China Eastern Airlines Corporation Limited (hereinafter referred to as “CEA,” “the Company,” “we” or “us”) respects and is committed to protecting your personal information rights. The China Eastern Privacy Policy (hereinafter referred to as “this Policy”) is designed to explain how we collect, use, provide, transfer, disclose, transmit, store, delete, and protect your personal information, as well as how you can exercise your rights regarding your personal information. This Policy applies to the personal information processed during the provision of air transportation and other services by CEA, including but not limited to personal information processed through the CEA’s official website (https://www.ceair.com/), the CEA’s app, and other internet sites managed and operated by CEA, such as WeChat mini programs, Alipay mini programs, and mobile sites (m.ceair.com) that link to this Policy (collectively referred to as “the Platforms”), or personal information that may be involved when you contact CEA’s customer service team.
Please carefully read and fully understand this Policy before using the products and/or services provided by us. We strive to use concise language and highlight important terms closely related to your personal information rights in bold for your special attention. By clicking “Confirm” or using our products and/or services, you are consenting to this Policy and the collection, use, provision, transfer, disclosure, transmission, storage, deletion, and protection of your personal information for the rules described as informed by this Policy (unless separate consent is required under applicable laws). We will legally process and protect your personal information and respond to your personal information rights in accordance with relevant laws and regulations and this Policy.
We will not use your personal information beyond the purposes stated at the time of collection. If it becomes necessary to use your information beyond these purposes, we will inform you in advance and obtain your renewed authorization and consent or ensure we have other legally permissible grounds before proceeding.
Please note that the Company reserves the right to review and update this Policy from time to time. If you choose to continue using our products/services after the updated China Eastern Privacy Policy takes effect, each login to our Platform signifies your agreement to the then-current China Eastern Privacy Policy.
This Policy will help you understand the following:
I. How We Collect and Use Your Personal Information
II. How We Use Cookies and Similar Technologies
III. How We Provide, Transfer, and Disclose Your Personal Information
IV. How We Store Your Personal Information
V. How We Protect Your Personal Information
VI. Your Rights as a Personal Information Subject
VII. How Your Personal Information Will Be Transferred Globally
VIII. How We Deal with Minors’ Personal Information
IX. Revision and Update of This Policy
I. How We Collect and Use Your Personal Information
To better serve you, manage our own risk control, and protect the legitimate rights and interests of all parties, you agree and authorize us to collect and use your personal information under the following circumstances:
A. Scenarios Where We May Directly Collect and Use Personal Information
1. Registration
When you register as a member of CEA’s “Easternmiles,” we will collect your name, valid ID number and its expiration date, phone number, email (optional), and password to help you complete the registration. After registration, we will generate a membership account for you to manage your “Eastern Miles” membership and provide member services.
2. Login
When you visit our website or application, although we offer basic functions like browsing and flight search in an anonymous state, you need to perform “Member Login” or choose “Non-Member Login” to access the ticket purchase page. If you choose “Member Login,” we will collect your phone number, password, ID number, membership account, and email (optional). If you choose “Non-Member Login,” to assist you in completing the login process and accessing the ticket purchase page, we will collect your phone number to complete login authentication.
3. Authentication and Identity Verification
To provide any product/service that requires identity confirmation, we may collect your name, gender, ID number, and phone number for real-name authentication or account verification to ensure transaction security and verify your identity more accurately.
4. Ticket Purchase
To provide booking, ticket purchase, or cargo services and generate corresponding transaction orders, we may collect the name, ID type, ID number, phone number, email (optional), membership account, and country of residence of you or other passengers (if applicable), as well as the name, gender, contact information, and relationship of emergency contacts. To provide flight information inquiries and information on tickets you have purchased from CEA, we may collect your name, gender, ID number, phone number, ticket number, and membership account. Meanwhile, to assist you with seat selection and check-in services, we may collect your name, ID number, phone number, and ticket number. For services like ticket refund, rescheduling, refund fee calculator, itinerary cancellation, irregular flight refund, wrong ticket handling, ticket verification, delay proof printing, itinerary information inquiry, and transfer services, we may collect your name, ID number, ticket number, and order number.
