal information by contacting our customer representatives, or by contacting the Data Protection Office using the contact details in the Privacy Policy.

1.3          Complaints

(a)        You may request further information about the way we manage your Personal Data or lodge a complaint by contacting our Data Protection Officer using the contact details in section 8.4 of the Privacy Policy.

(b)        We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. In cases where further information, assessment or investigation is required, we will seek to agree an alternative timeframe with you.

(c)        If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au.

2.1          Consent and withdrawal of consent: 

Where you have consented to our use of your Personal Data, you may withdraw your consent to the use of your Personal Data.  You may do this by contacting us as set out in section 8.4 of the Privacy Policy. 

We may continue to use and disclose your Personal Data where it is required to provide you with the services you have requested or that we have agreed to provide you, or in accordance with the law.

2.2          Marketing and profile information:

In connection with our marketing activities, we analyse some of the information that we collect about our customers (together with information about customers that we collect from our loyalty and other partners) to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of “segments”. To do this, we combine Personal Data that we have collected from customers directly together with Personal Data that we have collected from our affiliates and other partners, including Asia Miles, about our customers’ purchase history and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We will use the segment that you have been assigned to in order to tailor our marketing communications to include offers and content that are relevant to you.

2.3          Consent for electronic marketing communications:

We will only send you electronic communications in relation to marketing activities if you have provided express opt-in consent to do so.  This does not include transactional communications which facilitate or confirm purchases or services, or responses to inquiries from you.

2.4          Opting out of direct marketing:

You have the right to opt out of our direct marketing, and the underlying analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right, by contacting us in accordance with section 8.4 of the Privacy Policy, or opting-out or updating your e-mail subscriptions in accordance with section 8.2 of the Privacy Policy.

2.5          Using your Personal Data to make decisions: 

In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models.

2.6          Storage and access outside of Canada:   

Your Personal Data may be accessed and stored outside of Canada by staff or suppliers, transferred, and/or stored outside Canada.  Your Personal Data may be subject to access and disclosure to governmental and law enforcement authorities in those countries and in accordance with the laws of those countries.

2.7          Rights of access and correction: 

You have rights of access to and correction of your Personal Data, subject to exceptions in accordance with the laws of Canada.  We may charge you a reasonable fee in respect of certain access rights and will advise you of this in the course of any request.  You may exercise your rights by contacting us at the contact details in section 8.4 of the Privacy Policy.

2.8          Accountability:

If you have any concerns or questions about how we are collecting, using or disclosing your Personal Data, you may contact us in accordance with section 8.4 of the Privacy Policy.  If you are not satisfied with how we resolve your questions or concerns, you may contact the Office of the Privacy Commissioner of Canada.

This Appendix applies if you are based in the People’s Republic of China (PRC) during your interactions with us (other than where you are in the (PRC) solely for travel purposes).

Cathay Pacific Customer Privacy Policy

When you use Cathay Pacific’s1 services, you entrust us with personal information (Personal Data). This Cathay Pacific Customer Privacy Policy (Privacy Policy) sets out what information we collect, and how we use it.

This Privacy Policy also applies when you buy travel packages from us or from Cathay Holidays Limited (or its subsidiaries).

Cathay Pacific also offers the Cathay Membership Programme, our loyalty programme. If you are a Cathay Membership Programme member or a Registered Account holder, this Privacy Policy also explains how Cathay Pacific uses and shares any Personal Data in connection with your membership.

1.          Our Commitment to Protect Your Privacy

At Cathay Pacific, we are committed to protecting your Personal Data and your privacy. To ensure that you can make informed decisions and feel confident about sharing certain personal information with us, please read this Privacy Policy to understand who we share your Personal Data with and for what purposes, and the choices you have concerning how your Personal Data is collected and used by us. We may also provide further privacy collection notices highlighting certain uses of your Personal Data, together with the ability to opt in or out of certain uses, when we collect Personal Data from you.

The laws of certain countries require us to provide you with additional information about our processing activities and we have included separate appendices to deal with these. As well as this document, please refer to the appendices which apply to you.

We will notify you of any changes to our Privacy Policy, including by posting the revised policy on www.cathaypacific.com. The changes will be effective from the date of posting. As a consequence of the changes, no processing of your Personal Data will be carried out without your consent if so required by applicable laws.

By visiting our website, using its services or otherwise interacting with us, you acknowledge that you have read and understood this Privacy Policy and agree that we may collect, use, store, transmit and disclose your Personal Data in accordance with this Privacy Policy.

