We value your continued trust in us and we are dedicated to observing and complying with the core principles and fundamental values of transparency, security and integrity when dealing with your personal data. We pledge to uphold the Data Protection Principles as set out in the PDPO when collecting and using your personal data in the following manner:

Purpose and Manner of Collection:
We will only collect personal data through lawful and fair means for a lawful purpose directly related to a function or activity of Airport Authority and will only collect data that is necessary and adequate but not excessive for such purpose.

Accuracy and Duration of Retention:
We will take all practicable steps to ensure your personal data is accurate and is not kept longer than is necessary for the fulfilment of the purpose for which the data is used.

Use of Data:
We will not use your personal data for any new purpose which is not or is unrelated to the original purpose when we collect your personal data, unless we have obtained your express consent.

Data Security:
We will take all practicable steps to protect your personal data which we hold against unauthorised or accidental access, processing, erasure, loss or use.

Openness and Transparency:
We will take all practicable steps to ensure openness of our personal data policies and practices, the kind of personal data held by us and the main purposes for holding it.

Access and Correction:
We respect your right to request access to and correction of your own personal data held by us, and we will comply with such requests to the extent that we are able to.

Throughout this Privacy Policy, the term "personal data" means any data relating directly or indirectly to you, from which it is practicable for your identity to be directly or indirectly ascertained, and in a form in which access to or processing of the data is practicable.

This section “To whom may we transfer your personal data generally?” of General Terms is not applicable to the service of “Flight Token”.

Your personal data will be kept confidential and will not be disclosed to any third party except as set out in this Privacy Policy or such disclosure as permitted or required under the applicable laws or as allowed under the PDPO.

We may engage third party service providers including third party system maintenance service providers (who may be located outside Hong Kong) who are acting for, on behalf of or jointly with us, to achieve the purposes for each of the specific services, and in this connection we will provide your personal data to such service providers provided that they shall use and handle your personal data in accordance with this Privacy Policy. Please refer to the Specific Terms for individual services which may have additional information.

In general, we may transfer your personal data with the following classes of transferees:

(a) Any person or company (including third party agent or sub-contractor) who is acting for, on behalf of or jointly with us, or any of our service providers including third party system maintenance service providers; in all such cases, disclosure may take place to fulfil any of the purposes, provided that such third parties to whom your personal data is communicated are subject to confidentiality and privacy obligations that are materially equivalent to those set out in this Privacy Policy;
(b) Any financial institutions, charge or credit card issuing companies, credit information or reference bureaus, or collection agencies where necessary to establish and support the payment of any products and services being requested by you; and
(c) Any other third party where such disclosure is mandated by statutory or contractual obligations or as required by law or court of law, or where such disclosure is necessary to protect our interests (as permitted by law).

We will not retain your personal data, including any tokenised personal data, for a period longer than it is necessary for us to achieve the purposes for each service set out in this Privacy Policy, including to prepare statistics and conduct analytics and research for the continuous improvement of our operation of as well as our facilities and services. Due to the different purposes for which we collect and use the personal data, we may apply different retention periods for the personal data we hold. Please refer to the Specific Terms for individual services which may have additional information.

Notwithstanding the aforesaid, if any personal data is required as specified under applicable laws or in connection with any legal proceedings to be kept for a period of time which may be longer than is expressly provided in this Privacy Policy, the same will be retained but we will take all practical steps to ensure that such data will not be kept longer than is necessary for the fulfilment of such purposes.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

When you provide personal data of a third party to us, you agree that you have secured the relevant third party’s consent to provide us with their personal data (to be collected, used and stored in accordance with this Privacy Policy) prior to such provision by you.

Where applicable, we may feature embedded links, "share" buttons or widgets on our websites or app(s) which enable you to connect to third party sites, including social media sites. These third-party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your personal data.

If the services you use require payment of money, you will be redirected to a secure third-party website belonging to our payment gateway service provider to complete payment of any purchase. Payment-related personal data (including but not limited to the cardholder’s full name, card number prefix, cardholder’s billing address, card verification value (CVV) and card expiry date) will be collected by the payment gateway service provider for processing your order's payment as well as other incidental purposes. We will not be able to provide the services to you if you do not provide the data.