5. Payment
To efficiently confirm your payment instructions and complete the payment, we may collect your credit or debit card information (including cardholder name, card number, billing address, and expiration date) and billing information, as well as personal account information provided by online payment platforms (such as Alipay, WeChat Pay, UnionPay) based on the actual needs of the payment method and channel. Although we will not collect additional personal information through your payment behavior, you need to understand that we must provide your order number, transaction amount, and transaction information required by the payment institution you choose on the platform page to the payment institution.
6. Ensuring Transaction Security
To facilitate the collection of product and service fees by the Company or our subsidiaries, affiliates, and/or other business partners, including verifying credit card information with third-party institutions, and checking your provided personal information against fraud transaction databases of the Company or third-party institutions, we may collect your name, ID number, phone number, credit or debit card information (including cardholder name, card number, billing address, and expiration date), and billing information.
7. Membership Management
To facilitate your participation in mileage membership program as a frequent flyer and meet your needs for membership points accumulation and redemption, we may collect your name, nationality, gender, date of birth, ID type and ID number, contact information, frequent flyer program and membership account.
8. Providing Special Passenger/Travel Services
If you need to apply for services such as stretchers, wheelchairs, onboard oxygen, unaccompanied minors, blind/deaf/mute passengers, priority channels, special meals, etc., we may require additional personal information based on the type of service you apply for, with your separate consent. This may include the name, email (optional), contact number, departure and arrival stations, flight number, flight date of the pick-up/drop-off person, and the name, phone number, ID number, age, gender, health information of the passenger, and the name, phone number of the accompanying person. The specific types of personal information collected will be separately informed on the service application page. If you need to inquire about the special services applied for, we will collect the passenger's name, service type, and ID number.
9. Providing Other Services:
(1) If you need travel package services such as accommodation packages, we may collect your name, phone number, and accommodation information for contract signing purposes.
(2) If you need upgrade services, we may obtain your authorization consent through an upgrade confirmation form and collect your name, gender, flight number, flight segment, ID number, and phone number.
(3) If you need quick remedy services, we may collect your name, membership card number, phone number, and necessary information for the remedy service with your consent. If cash compensation is involved, we may also collect your bank card number information.
(4) If you purchase in-flight Wi-Fi services, we may collect the user’s phone number, membership account (if any), and email (if any). If you purchase a “multi-use card” product, we may also collect the user’s name and ID number when you bind the user. Before actual use on board, to authenticate and match identity, we will also collect the user’s seat number and ID number.
(5) If you use the Eastern Airlines Mall service, we may collect your name, phone number, detailed address, landline phone, and postal code.
(6) If you use air-rail combined booking, air-bus intermodal, Daxing Express, airport parking services, we may collect your name, phone number, email (optional), ID number, ticket number, and license plate number (only for parking services).
(7) If you use VIP lounge reservation services, we will collect the booker’s phone number.
(8) If you use prepaid baggage services, we will collect the passenger’s name and ticket number.
10. After-sales, Inquiry Response, and Feedback
To handle your baggage or loss claims or complaints, we may collect your name, ID number, frequent flyer card number, loyalty points, beneficiary information, contact information, and travel information. Meanwhile, to maintain contact with you and more efficiently resolve your daily inquiries or inquiries about specific orders, we may collect communication/call records between you and us (including your online identity information, order information, inquiry information, other information you provide to prove facts, contact information, ID number) or personal information you have reserved with regulatory authorities (such as the Civil Aviation Administration, Consumers Association). If you voluntarily choose to provide feedback, thanks, or praise on our service page, we may collect your name, gender, phone number, ID number, email (optional), membership account, and ticket number.
11. Direct Marketing
With your consent, we may use your name and contact information to send you marketing information such as emails containing latest news, offers, promotional information, and joint marketing offers of CEA’s various services (travel services, packages, loyalty programs, duty-free sales, insurance, hotel transfers, car rentals, and other related ancillary services).
12. Public Place Facial Information Collection
To provide services that enhance convenience through facial recognition technology, such as facial check-in, facial identity verification, and smart airport displays, we will complete facial information registration and provide facial recognition-related services with your separate consent. You can review the “Facial Information Use Authorization” we provide when obtaining your separate consent for details on the collection, use, storage, and protection of facial information.