2.          The Personal Data We Collect

2.1        We will collect and process some or all of the following Personal Data about you:

  1. Information about you
    Your personal information such as your full name, gender, date of birth, nationality, travel document details including passport number, passport expiry date, country that issued your passport and your country of residence (this information is also known as Advanced Passenger Information (API)), your contact details, your parents’/guardian’s names and contact details, address, and photographs and other images;
  2. Your payment details
    Payment details used to purchase our products and services such as credit or debit card number and expiry date, account information relating to other payment services (such as online or mobile payment services or virtual currency) and billing information;
  3. Information we collect in relation to your travel
    Information about your travel arrangements such as your travel itinerary, hotel selection, your choice of tours, car rentals or other add-ons to your travel package, details of your travel companions or persons assisting you, your activity at airport departure and arrival halls, your redemption group members, seat and meal preferences, your emergency contacts and any information relating to any special assistance that you require such as dietary requirements or health issues;
  4. Information about your Cathay Membership Programme membership and transactions
    Information provided in your application to join the Cathay Membership Programme, your membership number, your user name and your earning and claiming of Status Points or Asia Miles, and details about your nominated companions;
  5. Information about your use of our products and services
    Information such as previous travel arrangements, feedback about your experiences, details of lost luggage and other claims, your use of our inflight entertainment system and inflight connectivity, your images captured via CCTV in our airport lounges and aircraft, your use of our cargo services including details of the cargo shipments, and your purchase of our duty free products and branded items;
  6. Your interests, preferences and opinions
    Information that we collect about your interests, preferences and opinions such as your hobbies, destinations you are interested in and products and services you have bought;
  7. Our interactions with you
    A record of any interactions and correspondence between us such as calls made through our call centre, any interactions you have with our staff or representatives (including whilst on board our flights) and any interactions with us or posts that refer to us on social media;
  8. Survey information
    Your responses to market surveys and contests conducted by us or on our behalf;
  9. Your use of our website, apps and social media platforms
    Details of your visits to our website, your use of social media platforms and our mobile applications and other information collected through cookies and other tracking technology including information that you look at. We may also collect information about you that is publicly available online, including your social media profiles; and
  10. Employment and company information
    If you are an employee or other person travelling or obtaining products or services in relation to our corporate/business travel services or one of our corporate or government clients, we will collect certain information about your employment, company information or relationship with our corporate or government clients such as your company’s or employer’s name, your professional title and your work contact information
  11. Sensitive personal data
    We will collect and handle sensitive Personal Data, for example, your passport identity information, your credit or debit card information, account information, information of your minor children or dependents or when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious beliefs and health issues. We will ask you for your consent when collecting and handling this type of Personal Data.

2.2        Certain Personal Data (particularly details of your travel documentation, payment details and contact information) are required for many of our products and services and if you fail to supply such Personal Data as requested for specific services, we may be unable to deliver you the products and services in full.

3.          How we collect Personal Data

3.1        We will collect some Personal Data from you directly. We will collect other Personal Data from third parties including: (a) travel agents (including corporate travel managers) and other persons that make bookings or otherwise interact with us on your behalf; (b) our service providers and agents such as our ground handling agents who assist you with check-in and boarding or our call centre agents who provide customer service; (c) third parties such as other airlines, providers of other travel-related services; (d) our third party marketing partners; (e) the third parties that we partner with in connection with the Cathay Membership Programme, including credit card issuers, hotel operators, retailers and restaurants; (f) the operator of our loyalty programme (i.e. Asia Miles Limited); (g) organisations which conduct credit, fraud, and other passenger checks; (h) immigration, customs, border security and law enforcement bodies, airport authorities and other government or regulatory bodies; and (i) providers of third party websites, apps and social media platforms.

3.2        If you provide us with information about other individuals, you must tell those individuals and let them know where they can find a copy of this Privacy Policy, and obtain their consent if required under applicable laws.

3.3        If you were a member of Asia Miles or Marco Polo Club loyalty programmes, we have obtained your Personal Data through those programmes to continue offering you our services, now under the name of Cathay Membership Programme, and to maintain your tier status and miles balance.

