Effective date: 24 May 2018
Last updated: 10 June, 2021
China Southern Airlines Company Limited (Hereinafter referred to as “CZ”, “China Southern ”, “We”) respects and takes measures to protect your personal information.
This Privacy Policy states how China Southern collects and uses your personal information and how you should exercise the relevant rights to protect it. This Privacy Policy shall apply to CZ’s ticketing businesses and any of our services to you, including but not limited to CZ authorized third party institutions or agencies assisting you booking a ticket, your use of CZ website (www.csair.com), China Southern’s App, WeChat account, mini-app or any other CZ authorized booking channels, and the personal information that CZ collects and uses when you access our services.
This Privacy Policy covers the following contents:
In case of any doubts or concerns about our use of your personal information, or if you wish to report to us or complain against any violations of this Privacy Policy, please contact us by the contact details below this Privacy Policy.
With headquarters based in Guangzhou, CZ has its company logo seen around the globe with a brilliant red kapok delicately adorning a blue vertical tail fin. As an airline company with the largest number of transport aircraft, the most developed route network and the largest annual passenger volume in the People’s Republic of China, CZ operates several branches including Xinjiang and Northern Branches and several holding airline subsidiaries including Xiamen Air; the China Southern Airlines General Aviation Limited established in Zhuhai; several domestic sales offices in Hangzhou and Qingdao, etc., as well as several international branch offices located in Singapore, New York City, etc.
Working closely with its partners, CZ is currently extending its coverage to even more destinations around the world. During the creation of the Canton Route International Airline Hub, CZ has been developing flight system and improving transit operation, benefiting from 6th Freedom of the air. Based in South East, South and East Asia, centred upon Europe and Oceania with the reach covering North America, Mideast and Africa, CZ has become the largest gateway hub connecting China to Oceania and South East Asia. For more information about CZ, please see the section of our Website at “Company Profile”.
CZ may, according to the business scenarios, collect personal information in the following ways:
We may, to provide you with air transit services, request you to supply the following personal information:
We use this personal information to facilitate your travel, provide you with other goods and services related to your travel, to administer our Sky Pearl Club programme, to carry out marketing activities and to provide you with our information and contact details. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
When you access our website, App, mini-app, WeChat account, etc., we will, as required by technology and equipment, automatically collect specific information about you from your devices.Such information that we collect automatically may include:
Please understand that these information is used by such third parties as Gridsum, Taobao, MTA, Jpush and Alipay to analyze and judge the uniqueness of equipment and safety risk control. We will use such information on operation to better understand our visitor community and improve our website quality and its relevance to visitors. If you refuse to agree to our collection of such information, we will be unable to provide you with basic functions and/or services (App, official website, mini-app and WeChat account) that require an online environment.
Part of such information will be collected by Cookies and similar tracking technologies, as stated in “IV. How does CZ use Cookies and similar technologies”.
From time to time, we will receive personal information about you from third party sources, but only where these parties confirm that they either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from third parties include travel professionals and others who assist in booking and arranging travel. We use the information we receive from these third parties to provide services to you, and maintain the accuracy of the records we hold about you.
The permissions and explanations to use your device we will request at startup to provide you with quality service are listed below. When a request pops up, you are recommended to grant the relevant permissions. No permission will be obtained without your prior agreement. You may turn off any permission in your device’s OS Settings.
