HK Express Customer Privacy Policy - South Korea

When you use the services of Hong Kong Express Airways Limited (“HK Express”, “we”, “us”, “our”), you entrust us with personal information (“Personal Data”). This HK Express Customer Privacy Policy – South Korea (“Privacy Policy”) sets out what information we collect, and how we use it for individuals based in South Korea.

This Privacy Policy also applies when you buy travel packages from us (if applicable).

You consent to the collection and use of your Personal Data in accordance with the terms of this Privacy Policy.

This Privacy Policy is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.

This Privacy Policy was last updated on 11 September 2024. You may find the previous versions of the Privacy Policy from below:

The Privacy Policy applicable up to 10 September 2024 is available here.

At HK Express, we are committed to protecting your Personal Data and your privacy. To ensure that you can make informed decisions and feel confident about sharing certain Personal Data with us, please read this Privacy Policy to understand whom we share your Personal Data with and for what purposes, and the choices you have concerning how your Personal Data is collected and used by us. We may also provide further privacy collection notices highlighting certain uses of your Personal Data, together with the ability to opt in or out of certain uses, when we collect Personal Data from you.


HK Express is the controller (or equivalent in relevant jurisdictions) of the Personal Data collected and processed for purposes specified below. We will notify you of any changes to our Privacy Policy, including by posting the revised policy on our website at www.hkexpress.com (“Website”), and/or other means of contact such as email. The changes will be effective from the date of posting.

2.1 When we talk about Personal Data, we mean information about an individual that can identify them. The Personal Data we collect about you depends on the particular product and services we provide to you. Any reference to “information” or “data” in this Privacy Policy is a reference to Personal Data about a living individual. We will collect and process some or all of the following Personal Data about you where necessary:


(a) Information about you


Your personal information such as your full name, gender, date of birth, nationality, travel document details (including passport number, passport expiry date, country that issued your passport and your country of residence (collectively, also known as “Advanced Passenger Information” (API))), your contact details (telephone numbers, mailing addresses, email addresses and fax numbers), your parents’/guardian’s names and contact details, addresses, and photographs and other images, as well as geolocation information;


(b) Your payment details


Payment details used to purchase our products and services such as credit or debit card numbers and expiry dates, account information relating to other payment services (such as online or mobile payment services or virtual currency), and other general billing information;


(c) Information we collect in relation to your travel


Information about your travel arrangements such as your booking reference, travel itinerary, flight details, hotel selection, your choice of tours, car rentals or other add-ons to your travel package, details and Personal Data of your travel companions or persons assisting you, your activity at airport departure and arrival halls, your redemption group members, seat and meal preferences, your emergency contacts, and any information relating to any special assistance that you require (such as dietary requirements, health or medical needs that you would like us to know about);


(d) Information about your membership and transactions


Information about your loyalty programme membership (including travel partner programme affiliations) with us and/or any of our subsidiaries, associated companies and/or business partners, including our affiliate Cathay Pacific Airways Limited (“Cathay Pacific”)’s loyalty programme (“Cathay Membership Programme”);


(e) Information about your use of our products and services


Information about previous travel arrangements, feedback about your experiences, details of lost luggage and other claims, your use of our inflight facilities, and your purchase of our duty-free products and branded items;


(f) Your interests, preferences and opinions


Information that we collect about your interests, preferences and opinions such as your hobbies, destinations you are interested in, and products and services you have bought;


(g) Our interactions with you


A record of any interactions and correspondence between us such as calls made through our call centre, any interactions you have with our staff or representatives (including whilst on board our flights) and any interactions with us on our Website, mobile applications, social media platforms and/or other communication or advertising channels;


(h) Survey information


Your responses to market surveys and contests conducted by us or on our behalf;


(i) Your use of our Website, mobile applications, social media platforms and other communication or advertising channels


