Privacy Policy
Pledge Statement
General TermsShow AllHide All
  • What is personal data?

    Throughout this Privacy Policy, the term "personal data" means any data relating directly or indirectly to you, from which it is practicable for your identity to be directly or indirectly ascertained, and in a form in which access to or processing of the data is practicable.

  • To whom may we transfer your personal data generally?

    This section “To whom may we transfer your personal data generally?” of General Terms is not applicable to the service of “Flight Token”.

    Your personal data will be kept confidential and will not be disclosed to any third party except as set out in this Privacy Policy or such disclosure as permitted or required under the applicable laws or as allowed under the PDPO.

    We may engage third party service providers including third party system maintenance service providers (who may be located outside Hong Kong) who are acting for, on behalf of or jointly with us, to achieve the purposes for each of the specific services, and in this connection we will provide your personal data to such service providers provided that they shall use and handle your personal data in accordance with this Privacy Policy. Please refer to the Specific Terms for individual services which may have additional information.

    In general, we may transfer your personal data with the following classes of transferees:

    (a) Any person or company (including third party agent or sub-contractor) who is acting for, on behalf of or jointly with us, or any of our service providers including third party system maintenance service providers; in all such cases, disclosure may take place to fulfil any of the purposes, provided that such third parties to whom your personal data is communicated are subject to confidentiality and privacy obligations that are materially equivalent to those set out in this Privacy Policy;
    (b) Any financial institutions, charge or credit card issuing companies, credit information or reference bureaus, or collection agencies where necessary to establish and support the payment of any products and services being requested by you; and
    (c) Any other third party where such disclosure is mandated by statutory or contractual obligations or as required by law or court of law, or where such disclosure is necessary to protect our interests (as permitted by law).

  • How long do we retain your personal data?

    We will not retain your personal data, including any tokenised personal data, for a period longer than it is necessary for us to achieve the purposes for each service set out in this Privacy Policy, including to prepare statistics and conduct analytics and research for the continuous improvement of our operation of as well as our facilities and services. Due to the different purposes for which we collect and use the personal data, we may apply different retention periods for the personal data we hold. Please refer to the Specific Terms for individual services which may have additional information.

    Notwithstanding the aforesaid, if any personal data is required as specified under applicable laws or in connection with any legal proceedings to be kept for a period of time which may be longer than is expressly provided in this Privacy Policy, the same will be retained but we will take all practical steps to ensure that such data will not be kept longer than is necessary for the fulfilment of such purposes.

  • What data security measures have we put in place to protect your data?

    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  • What if you provide third party personal data to us?

    When you provide personal data of a third party to us, you agree that you have secured the relevant third party’s consent to provide us with their personal data (to be collected, used and stored in accordance with this Privacy Policy) prior to such provision by you.

  • What about personal data collected by third parties?

    Where applicable, we may feature embedded links, "share" buttons or widgets on our websites or app(s) which enable you to connect to third party sites, including social media sites. These third-party sites may set cookies which can identify you as an individual when you are logged in to their services. We do not control these cookies or how these sites collect and handle your personal data.

    If the services you use require payment of money, you will be redirected to a secure third-party website belonging to our payment gateway service provider to complete payment of any purchase. Payment-related personal data (including but not limited to the cardholder’s full name, card number prefix, cardholder’s billing address, card verification value (CVV) and card expiry date) will be collected by the payment gateway service provider for processing your order's payment as well as other incidental purposes. We will not be able to provide the services to you if you do not provide the data.

    When you visit Hong Kong International Airport ("HKIA"), certain third parties within HKIA which are unrelated to us may also collect and use your personal data when you use their services or where they are authorised by law to do so. This includes (but is not limited to) third party airline companies, the Immigration Department of the Government of Hong Kong Special Administrative Region ("HKSAR") and other third-party service providers within HKIA. The collection and use of your personal data by such third parties are subject to the privacy policies and terms and conditions of such third parties. We do not control such collection and use of your personal data by such third parties and we will not be responsible for the same.

  • What are your rights?

    You have the right to access, verify or update any of your personal data that we hold. An access request form can be downloaded from the website of the Office of the Privacy Commissioner for Personal Data, Hong Kong.

    You may also request the Authority to correct the personal data that you have accessed if such data is inaccurate. We will handle your request as soon as possible.