3.4        Your Personal Data may be accessed, transferred and/or stored outside of China by staff or suppliers.

4.          Why we collect and use your Personal Data

4.1        When you share information with us, you help us make our services to you better. Here are some of the ways we will use your Personal Data:

  1. To provide our products and services to you and to administer your travel arrangements
    To provide our products and services to you and to process and administer your travel and service arrangements, to contact you about your travel and service arrangements and to send you service-related communications, to deliver of benefits and services associated with your travel package or requested services, to identify and verify your identity in connection with the services we provide, to provide or facilitate any special assistance you may have asked for;
  2. To tailor and personalise our products and services to you
    To tailor and personalise the products and services that we provide to you, including providing your details to our staff and cabin crew so they can greet you personally and acknowledging your loyalty if for example you are a Diamond Cathay Membership Programme member. We may also tailor our communications to you and tailor what we present to you to better match your preferences and interests;
  3. To provide customer support
    For customer support purposes such as responding to your enquiries and requests, providing assistance to you in relation to issues such as baggage claims and flight delays;
  4. For marketing purposes
    For providing you with marketing communications, as explained in more detail in section 6 below;
  5. To operate and facilitate your participation in our loyalty programme
    Where you are a member of Cathay Membership Programme, we will use Personal Data that we collect about you for the operations of the Cathay Membership Programme such as processing your membership application and to ensure that you get the benefit of our loyalty programme, including to track your earning and claiming of Status Points or Asia Miles, your accrual and redemption activities and record your mileage credits.
  6. For social interactions
    To administer campaigns, contests and sweepstakes conducted by us when you choose to participate in them, including disclosing the winners of any such contest;
  7. To improve our products and services
    For the purposes of improving our products and services for the benefit of our customers generally, including to ensure that our websites and web pages (including social media pages) function correctly and in accordance with your preferences and circumstances;
  8. For safety and security purposes and emergency response activities
    To ensure the safety and security of all our staff and passengers and to undertake any necessary activities during emergency events;
  9. To comply with our legal obligations and for legal and administrative purposes
    To comply with our legal and regulatory obligations and for legal and administrative purposes such as, verifying and processing payment, screening against fraud, screening against abusive booking, money laundering and other criminal or unlawful activities, accounting, billing and audit purposes, developing, maintaining and testing our systems, for claims handling and for understanding, exercising, enforcing or protecting our legal rights and those of others.
  10. Using your Personal Data to make decisions:
    In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models. Under certain circumstances, you may have the right to restrict how we process your Personal Data for these decision making process.

4.2        Legal grounds for use of Personal Data

The legal grounds for our use of Personal Data are as follows:

  1. Consent: where you have consented to our use of your Personal Data. You may withdraw your consent to the use of your Personal Data by contacting us as set out in paragraph 8.5 of the Privacy Policy.
  2. Contract performance: where we are required to collect and handle your Personal Data in order to provide you with the services that we have contractually agreed to provide to you, e.g. where you have booked a flight with us or the use of our freight service.
  3. Legal obligation: where we need to use your Personal Data to comply with our legal obligations.

5.          Who we share your Personal Data with

In certain circumstances, we will disclose your Personal Data to third parties as described below. Some of these parties may be located outside of the PRC.

5.1        Our service providers and members of the Cathay Pacific group who process personal data on our behalf for the purposes described in section 4

We will permit our third party service providers, including agents, contractors and other Cathay Pacific group companies, to use your Personal Data on our behalf for the purposes set out in section 4. Examples of such third parties include our ground handling agents who assist you with check-in and boarding, our airport lounge operators, operators of our IT systems and call centre agents. We may also disclose your Personal Data to third parties in order to facilitate any special arrangements that you may have requested, such as liaising with airport authorities to arrange wheelchair assistance or our catering providers to accommodate any special meal requests.

If you are a member of the Cathay Membership Programme, we will share your Personal Data with our wholly owned subsidiary, Asia Miles, for the provision and management of the Membership Programme, including sending you marketing materials if you have consented to receive such communications.

5.2        Third parties such as other airlines, hotel partners, travel operators and travel agents in order to facilitate and administer your travel arrangements

In order to facilitate and administer your travel arrangements, we may transfer your Personal Data to third parties such as other airlines (including oneworld partner airlines, other partner and codeshare airlines in the context of codeshare and interline arrangements [where we are the marketing carrier]), hotel partners, land or sea transport operators, as well as to travel agents or other persons who interact with us on your behalf. Your Personal Data will be used by such third parties in accordance with their privacy policies. The privacy policies of our interline and codeshare partner airlines can be found in the International Air Transport Association (“IATA”) privacy policy repository at http://www.iatatravelcenter.com/privacy. For others, please visit the third parties’ website for more details. In order to facilitate and administer your insurance when you fly with us covering for medical expenses related to a COVID-19 diagnosis we may transfer your Personal Data to our insurance partner AXA. Your Personal Data will be used by AXA in accordance to its privacy policy.