13. Security Assurance
To enhance the security of your use of our products/services, protect the personal and property safety of you or other users or the public from infringement, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, and other security risks, and more accurately identify violations of laws, regulations, or platform-related agreement rules, we may use or integrate your membership information, transaction information, device information (device operating system, system version, device model, device settings, screen resolution, device identifier, MAC address, AndroidID, HarmonyOS (UUID), IMSI, operator (MCC+MNC) information, Wi-Fi BSSID), service log information (user behavior records, access date and time, language used, browser type, IP address, crash data), and information provided by our affiliates and partners with your authorization or in accordance with the law to comprehensively assess your account and transaction risks, perform identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures in accordance with the law.
14. Device Permissions
In the following scenarios, we may also obtain your device permissions to collect certain information. You will not be forced to open the corresponding system permissions or provide the corresponding personal information. We will only obtain your authorization consent through a pop-up window when you trigger the corresponding function/service, and you can close or reopen the corresponding permissions at any time through your device’s system settings.
If you refuse to provide the corresponding personal information or refuse to open the corresponding system permissions, it will only result in your inability to use the corresponding function service, without affecting your normal use of other functions. We can still fulfill the contract with you, process your booking and ticket purchase needs, provide you with customer support, respond to your inquiries, and provide you with other services you request (such as travel and transportation services). You can click here to view the device permissions we may obtain and the corresponding function purposes.
B. Personal Information That We May Collect Indirectly from Third Parties
In order to correctly complete identity verification, ensure transaction security and provide you with after-sales service, we may indirectly obtain your personal information from a third party (for example, personal information you leave when booking tickets through flagship stores or agents on third-party platforms, or personal information reserved by regulatory authorities). If your personal information is indirectly obtained by us from third-party channels, we will use your personal information in accordance with the agreements with the third parties and under the premise of complying with laws and regulations.
Additionally, when you provide us with third-party personal information in the context of this Policy, please ensure that you have obtained the third party’s consent and authorization; otherwise, you may bear the corresponding legal responsibilities. If we need to change the purpose or method of processing the collected third-party personal information, please decide whether to agree to our continued processing of the third-party personal information based on the third party’s authorization.
C. Exceptions without Authorization and Consent
You shall be fully aware that, according to relevant laws and regulations, in the following exceptional circumstances, we may still process your personal information even without obtaining the corresponding authorized consent:
(1) Where necessary to conclude or fulfill a contract in which you are an interested party;
(2) Where necessary to fulfill statutory duties and responsibilities or statutory obligations;
(3) Where necessary to respond to sudden public health incidents or protect natural persons’ lives and health or the security of their property under emergency conditions;
(4) Handling personal information within a reasonable scope to implement news reporting, public opinion supervision, and other such activities for the public interest;
(5) Handling personal information already disclosed by yourself or otherwise lawfully disclosed within a reasonable scope;
(6) Other circumstances provided in laws and administrative regulations.
D. Links to Other Websites
The Company’s platform may contain links to websites owned and/or operated by third parties, which you can access by clicking to enjoy the products or services provided by the third parties. You should understand that any information you provide to any of these third parties is subject to their own terms of service and information protection statements (not this Policy), and the products or services provided by the third parties are independently operated and fully responsible by them.
We recommend that you carefully read the applicable terms of service and information protection statements before using such third-party websites or providing any personal information to such third parties.
II. How We Use Cookies and Similar Technologies
To keep the Company’s platform reliable and secure and improve your personal experience with our platform, we will use cookies and similar tracking technologies (collectively referred to as “cookies”) to collect and use your personal information.
For more information about cookies used by CEA, please refer to the Company’s Cookie Policy.
III. How We Provide, Transfer, and Disclose Your Personal Information
A. Provision
1. Some of the products and/or services we provide to you cannot be completed independently. For example, when providing you with services such as mall services, discounted hotel bookings, flight and hotel packages, vacations, car rentals, VIP lounges, air-rail combined bookings, air-bus intermodal transport, Daxing Express Rail, in-flight Wi-Fi, and Disney ticket bookings, we may, with your separate consent or after evaluating other legally permissible reasons, provide your order information, account information, device information, etc., to third parties under necessary and appropriate protective measures to ensure the smooth completion of your services or to meet legal regulatory requirements. We will only provide your personal information for legitimate, proper, and necessary purposes and only provide the personal information necessary to achieve specific functions/services.