Permissions | Notes |
---|---|
Telephone Permission | This permission allows reading its hardware data, which serve as a basis to generate a device’s unique identifier, and, by technologies and risk control rules, improve relevance between user and device. It also facilitates the functions of Pay by Friends, Airport Pickup, Call Drop-off Driver, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Storage Permission | This permission allows the functions to store and upload pictures, R/W personal settings in cache, create system and log files, cache itinerary/share screenshot/save pictures in album, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Positioning Permission | This permission allows personalized recommendation of services, e.g., Site Services, Public Services, Map & Navigation, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Contacts | Permission to access Contacts is required to view contacts’ information. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Network Service | Network is required to start Southern Airlines's App for the first time. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
SMS Transmission | Access to SMS is required to share information by SMS. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Camera & Album | This permission facilitates operations to scan codes and read boarding pass/human image/documents. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
MIC | Access to MIC is required to pick up your voice message. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Phone Status | Access to Phone Status is required to pay by China UnionPay. |
Bluetooth | Access to Bluetooth allows Southern Airlines to connect to devices. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
Calendar | Access to Calendar is required to manage your flight changes and itinerary memo. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected. |
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (including archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
We may disclose your personal information to the following categories of recipients:
Name | Business scenarios used | Purpose | Personal information field | Name of third party |
---|---|---|---|---|
CCB Dragon Pay SDK |
Pay for the order | Payment | Device information | China Construction Bank |
UnionPay (Cloud Flash Pay) SDK |
Payment | Payment | Device information |
China UnionPay https://open.unionpay.com/tjweb/index |
Alipay payment SDK |
Pay for the order | Payment |
Device information Storage information Network information |
Alipay https://open.alipay.com/platform/home.htm |
WeChat SDK |
Share links and pictures to moments WeChat associated login Payment for tickets |
WeChat login, sharing and payment |
Application information Device information |
WeChat https://developers.weixin.qq.com/doc/oplatform/Mobile_App/Resource_Center_Homepage.html |
TINGYUN SDK |
Risk management | Used for system risk management. Helping us to timely identify problems in the process of using App, and quickly locate and solve the problems. Improving the ability of digital operation and maintenance. |
Device information Network information |
TINGYUN https://doc.tingyun.com/app/html/ruhekaitong.html |
Security face SDK |
Face authentication Member's second password authentification |
Facial recognition | Camera permission, storage permission, user name, user mobile phone number, user ID number | Guangdong Public Security Authority |
GRIDSUM SDK |
Risk management | Used for collecting users' behavior data and system stability so that we can analyze the use of system and business functions to improve the system experience |
Device information Location information Application information |
Beijing Gridsum Technology Co., Ltd. https://www.gridsum.com/ |
UnionPay Face SDK |
Face authentication Member's second password authentification |
Facial recognition |
Device information Application information Camera access Storage permission |
China UnionPay https://open.unionpay.com/tjweb/index |
Baidu Map SDK |
City location, dynamic flight path | Location, navigation |
Device information Location information |
Baidu http://lbsyun.baidu.com/index.php?title=%E9%A6%96%E9%A1%B5 |
Baidu Voice SDK |
Knowledge search, flight search | Voice recognition |
Device information Application information Audio access |
https://ai.baidu.com/tech/speech/asr |
OCR SDK |
Adding/modifying passenger Membership authentication Adding bank card for wallet Opening wallet account |
Scanning for identification of documents and bank cards |
Device information Application information Camera access Storage permission |
GRG Banking https://www.grgbanking.com/cn/ |
Weibo SDK |
Weibo sharing | Weibo sharing |
Device information Application information |
Sina Weibo https://open.weibo.com/ |
QQ Interconnection SDK |
QQ login | QQ login |
Device information Application information |
Tencent http://op.open.qq.com/ |
Electronic Luggage Tag SDK |
Electronic luggage tag | Electronic luggage tag | None |
BAGTAG https://bagtag.com/ |
JPUSH SDK |
Message push | Push |
Device information Network information Application information |
jpush https://www.jiguang.cn |
usabilla | Suggestion feedback | Collecting users' feedback | None |
usabilla https://usabilla.com/ |
Daxing Face Scan SDK |
Daxing Airport One ID | Facial recognition |
Device information User's Login ID, Name, Mobile Number, ID Number |
SenseTime https://v2-devcenter.visioncloudapi.com/#/doc/silent-liveness/android/online/_summary |
IJIAMI SDK |
Risk management | Used for encrypting data to ensure the security of user data, system data and communication. | None |
Beijing Zhi You Wang An Technology Co. Ltd. https://www.ijiami.cn/ |
Ali EMAS SDK |
APP building packages | Used for fast packaging integration of APP to improve R & D efficiency. | None |
Ali Cloud https://www.aliyun.com |
Ali mPaaS SDK |
CZ APP | Used for offline packages to improve users' experience of browsing H5 web pages in the APP |
Device information Storage information |
Ali Cloud https://www.aliyun.com |
ASRC SDK |
Risk management | Used for encrypting data to ensure the security of user data, system data and communication. | Device information |
Ali Cloud https://www.aliyun.com |
Ali waf SDK |
Risk management | Used for system risk management. Monitoring and blocking crawlers to ensure system safety and stability and to prevent the crawlers crawling data and damaging the system. | Device information |
Ali Cloud https://www.aliyun.com |
Apple Pay | payment | payment | Device information |
Apple https://developer.apple.com/cn/apple-pay/resources/ |
In addition to maintaining the necessary basic functions of CZ APP operation, you will have the right to choose whether to use the above functions voluntarily when using CZ APP. We will continue to use your authorization during your use of CZ APP, and will stop using after you stop using the APP.