5.3        Our third party partners, for marketing purposes

We may disclose your Personal Data to third parties so they can provide marketing services or conduct marketing or social interaction activities on our behalf such as campaigns, contests, sweepstakes, market research, customer surveys and data analytics to help us improve and tailor our marketing activities, products and services. Subject to us having obtained appropriate consent from you, we may also disclose your Personal Data to our third party marketing partners in order that they may market their products and services to you.

5.4        Our corporate or government clients

For employees or other persons travelling or obtaining products or services in relation to one of our corporate or government clients, we will disclose your travel details and information concerning your use of our service to our corporate or government clients.

5.5        Government and regulatory bodies and other individuals, bodies and organisations (for example immigration, customs, border security, regulators and the police) for the purposes of complying with our legal obligations, for reasons of safety and security, to enable us to provide our products and services to you and otherwise for legal and administrative purposes.

We may disclose your Personal Data to governments and regulatory authorities and bodies and to other individuals, bodies and organisations such as immigration, customs, border security, airport authorities, dispute resolution, prosecution and law enforcement bodies, legal advisers, organisations which conduct credit, fraud and other passenger checks, and other individuals, bodies and organisations for the purposes of complying with our legal obligations, for example, where we are required by laws in the United States, France and other countries to disclose your Personal Data in relation to your travel document, booking details and flight itinerary (also known as Passenger Name Record (PNR) and/or Advanced Passenger Information (API)) to relevant customs and immigration authorities as required by laws. We may also disclose your Personal Data to such individuals, bodies and organisations for reasons of safety and security, to enable us to provide our products and services to you and otherwise for legal and administrative purposes.

You can find a full list of the third parties to whom we may transfer the personal data as listed under Section 2 here.

You can find a full list of third parties to whom we may transfer the personal data as listed under Section 2 located outside the territory of the PRC here.

If you wish to exercise your rights or need more information or clarification on specific Personal Data usage by any of the above third parties you are welcome to contact us at dpo@cathaypacific.com or write to us at the below mailing addresses:

The Data Protection Officer
Cathay Pacific Airways Limited
6th Floor Cathay Pacific City
8 Scenic Road
Hong Kong International Airport
Lantau
Hong Kong

To facilitate your requests, we will liaise with any third parties located in the PRC or abroad on your behalf.

6.          Marketing

6.1        Subject to your consent, we may use Personal Data for marketing and promotional purposes, including (i) for sending or showing you updates on latest news, offers and promotions in connection with our products and services (and the products and services of our group companies such as Asia Miles and third parties) (ii) for sending or showing you joint marketing offers about our travel services and packages, loyalty programmes, contests and sweepstakes, duty-free sales and ancillary services such as travel insurance, hotel transfers and car rentals; or (iii) for tailoring and tracking your interactions with internet banner advertisement and links from third party websites to our website.

6.2        Subject to your consent, we may also use Personal Data to analyse our customers’ preferences and market trends and derive insights, which we may use to tailor the types of products and offers that we present to you. This may involve us combining Personal Data that we hold about your use of our services with information that we have collected about your web usage. We may also combine information that we have collected about you with information that we have collected about our other customers in order to derive these insights and establish market trends. We may provide these insights to our third party partners and Asia Miles for their marketing and promotional purposes. We also use advertising services and products provided by third party service providers (such as marketing agencies and social media platforms) for marketing and promotional purposes, which may involve us sharing Personal Data that we hold about you with them.

6.3        We may communicate marketing, promotions and research invitations to you by post, telephone, or online (including by email or through your mobile device or via online banner advertisement) and, as appropriate and where required, we will ask you for your consent, or otherwise provide you with the opportunity to choose not to receive marketing, at the time we collect your data.

6.4        We will provide an option to unsubscribe or opt out of further communication on any direct marketing communication sent to you. You may also opt out by contacting us as set out in paragraph 8 below.

6.5        Please note that if you choose to unsubscribe or opt out of marketing communication, we will still send you communications about your travel with us and any other services that we provide to you. Where you are a Cathay Membership Programme member or a Registered Account holder, you will also continue to receive administrative emails, account summaries and updates to our services.

7.          Transmission, storage and security of your Personal Data

7.1        IT Security

No data transmission over the Internet, a website, mobile application or via email or other message service can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Data in accordance with the requirements of data protection legislation.