Details of your visits to our Website, your use of our mobile applications, social media platforms and other communication or advertising channels, and other information collected through cookies and other tracking technology (including the information that you look at). When you log into or navigate our digital touchpoints, we will process your login details, service usages, and certain information about devices and connections of users (such as IP address). We may also collect information about you that is publicly available online that you chose to provide us in relation to your visits to the above;


(j) Technical information of your device and network connection


Your device information such as manufacturer and model, operating system, browser version, browser addons installed, screen resolution, memory usage, battery level; information about your network connection such as your IP addresses, connection speed, carrier name; and


(k) Employment and company information


If you are an employee, other person travelling or obtaining products or services in relation to our corporate/business travel services, or one of our corporate or government clients, we will collect certain information about your employment, the company, or relationship with our corporate or government clients such as your company’s or employer’s name, your professional title and your work contact information.


2.2 Certain Personal Data we collect is treated as more sensitive or special category data to which additional protections apply under the applicable data protection laws. Examples of such data include health information, information about special assistance, etc. To the extent permissible by applicable data protection laws, we may collect and process such sensitive Personal Data (for example, when we handle requests for special medical, access assistance, or your specific dietary requirements that may indicate your religious or other beliefs). We will typically ask you for your consent when collecting, processing or sharing with a third party this type of Personal Data, unless we are otherwise permitted to process such Personal Data under the applicable data protection laws. We will also limit the collection of such Personal Data to a minimum and to only where necessary. Where we process such Personal Data, we will ensure we are permitted to do so under the applicable data protection laws.


2.3 Certain Personal Data (particularly details of your travel documentation, payment details and contact information) are required for many of our products and services and if you fail to supply such Personal Data as requested for specific services, we may be unable to deliver to you the products and services in full.

3.1 We will collect some Personal Data from you directly.


3.2 We will collect other Personal Data from third parties including:


(a) travel agents (including corporate travel managers) and other persons that make bookings or otherwise interact with us on your behalf;


(b) our service providers and agents such as our ground handling agents who assist you with check-in and boarding or our call centre agents who provide customer service;


(c) third parties such as other airlines, providers of other travel-related services with whom we partner to provide you with goods, services or offers based upon your experiences or that we believe will be of interest to you (“Strategic Business Partners”). Examples of Strategic Business Partners include travel and tour partners, time share partners, rental car providers, and travel booking platforms. Strategic Business Partners are independent from HK Express;


(d) our third-party marketing partners;


(e) operators of our partner loyalty programmes such as Cathay Membership Programme;


(f) organisations which conduct credit, fraud, and other passenger checks;


(g) immigration, customs, border security and law enforcement bodies, airport authorities and other government or regulatory bodies; and


(h) providers of third-party websites, mobile applications, social media platforms and other communication or advertising channels,


through the following ways:-


(i) companies when we enter into a license or similar agreement to sell goods and services under HK Express brand (“Authorised Licensees”). Authorised Licensees are independent from HK Express;


(ii) cookies or tracking tools we have included in our Website and mobile applications; or


(iii) social login (depending on your settings or the privacy policies for social media pages and messaging services of these social media pages you might give us permission to access information from those accounts or services).


3.3 If you provide us with information about other individuals, you must tell those individuals and let them know where they can find a copy of this Privacy Policy and obtain their lawful consent if required under applicable laws.

4.1 When you share information with us, you help us make our services to you better. Here are the main ways we will use your Personal Data:


(a) To provide our products and services to you and to administer your travel arrangements


To provide our products and services to you, to process and administer your travel arrangements (including processing any reservations and payments regarding flights, hotel accommodations, etc.), to contact you and send you information about our services and your travel arrangements (including the use of electronic receipt programme), to identify and verify your identity, and to provide or facilitate any special assistance you may have asked for. When you provide an email address in making a reservation, we use that email address to send you a copy of your bill. If you make a reservation for another person using your email address, that person's bill will be emailed to you as well;


