北部灣航空

貼心提示

隱私條款

隱私條例

1. INTRODUCTION

引言

1.1 This Policy gives important information about:

本項政策提供了有關以下各方面的重要信息：

1.1.1 the data protection principles with which Guangxi Beibu Gulf Airlines Co., Ltd. (hereinafter the "Company", "we", "us" or "our") must comply;

廣西北部灣航空有限責任公司（下稱“本公司”、“我們”、“我司”或者“我們的”）必須遵守的數據保護原則；

1.1.2 what is meant by personal information (or data) and sensitive personal information (or data);

個人信息（或數據）以及敏感個人信息（或數據）的含義；

1.1.3 how we gather and use personal information and sensitive personal information in accordance with the data protection principles under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the requirements of other relevant laws and regulations of other countries and regions; and

我們是如何依據《一般數據保護條例》(EU) 2016/679 ("GDPR") 等其他國家、地區相關法律法規要求中的數據保護原則來收集和使用個人信息以及敏感個人信息的；

1.1.4 data subjects' rights and obligations in relation to data protection.

數據主體與數據保護有關享有的權利和承擔的義務。

1.2 This Policy applies to all personal information collected by or on behalf of the Company, and may include personal information about its customers, potential customers, website visitors and job applicants. This Policy may be provided to you using a number of methods, including through the use of any of our websites, through the use of any of our mobile applications, through the use of telephone, or in-person at any of our retail locations.

本項政策適用于本公司自行或委托他方收集的所有個人信息，其中可包括有關本公司客戶、潛在客戶、網站用戶和求職者的個人信息。本項政策可通過多種方式向您提供，包括通過訪問本公司的任何網站、使用本公司推出的任何一種移動應用程序、打電話或在本公司任何一家實體門店與服務人員面對面溝通。

1.3 We will review and update this Policy as we deem necessary or in accordance with our data protection obligations.

我們將在必要的情況下或依據我們承擔的數據保護義務，對本項政策進行審查和更新。

1.4 The Company may obtain, keep and use personal information (also referred to as personal data) about its customers, potential customers, website visitors and job applicants for a number of specific lawful purposes.

本公司可為多個特定的合法目的而取得、保存并使用有關其客戶、潛在客戶、網站用戶和求職者的個人信息（也稱為“個人數據”）。

1.5 This Policy sets out how we comply with our data protection obligations and seek to protect personal information. Its purpose is also to ensure that our staff understand and comply with the rules governing the collection, use and deletion of personal information to which they may have access in the course of their work.

本項政策對我司具體如何履行我們承擔的數據保護義務，以及采取何種措施來保護個人信息作出了規定。起草本項政策的另一個目的是為確保我們的員工了解并遵守適用于收集、使用和刪除其在履行工作職責的過程中可能接觸到的個人信息的相關規則。

1.6 We are committed to complying with our data protection obligations, and to being concise, clear and transparent about how we obtain and use personal information, and how (and when) we delete that information once it is no longer required.

我們承諾將遵守我們所承擔的數據保護義務，并對我們如何取得并使用個人信息，以及當不再需要時我們如何（以及何時）刪除該等數據保持簡明、清晰和透明的態度。

1.7 The Company’s Data Protection Officer has overall responsibility for addressing all issues relating to the protection of your personal information, and is responsible for assisting us in monitoring internal compliance, informing and advising on our data protection obligations and acting as a contact point for you and any supervisory authority. If you have any questions or comments about the content of this Policy or if you need further information, you can contact the following persons:

本公司的數據保障負責人（或稱“數據保護主管”）對處理有關保護您個人信息的各方面事宜承擔總體責任，并負責協助本公司監控內部合規情況、就本公司承擔的數據保護義務提供信息和建議、以及作為本公司與您和任何監管機構之間的聯系人。您對本項政策的內容有任何問題或意見，或需要了解更多信息的，請與下列人員聯系：

1.7.1 The Company's Data Protection Officer: [GXA-DPO@hnair.com]; or

本公司的數據保障負責人：[GXA-DPO@hnair.com]；

1.7.2 The Company's EU representative: [GXA-DPO@hnair.com].

本公司的歐盟代表：[GXA-DPO@hnair.com]。

2. DEFINITIONS

定義 "criminal records information" means personal information relating to criminal convictions and offences, allegations, proceedings, and related security measures; "data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information; "data subject" means the individual to whom the personal information relates; "personal information" or "personal data" means information relating to an individual who can be identified (directly or indirectly) from that information; "processing" means obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it; "pseudonymised" means the process by which personal information is processed in such a way that it cannot be used to identify an individual without the use of additional information, which is kept separately and subject to technical and organisational measures to ensure that the personal information cannot be attributed to an identifiable individual; "sensitive personal information" (sometimes known as "special categories of personal data" or "sensitive personal data") means personal information about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetics information, biometric information (where used to identify an individual) and information concerning an individual’s health, sex life or sexual orientation. "Websites" means any website(s) owned or operated by the Company. “犯罪記錄信息” 指涉及刑事定罪和犯罪、指控、法律程序和相關安保措施的個人信息； “數據違規”或“數據泄露” 指違反安保措施，導致個人信息被意外或非法損毀、丟失、更改、未經授權地披露或獲取的情形； “數據主體” 指個人信息所涉及的個人； “個人信息” 或“個人數據” 指與某一個人相關的、從中可（直接或間接）識別此人身份的信息； “處理” 指獲取、記錄、組織、儲存、修改、檢索、披露及/或銷毀信息、使用信息或利用信息實施任何一種行為； “假名化” 指對個人信息采取的一種處理方式，經處理后，不利用額外信息將無法識別相關個人的身份，而上述額外信息被單獨存放，受制于技術和組織管理手段，以確保有關的個人信息無法與一名可識別的個人相關聯； “敏感個人信息” （也稱作“特殊類別個人數據”或“敏感個人數據”）指有關個人的人種、種族、政治傾向、宗教或哲學信仰、工會會員（或非會員）的個人信息、遺傳信息、（用于識別個人身份的）生物信息以及有關個人健康、性生活或性取向方面的信息； “網站” 指本公司擁有或運營的任何一個網站。

3. DATA PROTECTION PRINCIPLES

數據保護原則

3.1 The Company will comply with the following data protection principles when processing personal information:

在處理個人信息時，本公司將遵守下列數據保護原則：

3.1.1 we will process personal information lawfully, fairly and in a transparent manner;

我們將以合法、公平和透明的方式來處理個人信息；

3.1.2 we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;