All Personal Data we collect about you is stored on our or our subcontractors’ secure servers. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected. You are responsible for keeping any information that we send to you confidential and for complying with any other security procedures that we notify you of. In particular, where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or mobile applications, we ask you not to share a password with anyone.

7.2        Retention period

We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain personal data for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information will be retained) or securely destroyed.

8.          Your rights and contacting us

8.1        General rights

You have the right to ask us to:

  1. Provide you with copies of certain Personal Data held about you and correct any inaccuracies;
  2. provide you with further details on how we use and process your Personal Data; and
  3. delete Personal Data we no longer have grounds to process in certain circumstances permitted by law.

Please note that we will not charge a fee when we deal with your requests in the exercise of the above rights.

8.2        In addition, under certain conditions, you have the right to:

  1. where processing is based on consent, withdraw the consent; and
  2. object to direct marketing (including any profiling for such purposes) at any time.

8.3        Right to opt out of direct marketing

You have the right to ask us not to process your Personal Data for direct marketing purposes. You can exercise your right to prevent such processing by indicating that you do not consent to direct marketing at the point at which we collect your Personal Data. You can also exercise the right at any time after we have collected and used your Personal data for direct marketing purposes by:

  1. following the opt-out instructions contained in the relevant communications; or
  2. updating your email subscriptions at http://www.cathaypacific.com/cx/en_HK/offers/newsletter/login-to-subscribe.html for CX newsletter OR http://www.cathaypacific.com/cx/en_HK/frequent-flyers/my-account/manage-account/update-profile/subscription-to-email-updates.html for MPO newsletter.

8.4        In the event of the death of a natural person, close relatives of the deceased person may, for their own lawful and legitimate interests, exercise the rights to request access, copy, correct, and delete the relevant personal information of the deceased, unless the deceased had otherwise arranged before his/her death.

8.5        Contacting us

Customers requesting to exercise their rights or needing more information or clarification on specific Personal Data usage are welcome to contact us at dpo@cathaypacific.com or write to us at the below mailing addresses:

The Data Protection Officer
Cathay Pacific Airways Limited
6th Floor Cathay Pacific City
8 Scenic Road
Hong Kong International Airport
Lantau
Hong Kong

9.          Use of Cookies on Cathay Pacific Group Sites

The websites of the Cathay Pacific group companies, including cathaypacific.com use cookies which, among other things, help us to improve your experience of our websites and to ensure that they perform as you expect them to. For detailed information on how we use cookies and the purposes for which we use then, please see our Cookies Policy.

10.          Links to Other Sites

This website contains links to other sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy statements of other websites. We have no control over Personal Data that you submit to or receive from these third parties.

4.1          The following sentence shall be added to the introductory section of the Privacy Policy before the start of clause 1:

“For the purpose of the Privacy Policy, “Cathay Pacific” means Cathay Pacific Airways Limited, Hong Kong Dragon Airlines Limited, Cathay Holidays Limited (and its subsidiaries). Among these entities Cathay Pacific Airways Limited is responsible for handling your Personal Data and acts as a point of contact for any enquiries, complaints, data corrections or update requests”.

4.2          The first sentence of Section 5 (Who we share your Personal Data with) of the Privacy Policy is replaced by the following language:

In certain circumstances, to the extent permitted by the Act on Protection of Personal Information of Japan (Act No.57 of 2003) and based on your consent if required by the law, we will disclose your Personal Data to third parties as described below:”

4.3          Processing of special categories of Personal Data

(a)        We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious or other beliefs.

(b)        We will typically ask you for your consent when collecting, handling or share with a third party this type of Personal Data, unless we are otherwise permitted to process such Personal Data under the Act on Protection of Personal Information of Japan (Act No.57 of 2003) (APPI).

4.4          Your rights

(a)        In addition to the Section 8 (Your rights) of the Privacy Policy, in certain circumstances, you may have the rights under the APPI to ask us to:

(i)         correct, add or delete Personal Data if the Personal Data held by us is not accurate;

(ii)        stop the use or sharing with a third party of, or delete, Personal Data if the use or sharing is against the rules of the APPI;

(b)        These rights are subject to certain exemptions to safeguard the life, body or assets of you or a third party (e.g. the prevention or detection of crime) and our interests, due to requirements of other laws or availability of less onerous options.

5.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

 “By providing us with your Personal Data and continuing to use our services, you agree to the processing of your Personal Data in accordance with the terms of this Privacy Policy, which may be amended or updated from time to time. ”

5.2          The following section 2.3 shall be added to the Privacy Policy:

“2.3 We will process sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when processing this type of Personal Data, unless we are otherwise permitted to process such sensitive Personal Data under the Malaysian Personal Data Protection Act 2010.“

6.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

“You consent to the collection, use and disclosure of your Personal Data as described in this Privacy Policy.”

