Table of Content
In general, the browsing of the Sites does not imply collection and processing of personal data. The computer systems used to operate the Sites could acquire, during the normal course of operation, some personal data whose transmission is implicit in the communication protocols of the internet. Such data are not collected with the aim to identify you, but could lead to your identification in some circumstances if, by way of example, combined with data held from third parties. This category of data includes the IP address and domain name of your computer, URI addresses (Uniform Resource Identifier) of requested resources, the time of request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server and other parameters related to your operating system. Such data are used only to obtain anonymous statistical information on the use of the Sites and to check its correct functioning and are deleted immediately after their processing.
We collect Personal Data voluntarily provided by you upon interaction with the functionalities of our Sites, mobile services and other channels that may be used to personally identify you (“Personal Data”). If we obtained your Personal Dataindirectly from a third party, we will verify the legality of the source of the Personal Data, based on our agreement with the relevant third party. We will use your Personal Data after such confirmation, subject to compliance with relevant laws and regulations. Personal Data include:
· Your personal information such as your name, gender, date of birth, identity card number, passport or other personally identifiable number,health related information, and information about your registered status with any of our subsidiaries, associated companies and/or business associates;
· Your travel details such as flight information, travel companions’ personal information, destination contact information, seat and meal preferences, flight and hotel preferences, and information related to traveler special needs;
· With your free and express consent, your responses to market surveys and contests conducted by us or on our behalf; and
c) If you are a minor (16 years of age or younger), you are not allowed to use our Sites, mobile services, etc. Considering that we cannot tell the age of online visitors, if a minor provides Personal Data to us without the consent of his or her parent or guardian, his or her parent or guardian may send an email to CEAPrivacyOffice@ceair.com to remove the information or reject the opportunity of being contacted for the scheduled promotional activity. We neither intend nor try to collect information on minors.
We may use the Personal Data you provided and process them both through automatic and manual means for one or more of the following purposes:
· process and administer your reservation and/or travel services with or through us
· process and administer your reservation and/or use of our freight or shipping services
· for your use of the online services available at any of our Sites and/or through other telecommunication channels
· supply of any products and/or services which you may require
· identification and verification purposes in connection with any of the services or products that may be supplied to you
· contact you regarding your enquiries
· conduct satisfaction survey, handle complaints, or receive compliments
· for our frequent flyer and mileage programme
· administer contests and sweepstakes conducted by us or on our behalf
· disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of the People's Republic of China ("China", excluding Hong Kong and Macau Special Administrative Regions and Taiwan)
· facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties)
· improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties)
· provide other airport and travel related services, such as duty free sales and travel packages
· process any baggage or loss claims
Categories of Personal Data that we collected include:
· Your title and name (including surname, first name and maiden name);
· Your date of birth;
· Your gender;
· the type, document number, expiry date, issuing country of your travel document;
· Your frequent flyer member scheme and membership number
· Your email address;
· Your mobile phone number;
· Your country of residence;
· Your next of kin;
The legal basis for the collection of the Personal Data include performance of a contract with you and compliance with a legal obligation.
Providing your Personal Data for the above mentioned purposes is necessary and denial thereof will prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries or providing you with other requested services (e.g. travel and shipping services).
We may also use your Personal Data for the followingadditional purposes:
· With your free and express consent, we may also use your Personal Data for marketing, promotional and customer relationship management purposes, carried out through both automatic (email, SMS, MMS, fax) and non automatic means (traditional mail, telephone) such as sending you updates on latest offers and promotions in connection with our products and services and conducting market research. You always have the choice to select your preferred contact means or not to receive marketing information at all. For further information and instructions please seeSection 7 - Direct Marketing. With your free and express consent we can also communicate your data to our business partners for marketing purposes carried out by said third parties through both electronic (email, SMS, MMS, fax) and non-electronic means (traditional mail, telephone). Providing your Personal Data for the above mentioned purposes is optional and denial thereof will not prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries, providing you with other requested services (e.g. travel and shipping services).