(b) To tailor and personalise our products and services to you


To tailor and personalise the products and services that we provided to you, including when you contact our call center, use the services on our Website or mobile applications, or interact with us on social media platforms or other communication or advertising channels. We may also tailor our communications to you and tailor what we present to you to better match your preferences and interests;


(c) To provide customer support


For customer support purposes such as responding to your enquiries and requests, providing assistance to you in relation to issues such as baggage claims and flight delays;


(d) For marketing purposes


For providing you with marketing communications, as explained in more detail in section 6 below;


(e) To operate and facilitate your participation in our partner loyalty programmes


Where you are a member of  our partner loyalty programmes including the Cathay Membership Programme, we will use Personal Data that we collect about you for the operations of the programme (such as processing your membership application and to ensure that you get the benefit of the partner loyalty programmes, including to track your earning and claiming of club points, your accrual and redemption activities, and record your mileage credits (where applicable)). If you are a member of the Cathay Membership Programme and where we have your consent to do so, we will also disclose your Personal Data to our affiliate Cathay Pacific so they can send you details of any offers or promotions in connection with your travels with us, which may be of interest to you;


(f) For social interactions


To administer campaigns, contests and sweepstakes conducted by us and/or our Strategic Business Partners when you choose to participate in them, including disclosing the winners of any such contest;


(g) To improve our products and services


For the purposes of improving our products and services for the benefit of our customers generally, including to ensure that our Website, mobile applications, web pages and other communication and advertising channels (including social media pages and advertisements) function correctly and in accordance with your preferences and circumstances;


(h) For safety and security purposes and emergency response activities


To ensure the safety and security of all our staff and passengers and to undertake any necessary activities during emergency events; and


(i) To comply with our legal obligations and for legal and administrative purposes


To comply with our legal and regulatory obligations and for legal and administrative purposes (such as verifying and processing payment, screening against fraud, screening against abusive booking, money laundering and other criminal or unlawful activities, accounting, billing and audit purposes, developing, maintaining and testing our systems), for claims handling and for understanding, exercising, enforcing or protecting our legal rights and those of others.


4.2 Data protection laws require us to meet certain conditions before we are allowed to use your Personal Data in the way we describe in this Privacy Policy. We take these responsibilities extremely seriously. In accordance with the applicable data protection laws, we will rely on the appropriate lawful basis to process your Personal Data depending on the activities we are carrying out, which include:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will carry out any necessary assessment when relying on legitimate interests, to balance our interests against your own. The outcome of this assessment will determine whether we can use your Personal Data in the ways described in this Privacy Policy. We will always act reasonably and give full and proper consideration to your interests in carrying out this assessment.


4.3 Where we process Personal Data that is more sensitive or falls within a special category, we will also ensure we are permitted to do so under the applicable data protection laws (for example if we have your explicit consent, or that the processing is necessary to establish, exercise or defend legal claims).


In certain circumstances, we will disclose your Personal Data to the following parties in accordance with the applicable data protection laws as described below:

5.1 Our service providers, our affiliates and subsidiaries, and any other companies that are part of the Cathay Pacific group who process Personal Data on our behalf for the purposes described in section 4

We will permit our third-party service providers, including agents, contractors and other partners, our affiliates, subsidiaries and other Cathay Pacific group companies, to use your Personal Data on our behalf for the purposes set out in section 4. Examples of such third parties include our ground handling agents who assist you with check-in and boarding, operators of our IT systems and call centre agents. We may also disclose your Personal Data to third parties in order to facilitate any special arrangements that you may have requested, such as liaising with airport authorities to arrange wheelchair assistance or with our catering providers to accommodate any special meal requests.

5.2 Third parties such as other airlines, hotel partners, travel operators and travel agents and insurance companies in order to facilitate and administer your travel arrangements

In order to facilitate and administer your travel arrangements, we may transfer your Personal Data to third parties such as other airlines (including our partner and codeshare airlines in the context of codeshare and interline arrangements where we are the marketing carrier), hotel partners, land or sea transport operators, as well as to travel agents or other persons who interact with us on your behalf.