When you visit Hong Kong International Airport ("HKIA"), certain third parties within HKIA which are unrelated to us may also collect and use your personal data when you use their services or where they are authorised by law to do so. This includes (but is not limited to) third party airline companies, the Immigration Department of the Government of Hong Kong Special Administrative Region ("HKSAR") and other third-party service providers within HKIA. The collection and use of your personal data by such third parties are subject to the privacy policies and terms and conditions of such third parties. We do not control such collection and use of your personal data by such third parties and we will not be responsible for the same.

You have the right to access, verify or update any of your personal data that we hold. An access request form can be downloaded from the website of the Office of the Privacy Commissioner for Personal Data, Hong Kong.

You may also request the Authority to correct the personal data that you have accessed if such data is inaccurate. We will handle your request as soon as possible.

Please note that under PDPO, the Authority has the right to charge a reasonable fee for complying with a data access request. Data access and correction requests can be addressed to our General Personal Data Officer (see "How can you contact us" section below).

If you wish to contact us regarding this Privacy Policy (including in relation to any of your rights under this Privacy Policy or any other questions you may have), please contact our General Personal Data Officer via the below address:

General Personal Data Officer
Airport Authority Hong Kong
HKIA Tower
1 Sky Plaza Road
Hong Kong International Airport
Lantau Island
Hong Kong

We do not use our website(s) or app(s) or service(s) to knowingly solicit any personal data or other information from any persons under the age of 18. If you are under 18, by providing us with your personal data, you agree that you have informed your parents and guardians about the Privacy Policy prior to such provision, and they have approved of such provision by you based on the terms of the Privacy Policy.

When you browse this website (or application), cookies will be stored in your computer or device's hard drive. Such cookies can be retrieved by this website (or application) to show the state of your web browser's previous visits to this website (or application). We will not collect any personal data from you under this circumstance. You have a choice not to accept the cookies, but if you do so, certain functionality of this website (or application) may not be available.

We regularly review this Privacy Policy, and the most up-to-date version of this Privacy Policy will be shown on this page.

Where terms of this Privacy Policy are available in other languages, the English version shall be the governing version and shall prevail whenever there is a discrepancy amongst versions.

We are proud to provide a variety of services for our visitors. As each service is unique, we have included privacy policy terms which are specific to the service you are interested in.

Please click on the Specific Terms for each service below.

When you use the Flight Token facilities including check-in counters, Smart Check-in Kiosks, Self-Bag Drop, e-Security Gates including the Assisted Channels and/or e-Boarding Gates* at Hong Kong International Airport (HKIA), we will collect the following personal data:

(a) Information contained in your travel document (including document number, photograph, full name, date of birth, gender, nationality, place of birth, etc.);
(b) All data contained in your boarding pass (including full name, flight information, etc.); and
(c) Your live facial image.

You understand that the above personal data is collected by us independently from you, for our purposes specified below. In respect of boarding pass information that is generated or retained by your travelling airlines, you agree that when you use the facilities of Flight Token for yourself and/or members of your group, certain steps involved constitute instructions from you to your travelling airlines to retrieve such personal data for you and/or members of your group and on-provide the same to us for and on behalf of you and/or members of your group.

Group check-in: If you are travelling in a group and you are responsible for completing check-in through check-in counters or Smart Check-in Kiosks on behalf of members in your group in this transaction, you should ensure that each member understands that his or her respective personal data will be collected and processed by the Authority in the manner and for the purposes set out herein by, for example, reminding members to refer to the Personal Information Collection Statement and Privacy Policy Statement issued by the Authority.

*The respective services are available subject to your travelling airline.

We may use your personal data collected for the following purposes:

(a) To verify your right of entry to the Airport Restricted Area;
(b) To verify your right to use the facilities of Flight Token including Self-Bag Drop*, e-Security Gates, Flight Token e-Channels of Immigration Department of the Government of HKSAR** and e-Boarding Gates*;
(c) To facilitate your seamless departure process and efficient airport operations (including passenger processing);
(d) To safeguard your safety and security at the airport and aviation and airport security; and
(e) To prepare statistics and conduct analytics and research for the continuous improvement of the operation of as well as the facilities and services at HKIA.