If you refuse to provide the necessary personal information to the aforementioned entities for us to provide services or cooperate with you, it may result in your inability to use our related services or our inability to conduct corresponding transactions or cooperation with you.
The third parties to whom we may provide personal information include the following types:
· any companies owned by China Eastern Air Holding Company, including but not limited to China Eastern Airlines E-Business Co., Ltd.;
· China TravelSky Holding Company Limited and its subsidiaries;
· any agents, contractors or third-party service providers who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to CEA in connection with the operation of its business;
· other business partners, such as air carriers, land transport operators, loyalty plan operators and other companies involved in providing customer services or fulfilling customer requirements;
· credit reference agencies;
· credit, debit and/or charge card companies and/or banks;
· government or non-government authorities, agencies, and/or regulators;
· medical professionals, insurers, and clinics/hospitals.
· third party who has obtained your lawful and valid authorization
2. Direct Marketing
With your express consent, we may provide your personal information (i.e. your name and contact information) to third parties, namely our subsidiaries, associated companies, business associates, marketing partners, and travel service partners, for the purpose of marketing their products and services to you, including travel services, packages, loyalty programs, duty-free goods, insurance, hotel transfers, car rentals, and other related ancillary services.
B. Transfer
In principle, we will not transfer your personal information to any company, organization, or individual, except in the following circumstances:
(1) When we have obtained the necessary separate consent or in legally permissible exceptions where consent is not required;
(2) When it is necessary to transfer your personal information according to applicable laws, regulations, mandatory administrative, or judicial requirements;
(3) In the event of a merger, acquisition, business/asset transfer, reorganization, disposal (including asset securitization), division, dissolution, or bankruptcy liquidation involving our company, where personal information needs to be transferred, we will inform you of the name and contact information of the recipient. The new entity will continue to fulfill the responsibilities and obligations of this Policy. If there is a change in the original processing purpose or method, we will require the company or organization to obtain your authorization and consent again.
C. Disclosure
In principle, we will not disclose your personal information, except in the following circumstances:
(1) We have obtained your explicit consent for the disclosure of personal information or have legal reasons permitted by law;
(2) According to laws, regulations, legal procedures, litigation, or mandatory requirements of government authorities, we may disclose your personal information to specific institutions, such as administrative or judicial authorities, or other such third parties, under the following conditions:
· To comply with legal requirements, such as those related to national security, defense security, public safety, public health, and major public interests, or related to criminal investigations, prosecutions, trials, and enforcement of judgments;
· To protect your or others’ vital interests, such as life safety and property safety.
(3) In competitions and sweepstakes organized by or in the name of the Company, we may disclose the phone numbers or names, nicknames of winning participants in a desensitized manner.
D. Third-party SDK
In order to offer you better services such as sharing, payment, location and navigation, and precise push notifications, we will embed in our “China Eastern Airlines” app software development kits (SDK) provided by a third party and may provide or disclose to our cooperating SDK providers your personal information to ensure platform security and meet specific functional requirements when you use the app or a specific function (including when the app runs in silent mode or in the background). Please click here to view the list of partners providing SDKs in our app and the SDK details.
Meanwhile, we may update the list of SDKs from time to time based on service requirements and changes to features. We recommend that you check it regularly, and the latest version published in this Policy governs.
IV. How We Store Your Personal Information
A. Storage Method
We strive to securely store all electronic personal information obtained in an encrypted or desensitized manner and provide further protection based on appropriate access control measures we have implemented.
B. Storage Area
Personal information collected and produced within the borders of the People’s Republic of China will be stored in the People’s Republic of China, except where:
(1) Laws or regulations provide otherwise;
(2) Your consent is obtained.
(3) You voluntarily initiate activities like cross-border reservation, order placement and transaction.
For more information on the cross-border transfer of personal information, please refer to Section VII “How Your Personal Information Will Be Transferred Globally”.