7.1          The following sentence shall be added as a final paragraph in the introductory section of the Privacy Policy before the start of clause 1:

You consent to the collection and use of your Personal Data in accordance with the terms of this Privacy Policy

7.2          TThe following clause shall be added to the Privacy Policy as section 5.6:

5.6 Names of third party recipients of your Personal Data and description of their processing work

The names of third parties that will process your Personal Data on our behalf and descriptions or their work are as follows. This list may be amended or updated from time to time.

Service Provider (Trade Name) Description of Work

Swissport Korea

Ground handling service in Incheon Intl Airport including check-in, reservation and ticketing, providing notice of change, ticket sales, guiding use of lounge by members, assistance in membership subscription and response to queries on mileage service, etc.

Asiana Airlines

Ground handling services in Busan and Jeju Intl Airport including check-in, reservation and ticketing, providing notice of change, assistance in membership subscription and response to queries on mileage service, etc.

SMS transmission/messaging service providers

SMS transmission for notification or reminders on flights, etc.

IBM

Mainframe: To perform auto-tracking and retro claim processing for oneworld and Asia Miles partners

AWS

Cloud service.

OpenJaw

Travel retail platform for Cathay

Amadeus

Amadeus is the Internet application for passenger to book flights online

Novatti

eVoucher Management System

Salesforce

Salesforce provides application to store and handle customer contacts and to manage customer feedback and compensation

CHAMP

Cargo Service System for Carrier and Handling

Ayden

Payment gateway

Alipay

Payment service

Acoustic (Silverpop)

Marketing automation & email marketing software

Go Logistics and Storage

Cathay Shop Product delivery

TravelSky Technology Limited

For APP booking management in the reservation systems

Asia Miles Limited

Asia Miles accrual

 

7.3          The following paragraph shall be replaced section 7.3 (Retention Period) of the Privacy Policy:

7.3 Retention Period

Our retention periods for Personal Data are based on business needs and legal requirements. We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, we may retain: (i) certain transaction details (e.g. flight history) and correspondence until the time limit for claims arising from the transaction with us has expired (which is typically between 6 to 10 years after the relevant transaction occurred, and in some cases much less than this); or (ii) certain data to comply with regulatory requirements regarding the retention of such data. Where Personal Data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised data) or securely destroy the data.

 

7.4          The following sentence shall be added to section 8.1:

“If you are under the age of 14, your legal guardian will have the rights under section 8.”

7.5          The following clause shall be added to Privacy Policy as section 5.7 of the Privacy Policy:

5.7 Provision of personal data to a third party when booking flight tickets

5.7.1 Personal data you provide when you book flights online include the following. Please note, personal data collected from you may vary depending on the nature of services provided to you:

Mandatory information:

  • Your family name, given names, title
  • Your travel companions' family name, given names, title (when applicable)
  • Mobile phone number, Email address
  • Payment information
  • Date of birth (applicable to children under the age of 12)
  • Travel document information (applicable to specific points of departure/destinations)
  • Nationality, gender, date of birth (applicable to specific points of departure/destinations)
  • Destination contact information (applicable to specific points of departure/destinations)
  • Destination address (applicable to specific points of departure/destinations)
  • Region of residence (applicable to specific points of departure/destinations)
  • Emergency contact (applicable to specific points of departure/destinations)

Optional Information (May be requested based on the point of Departure / Destination):

  • Meal preferences (since preferable meal information is optional, you can still book online)
  • Seat preferences (since preferable seat information is optional, you can still book online without this selected)
  • Any frequent flyer programme information and membership number

Please note: unaccompanied young travellers under the age of 14 will need additional consent from a guardian for collection and use of their personal data. Please contact the reservation department in Seoul at +82 1644-8003 before checking in online.