我們僅為指定、明確及合法的目的收集個人信息，不會以和該等合法目的不相符的方式來處理個人信息；

3.1.3 we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;

我們僅在針對相關目的而言適當、有關及必要的情況下才會處理個人信息；

3.1.4 we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information are deleted or corrected without delay;

我們將保持個人信息的準確和更新，并采取合理行動確保及時刪除或更正不準確的個人信息；

3.1.5 we will keep personal information in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the information is processed; and

我們將以恰當的形式來保存個人信息，確保就識別數據主體之身份而言，信息的保存時間不長于處理信息之目的所需；

3.1.6 we will take appropriate technical and organisational measures to ensure that personal information are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

我們將采取適當的技術和組織管理手段，以確保個人信息的安全，并保障信息不會受到未經授權或非法的處理，或遭受意外丟失、損毀或破壞。

4. PRIVACY NOTICE

隱私通知

4.1 The Company may supplement this Policy by issuing privacy notices from time to time, informing you about the personal information that we collect and hold relating to you, how you can expect your personal information to be used and for what purposes.

本公司可能不時對本項政策作出補充，告知您有關本公司收集和持有的有關您的個人信息，以及本公司將會以何種方式以及為何種目的使用您的個人信息。

4.2 We will take appropriate measures to provide information in privacy notices in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

我們將采取適當措施以簡潔、透明、易于理解和閱讀的形式，并采用清晰直白的語言通過隱私通知向您傳達信息。

4.3 When personal information is collected

何時收集個人信息

4.3.1 We collect personal information where it is necessary for us to conduct our everyday activities or functions.

我們在開展日常經營活動或履行日常職責所需時收集個人信息。

4.3.2 Here are some examples of situations where we collect personal information:

以下列舉了一些我們收集個人信息的情形：

(a) when you register for an account on our Websites, apps or kiosks;

當您在本公司網站、應用程序或柜臺注冊賬戶時；

(b) when you complete purchase orders, requests or applications for our products, services and/or facilities (by telephone, in person, by post, on forms, through our Websites or by any other means);

當您（通過電話、親自、通過郵件、表格，或通過本公司網站或任何其他方式）針對本公司產品、服務及/或設施填寫采購訂單、書面要求或申請時；

(c) when you communicate with us directly in relation to our products, services and/or facilities (by telephone, in person, by post, on forms, through our Websites or by any other means);

當您（通過電話、親自、通過郵件、表格，或通過本公司網站或任何其他方式）就與本公司產品、服務及/或設施有關的問題直接與我們溝通時；

(d) when you use services and/or facilities that are made available on our Websites or at our physical locations;

當您使用我們通過本公司網站或實體門店提供的服務及/或設施時；

(e) when you conduct certain types of transactions such as booking tickets, redeeming points for tickets, purchasing points, refunds, purchasing meal or in-flight merchandise;

當您實施某一類交易（如購票、兌換機票、購買積分、退款、預訂機上餐食、購買機上商品）時；

(f) when you enter, and when you interact with us during, any of our promotions, competitions, contests, lucky draws or special events;

當您參加我們組織的任何一項促銷、比賽、競賽、抽獎或特別活動，并在活動期間與我們進行互動時；

(g) when you subscribe to any of our membership programmes;

當您注冊參與我們組織的任何一個會員項目時；

(h) when you participate in our surveys and other types of research; or

當您參與我們發起的意見調查及其他類型的調研時；

(i) when you apply for employment with us.

當您向本公司提出就職申請時。

4.3.3 We do not collect personal information from persons under the age of 16 without prior permission from a parent or a guardian. If you believe that we have accidentally collected personal information from a person under the age of 16 without the prior permission of a parent or guardian, please contact our Data Protection Officer at once under paragraph 1.7 of this Policy in order to have the relevant personal information erased. If you are under the age of 16, please do not proceed to provide us with any of your personal information through any means whatsoever unless you have first procured permission from your parent or your guardian.

未經父母或監護人事先許可，我們不會向未成年人（根據適用法律）收集其個人信息。如果您認為我們在未經父母或監護人事先許可的情況下不慎收集了未成年人（根據適用法律）的個人信息，請立即通過本項政策第1.7條下所述的聯系方式與本公司的數據保障負責人聯系，從而確保將相關的個人信息刪除。如果您是未成年人（根據適用法律），請不要通過任何方式向本公司提供您的個人信息，除非您已事先取得您父母或監護人的許可。

4.4 What personal information is collected

何種個人信息將被收集

4.4.1 The provision of your personal information is voluntary unless otherwise indicated as mandatory. If you do not provide any personal information to us which is mandatory, we may not be able to provide the products and/or services that you require of us.

除非指明是強制性要求，否則提供您的個人信息均是自愿性質的。如果您不向我們提供我們強制要求您提供的信息，我們可能無法向您提供所要求的產品及/或服務。

4.4.2 The types of personal information which we may collect include the following:

我們可能收集的個人信息的種類包括：

(a) contact information such as names, addresses, telephone numbers, email addresses, delivery addresses and usernames;

聯絡信息，例如姓名、地址、電話號碼、電子郵箱地址、收貨地址、用戶名；

(b) billing information such as billing address, bank card information and credit card information;

收費信息，例如賬單地址、銀行卡信息和信用卡信息；

(c) unique information such as nationality and identity document information (including but not limited to identity card numbers, passport numbers, photographs and date of birth), sex, occupational duties, health status and meal preferences;

獨特信息，例如國籍、證件信息（包括但不限于身份證號碼、護照號碼、照片和出生日期）、性別、職業職務、健康狀況、餐食偏好；

(d) contact and marketing preferences;

偏好接受的聯系方式和營銷資料；

(e) details of any membership that you have with us;

您在本公司的會員資料；

(f) details of your visits to our Websites, such as traffic data, location data, and the resources that you access on our Websites;

您訪問本公司網站的詳情，例如流量數據、地點數據以及您進入本公司網站所訪問的資源；

(g) details of your online identifiers, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags;

您網上標識符的詳情，例如IP地址、cookie標識符或諸如射頻識別標簽等其他標識符；

(h) your transaction history with us; and

您在本公司的交易記錄；

(i) if you are a candidate for employment, any personal information that you provide to us during the recruitment process including personal details from your resume and any application form that you submit to us. Such personal information may include your employment history and working eligibility rights.