    Please note that under PDPO, the Authority has the right to charge a reasonable fee for complying with a data access request. Data access and correction requests can be addressed to our General Personal Data Officer (see "How can you contact us" section below).

  • How can you contact us?

    If you wish to contact us regarding this Privacy Policy (including in relation to any of your rights under this Privacy Policy or any other questions you may have), please contact our General Personal Data Officer via the below address:

    General Personal Data Officer
    Airport Authority Hong Kong
    HKIA Tower
    1 Sky Plaza Road
    Hong Kong International Airport
    Lantau Island
    Hong Kong

  • What if you are a minor?

    We do not use our website(s) or app(s) or service(s) to knowingly solicit any personal data or other information from any persons under the age of 18. If you are under 18, by providing us with your personal data, you agree that you have informed your parents and guardians about the Privacy Policy prior to such provision, and they have approved of such provision by you based on the terms of the Privacy Policy.

  • Use of Cookies

    When you browse this website (or application), cookies will be stored in your computer or device's hard drive. Such cookies can be retrieved by this website (or application) to show the state of your web browser's previous visits to this website (or application). We will not collect any personal data from you under this circumstance. You have a choice not to accept the cookies, but if you do so, certain functionality of this website (or application) may not be available.

  • How is this Privacy Policy updated and where can you find it?

    We regularly review this Privacy Policy, and the most up-to-date version of this Privacy Policy will be shown on this page.

  • Which language of this Privacy Policy prevails?

    Where terms of this Privacy Policy are available in other languages, the English version shall be the governing version and shall prevail whenever there is a discrepancy amongst versions.

  • Have you checked our specific terms for the service(s) you are interested in?

    We are proud to provide a variety of services for our visitors. As each service is unique, we have included privacy policy terms which are specific to the service you are interested in.

    Please click on the Specific Terms for each service below.

i-Customer Service CentreShow AllHide All
  • What personal data do we collect?

    When using the Live Chat service installed at the smart airport information kiosk named “i-Customer Service Centre” (“i-CSC”), audio recording on conversation between you and the operation officer on duty will take place, and we may collect one or more than one of the following personal data depending on the nature of enquiry:

    (a) First name and last name;
    (b) Contact details (phone number, email address, postal address);
    (c) Travel details (travel document number, flight number and flight ticket number);
    (d) Staff number or Airport Restricted Area Permit number; and
    (e) Any kinds of documents which may facilitate investigation of your enquiry or request for assistance.

  • What are the purposes for which your personal data may be used?

    We may use your personal data collected for the following purposes:

    (a) Handling (analysing, considering and processing) your enquiry; and
    (b) Case investigation (investigating or further studying your complaint and/or compliment).

  • Do you have to provide the personal data?

    It is voluntary for you to use the i-CSC Live Chat service and provide the personal data as described above.

    If you do not provide the personal data, this means that we will not be able to provide you with our services, to respond to or resolve your enquiry or request through i-CSC Live Chat, and your personal data will not be collected or retained by the Authority.

  • To whom may we transfer your personal data under this service?

    Other than the classes of transferee to whom we may transfer your personal data mentioned elsewhere in this Privacy Policy, for the i-CSC Live Chat service, we may also share your personal data with the following classes of transferees:

    (a) Relevant departments of the Government of HKSAR to which the subject matter of your enquiry or comment may relate (including the Immigration Department, Transport Department, Port Health Division) for further handling and/or investigation;
    (b) Our contracted service providers (airlines, business partners, contractors including Aviation Security Company Limited, car park, lost & found, wheelchair operator, meet and assist, ancillary service, ground handling agents or retailers) that provide and handle the service to which your enquiry or comment may relate, for further handling and/or investigation; and
    (c) Any third parties appointed by HKIA (including insurers and solicitors) if their advice and/or involvement is required for us to respond to your enquiry or request.

  • How long do we retain your personal data for the Services?

    Our general data retention policy is set out under “How long do we retain your personal data?” section of the General Terms.

    All personal data which directly identifies you will normally be retained for 31 days after collection and will be deleted afterwards. However, we may retain your personal data for longer if there is a subsisting reason that obliges us to retain it for longer (e.g. to investigate your complaint).