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookies Statement.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (1) where we need the personal information to perform a contract with you; (2) where the processing is in our legitimate interests and not overridden by your rights; (3) where we have your consent to do so. (4) In some cases, we may also have a legal obligation to collect personal information from you (5) We may need your personal information to protect your vital interests or those of another person under certain circumstances.
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our company and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, including responding to your queries, improving our products and services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the“How to report or complain against violations of this Privacy Policy or how to contact us?” heading below.
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include Secure Socket Layer (SSL) encrypting technology to secure the transmission of your data from your web browser to our internet system.
In order to provide you with the air transport and related services you need (booking, refunding, changing tickets), membership services, CZ's various products, fulfill the agreements with you, comply with applicable legal, tax, financial and accounting requirements and CZ's legitimate business needs, we will encrypt or desensitize the personal information collected from you.
If we do not store your personal information for the above reasons, we will delete or anonymize it. If it can not be deleted immediately or anonymized for objective reasons, we will safely store your personal information and avoid further processing before it can be deleted or anonymized.
CZ attaches great importance to the protection of minors' personal information. If you are a minor under the age of 14 or recognized as a child under the laws of other countries, you should obtain the written consent of your parents or legal guardians before using our products and / or services. CZ protects the personal information of children and minors of other ages in accordance with the relevant laws and regulations of the country.
For the collection of personal information of minors with the consent of their parents or legal guardians, we will only use or disclose this information with the permission of the law, the explicit consent of their parents or guardians or the necessary protection of the minors.
If the minors have provided us with personal information without the consent of their parents or guardians, their parents or guardians may contact us using the contact details provided under the heading "How to report or complain against violations of this Privacy Policy or how to contact us?" to delete such information or opt-out of mail and other activities in marketing promotion.
Your personal information may be transferred to countries other than the country in which you are resident for processing. These countries may apply different laws related to the protection of personal information (please note that the degree of protection of your personal information may vary under the laws of different countries).
Specifically, our Website servers are located in the People's Republic of China, and our group locations and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group locations, which require all group locations to protect personal information they process in accordance with applicable data protection law.
You have the following rights to protect personal information:
We will respond to the requests for the protection of personal information of the individuals concerned in accordance with the applicable personal information protection laws. For the exercise of above access, correction, deletion, cancellation and other functions on the App, we will complete the above requests within 15 working days in accordance with the relevant regulations.
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. If the applicable data protection law requires us to obtain your consent in the substantive revision of the privacy notice, we will comply with the provisions of the law to notify you by one or more ways of the announcements on the official website, the push in App, email, mail and telephone. If you have any objection to the update of this Privacy Policy, please contact us by the information below.
If you have any questions or concerns about our use of your personal information, please contact us:
Contact information of Southern Airlines personal information protection officer :
China: +86-4006695539
Overseas: +86-4008695539
Email: dpo@csair.com
Company's registration address: Room 301, 3rd Floor, Phase I Building, Guanhao Science Park, No.12 Yuyan Road, Huangpu District, Guangzhou, Guangdong Province
Other contact address: customer service counter of Southern Airlines, Baiyun Airport, Guangzhou, Guangdong Province
If you have questions other than privacy and personal information protection, please contact the following email address: 95539@csair.com