如果您是求職者，您在招聘過程中向我們提供的任何個人信息，包括您提交給本公司的簡歷和入職申請表中包含的個人詳情。該等個人信息可能包括您的工作經歷和就業權信息。

4.4.3 You may, in certain circumstances, provide us with personal information relating to third parties (for example, your designated Fortune Wings Club beneficiaries, next-of-kin, traveling companion or, if you are a candidate for employment, any person whom you have nominated as your referee). When this happens, you are deemed to have represented and confirmed to us that you have obtained the consent of such third party to provide his/her personal information to us for processing in the manner set out in this Policy.

在特定情況下，您可能向我們提供涉及第三方（比如，您的指定金鵬受益人、直系親屬、旅伴或者（若您是求職者）您的推薦人）的個人信息。在此情況下，您被視為已向本公司聲明并確認，您已取得該等第三方的同意，向本公司提供其個人信息并且本公司可按照本項政策規定的方式處理該等信息。

4.5 Purposes for collection, use and processing of personal information

收集、使用和處理個人信息的目的

4.5.1 The personal information which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances at hand and your consent, including for example:

取決于當下的情形以及您的同意，我們向您收集的個人信息可能是為各種目的而采集、使用、披露及/或處理，包括（舉例而言）：

(a) to assess, process and provide our products, services and/or facilities requested by you; including but not limited to:

? selling flight tickets, flight ticket and hotel packages, in-flight merchandise, etc.

? sending you product or service booking confirmations

? providing you with flight-related services, such as check-in, meals, seat selection, luggage services, transit accommodation, irregular flight guarantees and special passenger services

? providing notifications and instructions related to products or services during your journey, such as instructions about boarding gates and baggage collection

評估、處理和提供您要求的本公司的產品、服務及/或設施。包括但不限于：

? 銷售機票、機票加酒店、機上商品等

? 向您發送產品或服務的預訂確認

? 為您提供與航班相關服務，例如值機、餐食、選座、行李服務、中轉住宿、不正常航班保障、特殊旅客服務等

? 在您的旅途中提供與產品或服務相關的通知與提示，例如登機口提示、行李轉盤提示等

(b) to provide you with any assistance that you have requested; including but not limited to:

? related enquiries or information confirmation operations that you have authorized us to carry out

? responding to your enquiries

? assisting you with transaction operations

? providing you with technical assistance

向您提供您所要求的任何協助。包括但不限于：

? 您授權我們進行相關的查詢或者信息確認操作

? 解答您的疑問咨詢

? 協助您進行交易操作

? 為您提供技術援助

? inviting you to join the Fortune Wings Club

? inviting you to participate in various satisfaction surveys

維護并提升您與本公司之間的客戶關系。包括但不限于：

? 邀請您加入金鵬俱樂部

? 邀請您參與形式多樣的滿意度調研

(d) to establish your identity; including but not limited to:

? requesting that you present the relevant documents during check-in, boarding, baggage inspection and other procedures

? informing you about login activity on your online account

? requesting that you present the relevant documents when proceed with membership affair

確定您的身份。包括但不限于：

? 在值機、登機、行李檢查等環節要求您出示相關證件

? 向您告知網絡賬號的登錄行為

? 在辦理會員業務時要求您提供相關證件

(e) to administer and process any payments (including refunds) related to products, services and/or facilities or other commercial transactions requested by you; including but not limited to:

? making order payments

? handling your refund requests

? fulfilling our compensation obligations

管理并處理與您要求的產品、服務及/或設施或其他商業交易有關的任何付款（包括退款）。包括但不限于：

? 進行訂單支付

? 處理您提出的退款要求

? 履行我們的補償義務

(f) to respond to your enquiries or complaints and resolve any issues and disputes which may arise in connection with any dealings between us;

對與你我之間的任何交易有關您所提出的問詢或投訴作出回復，并解決出現的任何問題和爭議；

(g) to provide you with information and updates on products, services, facilities, loyalty programmes, promotions, launches, campaigns, contests and/or events offered or organised by us and our affiliated partners from time to time, in accordance with your consent; including but not limited to

? sending you event invitations

? delivering or distributing prizes to you

在取得您同意的情況下，向您提供有關本公司及我們的關聯合作方不時提供或組織的產品、服務、設施、客戶忠誠計劃、促銷、產品投放、專項營銷、比賽及/或會展活動的相關信息和最新資訊。包括但不限于：

? 向您發送活動邀請

? 向您交付或分發獎品

(h) for direct marketing purposes via SMS, phone, email, fax, mail, instant messaging, social media and/or any other appropriate communication channels, in accordance with your consent;

在取得您同意的情況下，通過短信、電話、電子郵件、傳真、郵件、即時通訊、社交媒體及/或任何其他適當的通訊手段達到直接營銷的目的；

(i) to administer our loyalty or rewards programmes, including the use of airport lounges and the administration of the Fortune Wings Club;

管理我們的客戶忠誠或獎勵計劃，包括使用機場貴賓休息室和管理金鵬俱樂部事務；

(j) to engage in codesharing or similar business arrangements with other airlines;

實施航班代碼共享或與其他航空公司之間的類似商業安排；

(k) to cater to your dietary requirements when using our products, services and/or facilities;

滿足您在使用我們的產品、服務及/或設施時提出的餐飲要求；

(l) for internal administrative purposes and record-keeping;

滿足內部管理和記錄存檔要求；

(m) to send you seasonal greetings messages from time to time;

不時向您發送節日祝福訊息；

(n) to send you service or account change notifications and information when necessary;

必要時向您發送服務、賬戶變動通知消息；

(o) to monitor, review and improve our products, services, facilities, promotions and/or events; including but not limited to:

? cookies used by our websites and apps

? traffic analysis and performance monitoring tools used by our websites and apps

監控、審查并改進我們的產品、服務、設施、促銷方案及/或展會活動。包括但不限于：

? 我們的網站、APP使用cookie

? 我們的網站、APP使用流量分析與性能監控工具

(p) to conduct market research or surveys, internal marketing analysis, customer profiling activities, analysis of customer patterns and choices, planning and statistical and trend analysis in relation to our products, services and/or facilities;

針對我們的產品、服務及/或設施開展市場調查或調研、內部營銷分析、客戶資料管理、客戶模式和選擇分析、規劃/統計/趨勢分析；

(q) to process, combine and/or analyse your personal information for the above purposes;

為上述目的處理、整合及/或分析您的個人信息；

(r) for detecting, investigating and preventing fraudulent, prohibited or illegal activities;

發現、調查及防止欺詐、禁止或非法的活動；

(s) for our audit, risk management and security purposes;

