How we collect your personal information
We collect personal information about you in the following ways:
- As an entrusted party (data processor):
- by providing ICT services, where we collect, store and transmit personal information under commercial contracts on behalf of third parties, such as where you interact with our end user systems at airports, including: check-in kiosks, luggage check-in and handling, and biometric self-boarding gates
- As a personal information handler (data controller):
- When you register for, purchase or use any of the services that we provide directly to end users, including onboard Wi-Fi internet services.
- When you apply for a job with us.
- Automatically through our internet-based services (e.g. by using cookies).
- when you otherwise submit information to us, such as by registering on our website or participating in a survey or competition that we run.
Where we collect personal information from you, we will generally do so ourselves. However, in some cases we may collect personal information from a third party, such as through your representatives or contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
The types of personal information we collect
The personal information we collect about you may include, but is not limited to:
- Identifying personal information, such as your name, date of birth, gender and nationality.
- Contact information, such as your postal address, email address and telephone number.
- Travel details, such as passport information, boarding pass information and flight information (including any information we are required to collect by airlines or government authorities in order to provide our services).
- Usernames and passwords that you create when registering for an account with us.
- Financial information, such as credit card number.
- Details of any products or services that we provide to you.
- Information about how you use the products and services we provide.
- Records of our communications with you, including any messages you send us.
- Information automatically collected as a result of using our internet-based services (such as, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and navigation data).
Sensitive information we collect about you may be, for example, biometric information (such as face image scans collected if you choose to use a check-in system that collects this information). Where we collect such sensitive information directly from you, acting as a personal information handler, we will seek your separate consent before we do so.
Without this information we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
Purposes for which we use personal information
We use personal information that we collect about you for the following purposes:
- To enable us to provide flight check-in and boarding services, including to verify your identity and travel details and to track your passage within an airport terminal.
- To enable us to provide ICT services to customers under commercial contracts where we collect, store and transmit personal information on behalf of our customers.
- To enable us to provide Wi-Fi and other internet connectivity services.
- To verify your identity when you are dealing with us.
- To carry out market analysis and research.
- To monitor use of our products and services, and to improve and enhance those products and services.
- To carry out education and training programs for our staff.
- To manage and resolve any legal or commercial complaints or issues (including customer complaints).
- To respond to any inquiries you make and to manage your account.
- To provide you the opportunity to participate in contests and surveys or use our referral service.
- To send you updates or newsletters about our products and services
- To send you service-related announcements when necessary to do so (e.g. if our service is temporarily suspended for maintenance).
- To carry out planning and forecasting activities and other internal business processes.
- To comply with our legal obligations in all of the jurisdictions where we operate.
Other than where permitted to do so under applicable law, we will not use your personal information for direct marketing purposes. If you no longer wish to receive our communications (such as newsletters or updates), you may opt-out of / unsubscribe to receiving them by contacting us using the contact details below.
How we disclose your information
We may share personal information about you with:
- Our related companies and subsidiaries.
- Airlines, airport operators and our other customers as necessary for us to provide our products and services.
- Our commercial partners, and entities our commercial partners direct us to disclose your information to, where necessary to perform our contractual requirements or to share information about potential service enhancements and improvements we have identified by analyzing your use of our products and services.
- Government authorities, including immigration and border control authorities.
- Your representatives, advisers and others you have authorized to interact with us on your behalf.
- Our staff, contractors and third party service providers who need the information to discharge their duties (including to assist in the provision of our products and services).
- In the event of sale or merger of our business, to a prospective purchaser or merger partner and their respective advisers.
- Any person that we are required or authorized by law to disclose your personal information to; and
- third parties as agreed with you from time to time.
Transfer and disclosure of your personal information overseas
- The name and contact information of any data recipient(s) outside of China.
- The purpose(s) and method(s) of processing by such data recipient(s).
- The type(s) of personal information transferred.
- The method and procedure for individuals to exercise their rights under the PIPL with respect to the data transfer recipient(s)
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process.
Links to Other Sites
This website may contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other sites
We encourage you to be aware when you leave our site and to read the privacy policies or statements of each and every website that collects your personal information.
Storage and security of personal information
We generally store the personal information that we collect from Chinese residents in electronic databases in China (where required to do so as a personal information handler under PIPL) or central (located in USA, the EEA or Singapore) servers where permitted to do so as an entrusted party under PIPL, in which case personal data may also be held on our behalf by third party data storage providers. Sometimes we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, which may include encryption, and we update these from time to time to address new and emerging security threats that you become aware of. We have processes in place to delete personal information once it is no longer needed for any of the purposes contemplated under this policy.
Access and correction of your personal information
If you wish to request access to your personal information held by us, if you want to correct any information we hold, or if you no longer desire our services, you may correct, update, delete or deactivate it by contacting us using the contact details set out below.
To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee to cover reasonable expenses to be incurred in providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
As mentioned above, we provide ICT services to customers under commercial contracts, including the collection, transmission and storage of personal information. If you have provided your personal information to one of our customers, and we are storing that information on their behalf, we may not be able to alter or delete the personal information which is held in our systems. However, where we cannot alter or delete your information, we will be able to refer you to the relevant customer to request from them access or correction of your personal information.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal information and think we may have breached the PIPL, or any other relevant obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Cyberspace Administration of China, and/or any relevant State Council departments or local (count-level and higher) government departments.
Data Protection Officer
SITA’s Data Protection Officer is Mark Orosz, whose business contact information is as follows:
- Email: firstname.lastname@example.org
- Phone: +1 (514) 285-9742
- Postal Address: 770 Rue Sherbrooke Ouest, Suite 1810, H3A 1G1, Montreal, Quebec, Canada
©SITA - last updated: March 2022