*The respective services are available subject to your travelling airline.
**Flight Token e-Channel of Immigration Department of the Government of HKSAR is not applicable to transfer / transit passengers.

It is voluntary for you to use the facilities of Flight Token and provide the personal data as described above.

If you opt-out of the service, this means that you will not be able to enjoy the seamless process, and your personal data will not be collected or retained by the Authority.

If you do not wish to provide your personal data, please use the check-in counters for check-in and press the “opt-out” button from the touchscreen displays at the check-in counters, and then proceed to the Assisted Channels of e-Security Gates and inform the staff of your wish accordingly; or directly proceed to the Assisted Channels of e-Security Gates if you do not need to check-in at HKIA, and inform the staff of your wish accordingly. In such case, your personal data will not be collected or retained by the Authority.

For the Flight Token service, we may share your personal data with the following classes of transferees:

(a) Aviation Security Company Limited (AVSECO) so that AVSECO staff will be able to perform their duties as required for the purpose of safeguarding airport and aviation security at HKIA;
(b) The airlines with which you have booked a flight departing from HKIA (“your travelling airline”) for the purpose of efficient airport operations and passenger processing. For this purpose, we will transfer to your travelling airline your boarding pass information (including flight number and check-in sequence number retrieved therefrom) and (to the extent agreed between us and your travelling airlines) your travel document information; as well as the time and entry point of your entry to the Airport Restricted Area (“ARA”) logged upon your presentation of boarding pass for entering the ARA. (Please also refer to the Privacy Policy Statement of your travelling airline for further details);
(c) Immigration Department of the Government of HKSAR for the use of Flight Token e-Channels for departure clearance** (only for Hong Kong residents holding HKSAR passport or HKSAR Document of Identity for Visa Purposes or Electronic Home Visit Permit). For Electronic Home Visit Permit, only the Hong Kong Identity Card number printed on it will be disclosed. (Please also refer to the Immigration Department of the Government of HKSAR’s Statement of Purpose for further details);
(d) The Government of HKSAR authorities as and when necessary for the purpose of safeguarding aviation and airport security, as permitted or required under the applicable laws; and
(e) Any third party where such disclosure is mandated by statutory or contractual obligations or as required by law or court of law, or where such disclosure is necessary to protect our interests (as permitted by law).

**Flight Token e-Channel of Immigration Department of the Government of HKSAR is not applicable to transfer / transit passengers.

Your personal data will be kept confidential and will not be disclosed to any third party except:

(a) as prescribed in “To whom may we transfer your personal data under this service?” section of these Specific Terms; and
(b) to third party service providers who are acting for, on behalf of or jointly with us in connection with:
1) system development and maintenance including system upgrade of Flight Token facilities; and
2) (in a form that does not directly identify you) data analytics,
to the extent necessary to fulfil any of the purpose(s) stated above, subject to (i) control measures imposed by us and our approval; and (ii) confidentiality and privacy obligations that are materially equivalent to those set out in this Privacy Policy .

Our general data retention policy is set out under “How long do we retain your personal data?” section in the General Terms.

All personal data which directly identifies you (including but not limited to your name, your travel document number and your image) will be deleted seven (7) days after flight departure or cancellation of your flight. Whilst we will retain data that does not directly identify you for statistics, analytics and research purposes as mentioned in paragraph (e) under “What are the purposes for which your personal data may be used?” section of these Specific Terms, we will not retain them for a period longer than it is necessary for us to achieve such purposes. Notwithstanding the aforesaid, if any personal data (including the aforesaid personal data which directly identifies you) is required for the purpose of safeguarding aviation and airport security or otherwise required as specified under applicable laws or in connection with any legal proceedings to be kept for a period of time which may be longer than is expressly provided in this Privacy Policy, the same will be so retained but we will take all practicable steps to ensure that such data will not be kept longer than is necessary for the fulfilment of such purposes.