5.7.2 In addition, we may provide your personal data to third parties in the following cases:

Name of Recipient Items of Personal data Provided Purpose of Use by Recipient Period of Retention and Use by Recipient

AMADEUS IT GROUP, S.A

All information collected in booking

For managing passenger flight bookings

7 years

oneworld Alliance and other partner airlines (details available here)

  • Name
  • Frequent flyer programme information
  • Booking and flight details

Points accrual

Until termination of contract

Asia Miles Limited

  • Name
  • Date of birth
  • Frequent flyer programme information
  • Booking and flight details

Asia Miles accrual

Until member account termination

TravelSky Technology Limited

All information collected in APP booking

For APP booking management in the reservation systems

7 years

Adyen

Payment information

For cash (non-miles) payment

7 years

Aviation authorities in the countries where CX operates

Advance passenger information

Legal/regulatory requirement

In accordance with applicable laws/regulations

7.6          The following clause shall be added to the Privacy Policy as section 7.4

7.4 Methods and Process of Destruction of Personal data

We will destroy personal data without delay when either the purpose of processing has been achieved or the period of processing and retention has expired.

If it is required to continue to preserve personal data pursuant to other laws and regulations even though the retention period of the personal data consented by the data subject has expired or the purpose of processing such personal data has been achieved, the personal data shall be segregated to ensure that the purpose of processing will be limited accordingly.

The procedure and methods for destruction of personal data are as follows:

Destruction Procedure: We select the personal data subject to destruction and destroy them with the supervision of our Data Privacy Officer.

Destruction Methods: We permanently delete personal data stored in the form of an electronic file using a technical method that renders the record irrecoverable. For other records, printed materials, written documents or recording media, we destroy them by shredding or incinerating them.


7.7          The following clause shall be added to the Privacy Policy as section 2.3

2.3. Information we collect when you book non-members' tickets

When booking non-members’ tickets, we collect your personal data referred to in Sections 2 and 5.7.1 of the Privacy Policy, except for frequent flyer programme code, number and related information.

7.8          The following clause shall be added to Privacy Policy as section 5.8. of the Privacy Policy:

5.8 Overseas transfer of personal data

We delegate or retain users personal data overseas as below.

Name of recipient (Country to which personal data will be transferred/ Contact information of their respective person in charge of managing the personal data) Items of personal data transferred overseas Timing and method of transfer Purpose of use by the recipient Period of retention and use by recipient

AMADEUS IT GROUP, S.A (Germany/ dataprotection@amadeus.com)

All information collected in booking

Online transmission upon creation of booking

For managing passenger flight bookings

7 years

oneworld Alliance partners (Locations of airlines/ [Contacts please refer to link])

  • Name
  • Frequent flyer programme information
  • Booking and flight details

Online transmission upon creation of booking

Points accrual

Until termination of the contract

Asia Miles Limited (Hong Kong/ dpo@cathaypacific.com)

  • Name
  • Date of birth
  • Frequent flyer programme information
  • Booking and flight details

Online transmission upon creation of member account and booking

Asia Miles accrual

Until member account termination

TravelSky Technology Limited (China/ helpdesk@travelsky.com)

All information collected in APP booking

Online transmission upon creation of booking

For APP booking management in the reservation system

7 years

Adyen (Netherlands/ dpo@adyen.com)

Stored credit card information

Online transmission upon creation of payment

For cash (non-miles) payment

7 years

OpenJaw (Ireland, Data Centre : Singapore/ dpo@openjawtech.com)

  • Flight, Hotel and experience itinerary
  • Traveller / guest and frequent flyer information

Online transmission upon creation of Cathay Holidays booking

For Cathay Holidays Booking, Redemption & Amendments

7 years

Salesforce (Marketing Cloud) (the US/ privacy@salesforce.com)

Member information such as name, contact mobile, email, miles balance, miles transaction, booking, consent

Online transmission upon creation of member account and communication

For member communication management

1 – 7 years
e.g. booking data will be kept for 1 year, miles transaction will be kept for 3 years, member profile will be kept 7 years

Acoustic (Silverpop) (the US/ privacy@acoustic.com)

  • Passenger name
  • Email
  • Mobile number
  • Member number

Online transmission upon creation of communication

For passenger communication

450 days

Novatti (Hong Kong/ privacy.officer@novatti.com)

  • Passenger name
  • Member number

Online transmission upon change/update of member benefit

For retrieving member benefit entitlement

7 years

Go Logistics and Storage Company Limited (Hong Kong/ info@gols.com.hk)

  • Member name
  • Contact number
  • Postal address

Online transmission upon purchase

For product delivery

7 years

AWS (Singapore/ aws-korea-privacy@amazon.com)

  • Passenger information
  • Member information

Online transmission upon member registration and update

For storage on cloud

7 years

CHAMP (Luxembourg/ dpo@champ.aero)

Cargo Airway Bill

Online transmission upon cargo shipment order creation and update

For managingcargo shipment

7 years

IBM (Autralia/ https://www.ibm.com/privacy/portal/contact/us-en)

Passenger information

Online transmission upon miles accrual/retro activities

For miles accrual/retro activities

7 years

The South Korea Appendix applicable up to 21 November 2022 is available here.