· With your free and express consent, we may also process your Personal Data in order to build individual user and group profiles (i.e. profiling activities).Providing your Personal Data for the above mentioned purposes is optional and denial thereof will not prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries and providing you with other requested services (e.g. travel and shipping services).
· With your free and express consent, we may also process your Personal Data (in particular your health related data) in order to provide special caring during our service offering. It is optional for you to provide your Personal Data for the above-mentioned purposes, and your refusal to provide your Personal Data will not prevent us from fulfilling our contractual obligations towards you, processing your reservation, providing you with customer support, answering your enquiries and providing you with other requested services (e.g. travel and shipping services).
· In addition, we may from time to time use non-identifying information about our customers to better design our Sites and/or to improve our services and products. This means we may provide this information to third parties. However, this information will never identify any single user in particular.
Cookies are text files containing small amounts of information, which are downloaded to your computer or mobile device by websites that you visit.
Our Sites contain links to websites that are owned and/or operated by third party companies. We are not responsible for the privacy practices or the content of such websites. You should check the applicable privacy policies of those third parties prior to providing them with any information.
To maintain the accuracy of the Personal Data, as well as to prevent unauthorized access and ensure the correct use of Personal Data, we undertake that we have implemented appropriate physical, technical, and organizational measures to safeguard and secure the Personal Data we collect in compliance with applicable laws and regulations.
For example, we use Secure Socket Layer (SSL) protocol—an industry standard for encryption over the Internet—to protect in transmission the Personal Data we collect online. When you type in sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet. All electronic Personal Data that we maintain are securely stored and further protected through our use of appropriate access controls. When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted.
In addition, to better protect your Personal Data, some areas of our Sites or our mobile services channels are inaccessible unless you supply individually identifiable and verifiable information, such as your Eastern Miles Membership Number and Password, or log in using your User ID and PIN.
As stated above, in some instances we may entrust Personal Data to third party service providers (including service providers within or outside of China), with the use of Personal Data for the purposes we specify, on the condition that such third party service providers undertaking with us that they will abide by the applicable laws and regulations on the security and protection of Personal Data. For further details on disclosure and transfer of your Personal Data, please refer to Section 6 below.
We may retain your Personal Data for as long as needed to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When the retention period set by us is exceeded, we will delete or anonymize your Personal Data. In particular, Personal Data will be stored according to the below:
Purposes of the processing
Categories of data
Process and administer your reservation and/or travel services with or through us
· personal information
· contact information
· credit or debit card information
· office information
· travel details
· responses to market surveys
data will be stored as long as necessary and legally allowed to provide you with the services/products and for claim and contract management
Send you marketing communications
· personal information
· contact information
24 months or the maximum period that applicable laws and regulations allow for
Create a profile of your travelling choices and personal characteristics, so as to enhance your customer experience
· personal information
· contact information
· office information
· travel details
· responses to market surveys
12 months or the maximum period that applicable laws and regulations allow for
Should a Personal Datasecurity incidenthave occurred, we will inform you in a timely manner, as required by laws and regulations, of matters such as the basic circumstances of the incident, the possible impact, the response adopted or to be adopted by us, the precautions and remedies that you could consider, etc. Such information will be communicated to you by means such as email, letter, telephone, push notification, etc. If the actual circumstances at the time make it difficult for us to inform affected Personal Data subjects individually, we will publish the relevant information by reasonable and effective means. In addition, we will proactively report our handling of the Personal Data security incident to the competent authorities as they may require.
In addition, we may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of China) our subsidiaries, associated companies, business associates, service providers, and other persons concerned with the services and products provided to or requested by you. We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 2, " Why We Collect Your Personal Data."
· any China Eastern Airlines group companies, including but not limited to, China Eastern Airlines E-Commerce Company Limited;
· China TravelSky Holding Company and its subsidiaries;
· any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to China Eastern in connection with the operation of its business;
· other business associates such air carriers, land or sea transport operators, loyalty program operators, and other companies involved in providing customer service or fulfilling customer requests;
· credit reference agencies;
· credit, debit and /or charge card companies and/or banks;
· government or non-government authorities, agencies, and/or regulators;
· medical professionals, insurers, and clinics/hospitals.