滿足本公司審計、風險管理及安保目的；

(t) for enabling us to perform our obligations and enforce our rights under any agreements or documents that we are a party to;

使本公司能夠履行我們作為當事方的任何協議或文件下應承擔的義務，并行使我們在該等協議或文件下享有的權利；

(u) to transfer or assign our rights, interests and obligations under any agreements entered into with us;

轉讓或出讓我們所訂立的任何協議下所享有的權利、權益及承擔的義務；

(v) for meeting any applicable legal or regulatory requirements and making disclosure under the requirements of any applicable law, legislation, regulation, direction, court order, by-law, guideline, circular or code applicable to us from time to time ("Applicable Law");

遵循任何適用的法律或監管要求，根據不時適用于本公司的任何法律、立法、法規、指令、法庭命令、規章、指南、通知或法典（“適用法律”）的規定作出信息披露；

(w) to enforce or defend our rights and your rights under, and to comply with, our obligations under any Applicable Law.

行使或保障你我雙方于任何適用法律項下享有的權利，及履行本公司于任何適用法律項下應承擔的義務。

4.5.2 We will notify you in advance of any other purpose(s) for which we intend to use your data and obtain your consent where necessary, unless we are permitted by the GDPR or any other Applicable Law to process your personal information without your consent.

如果本公司意圖將您的數據用于任何其他目的，我們將事先向您告知并取得您的同意，除非根據GDPR或任何其他適用法律，我們獲準在未取得您同意的情況下處理您的個人信息。

4.5.3 Please note that you have the right to object to the processing of your personal data for direct marketing purposes and the right to opt-out of any direct marketing from us and to unsubscribe from any SMS, phone, email, fax, mail, instant messaging, social media and/or other communication channels we use to engage in direct marketing with you. We will endeavour to provide instructions in all such communications on how to opt-out, but you may also contact our Data Protection Officer under paragraph 1.7 of this Policy if you wish to exercise your right to opt-out and are not clear how to exercise such right accordingly.

敬請注意，您有權拒絕為達到直接營銷的目的而處理您的個人數據，并有權退出本公司的任何直接營銷計劃，從我們將您納入其中展開直接營銷的任何短信、電話、電子郵件、傳真、郵件、即時通訊、社交媒體及/或其他通訊系統中進行退訂。我們將盡力在上述各種通訊系統中提供如何退訂系統的說明，但如果您想行使退訂系統的權利并且不清楚如何行使該權利，您也可參見本項政策第1.7條，與本公司的數據保障負責人聯系。

4.6 Transfer of personal information

個人信息的傳輸

4.6.1 In order to smoothly conduct our business operations and/or to fulfil our obligations to you, we may disclose the personal information that we have collected from you to third parties, for one or more of the purposes set out at paragraph 4.5 of this Policy. Examples of third parties to whom we may disclose your personal information include:

為順利開展我們的業務運作，及/或為履行我們對您承擔的義務，我們可能會為了達成本項政策第4.5條所述的一個或多個目的，而將我們向您收集的個人信息披露給第三方。舉例而言，我們可能會向其披露您個人信息的第三方包括：

(a) other companies in our group, such as our sister airlines, for the purposes of paragraphs 4.5.1(a), 4.5.1(b), 4.5.1(i), 4.5.1(j) and 4.5.1(k).

就4.5.1(a)、4.5.1(b)、4.5.1(i)、4.5.1(j)和4.5.1(k)所述之目的而言，我司集團旗下的其他公司，比如我們的姐妹航空公司；

(b) third party service providers, agents, affiliates or related companies who provide operational services in connection with our business such as data entry, telecommunications, information technology, logistics, storage and warehousing, catering, delivery, assembly, installation, printing and postal services, credit checks, credit facilities or services relating to marketing and promotional activity; including but not limited to:

? providers of related supplementary services, such as hotels, insurance companies, logistics companies, food supply companies and sales product suppliers

? other airlines, such as codesharing partners and mutual sales partners. Please note: Other airlines have their own privacy policies. If your travel plan includes traveling with other airlines, we recommend that you check the other policies, as they may differ from this Privacy Policy

? information technology providers, such as TravelSky, Amadeus and Google

提供與本公司業務相關的運營服務（如數據錄入、通訊、信息技術、物流、倉儲、餐飲、送貨、裝配、安裝、打印和郵遞服務、信用調查、融資或與營銷推廣活動有關的服務）的第三方服務提供商、代理商、關聯方或關聯企業。包括但不限于：

? 相關附加服務的提供商，例如酒店、保險公司、物流公司、餐食供應公司、銷售產品供應商等

? 其他航空公司。例如代碼共享合作伙伴、互售合作伙伴等。請注意：其他航空公司有其自己的隱私政策。如果您的旅行計劃包含其他航空公司的旅行，我們建議您查看其他政策，因為這些政策可能與本隱私聲明有所不同。?

? 信息技術提供商，例如中國民航信息集團、Amadeus、Google等

我們的專業顧問及/或審計師；

(d) relevant government regulators or authorities (in accordance with any Applicable Law). Including but not limited to:

? public security agencies (such as the National Civil Aviation Public Security Big Data Operation & Training Center) to which we submit personal information for screening in the interests of public safety and anti-terrorism

（根據任何適用法律行使職權的）相關政府監管機構或政府機關。包括但不限于：

? 提交至公安機關（例如全國民航公安大數據戰訓中心）進行篩查，用于維護公共安全和反恐。

4.6.2 The third parties with whom we conduct business are only authorised to use your personal information to perform the service for which they were hired. As part of our agreement with them, they may be required to adhere to the GDPR and/or any policies that we provide, and to take reasonable measures to ensure your personal information is secure.

與我們有業務往來的第三方僅有權將您的個人信息用于履行受委托的服務職責。作為我們與之訂立的協議的一部分，這些第三方可能被要求遵守GDPR及/或我們提供的任何方針，并采取合理措施確保您個人信息的安全。

4.7 Transfer of personal information of EEA data subjects out of the EEA

將歐洲經濟區數據主體的個人信息轉移出歐洲經濟區

4.7.1 Due to the global nature of the services that we provide, it is sometimes necessary for us to share the personal information of data subjects in the EEA with parties outside the EEA, for example:

由于我們提供的服務具有全球性，有時我們有必要與歐洲經濟區以外的各方共享歐洲經濟區數據主體的個人信息，例如：

(a) with our offices outside the EEA;

與我們在歐洲經濟區之外的辦事處共享；

(b) with our service providers located outside the EEA;

與位于歐洲經濟區以外的服務提供商分享；

當數據主體在歐洲經濟區工作生活；

(d) where there is an international dimension to the services we are providing to the data subject.

