main content
Privacy Policy
Published   2018-12-25

Privacy Policy

Privacy Policy

 

At China Eastern Airlines Company Limited (“China Eastern”, “we” or “us”), we respect and protect your privacy rights. This Privacy Policy describes how we treat the Personal Data we collect. This includes when you use our websitewww.ceair.com or any other Internet properties operated by us that link to this Privacy Policy (collectively, the "Sites") or call our customer service team. 

Please read the following Privacy Policy to understand what information we collect, for which purposes we use it and your rights regarding your Personal Data. By providing your Personal Data to us, you are consenting to this Privacy Policy and the collection, use, disclosure, access, sharing, transfer, storage and processing of your Personal Data for the purposes described in this Privacy Policy (except where your express consent is required under applicable law). We will not use your Personal Data beyond the collection purpose notified at the time of collection of your Personal Data. If it is truly necessary for us to use your Personal Data beyond such scope, we will inform you in a timely manner and may use your Personal Data for the additional purposes after we have obtained your renewed consent. 

Please note that we reserve the right to review and update this Privacy Policy from time to time. If we make any material changes to the Privacy Policy, we will notify you by means of a general notice on the Sites prior to the change taking effect and/or take any other action legally required. If you use a Site after the updated Privacy Policy becomes effective, you will be deemed to have agreed to the amended Privacy Policy. If you believe that, during the period from the issuance date of this updated Privacy Policy to the effective date of this Privacy Policy, the updated Privacy Policy would be more favorable to you, then we agree that the updated Privacy Policy will govern. 

The latest issuance date of this Privacy Policy is December 25, 2018, and will officially become effective on January 10, 2019. 

Table of Content 

1.Information that We Collect about You

2.Why We Collect Your Personal Data and What is the Legal Basis 

3.Use of Cookies on Our Sites 

4.Links to Other Websites 

5.Security and Storage 

6.Disclosure and Transfer of Personal Data 

7.Direct Marketing 

8.What are Your Rights 

9.Data Controller and Controller’s Representative 

Privacy Policy

 

1.  Information that We Collect about You

a) Browsing Data

In general, the browsing of the Sites does not imply collection and processing of personal data.  The computer systems used to operate the Sites could acquire, during the normal course of operation, some personal data whose transmission is implicit in the communication protocols of the internet. Such data are not collected with the aim to identify you, but could lead to your identification in some circumstances if, by way of example, combined with data held from third parties. This category of data includes the IP address and domain name of your computer, URI addresses (Uniform Resource Identifier) of requested resources, the time of request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server and other parameters related to your operating system. Such data are used only to obtain anonymous statistical information on the use of the Sites and to check its correct functioning and are deleted immediately after their processing. 

b) Data voluntarily provided by you

We collect Personal Data voluntarily provided by you upon interaction with the functionalities of our Sites, mobile services and other channels that may be used to personally identify you (“Personal Data”). If we obtained your Personal Dataindirectly from a third party, we will verify the legality of the source of the Personal Data, based on our agreement with the relevant third party. We will use your Personal Data after such confirmation, subject to compliance with relevant laws and regulations.  Personal Data include:

·  Your personal information such as your name, gender, date of birth, identity card number, passport or other personally identifiable number,health related information, and information about your registered status with any of our subsidiaries, associated companies and/or business associates;

·  Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers;

·  Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date;

·  Your business information such as company name, business title and associated contact information;

·  Your travel details such as flight information, travel companions’ personal information, destination contact information, seat and meal preferences, flight and hotel preferences, and information related to traveler special needs;

·  With your free and express consent, your responses to market surveys and contests conducted by us or on our behalf; and

·  Your other online identification information, such as device model and operation log. 

c) If you are a minor (16 years of age or younger), you are not allowed to use our Sites, mobile services, etc.  Considering that we cannot tell the age of online visitors, if a minor provides Personal Data to us without the consent of his or her parent or guardian, his or her parent or guardian may send an email to CEAPrivacyOffice@ceair.com to remove the information or reject the opportunity of being contacted for the scheduled promotional activity. We neither intend nor try to collect information on minors. 