Where permitted by applicable local law, we may also disclose your Personal Data to third parties: (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities (such as immigration and customs control and/or border control agencies); (v) with your express consent; or (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our subsidiaries or associated companies, or to protect the life, body or property of an individual. This also applies when we believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of China Eastern or as part of a corporate reorganization or stock sale or other change in corporate control, to an actual or proposed assignee, transferee, participant or sub-participant.
In accordance with Article L.237-7 of French Internal Security Code, please be informed that airlines may be required to communicate personal data to authorized booking, check-in and boarding data collected from their passengers (API/PNR) to the French authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014.
Please be advised that the Personal Data that China Eastern collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction. When Personal Data is transferred to recipients in countries not ensuring an adequate level of data protection, we will take appropriate measures to ensure that the recipient implement adequate safeguards to your Personal Data in accordance with applicable laws and regulations (including but not limited to standard contractual clauses and adequacy decisions).
7. Direct Marketing
We intend to occasionally use your Personal Data (i.e. your name and contact details) to send you marketing communications such as emails containing news, offers, promotions and joint marketing offers about our travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals. However, we will require your express consent before doing so. Please see below on how to provide us with your consent.
With your free and express consent, we may also provide your Personal Data (i.e. your name and contact details) to third parties, namely our subsidiaries, associated companies, business associates, marketing partners, and travel service partners, for the purpose of marketing their products and services to you, namely travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals.
You may indicate your consent to the above by the following ways:
· when providing us with your Personal Data through our Sites or a form, ticking boxes indicating your consents; or
· when providing us with your Personal Data through the telephone, tell our customer representative that you consent.
You may opt-out from receiving marketing communications at any time, free of charge, by:
· following the opt-out instructions contained in the communications;
· writing to us at the address listed below, under Section 8 – “How to Access or Correct Your Personal Data”; or
· updating your email subscriptions by sending an email to CEAPrivacyOffice@ceair.com.
At any time you have the right to exercise your rights acknowledged by applicable laws and regulations:
Right of access: You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – in particular – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.
You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to restriction of processing: You have the right to request that we restrict the processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity without hindrance from us.
You have the right to object, based on your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.
However, in certain circumstances such a right to object may not exist, e.g. if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
You have the right to cancel a previously registered account at any time. You may request cancellation of your account by sending an email toCEAPrivacyOffice@ceair.com. Upon completion of the cancellation of your account, all information therein will be deleted or anonymized, and we will no longer collect, use or provide to third parties Personal Data relating to the account. Nevertheless, the information provided by you or generated during your use of our services will need to be retained by us for the period required by applicable laws and regulations, and authorities will have the right to access such information according to applicable laws and regulations during that legal retention period.
If you wish to make a request for access or correction to, or deletion or data portability of Personal Data, or a request for account cancellation or any other request concerning your rights (such as the right to obtain the restriction of the processing of your Personal Data), or if you would like to obtain information regarding policies and practices and the kinds of Personal Data held by us, you can contact us at the following address:
China Eastern Airlines Company Limited
Any Personal Data provided to or gathered by China Eastern is controlled primarily by China Eastern Airlines Company Limited, with its registered office at 66 Jichang Avenue, Pudong International Airport, Shanghai, China, having its Italian branch at Rome, Via Barberini 86 Italy, its Germany branch atRossmarkt 5, D-60311 Frankfurt am Main, Germany, itsFrance branch at 20 Avenue deL'opera 75001 Paris, France, its UK branch at 37-39 George Street, London, W1U 3QD, UK, itsSpain branch at C/Gran Via, 57.11-H.28013, Madrid, Spain, itsNetherlands branch at 7th floor Tower C, World Trade Centre SchipholBouleavard 343 1118 BJ Schiphol,The Netherlands, its Czech branch at Florentinum | Na Florenci 2116/15, Prague 1, Czech.