Privacy policy and Personal Information Collection Statement (the "Privacy Statement") 

 

Please note that this Privacy Statement may be amended from time to time without prior notice. You are advised to check for the latest version on a regular basis. If there is any inconsistency or conflict between the English and Chinese versions of this Privacy Statement, the English version shall prevail.

1. Privacy Policy

Our Pledge

We are committed to safeguarding the privacy of individuals with respect to personal data. We ensure that our policies and practices in relation to the collection, use, retention, transfer and access of personal data comply with the requirements of the Personal Data (Privacy) Ordinance (Chapter 486) under the laws of Hong Kong (the “Ordinance”).

Cookies

When you visit our web site(s), we will record your visit only and will not collect any personally identifiable information (i.e. information that is about you and identifies you) from you unless otherwise stated. Cookies used (if any) in any part of our web site will not be deployed for collecting personally identifiable information. For your information, Cookies are small computer files that can be stored in web surfers' computers for the purposes of obtaining configuration information and analysing web surfers' viewing habits. They can save you from registering again when re-visiting a web site and are commonly used to track your preferences in relation to the subject matter of the web site. You may refuse to accept Cookies (by modifying the relevant Internet options or browsing preferences of your computer system), but to do so you may not be able to utilize or activate certain available functions in our web sites.

To serve you faster and with better quality, we use "cookie" technology and also allow third parties to use cookies on our Site. We work with third-parties that place cookies on our Site to provide services, including:

Analytics/Measurement: We use third-party analytic cookies to gain insight into how our visitors use the Site, to find out what works and what does not, to optimize and improve our website and to ensure we continue to be interesting and relevant. The data we gather includes web pages you have viewed, referring/exit pages from which you have entered and exited, platforms and operating systems you have used, date and time stamp information, and details such as the number of clicks you make on a given page, your mouse movements and scrolling activity, the search words you use and the text you type while using our Site. We also make use of analytic cookies as part of our online advertising campaigns to learn how users interact with our website after they have been shown an online advertisement, which may include advertisements on third-party websites.

Remarketing Pixel Tags: We may share web site usage information about visitors to our sites with third-party advertising companies for the purpose of managing and targeting advertisements and for market research analysis on our site and other sites. For these purposes, we and our third-party advertising companies may place pixel tags (also called clear gifs) on some of the pages you visit on our site. We will then use the non-personally identifiable information that is collected using these pixel tags to serve you relevant advertisements when you are visiting other sites on the Internet. These advertisements may be targeted to specific searches you conducted on citizenthunderbird.com websites during earlier browsing sessions.

Opting Out of Cookies: If you would like to opt-out of ad targeting cookies set by Google and DoubleClick on our site, please click here: 

https://www.google.com/settings/u/0/ads?hl=en.

If you would like to opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance (DAA)’s Self-Regulatory Principles for Online Behavioral Advertising, please visit the opt-out pages on the NAI website and DAA website.

Collection of personal data

At times, you may be required to give your personal data including, but not limited to, your name, gender, date of birth, identity document number, telephone number, postal address , email address, credit card information, bank account number, (collectively “personal data”). Refusal to provide such information may deny you of access to certain parts of our web site, or may render us unable to handle any application or request you are making, or may otherwise defeat the objectives of your visit. If you are under the age of 18, consent from your parent or guardian is required before you give us the personal data.

Use of Personal Data Collected

Specific purposes for which your personal data may be used are set out in our Personal Information Collection Statement in Part 2 below.

Retention of Personal Data

In your dealings with us and for auditing purposes, your personal data and records of your transactions will be kept and retained by us for a reasonable period. Such information will be erased from our system in accordance with our internal policy.

 

Access to and Correction of Personal Data

Under the Ordinance, you have the right to:

  1. check whether we hold any of your personal data;
  2. access your personal data held by us;
  3. require us to correct any personal data which is inaccurate;
  4. ascertain our policies and practices established (from time to time) in relation to personal data and the types of personal data held by us.

If you want to access and/or correct the personal data that you have provided to us, or if you want to ascertain our policies and practices in relation to personal data and the kind of your personal data held by us, please contact us

By email:
online@cttlhk.com

We will respond within 40 days after receiving the request. We may charge you a reasonable fee for each personal data access. However, such fee will be waived if the data access is made for the purpose of correcting your personal data.