2.  Why We Collect Your Personal Data and What is the Legal Basis

We may use the Personal Data you provided and process them both through automatic and manual means for one or more of the following purposes: 

·  process and administer your reservation and/or travel services with or through us

·  process and administer your reservation and/or use of our freight or shipping services

·  for your use of the online services available at any of our Sites and/or through other telecommunication channels

·  supply of any products and/or services which you may require

·  identification and verification purposes in connection with any of the services or products that may be supplied to you

·  contact you regarding your enquiries

·  conduct satisfaction survey, handle complaints, or receive compliments

·  for our frequent flyer and mileage programme

·  administer contests and sweepstakes conducted by us or on our behalf

·  disclose to a third party to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of the People's Republic of China ("China", excluding Hong Kong and Macau Special Administrative Regions and Taiwan)

·  facilitate the payment for products and services provided by us or our subsidiaries, associated companies and/or business associates including verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties)

·  improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties)

·  provide other airport and travel related services, such as duty free sales and travel packages

·  process any baggage or loss claims 

Categories of Personal Data that we collected include:

·  Your title and name (including surname, first name and maiden name);

·  Your date of birth;

·  Your gender;

·  the type, document number, expiry date, issuing country of your travel document;

·  Your frequent flyer member scheme and membership number

·  Your email address;

·  Your mobile phone number;

·  Your country of residence;

·  Your next of kin; 

The legal basis for the collection of the Personal Data include performance of a contract with you and compliance with a legal obligation. 

Providing your Personal Data for the above mentioned purposes is necessary and denial thereof will prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries or providing you with other requested services (e.g. travel and shipping services). 

We may also use your Personal Data for the followingadditional purposes:

·  With your free and express consent, we may also use your Personal Data for marketing, promotional and customer relationship management purposes, carried out through both automatic (email, SMS, MMS, fax) and non automatic means (traditional mail, telephone) such as sending you updates on latest offers and promotions in connection with our products and services and conducting market research. You always have the choice to select your preferred contact means or not to receive marketing information at all. For further information and instructions please seeSection 7 - Direct Marketing. With your free and express consent we can also communicate your data to our business partners for marketing purposes carried out by said third parties through both electronic (email, SMS, MMS, fax) and non-electronic means (traditional mail, telephone). Providing your Personal Data for the above mentioned purposes is optional and denial thereof will not prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries, providing you with other requested services (e.g. travel and shipping services).

·  With your free and express consent, we may also process your Personal Data in order to build individual user and group profiles (i.e. profiling activities).Providing your Personal Data for the above mentioned purposes is optional and denial thereof will not prevent us from fulfilling contractual obligations with you, processing your reservation, providing you with customer support, answering your enquiries and providing you with other requested services (e.g. travel and shipping services).

·  With your free and express consent, we may also process your Personal Data (in particular your health related data) in order to provide special caring during our service offering. It is optional for you to provide your Personal Data for the above-mentioned purposes, and your refusal to provide your Personal Data will not prevent us from fulfilling our contractual obligations towards you, processing your reservation, providing you with customer support, answering your enquiries and providing you with other requested services (e.g. travel and shipping services). 

·  In addition, we may from time to time use non-identifying information about our customers to better design our Sites and/or to improve our services and products.  This means we may provide this information to third parties.  However, this information will never identify any single user in particular. 

Except as provided otherwise in this Privacy Policy, the Personal Data you provide to us will not be shared by us with third parties, transferred by us to third parties or made public by us for use in ways unrelated to the aforementioned purposes without your prior consent. 

3.  Use of Cookies on Our Sites

Our Sites use cookies which amongst other things, help us to improve your experience of Sites and to ensure that they perform as you expect them to. 

Cookies are text files containing small amounts of information, which are downloaded to your computer or mobile device by websites that you visit.   

We use cookies to remember users’ settings and market products and services, and for authentication purposes. You can set your browser to notify you when you receive a cookie and give you the option to accept or reject it, or you can set your browser to generally reject cookies. Please note that if cookies are disabled or removed, not all features of our Sites will operate as intended. To learn more about the cookies we use please visit our   Cookie Policy  

4.  Links to Other Websites

Our Sites contain links to websites that are owned and/or operated by third party companies.  We are not responsible for the privacy practices or the content of such websites. You should check the applicable privacy policies of those third parties prior to providing them with any information.

5.  Security and Storage

To maintain the accuracy of the Personal Data, as well as to prevent unauthorized access and ensure the correct use of Personal Data, we undertake that we have implemented appropriate physical, technical, and organizational measures to safeguard and secure the Personal Data we collect in compliance with applicable laws and regulations. 

For example, we use Secure Socket Layer (SSL) protocol—an industry standard for encryption over the Internet—to protect in transmission the Personal Data we collect online.  When you type in sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the Internet.  All electronic Personal Data that we maintain are securely stored and further protected through our use of appropriate access controls. When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted. 

