Airport Authority Hong Kong ("Authority", "we", "our" or "us") attaches great importance in protecting your personal data and is committed to complying with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (the "PDPO") and observing the relevant codes of practice which may be issued by the Privacy Commissioner for Personal Data, Hong Kong from time to time.
This Privacy Policy, comprising of the Pledge Statement, General Terms for terms applicable generally and Specific Terms for terms applicable specifically for each service, sets out details on our data protection policies and practices, including how we collect and use your personal data and what your rights are for different types of services we provide to you.
We value your continued trust in us and we are dedicated to observing and complying with the core principles and fundamental values of transparency, security and integrity when dealing with your personal data. We pledge to uphold the Data Protection Principles as set out in the PDPO when collecting and using your personal data in the following manner:
Purpose and Manner of Collection:
We will only collect personal data through lawful and fair means for a lawful purpose directly related to a function or activity of Airport Authority and will only collect data that is necessary and adequate but not excessive for such purpose.
Accuracy and Duration of Retention:
We will take all practicable steps to ensure your personal data is accurate and is not kept longer than is necessary for the fulfilment of the purpose for which the data is used.
Use of Data:
We will not use your personal data for any new purpose which is not or is unrelated to the original purpose when we collect your personal data, unless we have obtained your express consent.
Data Security:
We will take all practicable steps to protect your personal data which we hold against unauthorised or accidental access, processing, erasure, loss or use.
Openness and Transparency:
We will take all practicable steps to ensure openness of our personal data policies and practices, the kind of personal data held by us and the main purposes for holding it.
Access and Correction:
We respect your right to request access to and correction of your own personal data held by us, and we will comply with such requests to the extent that we are able to.
What is personal data?
Throughout this Privacy Policy, the term "personal data" means any data relating directly or indirectly to you, from which it is practicable for your identity to be directly or indirectly ascertained, and in a form in which access to or processing of the data is practicable.
What are the key purposes for use of your personal data?
We use your personal data to provide you with airport and related facilities, amenities, services and deliverables and perform our other airport-related activities.
To whom may we transfer your personal data generally?
This section “To whom may we transfer your personal data generally?” of General Terms is not applicable to the service of “Flight Token”.
Your personal data will be kept confidential and will not be disclosed to any third party except as set out in this Privacy Policy or such disclosure as permitted or required under the applicable laws or as allowed under the PDPO.
We may engage third party service providers including third party system maintenance service providers (who may be located outside Hong Kong) who are acting for, on behalf of or jointly with us, to achieve the purposes for each of the specific services, and in this connection we will provide your personal data to such service providers provided that they shall use and handle your personal data in accordance with this Privacy Policy. Please refer to the Specific Terms for individual services which may have additional information.
In general, we may transfer your personal data with the following classes of transferees:
(a) Any person or company (including third party agent or sub-contractor) who is acting for, on behalf of or jointly with us, or any of our service providers including third party system maintenance service providers; in all such cases, disclosure may take place to fulfil any of the purposes, provided that such third parties to whom your personal data is communicated are subject to confidentiality and privacy obligations that are materially equivalent to those set out in this Privacy Policy;
(b) Any financial institutions, charge or credit card issuing companies, credit information or reference bureaus, or collection agencies where necessary to establish and support the payment of any products and services being requested by you; and
(c) Any other third party where such disclosure is mandated by statutory or contractual obligations or as required by law or court of law, or where such disclosure is necessary to protect our interests (as permitted by law).
How long do we retain your personal data?
We will not retain your personal data, including any tokenised personal data, for a period longer than it is necessary for us to achieve the purposes for each service set out in this Privacy Policy, including to prepare statistics and conduct analytics and research for the continuous improvement of our operation of as well as our facilities and services. Due to the different purposes for which we collect and use the personal data, we may apply different retention periods for the personal data we hold. Please refer to the Specific Terms for individual services which may have additional information.
Notwithstanding the aforesaid, if any personal data is required as specified under applicable laws or in connection with any legal proceedings to be kept for a period of time which may be longer than is expressly provided in this Privacy Policy, the same will be retained but we will take all practical steps to ensure that such data will not be kept longer than is necessary for the fulfilment of such purposes.
What data security measures have we put in place to protect your data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What if you provide third party personal data to us?
When you provide personal data of a third party to us, you agree that you have secured the relevant third party’s consent to provide us with their personal data (to be collected, used and stored in accordance with this Privacy Policy) prior to such provision by you.
What about personal data collected by third parties?
Where applicable, we may feature embedded links, "share" buttons or widgets on our websites or app(s) which enable you to connect to third party sites, including social media sites. These third-party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your personal data.
If the services you use require payment of money, you will be redirected to a secure third-party website belonging to our payment gateway service provider to complete payment of any purchase. Payment-related personal data (including but not limited to the cardholder’s full name, card number prefix, cardholder’s billing address, card verification value (CVV) and card expiry date) will be collected by the payment gateway service provider for processing your order's payment as well as other incidental purposes. We will not be able to provide the services to you if you do not provide the data.
When you visit Hong Kong International Airport ("HKIA"), certain third parties within HKIA which are unrelated to us may also collect and use your personal data when you use their services or where they are authorised by law to do so. This includes (but is not limited to) third party airline companies, the Immigration Department of the Government of Hong Kong Special Administrative Region ("HKSAR") and other third-party service providers within HKIA. The collection and use of your personal data by such third parties are subject to the privacy policies and terms and conditions of such third parties. We do not control such collection and use of your personal data by such third parties and we will not be responsible for the same.
What are your rights?
You have the right to access, verify or update any of your personal data that we hold. An access request form can be downloaded from the website of the Office of the Privacy Commissioner for Personal Data, Hong Kong.
You may also request the Authority to correct the personal data that you have accessed if such data is inaccurate. We will handle your request as soon as possible.
Please note that under PDPO, the Authority has the right to charge a reasonable fee for complying with a data access request. Data access and correction requests can be addressed to our General Personal Data Officer (see "How can you contact us" section below).
How can you contact us?
If you wish to contact us regarding this Privacy Policy (including in relation to any of your rights under this Privacy Policy or any other questions you may have), please contact our General Personal Data Officer via the below address:
General Personal Data Officer
Airport Authority Hong Kong
HKIA Tower
1 Sky Plaza Road
Hong Kong International Airport
Lantau Island
Hong Kong
What if you are a minor?
We do not use our website(s) or app(s) or service(s) to knowingly solicit any personal data or other information from any persons under the age of 18. If you are under 18, by providing us with your personal data, you agree that you have informed your parents and guardians about the Privacy Policy prior to such provision, and they have approved of such provision by you based on the terms of the Privacy Policy.
Use of Cookies
When you browse this website (or application), cookies will be stored in your computer or device's hard drive. Such cookies can be retrieved by this website (or application) to show the state of your web browser's previous visits to this website (or application). We will not collect any personal data from you under this circumstance. You have a choice not to accept the cookies, but if you do so, certain functionality of this website (or application) may not be available.
How is this Privacy Policy updated and where can you find it?
We regularly review this Privacy Policy, and the most up-to-date version of this Privacy Policy will be shown on this page.
Which language of this Privacy Policy prevails?
Where terms of this Privacy Policy are available in other languages, the English version shall be the governing version and shall prevail whenever there is a discrepancy amongst versions.
Have you checked our specific terms for the service(s) you are interested in?
We are proud to provide a variety of services for our visitors. As each service is unique, we have included privacy policy terms which are specific to the service you are interested in.
Please click on the Specific Terms for each service below.