C. Retention period
You should understand that to provide you with the required air transport services and other related services, fulfill various agreements with you, comply with applicable laws, and meet tax, financial accounting requirements, and CEA’s legitimate business needs, we may store the personal information collected from you. Unless otherwise stipulated or permitted by laws and administrative regulations for a longer storage period, we will store your personal information for the period necessary to achieve the processing purpose according to the principle of minimum necessity. After the specified storage period, we will delete, anonymize, or process your personal information according to legal requirements.
V. How We Protect Your Personal Information
A. Security Measures
To protect the security of your personal information, we undertake that we have implemented appropriate physical, technical, and organizational measures to safeguard and secure the personal information we collect in compliance with applicable laws and regulations.
1. We have obtained ISO27001 international information security management system certification and are using industry-standard security protection measures to protect the personal information you provide, preventing unauthorized access, alteration, damage, or loss of data. We will take all reasonable and feasible measures to protect your personal information. For example, at the management and organizational level, we have formulated and implemented the CEA data protection management system, established a network security and data protection organizational structure, and appointed an information protection officer to manage and supervise CEA’s data protection. At the technical level, we use Secure Socket Layer (SSL) to ensure the security of your personal information during transmission between your browser and the server; for stored personal information data, we use appropriate encryption technology to ensure storage security and have reasonably restricted the operational permissions of employees authorized to handle personal information.
2. When you enter sensitive information (such as your credit card information), such information will be automatically converted into code and then securely transmitted over the Internet. We implement strict data usage and access systems, authenticate and control the permissions of employees involved in processing personal information, and sign confidentiality agreements with employees and partners who may have access to your personal information, requiring them to fulfill corresponding confidentiality obligations, clarify responsibilities, and ensure that only authorized personnel can access personal information. In addition, we regularly conduct security and personal information protection training courses for employees to enhance their awareness and skills in personal information protection.
B. Handling of Security Incidents
To address potential risks such as personal information leakage, damage, and loss (“personal information security incidents”), we have formulated multiple security systems and emergency response plans for personal information security incidents internally and conducted drills, while specifying response methods and handling procedures for security incidents. In addition, to deal with security incidents in a proper manner, we will arrange for dedicated personnel to respond to and deal with such incidents, adopt effective contingency plans for different security incidents, formulate and adopt timely measures to stem and remedy the damage, and actively cooperate with the relevant authorities.
Should a personal information security incident occur, we will inform you in a timely manner, as required by laws and regulations, of matters such as the basic circumstances of the incident, the possible impact, the response adopted or to be adopted by us, and the precautions and remedies that you could consider. Such information will be communicated to you by means such as email, letter, telephone, push notification and so forth. If the actual circumstances at the time make it difficult for us to inform the affected personal information subjects individually, we will publish the information by reasonable and effective means. In addition, we will proactively report our handling of the personal information security incident to the authorities, as required by the regulators.
C. Reasonable and Necessary Attention
Although we have taken the above reasonable measures and complied with the requirements of relevant local laws and regulations, please understand that due to technical limitations and current unforeseeable objective events, we cannot absolutely guarantee the security of the personal information you provide us with, but will do our best to ensure their security.
Therefore, we strongly suggest you take reasonable measures to protect your personal information security, including but not limited to using a complicated password, regularly changing your password, and avoiding disclosure of your CEA account password and other related personal information to others, being cautious in identifying non-official CEA customer service and staff, not clicking on non-official CEA links easily, and correctly filling in contact information to prevent itinerary information leakage.
VI. Your Rights as a Personal Information Subject
You have the right to exercise your rights listed below regarding personal information under applicable laws and regulations:
A. Right to Access and Copy
Except in cases where confidentiality is required by law or administrative regulations, or where notification is not necessary, you have the right to request access to your personal information that we process, particularly regarding the types of personal information, processing methods and purposes, and the recipients or categories of recipients of the personal information.
Methods for accessing specific information include:
· You may view your account and membership information through the “Account Management” or “My Account” page.
· You may view your order information through the “My Orders” or “All Orders” page.
· For other information that needs to be accessed or copied, you can contact us. Please understand that our platform’s page settings may be updated or changed from time to time, and the specific path to exercise your rights should be based on the content displayed on the page at that time.