In addition, to better protect your Personal Data, some areas of our Sites or our mobile services channels are inaccessible unless you supply individually identifiable and verifiable information, such as your Eastern Miles Membership Number and Password, or log in using your User ID and PIN. 

As stated above, in some instances we may entrust Personal Data to third party service providers (including service providers within or outside of China), with the use of Personal Data for the purposes we specify, on the condition that such third party service providers undertaking with us that they will abide by the applicable laws and regulations on the security and protection of Personal Data. For further details on disclosure and transfer of your Personal Data, please refer to Section 6 below. 

We may retain your Personal Data for as long as needed to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When the retention period set by us is exceeded, we will delete or anonymize your Personal Data. In particular, Personal Data will be stored according to the below: 

Purposes of the processing

Categories of data

Retention period

Process and administer your reservation and/or travel services with or through us

·  personal information

·  contact information

·  credit or debit card information

·  office information

·  travel details

·  responses to market surveys

·  online identification information

data will be stored as long as necessary and legally allowed to provide you with the services/products and for claim and contract management

 

Send you marketing communications

·  personal information

·  contact information

·  online identification information

24 months or the maximum period that applicable laws and regulations allow for

Create a profile of your travelling choices and personal characteristics, so as to enhance your customer experience

·  personal information

·  contact information

·  office information

·  travel details

·  responses to market surveys

·  online identification information

12 months or the maximum period that applicable laws and regulations allow for

 Should a Personal Datasecurity incidenthave occurred, we will inform you in a timely manner, as required by laws and regulations, of matters such as the basic circumstances of the incident, the possible impact, the response adopted or to be adopted by us, the precautions and remedies that you could consider, etc.  Such information will be communicated to you by means such as email, letter, telephone, push notification, etc.  If the actual circumstances at the time make it difficult for us to inform affected Personal Data subjects individually, we will publish the relevant information by reasonable and effective means.  In addition, we will proactively report our handling of the Personal Data security incident to the competent authorities as they may require. 

6.  Disclosure and Transfer of Personal Data

China Eastern is a global airline company with operations, offices, affiliates, and business partners located worldwide.  As such, the Personal Data you submit to us in one country may be transferred, used, processed, stored, and accessed worldwide, for the purposes described in this Privacy Policy.  By accepting the contents of this Privacy Policy, you will be deemed to have consented to the foregoing and your Personal Data may be transferred to the country of destination of the flight that you reserved with China Eastern. 

In addition, we may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of China) our subsidiaries, associated companies, business associates, service providers, and other persons concerned with the services and products provided to or requested by you.  We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 2, " Why We Collect Your Personal Data." 

Personal Data will be processed only by subjects previously duly appointed as data processors or as data controllers, as applicable for the purposes specified above.  We will make all commercially reasonable efforts to review the data security capabilities of, and enter into confidentiality agreements with, third parties with which we share Personal Data, requiring them to process your Personal Data in accordance with this Privacy Policy and other relevant non-disclosure and security measures. 

In particular, we may share your Personal Data with the entities set forth below. 

·  any China Eastern Airlines group companies, including but not limited to, China Eastern Airlines E-Commerce Company Limited;

·  China TravelSky Holding  Company and its subsidiaries;

·  any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to China Eastern in connection with the operation of its business;

·  other business associates such air carriers, land or sea transport operators, loyalty program operators, and other companies involved in providing customer service or fulfilling customer requests;

·  credit reference agencies;

·  credit, debit and /or charge card companies and/or banks;

·  government or non-government authorities, agencies, and/or regulators;

·  medical professionals, insurers, and clinics/hospitals. 

Where permitted by applicable local law, we may also disclose your Personal Data to third parties:  (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities (such as immigration and customs control and/or border control agencies); (v) with your express consent; or (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or property and those of our subsidiaries or associated companies, or to protect the life, body or property of an individual.  This also applies when we believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities. 

We may also transfer any information we have about you as an asset in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of China Eastern or as part of a corporate reorganization or stock sale or other change in corporate control, to an actual or proposed assignee, transferee, participant or sub-participant. 

In accordance with Article L.237-7 of French Internal Security Code, please be informed that airlines may be required to communicate personal data to authorized booking, check-in and boarding data collected from their passengers (API/PNR) to the French authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014. 