我們正在向數據主體提供的服務具有國際性元素。

4.7.2 These transfers are subject to special rules under European data protection law.

這些轉移受歐洲數據保護法下的特殊規定約束。

4.7.3 The Company may transfer personal information outside the EEA to:

公司可將個人信息轉移出歐洲經濟區至：

(a) a country, territory or organisation that is designated as having an adequate level of protection; or

被指定的具有適當保護水平的國家、地區或組織；

(b) an organisation receiving the information that has provided adequate safeguards by way of binding corporate rules, standard data protection clauses or compliance with an approved code of conduct.

一個已通過有約束力的公司規則、標準數據保護條款或遵守已批準的行為規范的方式來提供適當保障措施的組織。

4.7.4 In the absence of a European Commission adequacy decision, or of appropriate safeguards, we may need to transfer personal information of an EEA data subject to non-EEA countries where this is necessary for the performance of a contract or the implementation of pre-contractual measures.

在沒有歐盟委員會適當性決定（指擬將個人數據轉移至的國家、地區或組織是否具有適當保護水平的決定）或適當保障措施的情況下，我們可能需要將歐洲經濟區數據主體的個人信息轉移至履行合同或執行合同前措施所必需的非歐洲經濟區國家。

4.7.5 There may also be circumstances where we ask for the explicit consent of an EEA data subject to the transfer of personal information to a non-EEA country for purposes other than the performance of a contract or the implementation of pre-contractual measures. In such circumstances, we will inform the data subject of the increased risks of such transfer due to the absence of safeguards and the fact that these non-EEA countries (for example, the People's Republic of China) do not have the same data protection laws as the EEA.

在某些情況下，為了一些并不是履行合同或實施合同前措施的其他目的，我們也可能會尋求歐洲經濟區數據主體的明確同意，將人信息轉移給非歐洲經濟區國家。在這種情況下，我們將通知數據主體，由于缺乏保障措施以及這些非歐洲經濟區國家（例如中華人民共和國）沒有與歐洲經濟區相同的數據保護法，這些轉移可能會有增加的風險。

4.7.6 We will, however, ensure that all transfers of personal information of EEA data subjects out of the EEA comply with the GDPR. Our practice is, wherever possible and applicable, to use standard data protection contract clauses that have been approved by the European Commission. Those clauses are available on the following website of the European Commission:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

但是，我們將確保所有將歐洲經濟區數據主體的個人信息轉移出歐洲經濟區的轉移符合GDPR。我們的做法為，在可能和適用的情況下，使用經歐盟委員會批準的標準數據保護合同條款，這些條款可在歐盟委員會的以下網站上找到：

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

4.7.7 If you would like further information please contact the Data Protection Officer as shown at paragraph 1.7 of this Policy.

如果您想了解更多信息，請與本政策第1.7條中所述的數據保護主管聯系。

5. BASIS FOR PROCESSING PERSONAL INFORMATION

處理個人信息的基礎

5.1 In relation to any processing activity we will, before the processing starts for the first time, and then regularly while it continues:

對于任何處理活動，我們會在處理活動開始之前，以及處理活動進行的過程中定期執行以下的操作：

5.1.1 review the purposes of the particular processing activity, and select the most appropriate lawful basis (or bases) for that processing, i.e.:

審查特定處理活動的目的，并為該處理?選擇最適合的合法基礎，即：

(a) that the data subject has consented to the processing;

數據主體已經同意該處理；

(b) that the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

該處理為履行數據主體所訂立的合同所必需的，或者該處理是為了在訂立合同前根據數據主體的要求采取措施所必需的；

為了遵守公司所承擔的法律義務，該處理是必需的；

(d) that the processing is necessary for the protection of the vital interests of the data subject or another natural person; or

為保護數據主體或其他自然人的切身利益，該處理是必需的；

(e) that the processing is necessary for the purposes of legitimate interests of the Company or a third party, except where those interests are overridden by the interests of fundamental rights and freedoms of the data subject – see paragraph 5.2 of this Policy.

為了公司或者第三方正當利益，該處理是必需的，除非這些利益被數據主體的基本權利和自由利益所凌駕?—參見本政策第5.2條。

5.1.2 except where the processing is based on consent, satisfy ourselves that the processing is necessary for the purpose of the relevant lawful basis (i.e. that there is no other reasonable way to achieve that purpose);

除基于同意所進行的處理外，確保處理是為了相關的合法基礎的目的所必需的（即沒有其他合理的方法來達到此目的）；

5.1.3 document our decision as to which lawful basis applies, to help demonstrate our compliance with the data protection principles;

記錄我們關于適用何種合法基礎的決定，以幫助證明我們遵守數據保護原則；

5.1.4 include information about both the purposes of the processing and the lawful basis for it in our relevant privacy notice(s);

在我們的相關隱私通知中包含有關處理的目的及其合法基礎的信息；

5.1.5 where sensitive personal information is processed, also identify a lawful special condition for processing that information (see paragraph 6.2.2 of this Policy), and document it; and

在處理敏感個人信息的情況下，還應確定處理該信息的合法特殊條件（見本政策的第6.2.2條）并予以記錄；

5.1.6 where criminal offence information is processed, also identify a lawful condition for processing that information, and document it.

在處理刑事犯罪信息的情況下，還應確定處理該信息的合法條件并予以記錄。

5.2 When determining whether the Company’s legitimate interests are the most appropriate basis for lawful processing, we will:

當確定公司的正當利益是否為合法化處理最合適的基礎時，我們將：

5.2.1 conduct a legitimate interests assessment ("LIA") and keep a record of it, to ensure that we can justify our decision;

進行正當利益評估（“LIA”）并記錄下來，以確保我們能夠證明我們的決定是合理的；

5.2.2 if the LIA identifies a significant privacy impact, consider whether we also need to conduct a data protection impact assessment ("DPIA");

如果LIA確定有重大的隱私影響，我們會考慮我們是否還需要進行數據保護影響評估（“DPIA”）

5.2.3 keep the LIA under review, and repeat it if circumstances change; and

保持對LIA的審查，并在情況發生變化時重復進行；

5.2.4 include information about our legitimate interests in our relevant privacy notice(s).