Your Personal Data will be used by such third parties in accordance with their privacy policies. The privacy policies of our interline and codeshare partner airlines can be found in the International Air Transport Association (“IATA”) privacy policy repository at http://www.iatatravelcenter.com/privacy. For others, please visit the third parties’ website for more details.

5.3  Our third party partners, for marketing purposes

To the extent permissible under applicable data protection laws, we may disclose your Personal Data to third parties so they can provide marketing services or conduct marketing or social interaction activities on our behalf (such as campaigns, contests, sweepstakes, market research, customer surveys and data analytics) to help us improve and tailor our marketing activities, products and services. Subject to us having obtained appropriate consent from you, we may also disclose your Personal Data to our third-party marketing partners in order that they may market their products and services to you.

If you are a member of Cathay Membership Programme, we will also share your Personal Data with Cathay Pacific for the above purposes, as well as to enable Cathay Pacific to combine your Personal Data with the Personal Data they hold about you.

5.4 Our Partner Loyalty Programmes

We may transfer your Personal Data to Cathay Pacific, or to operators of our partner loyalty programmes, to facilitate your participation in the relevant programmes.

5.5 Our corporate or government clients

For employees or other persons travelling or obtaining products or services in relation to one of our corporate or government clients, we will disclose your travel details and information concerning your use of our service to our corporate or government clients.

5.6 Government and regulatory bodies and other individuals, bodies and organisations (for example immigration, customs, border security, regulators and the police) for the purposes of complying with our legal obligations, for reasons of safety and security, to enable us to provide our products and services to you and otherwise for legal and administrative purposes

We may disclose your Personal Data to governments and regulatory authorities and bodies and to other individuals, bodies and organisations such as immigration, customs, border security, airport authorities, dispute resolution, prosecution and law enforcement bodies, legal advisers, organisations which conduct credit, fraud and other passenger checks, and other individuals, bodies and organisations for the purposes of complying with our legal obligations (for example, where we are required by regulators and laws in the United States, European Union member states, and other countries to disclose your Personal Data in relation to your travel document, booking details and flight itinerary (also known as Passenger Name Record (PNR) and/or Advanced Passenger Information (API)) to relevant customs and immigration authorities). We may also disclose your Personal Data to such individuals, bodies and organisations for reasons of safety and security, to enable us to provide our products and services to you or otherwise for legal and administrative purposes.

5.7 Names of third party recipients of your Personal Data and description of their processing work

The names of third parties that will process your Personal Data on our behalf and descriptions of their work are as follows. This list may be amended or updated from time to time.

Service Provider (Trade Name)Description of Work
AACTProvides cargo handling services in Incheon airport.
Abacus/ SabreAllows booking creation from agents through Abacus/ Sabre system to Navitaire.

Accertify

Payment fraud prevention service.

Alipay

Payment service.

Alpha Red

Developer of group booking system for travel agencies to make direct bookings for customers.

Amadeus

Allows booking creation from agents through Amadeus system to Navitaire.

ASAP

Provides baggage delivery services in Incheon airport.

Asiana Airlines

Provides ground handling service including check-in and boarding in Busan airport and cargo handling services in Incheon airport.

Beijing Interactive CRM Technology

Call centre for handling customer requests and contacts.

Freezone ISEC Korea

Provides inadmissible passenger escort services in Incheon and Jeju airport, and baggage storage services in Jeju airport.

Gategourmet

Handles pre-order food and beverage service.

Jeju Air Service

Provides ground handling service including check-in and boarding in Busan and Jeju airport.

JIMU

Payment service.

KCNet

Provides platform for transmission of cargo related electronic document in Busan airport.

KOAVSEC

Provides cargo screening services in Incheon airport.

Korean Air Lines

Provides cargo handling services in Busan airport.

KTNet

Provides electronic data interchange services in Incheon airport.