B. Right to Rectification, Update, or Supplement
You have the right to update, supplement, or request us to correct inaccurate personal information about you through our platform page or by contacting us, to ensure that the relevant information is up-to-date and accurate.
C. Right to Erasure
We will proactively delete your personal information under the following circumstances, and you also have the right to request us to delete your personal information:
(1) The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose;
(2) We have ceased providing the products or services corresponding to the personal information, or the specified storage period has expired;
(3) You have withdrawn your consent for the processing of personal information;
(4) Our processing of your personal information violates laws, administrative regulations, or agreements with you;
(5) Other circumstances as stipulated by laws and administrative regulations.
Please note that not all of your personal information can be immediately deleted when exercising the right to erasure. Due to applicable laws and regulations and the security technologies used, it may take some time to delete the corresponding information from backup systems. If it is technically difficult to achieve, we will anonymize your personal information or cease other processing activities as required by laws and regulations, and only retain it securely.
D. Right to Explanation
You have the right to request an explanation of the rules of this Policy.
E. Right to Restrict or Object to Processing
Except as otherwise provided by laws and administrative regulations, you have the right to request us to restrict or object to the processing of your personal information under specific circumstances. If you choose to exercise this right, your corresponding personal information will be marked, and we will only process such information for the specific purposes you allow. You also have the right to object to or refuse our processing of your personal information or request us to stop processing your personal information. If you choose to exercise this right, we will no longer process your personal information for such purposes. The methods of restricting or objecting to processing may vary across different products or services.
Please understand that the provision of all or part of our products and/or services is based on the collection and processing of corresponding personal information. If you restrict or refuse us to process all or part of your personal information, we may not be able to continue providing you with the corresponding products and/or services, and we will no longer process your corresponding personal information, and will delete, anonymize, or process your personal information as required by laws and regulations. However, your refusal or restriction of the collection and processing of some personal information will not affect the personal information processing activities previously carried out based on your authorization, nor will it affect your enjoyment of other products and/or services.
F. Right to Change or Withdraw Consent
For personal information obtained based on your consent, you can change or withdraw your authorization consent by changing the permissions in your device settings or by contacting us. However, please understand that the provision of all or part of our products and/or services is based on the processing activities of corresponding personal information. When you withdraw consent or authorization, we may not be able to continue providing you with the functions or services corresponding to the consent authorization, and we will no longer process the personal information obtained based on your consent. However, your decision to withdraw consent or authorization will not affect the effectiveness of personal information processing activities previously carried out based on your authorization.
G. Right to Transfer or Data Portability
We will provide you with a way to transfer your personal information to another personal information processor designated by you, or take other measures to assist you in achieving personal information transfer, provided that it meets legal or regulatory requirements and is technically feasible (such as data interfaces being matched). You have the right to contact us and submit an application, and we will provide you with a copy of your personal information that we have collected and processed after verifying your identity.
H. Right to Cancel Account
You have the right to cancel your registered account at any time. Cancelling your account will be deemed as withdrawing your consent to this Policy. Once you complete the cancellation, we will stop providing services to you, and all information in the account will be deleted, anonymized, or processed as required by laws and regulations. We will no longer collect, use, or provide personal information related to that account.
I. Right to Refuse Advertisement Information or Direct Marketing Communications
You have the right to refuse marketing communications from us. You can exercise this right by clicking the “unsubscribe” or “opt-out” link (if available) in the marketing SMS or emails we send you. You can also contact us through the methods disclosed in “X. How to Contact Us” in this Policy to refuse marketing SMS or emails.
J. Other Rights
For other rights as a data subject that you enjoy under the laws of the People’s Republic of China and other applicable laws and regulations, you can also contact us through the methods disclosed in “X. How to Contact Us” in this Policy.
K. How We Respond to Your Requests
We will respond to any personal information protection rights requests we receive in a lawful, timely, and reasonable manner within the time limits permitted by law. Before substantively responding to your request, to ensure the security of your personal information, we may require you to provide a written request or verify your identity, and we will respond within 15 working days after confirming your identity. However, if we are temporarily unable to respond due to objective reasons, we will extend the response time with your consent and respond within the extended period.