在我們的相關隱私通知中包含有關我們正當利益的信息。

6. SENSITIVE PERSONAL INFORMATION

敏感個人信息

6.1 Sensitive personal information is sometimes referred to as ‘special categories of personal data’ or ‘sensitive personal data’ (e.g. information about your health status).

敏感個人信息有時候又被稱為“特殊類別的個人數據”或者“敏感個人數據”（如您的健康狀況信息）。

6.2 The Company may from time to time need to process sensitive personal information. We will only process sensitive personal information if:

公司可能時不時需要處理敏感個人信息。我們只會在以下情況下處理敏感個人信息：

6.2.1 we have a lawful basis for doing so as set out in paragraph 5.1.1 above, for example, it is necessary to comply with the Company’s legal obligations or for the purposes of the Company’s legitimate interests; and

我們有上述第5.1.1條所述的合法基礎，比如，為遵守公司的法律義務或者為公司的正當利益所必需；

6.2.2 one of the special conditions for processing sensitive personal information applies, for example:

處理敏感個人信息的特殊條件之一適用，如：

(a) the data subject has given explicit consent; including but not limited to:

? when you request special passenger services from us, such as for passengers with wheelchairs or passengers requiring a stretcher

? when you request refunds from us

數據主體已經給予明確同意。包括但不限于：

? 當您向我們申請了特殊旅客服務，例如輪椅旅客、擔架旅客等

? 當您向我們申請因病退款時

(b) the processing is necessary for the purposes of exercising the employment law rights or obligations of the Company or the data subject;

處理是為行使公司或者數據主體的勞動法律權利或者義務之目的所必需的；

(c) the processing is necessary to protect the data subject’s vital interests, and the data subject is physically incapable of giving consent;

處理是為保護數據主體的切身利益所必需，并且數據主體在身體上無法給予同意；

(d) processing relates to personal data which are manifestly made public by the data subject;

處理涉及數據主體明顯公開的個人資料；

(e) the processing is necessary for the establishment, exercise or defence of legal claims; or

處理對于建立、行使或者辯護法律索賠所必需；

(f) the processing is necessary for reasons of substantial public interest.

處理是為了重大公共利益所必需的。

6.3 Before processing any sensitive personal information, our staff shall notify the Data Protection Officer of the proposed processing, in order that the Data Protection Officer may assess whether the processing complies with the criteria noted above.

在處理任何敏感個人信息之前，我們的員工應當將擬進行的處理通知予數據保護主管以便其可以評估該處理是否符合上述標準。

6.4 Sensitive personal information will not be processed until:

敏感個人信息不會被處理直到：

6.4.1 the assessment referred to in paragraph 6.3 has taken place; and

已進行第6.3條所述的評估；

6.4.2 the individual has been properly informed (by way of a privacy notice or otherwise) of the nature of the processing, the purposes for which it is being carried out and the legal basis for it.

相關人士已經被適當通知了處理的性質（通過隱私通知或者其他方式），進行處理的目的以及其法律基礎。

6.5 During the recruitment process: the HR department, with guidance from the Data Protection Officer as necessary, will ensure that (except where the law permits otherwise):

在招聘的過程中：人力資源部門會根據來自于數據保護主管的指引來確保（除法律另有規定外）：

6.5.1 during the short-listing, interview and decision-making stages, no questions are asked relating to sensitive personal information, such as race or ethnic origin, trade union membership or health;

在篩選，面試和做出決定階段，不會詢問有關個人敏感信息的問題，比如種族或族裔、工會會員身份或者健康狀況；

6.5.2 if sensitive personal information is received, for example, the applicant provides it without being asked for it within his or her resume or during the interview, no record is kept of it and any reference to it is immediately deleted or redacted;

如果收到敏感個人信息，例如申請人在他或她的簡歷或者面試過程中在未被詢問的情況下提及敏感個人信息，則對于所提供的敏感個人信息不保留任何記錄，并立即刪除或者修改任何對其的引用；

6.5.3 any completed equal opportunities monitoring form is kept separate from the individual’s application form, and not be seen by the person shortlisting, interviewing or making the recruitment decision;

任何完成的平等機會監測表和個人申請表會分開放置并且不會被篩選、面試和做出招聘決定的人所看到；

6.5.4 ‘right to work’ checks are carried out before an offer of employment is made unconditional, and not during the earlier short-listing, interview or decision-making stages;

“就業權”檢查在提供無條件聘用之前進行，而不是在較早的篩選、面試或做出決定階段進行；

6.5.5 we will only ask health questions once an offer of employment has been made.

一旦聘用決定做出，我們只會詢問健康狀況問題。

7. CRIMINAL RECORDS INFORMATION

犯罪記錄信息

7.1 We do not process criminal records information unless required to do so by relevant government authorities (for example, for immigration and security purposes) and under the control of the relevant official authority or authorities.

我們不會處理犯罪記錄信息，除非有關政府機構這樣要求（例如，為了移民或者安全目的）以及在有關官方機構的控制下。

8. DATA PROTECTION IMPACT ASSESSMENTS (DPIA)

數據保護影響評估（DPIA）

8.1 Where processing is likely to result in a high risk to an individual’s data protection rights, we will, before commencing the processing, carry out a DPIA to assess:

在處理可能會對個人的數據保護權造成高風險的情況下，我們會在開始處理之前，進行DPIA以評估：

8.1.1 whether the processing is necessary and proportionate in relation to its purpose;

就其目的而言，處理是否必需以及適當；

8.1.2 the risks to individuals; and

對個人造成的風險；

8.1.3 what measures can be put in place to address those risks and protect personal information.

能夠采取什么樣的措施來解決這些風險和保護個人信息。

9. DOCUMENTATION AND RECORDS

文件和記錄

9.1 We will keep written records of processing activities which are high risk (for example, which may result in a risk to individuals’ rights and freedoms or involve sensitive personal information or criminal records information), including:

我們會保存高風險處理活動（比如，可能會對個人權利和自由造成風險或者涉及敏感個人信息或者犯罪紀錄信息）的書面記錄，包括：

9.1.1 the name and details of the employer’s organisation (and where applicable, of other controllers, the employer's representative and Data Protection Officer);

雇傭機構（如適用，以及其他控制人、雇主代表和數據保護主管）的名稱和詳細信息；

9.1.2 the purposes of the processing;

處理的目的；

9.1.3 a description of the categories of individuals and categories of personal data;

個人類別和個人數據類別的描述；

9.1.4 categories of recipients of personal data;

個人數據接收方的類別；

9.1.5 details of cross-border transfers, including documentation of the transfer mechanism safeguards in place;

跨境數據轉移的細節，包括已制定轉移機制保障措施的文件；

9.1.6 where possible, retention schedules; and

如果可能，數據保留時間表；

9.1.7 where possible, a description of technical and organisational security measures.