Please be advised that the Personal Data that China Eastern collects or obtains may be transferred to jurisdictions that offer lesser protection of Personal Data than that provided in your jurisdiction.  When Personal Data is transferred to recipients in countries not ensuring an adequate level of data protection, we will take appropriate measures to ensure that the recipient implement adequate safeguards to your Personal Data in accordance with applicable laws and regulations (including but not limited to standard contractual clauses and adequacy decisions).

You can obtain copy of such safeguards contacting us as specified under Section 8 – “What Are Your Rights” below. 

7.  Direct Marketing

We intend to occasionally use your Personal Data (i.e. your name and contact details) to send you marketing communications such as emails containing news, offers, promotions and joint marketing offers about our travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals. However, we will require your express consent before doing so.  Please see below on how to provide us with your consent. 

With your free and express consent, we may also provide your Personal Data (i.e. your name and contact details) to third parties, namely our subsidiaries, associated companies, business associates, marketing partners, and travel service partners, for the purpose of marketing their products and services to you, namely travel services and packages, loyalty programs, duty-free sales and other travel related auxiliary services such as travel insurance, hotel transfers and car rentals. 

You may indicate your consent to the above by the following ways:

·  when providing us with your Personal Data through our Sites or a form, ticking boxes indicating your consents; or

·  when providing us with your Personal Data through the telephone, tell our customer representative that you consent. 

You may opt-out from receiving marketing communications at any time, free of charge, by:

·  following the opt-out instructions contained in the communications;

·  writing to us at the address listed below, under Section 8 – “How to Access or Correct Your Personal Data”; or

·  updating your email subscriptions by sending an email to CEAPrivacyOffice@ceair.com. 

8.  What are Your Rights

At any time you have the right to exercise your rights acknowledged by applicable laws and regulations: 

Right of access: You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to the Personal Data. The access information includes – in particular – the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.

You have the right to obtain a copy of the Personal Data undergoing processing. For additional copies requested by you, we may charge a reasonable fee based on administrative costs. 

Right to rectification: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you. Depending on the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement. 

Right to erasure (right to be forgotten): You have the right to ask us to erase your Personal Data. 

Right to restriction of processing: You have the right to request that we restrict the processing your Personal Data. In this case, the respective data will be marked and may only be processed by us for certain purposes. 

Right to data portability: You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those Personal Data to another entity without hindrance from us. 

Right to object:  

You have the right to object, based on your particular situation, at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data. If you have a right to object and you exercise this right, your Personal Data will no longer be processed for such purposes by us. Exercising this right will not incur any costs.

However, in certain circumstances such a right to object may not exist, e.g. if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

 

Right to cancel account 

You have the right to cancel a previously registered account at any time.  You may request cancellation of your account by sending an email toCEAPrivacyOffice@ceair.com.  Upon completion of the cancellation of your account, all information therein will be deleted or anonymized, and we will no longer collect, use or provide to third parties Personal Data relating to the account.  Nevertheless, the information provided by you or generated during your use of our services will need to be retained by us for the period required by applicable laws and regulations, and authorities will have the right to access such information according to applicable laws and regulations during that legal retention period. 

If you wish to make a request for access or correction to, or deletion or data portability of Personal Data, or a request for account cancellation or any other request concerning your rights (such as the right to obtain the restriction of the processing of your Personal Data), or if you would like to obtain information regarding policies and practices and the kinds of Personal Data held by us, you can contact us at the following address: 

China Eastern Airlines Company Limited

36 Hong Xiang San Road

Minhang District, Shanghai

China 201100

CEAPrivacyOffice@ceair.com 

You also have the right to lodge a complaint with the relevant Data Protection Authority. 

9.  Data Controller and Controller’s Representative

Any Personal Data provided to or gathered by China Eastern is controlled primarily by China Eastern Airlines Company Limited, with its registered office at 66 Jichang Avenue, Pudong International Airport, Shanghai, China, having its Italian branch  at Rome, Via Barberini 86 Italy,  its Germany branch atRossmarkt 5, D-60311 Frankfurt am Main, Germany, itsFrance branch at 20 Avenue deL'opera 75001 Paris, France, its UK branch at 37-39 George Street, London, W1U 3QD, UK, itsSpain branch at C/Gran Via, 57.11-H.28013, Madrid, Spain, itsNetherlands branch at 7th floor Tower C, World Trade Centre SchipholBouleavard 343 1118 BJ Schiphol,The Netherlands, its Czech branch at Florentinum | Na Florenci 2116/15, Prague 1, Czech.  

 

*****