Microsoft O365

Multiple services provided by O365, for example:

  • Cloud Storage
  • Office Software Suite

Mitto

SMS platform for sending itinerary SMS, one-time passwords for member registration or forget password function.

Navitaire

Allows booking creation from all distribution channels.

Quantum Metric

Provides real-time analytics and insights services to debug and optimise our website and mobile application.

Sendgrid

Email deployment platform.

Sharp Korea

Provides ground handling service including check-in and boarding in Incheon and Jeju airport.

Sitecore

Stores customer transactions and customers’ interactions with HK Express direct channels.

Swissport Korea

Provides ground handling service including check-in and boarding in Incheon airport.

TML

Developer of HK Express native mobile application (iOS and Android platform).

Travelport

Allows booking creation from agents from global distribution system channels to Navitaire.

Travelsky

Allows booking creation from agents through Travelsky system to Navitaire.

UNIES

Provides cargo screening services in Busan airport.

WeChat Pay

Payment service.

Worldpay

Payment service.

Xiyi International Limited

Developer of HK Express WeChat Mini App.

5.8 Provision of Personal Data to a third party when booking flight tickets

(a) Personal Data you provide when you book flights online include the following. Please note, Personal Data collected from you may vary depending on the nature of services provided to you:

Mandatory information:

  • Your family name, given names, title
  • Your travel companions' family name, given names, title (when applicable)
  • Mobile phone number, email address
  • Payment information
  • Date of birth (applicable to children under the age of 12)
  • Travel document information (applicable to specific points of departure/arrival)
  • Nationality, gender, date of birth (applicable to specific points of departure/arrival)
  • Destination contact information (applicable to specific points of departure/arrival)
  • Destination address (applicable to specific points of departure/arrival)
  • Region of residence (applicable to specific points of departure/arrival)
  • Emergency contact (applicable to specific points of departure/arrival)

Optional information:

  • Meal preferences
  • Seat preferences
  • Any partner loyalty programmes information and membership number

Please note: Unaccompanied young travellers under the age of 14 will need additional consent from a guardian for collection and use of their Personal Data.

(b) In addition, we may provide your Personal Data to third parties in the following cases:

Name of RecipientPersonal Data involvedPurpose of Use by RecipientPeriod of Retention and Use by Recipient

Asia Miles Limited

  • Name
  • Date of birth
  • Cathay Membership Programme information

Asia Miles accrual

Until member account termination

Aviation authorities in the countries where HK Express operates

Advance passenger information

Legal/regulatory requirement

In accordance with applicable laws/regulations

Navitaire

All information collected during booking flow

For managing passenger flight bookings

7 years

5.9 Overseas transfer of Personal Data

We transfer or retain users’ Personal Data overseas as below. You are entitled to refuse to consent to the overseas transfer of your Personal Data. If you do not consent to the overseas transfer, please contact dpo@hkexpress.com. However, if you refuse to provide your consent, you may be restricted from using our services.

Name of Recipient (Country to which Personal Data will be transferred/ Contact information of their respective person in charge of managing Personal Data)

Personal Data transferred overseas

Timing and method of transfer

Purpose of Use by the Recipient

Period of retention and use by Recipient

Accertify (United States/ legal@accertify.com)

Payment fraud prevention

Online transmission upon creation of member account and booking

For fraud prevention during payment

1 year

Asia Miles Limited (Hong Kong/ dpo@cathaypacific.com)

Name

Date of birth

Cathay Membership Programme information

Online transmission upon creation of member account and booking

Asia Miles redemption

Until member account termination

Jimu (People’s Republic of China, kefu@jimutour.com)

Alipay and WeChat payment processing

Online transmission upon payment

For payment processing

3 years

Navitaire (Australia/
https://www.navitaire.com/)

All information collected in booking

Online transmission upon creation of booking

For managing passenger flight bookings

7 years

WorldPay
(United Kingdom, DPO@worldpay.com)