如果可能，技術和組織安全措施的描述。

9.2 As part of our record of processing activities we document, or link to documentation, on:

作為我們記錄處理活動的一部分，我們會以文檔記錄，或者鏈接到文檔，如下內容：

9.2.1 information required for privacy notices;

隱私通知所需要的信息；

9.2.2 records of consent;

同意記錄；

9.2.3 controller-processor contracts;

控制人—處理人合同；

9.2.4 the location of personal information;

個人信息的位置；

9.2.5 DPIAs; and

數據保護影響評估（DPIAs）；

9.2.6 records of data breaches.

數據泄露/數據違規的記錄。

9.3 If we process sensitive personal information or criminal records information, we will keep written records of:

如果我們處理敏感個人信息或者犯罪記錄信息，我們會對以下內容保持書面記錄：

9.3.1 the relevant purpose(s) for which the processing takes place, including (where required) why it is necessary for that purpose;

進行處理的相關目的，包括（如有需要）為何必須進行處理；

9.3.2 the lawful basis for our processing; and

我們處理的合法基礎；

9.3.3 whether we retain and erase the personal information in accordance with our policy documents (including this Policy) and, if not, the reasons for not following our policy.

我們是否根據我們的政策文件（包括本政策）保留和刪除個人信息，如果不遵守的話，提供不遵守我們的政策的原因。

9.4 We will conduct regular reviews of the personal information we process and update our documentation accordingly. This may include:

我們將定期審查我們處理的個人信息并且相應地更新我們的文檔記錄。這可能包括：

9.4.1 carrying out information audits to find out what personal information the Company holds;

進行信息審查以查明公司所持有的個人信息；

9.4.2 distributing questionnaires and talking to staff across the Company to get a more complete picture of our processing activities; and

分發問卷并與全公司員工交談，以更全面的了解我們的處理活動；

9.4.3 reviewing our policies, procedures, contracts and agreements to address areas such as retention, security and data sharing.

審查我們的政策、程序、合同和協議以處理數據保留、安全以及數據共享等方面的問題。

10. RIGHTS IN RELATION TO PERSONAL INFORMATION

與個人信息有關的權利

10.1 All data subjects have the following rights in relation to their personal information:

所有的數據主體對其個人信息擁有下列權利：

10.1.1 to be informed about how, why and on what basis that information is processed – see paragraph 4 of this Policy regarding the Company’s privacy notices;

被告知如何、為什么以及以什么為基礎處理信息—參見本政策第4條關于公司隱私通知；

10.1.2 to obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request – see paragraph 10.3 below;

通過提出主體訪問請求，以確認您信息正在被處理并且獲取您信息及其他相關信息的訪問權限—參見下文的10.3條；

10.1.3 to have data corrected if it is inaccurate or incomplete;

若數據不準確或者不完整，可要求更正；

10.1.4 to have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (this is sometimes known as ‘the right to be forgotten’);

如果數據對于其最初被收集/處理的目的而言已不再必需，或者處理沒有可凌駕性的正當理由，可要求將數據刪除（這有時被稱為“被遺忘權”）；

10.1.5 to restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but the data subject does not want the data to be erased); and

當信息的準確性有爭議時，或者處理不合法時（但數據主體不希望刪除數據），可要求限制該個人信息的處理；

10.1.6 to restrict the processing of personal information temporarily where you do not think it is accurate, or where you have objected to the processing.

當您認為數據不準確時，或者您拒絕處理時，可要求臨時限制個人信息的處理。

10.2 If you wish to exercise any of the rights in paragraph 10.1 above, please contact the Data Protection Officer as shown at paragraph 1.7 of this Policy.

如果你想行使上述10.1條中的任何權利時，請聯系本政策1.7條所述的數據保護主管。

10.3 Subject access requests

主體訪問請求

10.3.1 The Company will seek to comply with subject access requests and to provide the appropriate data within one month of a request being made. Where this isn't possible, the data subject will be kept informed. The Company may take professional advice about how to comply with any request, to ensure that appropriate information is provided. Usually there will be no charge for providing the information.

公司將盡力遵守主體訪問請求并且在請求后的一個月內提供適當的數據。如果不可能做到，數據主體將被知會。公司可能會就如何遵守請求接受專業建議以確保提供適當的信息。通常情況下提供信息是免費的。

10.3.2 In the unlikely event of manifestly unfounded or repetitive requests, the Company may decide not to provide information. However professional advice will be taken in those circumstances.

雖然不太可能發生，但如果發生明顯無理或重復的要求的情況，公司可能決定不提供信息。然而在這些情況下公司將會接受專業意見。

11. INFORMATION SECURITY

信息安全

11.1 The Company will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. These may include:

公司將會采取適當的技術和組織措施來確保個人信息的安全，特別是防止未經授權或者非法地處理以及意外丟失、破壞或損壞。這些措施可能包括：

11.1.1 making sure that, where possible, personal information is pseudonymised or encrypted;

可能的話，確保個人信息被假名化或者加密；

11.1.2 ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

確保處理系統和服務持續的保密性、完整性、可用性以及靈活性；

11.1.3 ensuring that, in the event of a physical or technical incident, availability and access to personal information can be restored in a timely manner; and

確保在發生實地或者技術事件時及時恢復個人信息的可訪問性和訪問權限；

11.1.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

定期測試、評估和評價技術和組織措施的有效性以確保處理的安全性。

11.2 Where the Company uses external organisations to process personal information on its behalf, additional security arrangements will need to be implemented in contracts with those organisations to safeguard the security of personal information. In particular, contracts with external organisations will provide that:

如果公司使用外部組織代表其處理個人信息，則需要在與這些外部組織簽訂的合同中實施額外的安全措施以保護個人信息的安全。尤其是，與外部組織的合同將規定：

11.2.1 the organisation may act only on the written instructions of the Company;

該組織只能按照公司的書面指示行事；

11.2.2 those processing the data are subject to a duty of confidence;

處理數據的該組織有保密義務；

11.2.3 appropriate measures are taken to ensure the security of processing;

需采取適當的措施以確保處理的安全性；

11.2.4 sub-contractors are only engaged with the prior consent of the Company and under a written contract;

只有在獲得公司的事先同意并且有書面合同的情況下才能聘請分包商；

11.2.5 the organisation will assist the Company in providing subject access and allowing individuals to exercise their rights in relation to data protection;

該組織將協助公司提供主體訪問，并協助公司允許個人行使其在數據保護方面的權利；

11.2.6 the organisation will assist the Company in meeting its obligations in relation to the security of processing, the notification of data breaches and data protection impact assessments;

該組織將協助公司履行其在處理安全、數據泄露通知和數據保護影響評估方面的義務；

11.2.7 the organisation will delete or return all personal information to the Company as requested at the end of the contract; and

該組織將刪除或者按照合同結束時要求的那樣向公司返還所有個人信息；

11.2.8 the organisation will submit to audits and inspections, provide the Company with whatever information it needs to ensure that they are both meeting their data protection obligations, and tell the Company immediately if it is asked to do something infringing data protection law.