Security

All personal data you provide to us is secured on our web site with restricted access by authorized personnel only. Our online registration process uses the SSL protocol link for data transmission so as to protect your data via encrypting it in a secure format to ensure its privacy is maintained.

2. Personal Information Collection Statement

As a customer of our company or as a visitor of our website(s), it may be necessary for you to provide us with your personal data when you apply to us and / or continue to subscribe with us for a service and / or product . If your personal data is incomplete or incorrect, we may not be able to provide or continue to provide services to you.

We shall keep your personal data confidential at all times. Our policies and practices with respect to the collection, use, retention, disclosure, transfer, security and access of personal data will be in accordance with the Ordinance and this Privacy Statement.

We may use and retain the personal data you provided to us for the following purposes and for other purposes as may be agreed between you and us or required by law from time to time:

  1. Providing the Services;
  2. Subject to your consent, we may use your personal data for marketing the goods and/or services Citizen Thunderbird Travel Ltd. (relating to us, our affiliated companies, business partners and We may dispatch to you the promotional information via direct marketing telephone calls, SMS (Short Message Service), e-mail, facsimile, direct mailings etc.;
  3. Processing any benefits arising out of or in connection with the Services;
  4. Analyzing, verifying and/or checking of your credit, payment and/or status in relation to the provision of the Services;
  5. Processing any payment instructions, direct debit facilities and/or credit facilities requested by you;
  6. Enabling the daily operation of your account and/or the collection of amounts outstanding in your account in relation to the Services; and
  7. Enabling us to comply with our obligations to interconnect or other industry practices.

We may disclose and transfer (whether in Hong Kong or overseas) your personal data to the following parties to use, disclose, process or retain your personal data for the purposes mentioned above:

  1. Our agents, contractors and other service providers for the provision of products and/or services that you ordered and/or subscribed to;
  2. Banks, financial institutions and credit providers;
  3. Credit reference agencies and security agencies;
  4. Regulatory bodies, law enforcement agencies and courts;
  5. Our professional advisers, and any other persons under a duty of confidentiality to us; and
  6. Any of our actual or proposed assignees or transferees of our rights with respect to you.

If you do not wish to receive direct marketing promotional information from us with respect to the products/services mentioned above, or do not wish us to disclose, transfer or use your personal data for the aforesaid direct marketing purposes, please

By email:
online@cttlhk.com

Privacy policy – European Appendix

This Appendix applies if you are based in the European Economic Area (the EEA) during your interactions with us (other than where you are in the EEA solely for travel purposes).

1. Processing of special categories of Personal Data

1.1 We will collect and handle sensitive Personal Data1, for example, when we handle requests for special medical or access assistance or your specific dietary requirements that may indicate your religious beliefs, e.g. halal or kosher meal selections.

1.2 We will typically ask you for your consent when collecting and handling this type of Personal Data, unless we are otherwise permitted to process such Personal Data under European data protection law (EU DP Law) or the laws of the EU member state in which you are based.

 

2. Why we collect your data, and whom we disclose it to

2.1 The legal basis or “grounds” for our use of your Personal Data are set out below, as required under EU DP Law. In the table below, we have linked each purpose mentioned in section 3 of our Privacy Policy to the relevant legal ground/s:

 

3. Legal grounds for use of Personal Data

3.1 The legal grounds for our use of Personal Data are as follows:

(a) Consent: where you have consented to our use of your Personal Data. You may withdraw your consent to the use of your Personal Data by contacting us as set out in paragraph [6.4] of the Privacy Policy.

(b) Contract performance: where we are required to collect and handle your Personal Data in order to provide you with the services that we have contractually agreed to provide to you, e.g. where you have booked a flight with us or the use of our freight service.

(c) Legal obligation: where we need to use your Personal Data to comply with our legal obligations.

(d) Vital interests: where we need to process your Personal Data in order to protect the vital interests of you or another natural person, e.g. where you require urgent assistance.

(e) Public interest: where we need to process your Personal Data in order to carry out a task that is in the public interest.

(f) Legitimate interests: where we have a legitimate interest in using your information. We will only rely on this legal ground if we consider that our interest in using your Personal Data for the relevant purpose is not outweighed by any interests that you may have, or any prejudice that you may suffer, from the relevant use of your Personal Data.
 

