Swire Travel Limited ("Swire Travel", "we", "us" or "our") is committed to protecting the privacy of our customers who use our website at http://www.swiretravel.com ("Website"). We understand that providing Personal Data (as defined in paragraph 1 below) online involves a great deal of trust on our customers' side, and we make it our top priority to ensure the security and confidentiality of the Personal Data provided by our customers.
Capitalised terms used in this PICS shall have the following meanings:
"Booking" means the purchase and booking of an air ticket via the Booking System;
"Booking System" means the online system, as operated and maintained by the System Provider, which enables users to purchase and book air tickets;
"Credit Card Information" has the meaning given in paragraph 2.1;
"Customers" means customers who use the Website, the Webchat and/or the Booking System, or who subscribe to receive the Swire Travel Hotnews;
"Personal Data" means any data relating directly or indirectly to a living individual, from which it is practicable for the identity of that individual to be ascertained;
"Swire Travel Hotnews" means information relating to products and services of Swire Travel in the following categories:
(a) promotion of flights, hotels, leisure and cruise travel packages;
(b) promotion of special events;
(c) research and questionnaires about our services; or
(d) joint collaboration with different brands (such as banks / credit cards / restaurants / lifestyle products / charities etc.);
"System Provider" means the third party service provider who operates and maintains the Booking System;
"Webchat" means the online customer service platform on the Website, which enables Customers to communicate online with us regarding their potential or current Bookings, the Booking System or the Website;
"Webchat Data" means the messages, data or information transmitted or provided by Customers via the Webchat, which may include Personal Data;
2. Personal Data Collection
2.1 The types of Personal Data we may collect from Customers from time to time include:
(a) their full name;
(b) their date of birth;
(c) their travel document number, issuing country and expiry date;
(d) their frequent flyer membership number;
(e) their email address;
(f) their mobile number;
(g) their credit card name, number, security code and expiry date ("Credit Card Information");
(h) the destination of their travel;
(i) their departure and return dates and times;
(j) their preferred class of service, flight type and airlines;
(k) the Webchat Data; and
(l) any communications with the Customer via the Webchat or any other means.
2.2 We may also collect other information about Customers, such as their use of our websites, personal preferences, etc, which shall be annonymised or aggregated, and will not enable the identity of the Customer to be ascertained.
2.3 By providing any Personal Data to us, Customers acknowledge that such provision is fair and reasonable in the circumstances.
3. Purposes for which the Personal Data are Collected and Used
3.1 Some of the purposes for which we may use the Personal Data that Customers provide to us include the following:
(a) to process the Customer's Booking, including payment for their Booking (which includes verifying credit card details with the relevant banks and conducting matching procedures against databases of known fraudulent transactions maintained by us or other third parties);
(b) to send the Customer a confirmation email of their Booking;
(c) to handle a Customer's enquiries;
(d) to retrieve a Customer's Booking when handling their enquiries;
(e) to contact a Customer regarding their Booking or enquiries, if necessary;
(f) [to create customer profiles for Customers who have successfully made a Booking, which will include details of the Customer's previous Bookings and your Personal Data set out in paragraph 2.1 above (except for your Credit Card Information), and which can only be accessed by us, the relevant Customer and the third parties identified in paragraph 4.1 below;] and/or
(g) to send Swire Travel Hotnews to Customers who have signed up for the same and who have consented to receive such marketing materials.
3.2 Customers should refer to the personal information collection statement provided to them at the time we collect their Personal Data, which sets out the exact purpose for which we will use their Personal Data.
4. Disclosure and Transfer of Personal Data
4.1 The Personal Data that Customers provide to us via the Booking System, the Webchat or through any other means, may be transferred to the System Provider and/or the relevant airline operator for the processing of the relevant Bookings or enquiries. We will not otherwise disclose or transfer the Personal Data to any other parties.
4.2 We may disclose the Personal Data when required by law or court order of any jurisdiction, or as requested by any government or law enforcement authorities or administrative bodies.
4.3 We may disclose the Personal Data as is necessary to bring a legal action or defend any legal action in relation to Customers and/or any Bookings.
5. Personal Data Security and Retention
5.1 The Credit Card Information that Customers provide to us via the Booking System will be deleted from our server and will not be saved or retained by us once the relevant Customer has successfully completed the payment for their Booking.
5.2 The Personal Data that Customers provide to us will be kept by us in the appropriate form only for so long as is necessary to fulfil the purpose(s) (or a directly related purpose) set out in the personal information collection statement provided to the Customer at the time we collected their Personal Data, after which it will be destroyed. In particular:
(a) once a Customer makes a successful Booking, we will use and retain their Personal Data in order to enable us to maintain a customer profile for them and to address any enquires or disputes that arise between us and them concerning their Booking.
(b) If no Booking is completed by a Customer (e.g. they never completed the payment for any Booking), we will only retain their Personal Data for six months following the attempt to complete a Booking.
(c) Webchat Data will be retained for six months following the relevant Webchat session.
5.3 In order to ensure we use Customers' Personal Data correctly and in order to maintain the accuracy of the Personal Data collected by us, and in order to prevent unauthorised or accidental access, processing, erasure or other use of the Personal Data, we have implemented various physical, electronic and data management measures to safeguard and secure the Personal Data we collect. We have entered into a data transfer agreement with the System Provider under which the System Provider is obligated to implement various physical, electronic and data management measures to safeguard and secure the Personal Data we transfer to them to process on our behalf.
6.2 We may provide statistical reports about Customers' traffic patterns and related site information to some reputable third-party vendors, however these reports will not include any Personal Data.
7. External Websites
8. Our Commitment to Data Security
8.1 To maintain the accuracy of the Personal Data, and in order to prevent unauthorised access and ensure the correct use of the Personal Data, we have adopted appropriate physical, electronic and data management measures to safeguard and secure the Personal Data we collect online. We use an industry standard for encryption over the Internet and/or mobile application, known as Secure Socket Layer (SSL) protocol, to protect the Personal Data. When you type in sensitive information such as Credit Card Information and travel document information, it will be automatically encrypted before being securely dispatched over the Internet.
8.2 The Personal Data Customers provide to us will be stored in a database for no longer than is necessary. The Website has a firewall in place, aimed to protect the Personal Data collected from Customers against unauthorised or accidental access. However, complete confidentiality and security is not yet possible over the Internet, and privacy cannot be assured in Customers' communications to us. Customers acknowledge that Personal Data is disclosed at their own risk, and may be subject to unauthorised use by others. We are not responsible for any direct, indirect, special or consequential damages, howsoever caused, arising out of your communication with us or the sending of information to us. Customers are encouraged to protect themselves against any unauthorised access to their data.
9. How to Access or Correct Personal Data or Contact Us
Customers are entitled to access or correct their Personal Data held by us. Any data access request or data correction request, or any other data privacy related queries, may be made by contacting our Data Privacy Officer at DataPrivacyOfficer@swiretravel.com.