該組織同意被審計和檢查，向公司提供所需的任何信息以確保雙方都履行了其數據保護的義務，并且在被要求做一些侵犯數據保護法的事情時及時通知公司。

12. RETENTION OF PERSONAL INFORMATION

個人信息的保留

12.1 Personal information (and sensitive personal information) should not be retained for any longer than necessary. The length of time over which data should be retained will depend upon the circumstances, including the reasons why the personal information was obtained. In general, personal information will be retained as long as is necessary, or for 7 years after it is no longer in use, whichever is earlier.

個人信息（和敏感個人信息）不應保留超過必要的時間。數據應該保留的時間長短取決于具體情況，包括獲取個人信息的原因。一般而言，個人信息將在必要時保留，或者在不再使用后7年內保留，以先發生者為準。

12.2 Personal information (and sensitive personal information) that is no longer required will be deleted permanently from our information systems and any hard copies will be destroyed securely.

不再需要的個人信息（和敏感個人信息）將永久的從我們的信息系統中刪除，且任何硬拷貝副本將會被安全銷毀。

13. DATA BREACHES

數據泄露

13.1 A data breach may take many different forms, for example:

數據泄露可能有多種不同的形式，例如：

13.1.1 loss or theft of data or equipment on which personal information is stored;

儲存個人信息的數據或者設備的丟失或者失竊；

13.1.2 unauthorised access to or use of personal information either by a member of staff or third party;

員工或者第三方未經授權訪問或者使用個人信息；

13.1.3 loss of data resulting from an equipment or systems (including hardware and software) failure;

設備或者系統故障（包括硬件和軟件）所造成的數據丟失；

13.1.4 human error, such as accidental deletion or alteration of data;

人為錯誤，如意外刪除或者更改數據；

13.1.5 unforeseen circumstances, such as a fire or flood;

不可預見的情形，比如火災或者洪水；

13.1.6 deliberate attacks on IT systems, such as hacking, viruses or phishing scams; and

針對IT系統的蓄意攻擊，如黑客攻擊、病毒或者網絡釣魚詐騙；

13.1.7 ‘blagging’ offences, where information is obtained by deceiving the organisation which holds it.

“欺詐”罪行，其中信息是通過欺詐持有它的組織而獲得的。

13.2 In the event of a data breach, the Company will act in accordance with its Data Breach Notification Plan without undue delay.

如果發生數據泄露事件，公司將毫不延遲地按照其個人數據泄露通知計劃行事。

14. 數據出境說明

我們始終嚴格保護您的個人信息安全，為向您提供更便捷的服務。我們將遵循個人數據保護法第39條規定，當您乘坐北部灣航空國際航線使用當地地面服務時，您的乘機信息將會傳輸到北部灣航空地面服務代理商，以確保您順暢出行，具體如下：

14.1 接收方所在國家或地區：北部灣航空開航的國家或地區

14.2 接收方聯系方式（郵箱）：Corinne_NgLimei@sats.com.sg（新加坡）、GXSPVRS@BFSASIA.COM（泰國）

14.3 數據出境目的：為旅客提供下列服務目的：引導服務、旅客值機/取消值機、聯程接收、URES處理、證件校驗、行李、特服、中轉、旅客查詢/統計、航班信息查詢；打印、掃描登機牌辦理旅客登機、手工登機/拉下處理、旅客攔截服務。

14.4 數據出境類型：旅客姓名、旅客性別、旅客出生日期、旅客國籍、證件類型、證件號、證件簽發國家、證件失效日期、到達機場、計劃到達日期、計劃離港日期和時間、運營方航空公司、過境旅客信息。

14.5 數據出境方式及境外接收方處理活動：當出境旅客需要在落地后獲取北部灣航服務時，北部灣航海外機場地面服務代理人通過通過中航信離港系統上自動派發的報文查看相關數據和服務需求。地面代理人根據業務需要實時查詢和處理航班和旅客數據，利用相關數據核實旅客身份，按旅客需求為其辦理所需地面服務。

15. CONTACT US

聯系我們

15.1 At any time, if you

在任何時候，如果您

15.1.1 have any complaints, grievances or comments regarding how we are handling your personal information or about our compliance with the GDPR or any other applicable data protection law; or

對于我們如何處理您的個人信息或者對我們遵守GDPR或者其他適用的數據保護法有任何的投訴、不滿或意見；

15.1.2 wish to revoke any consent you have previously given to us to use your personal information;

希望撤銷您之前向我們做出的關于使用您個人信息的任何同意；

we welcome you to contact our Data Protection Officer and/or our EU Representative using the contact details provided under paragraph 1.7 of this Policy. We will strive to deal with any complaints, grievances or comments that you may have speedily and fairly.

我們歡迎您通過本政策第1.7條的聯系方式與我們的數據保護主管和/或我們的歐盟代表聯系。我們將竭盡全力迅速且公平的處理您可能提出的任何投訴、不滿或意見。

16. 隱私條款修改

Guangxi Beibu Gulf Airlines Co., Ltd. may amend this Privacy Policy from time to time. Use of the website, mobile site and mobile applications after the effective date of the amendments constitutes acceptance of the amended terms and conditions. We reserve the right to apply the amended terms to the information we have already collected, subject to any legal constraints. You should read and review this page regularly to see if there have been any changes.

本隱私條款的修改權、更新權均屬中國廣西北部灣航空有限責任公司。我們可能會不定期修訂、更新本隱私條款，并在網站上公布最新版本。我們建議您在使用我們的網站時，定期查閱這一頁面，以便您能了解隱私條款是否有任何的變動。

最近更新時間：2023年9月