The legal grounds for our use of the sensitive categories of Personal Data are: :

(g) Consent: where you have explicitly consented to our use of your Personal Data. You may withdraw your consent to the use of your Personal Data by contacting us as set out in paragraph [6.4] of the Privacy Policy.

(h) Vital interest: where we need to process your Personal Data in order to protect the vital interests of you or another natural person where you or the other person is physically or legally incapable of giving consent.

(i) Legal claims: where your Personal Data is necessary for us to establish, exercise of or defend any legal claims.

(j) Substantial public interest: where we need to process your Personal Data for reasons of substantial public interest set out in EU law or the laws of the member state in which you are based.

(k) Public interest in area of public health: where we need to process your Personal Data for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health, set out in EU law or the laws of the member state in which you are based.
 

4. Profiling

4.1 In connection with our marketing activities, we analyse some of the information that we collect about our customers (together with information about customers that we collect from our loyalty and other partners) to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of “segments”. To do this, we combine Personal Data that we have collected from customers directly together with Personal Data that we have collected from our affiliates and other partners, including Asia Miles, about our customers’ purchase history and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We will use the segment that you have been assigned to in order to tailor our marketing communications to include offers and content that are relevant to you.

4.2 You have the right to opt out of our direct marketing, and the underlying analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right, by contacting us in accordance with section 6.4 of the Privacy Policy.


5. Our decision-making processes

5.1 In connection with our business, we will use your Personal Data to make various decisions about you and your eligibility to access our services, to prevent abusive use of our services, to ensure security of our systems, or to detect fraud. Some of these decisions may be taken on an automated basis including, by matching your Personal Data against information in certain risk models that we have created based on the behaviour of other individuals and using your Personal Data to further enhance such models.
 

6. Export outside the EEA

6.1 Your Personal Data may be accessed by staff or suppliers, transferred, and/or stored outside the EEA, including to countries which may have a lower level of data protection than  under EU DP law.

6.2 We must comply with specific rules when we transfer Personal Data from inside the EEA to outside the EEA. When we do this, we will use appropriate safeguards to protect any Personal Data being transferred. 

6.3 We will transfer your Personal Data subject to European Commission approved contractual terms that impose different data protection obligations directly on the recipient, or as otherwise permitted under EU DP Law.

6.4 Please contact us as set out in paragraph [6.4] of the Privacy Policy if you would like to see a copy of the specific safeguards we apply to the export of your Personal Data.
 

7. Retention period

Our retention periods for Personal Data are based on business needs and legal requirements. We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, we may retain: (i) certain transaction details (e.g. flight history) and correspondence until the time limit for claims arising from the transaction with us has expired (which is typically between 6 to 10 years after the relevant transaction occurred, and in some cases much less than this); or (ii) certain data to comply with regulatory requirements regarding the retention of such data. Where Personal Data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised data) or securely destroy the data.
 

8. Your rights

8.1 In addition to the paragraph 8 of the Privacy Policy, in certain circumstances, you may have the rights under EU DP Law to ask us to:

(a) provide you with further details on how we use and process your Personal Data;

(b) delete Personal Data we no longer have grounds to process; and

(c) restrict how we process your Personal Data whilst we consider an inquiry you have raised.

Please note that we will not charge a fee when we deal with your requests in the exercise of the above rights.

8.2 In addition, under certain conditions, you have the right to:

(a) where processing is based on consent, withdraw the consent; and

(b) object to any processing of Personal Data that we process on the "legitimate interests" or "public interests" grounds, unless our reasons for the underlying processing outweighs your interests, rights and freedoms.

(c) object to direct marketing (including any profiling for such purposes) at any time.

8.3 You may exercise these rights by contacting us at the contact details in section [6.4] of the Privacy Policy. Please note that we will not charge a fee when we deal with your requests in the exercise of these rights.

8.4 These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will aim to respond to requests within 30 days.

8.5 If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the country in which you are based.

 

NOTE 1 Under European data protection law (EU DP Law), certain categories of Personal Data are considered particularly sensitive and therefore requiring additional protection. These categories include information about health, racial or ethnic origin, political opinions, religious beliefs, trade union membership or your sexual orientation and genetic and biometric data. Information concerning criminal convictions and offences is also viewed as sensitive under EU DP Law.