Credit card payment processing

Online transmission upon payment

For payment processing

18 months

Xiyi International Limited
(China, pengsichao@xiyiad.com)

Information Collect in WeChat Mini App booking

Online transmission upon creation of booking

For managing passenger flight bookings

2 months


6.1 To the extent permissible under applicable data protection laws, we may use Personal Data for marketing and promotional purposes, including (i) for sending or showing you updates on latest news, offers and promotions in connection with our products and services (and the products and services of our group companies such as Cathay Pacific and third parties) (ii) for sending or showing you joint marketing offers about our travel services and packages, loyalty programmes, contests and sweepstakes, duty-free sales and ancillary services such as travel insurance, hotel transfers and car rentals; or (iii) for tailoring and tracking your interactions with content on our Website, mobile applications, social media platforms and other communication or advertising channels (including banner advertisement and links) and from third-party websites to our Website, mobile applications, and social media.


6.2 We may also use Personal Data to analyse our customers’ preferences and market trends and derive insights, which we may use to tailor the types of products and offers that we present to you. This may involve us combining Personal Data that we hold about your use of our services with information that we have collected about your web and mobile applications usage. We may also combine information that we have collected about you with information that we have collected about our other customers in order to derive these insights and establish market trends. We may provide these insights to our third-party partners and Cathay Pacific pursuant to the Cathay Membership Programme for their marketing and promotional purposes. We also use advertising services and products provided by third-party service providers (such as marketing agencies, social media platforms and other communication or advertising channels) for marketing and promotional purposes, which may involve us sharing Personal Data that we hold about you with them.


6.3 We may communicate marketing, promotions and research invitations to you by post, telephone, online or other communication or advertising channels (including by email or through your mobile device or via online banner advertisement) and, as appropriate and where required, we will ask you for your consent, or otherwise provide you with the opportunity to choose not to receive marketing, at the time we collect your data.


6.4 You do, however, have the right to unsubscribe or opt out of receiving marketing communications at any time. We will provide an option to unsubscribe or opt out of further communication on any direct marketing communication sent to you. You may also opt out by contacting us as set out in section 8.4 below.


6.5 Please note that if you choose to unsubscribe or opt out of marketing communication, we will still send you service-related communications about your travel with us and any other services that we provide to you.

7.1 IT Security


We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. We make sure the technical and organisational measures taken provide a level of security appropriate to the risks involved in the processing undertaken and the nature of the Personal Data involved in accordance with the requirements of applicable data protection laws.


All Personal Data we collect about you is stored on our or our subcontractors’ secure servers. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected. You are responsible for keeping any information that we send to you confidential and for complying with any other security procedures that we notify you of. In particular, where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website or mobile applications, we ask you not to share the password with anyone.


7.2 Exporting your Personal Data


We may process your Personal Data outside of the jurisdiction in which you are located or in which your Personal Data was collected, where the applicable data protection laws may not offer the same level of protection available in the jurisdiction where you are located or where your Personal Data was collected.


Your Personal Data may be shared overseas with parties identified in section 5 above including other companies within the Cathay Pacific group and certain third parties located throughout the world (including in Australia, the People’s Republic of China, the Republic of Ireland, and Singapore). For example, the hosting locations of our IT infrastructure may be outside of the jurisdiction where we collected your Personal Data. Where your Personal Data is transferred overseas by us or on our behalf, we use appropriate safeguards to protect your Personal Data to a standard essentially equivalent to the data protection laws applicable to the jurisdiction in which you are located or where the data was collected. These safeguards include implementing applicable standard contractual clauses for transfers of Personal Data between the companies within the Cathay Pacific group, which require group companies to protect Personal Data they transfer from the jurisdiction in which it was collected in accordance with applicable data protection laws and take reasonable steps to ensure that the overseas recipient does not breach applicable data protection laws in relation to your Personal Data. You may obtain information and a copy of the relevant safeguard relied on for the transfer of your Personal Data by contacting us via the details set out in section 8.4 below.