8.1          The following section 2.3 shall be added to the Privacy Policy:

“2.3 We will collect and handle sensitive Personal Data, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your health issues. We will ask you for your written consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to collect, process or use such Personal Data under Taiwan Personal Data Protection Law. “

8.2          The following section 4.2 shall be added to the Privacy Policy:

“4.2 Your Personal Data may be used in electronic form and/or hard copy form or in any appropriate manner.”

8.3          The following sentence shall be added to section 8.1:

“In addition to the above, you have the right (subject to exceptions and in accordance with Taiwan Personal Data Protection Law) to request a copy of your Personal Data held by us or require us to delete or cease the collection, processing or use of your Personal Data. You may exercise these rights by contacting us at the contact details in section 8.4 of the Privacy Policy.”

9.1          California Privacy Rights

9.1.1       Privacy Rights

Under California Civil Code TITLE 1.81.5. California Consumer Privacy Act of 2018 (CCPA) sections 1798.100 - 1798.199 , California residents are entitled to:

  • Access to Specific Information: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
  • Deletion of Specific Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

Please submit a written request by contacting us at the contact details in section 8.4 of the Privacy Policy.

We will not discriminate against you for exercising any of your CCPA rights.

9.1.2       Do We Sell Your Personal Data?

We do not sell information that directly identifies you, like your name, address, or banking information. However, the CCPA’s broad definitions of “sale” and “personal information” may deem the common flow of information in the digital analytics and advertising ecosystem to be a sale. Like most companies we use online analytics to measure the ways users engage with our websites and apps. These analytics, in turn, inform how we perform online advertising. In order to provide these analytics and facilitate online advertising, we use third-parties that collect device identifiers and place tags, cookies, beacons, and similar tracking mechanisms on our websites/apps and on third-party websites/apps. You can find more information on how we use such cookies in our Cookies Policy.

9.2          Children

Other than information required to complete a booking, we do not knowingly collect personal identifiable information from children under the age of 13. If we learn that we have collected Personal Data from a child under the age of 13, we will take reasonable steps to delete that information. Where required by applicable law, we may ask a parent or guardian for consent before we provide a product or service to a minor.

9.3          Your Rights And Choices

You may have additional rights and choices regarding how we process your personal information.  Those additional rights and choices are listed below.

We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.  We will try to comply with your request as soon as reasonably practicable.

Please note that your exercise of these rights is subject to limitations and we may reject your request.

Access and correction: You may access the information we maintain about you.  You may request access to correct any errors in your personal information.

Deletion: You may request that we delete your personal information.  Please note, we may be required by legal or other reasons to retain your personal information.

 Do Not Sell My Personal Information: To the extent that we sell customer data, you may have the right to direct us to stop selling your personal information if we are doing so.

Please contact us using the contact details in section 8.4 of the Privacy Policy if you would like to exercise any of these rights or request more information.  Where required by applicable law, we will notify you if we reject your request and notify you of the reasons we are unable to honor your request.

9.4          The following sentence shall be added to section 9:

In relation to web browser-based do-not-track (“DNT”) signals, because there is not yet a consensus on how companies should respond to web browser-based DNT mechanisms in Europe, the US and California, we do not explain how we respond to web browser-based DNT signals at this time.”

More about Legal and privacy

Customer privacy policy - European Appendix

Customer privacy policy - Non-European Appendix

Cathay Pacific Conditions of Carriage (PDF), Link opens in a new window operated by external parties and may not conform to the same accessibility policies as Cathay Pacific .

Notification to Passenger Charter of Rights for travel to/ from India (PDF), Link opens in a new window operated by external parties and may not conform to the same accessibility policies as Cathay Pacific .

Notification of Rights to Benefits under the Israel Aviation Services Law (PDF), Link opens in a new window operated by external parties and may not conform to the same accessibility policies as Cathay Pacific .

ET Conditions of Contracts/ Notices & EC 889 Air Carrier Liability for Passengers/ their Baggage (PDF), Link opens in a new window operated by external parties and may not conform to the same accessibility policies as Cathay Pacific .

All downloadable files on this page are in PDF (Portable Document Format) and can be viewed with Adobe Acrobat Reader. You can download the Reader at no cost from the Adobe website, Link opens in a new window operated by external parties and may not conform to the same accessibility policies as Cathay Pacific .