7.3 Retention period


We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted purpose (for example where we are required to retain Personal Data for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements in the relevant jurisdictions). We may also retain your Personal Data for a longer period in the event of a complaint or if we believe there is a reasonable prospect of litigation in respect to our relationship with you. Different retention periods apply for different types of Personal Data. If you no longer have an account with us or we are no longer providing services to you, your information that is no longer needed is either irreversibly anonymised (and the anonymised information will be retained) or securely destroyed.


7.4 Methods and Process of Destruction of Personal data


We will destroy Personal Data without delay when either the purpose of processing has been achieved or the period of processing and retention has expired.


If it is required to continue to preserve Personal Data pursuant to other laws and regulations even though the retention period of the Personal Data consented by the data subject has expired or the purpose of processing such Personal Data has been achieved, the Personal Data shall be segregated to ensure that the purpose of processing will be limited accordingly.


The procedure and methods for destruction of Personal Data are as follows:


  • Destruction Procedure: We select the Personal Data subject to destruction and destroy them with the supervision of our Data Protection Officer.
  • Destruction Methods: We permanently delete Personal Data stored in the form of an electronic file using a technical method that renders the record irrecoverable. For other records, printed materials, written documents or recording media, we destroy them by shredding or incinerating them.


8.1 General rights


You have rights under the applicable data protection laws that relate to the way we process your Personal Data. Legal guardians may be able to exercise the relevant rights on behalf of a minor in accordance with the applicable data protection laws. More information on these rights can be found on the relevant data protection authority’s website of your jurisdiction. 


Subject to various exceptions and in accordance with the applicable data protection laws, your rights may include:


  • The right to access the Personal Data that we hold about you;
  • The right to request for correction of any inaccurate Personal Data we hold about you;
  • The right to request for erasure of any Personal Data we hold about you;
  • The right to restrict our processing of the Personal Data we hold about you;
  • The right to object to our processing, or disclosure to third parties, of Personal Data we hold about you (including for the purposes of sending marketing materials to you);
  • The right to request for a copy of the Personal Data. You also have the right to make us transfer this Personal Data to another organisation;
  • The right to withdraw your consent, where we rely on it to use your Personal Data;
  • The right for you not to be subject to a decision based solely on an automated process. We do not carry out any automated decision-making; and
  • The right to give us instructions regarding the management of your Personal Data in the event of your death.

We may charge a reasonable fee for the processing of any data access request in accordance with applicable data protection laws. You also have the right to raise a complaint about our processing with the data protection regulator in your jurisdiction. Please contact us if you would like further information.


8.2 Right to opt out of direct marketing


You have the right to ask us not to process your Personal Data for direct marketing purposes. You can exercise your right to prevent such processing by indicating that you do not consent to direct marketing at the point at which we collect your Personal Data. You can also exercise the right at any time after we have collected and used your Personal Data for direct marketing purposes by:

  • following the opt-out instructions contained in the relevant communications; or
  • by writing to our Data Protection Officer. 

8.3 Updating information


We will take reasonable steps to try and ensure that your Personal Data is accurate and up to date. To help us do this, please notify us of any changes to your Personal Data.


8.4 Contacting us


Customers requesting more information or clarification on specific Personal Data usage are welcome to contact us at dpo@hkexpress.com or write to us at the below mailing addresses:


The Data Protection Officer
Hong Kong Express Airways Limited
1st Floor, 11 Tung Fai Road,
Hong Kong International Airport, Lantau, Hong Kong

The websites of HK Express, its affiliates and subsidiaries, including our Website www.hkexpress.com use cookies which, among other things, help us to improve your experience of our websites and to ensure that they perform as you expect them to. For detailed information on how we use cookies and the purposes for which we use then, please see our Cookies Policy.

This Website contains links to other sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our Website and read the privacy statements of other websites. We have no control over Personal Data that you submit to or receive from these third parties.