If we decide not to respond to your request, we will inform you of the reason for the decision and provide a way to file a complaint.
Additionally, if you are exercising rights on behalf of another person, you should provide proof of identity for both you and the principal, as well as authorization proof. If you, as a close relative of a deceased user, request to access, copy, correct, or delete the deceased’s personal information, you must provide proof of your identity, the deceased’s death certificate (including an effective declaration of death judgment), proof of your relationship with the deceased, a statement of your legitimate interest, a will (if needed), and opinions or authorization proof from other close relatives (if needed) through online or offline means based on actual circumstances. We have the right to refuse personal information rights requests that have security issues or may lead to data leakage.
VII. How Your Personal Information Will Be Transferred Globally
Generally, all personal information collected by CEA will be stored inside China. However, CEA is a global airline company with operations, offices, affiliates, and business partners located worldwide. For the purposes outlined in this Policy, the personal information you submit to us in one country may be transferred to and processed in countries or regions outside your usual place of residence, particularly in the destination countries of your flights where it may be accessed, transmitted, used, processed, and stored.
Before your personal information is transferred to other countries or regions (or accessed from other countries/regions), we will protect your personal information in accordance with applicable laws and regulations and obtain your lawful and effective consent for the transfer, or rely on other legally permissible grounds after assessment, to transfer your personal information globally. This includes, but is not limited to, conducting data export security assessments and other legally required measures if your personal information is transferred outside the People’s Republic of China.
At the same time, you should understand that the laws of different countries or regions may require different degrees of personal information protection. The personal information collected or maintained by CEA may be transferred to a jurisdiction that provides less protection for personal information than your jurisdiction. When transferring personal information to countries that cannot provide sufficient personal information protection, we will take appropriate measures and do our best to ensure that the party receiving personal information fully protects your personal information in accordance with applicable laws and regulations (including but not limited to standard contract terms and adequacy decisions).
VIII. How We Deal with Minors’ Personal Information
We highly value information protection for minors. If you are under the age of 18, please read and agree to this Policy under the guidance of your parents or other guardians before using the products and/or services provided by us. If you are a minor under the age of 14, it is recommended that you and your parents or other guardians carefully read this Policy and CEA’s “Children’s Personal Information Protection Rules.” Please note that you may only use our products/services or provide us with your personal information with the consent of your parents or other legal guardians, or with their effective ratification of your cooperation with us. We will only process children’s personal information collected with the consent of your parents or other guardians when permitted by law, with explicit consent from your parents or other guardians, and when necessary.
If guardians have any questions about the collection, processing, etc., of the personal information of the minors they are responsible for, they can contact us by sending an email to CEAPrivacyOffice@ceair.com.
For more specific information on the protection of children’s personal information, please refer to CEA’s “Children’s Personal Information Protection Rules.”
IX. Revision and Update of This Policy
To provide you with better products and/or services, we will revise this Policy from time to time, and it will take effect on the date stated at the beginning of the document, replacing previous related content. Generally, we will not reduce your rights under this Policy without your consent. Please pay attention to changes in related announcements, notifications, agreements, rules, and other related content. We will notify you of changes to this Policy through CEA official website (https://www.ceair.com/), the CEA app, and the CEA mini program, or through other means (e.g., announcements, app pop-ups, emails, etc.). For significant changes, depending on the specific circumstances, we may provide more prominent notifications (e.g., homepage announcements on the app) to ensure you are aware of the latest version of this Policy. In such cases, if you choose to continue using our services, it indicates your agreement to be bound by the revised policy.
We have established a dedicated personal information protection team and a personal information protection officer. If you have any questions, comments or suggestions regarding this Policy or our processing of your personal information, you can contact us by using the following contact methods:
Company Address: 36 Hongxiang 3rd Road, Minhang District, Shanghai, China
Company Name: China Eastern Airlines Corporation Limited
Postal Code: 201100
Tel: 95530
Email: CEAPrivacyOffice@ceair.com
You can contact our personal information protection officer via the above email address.
We have established a procedure for customers to lodge a complaint. Normally we will reply within 15 working days after their identity is verified. If you are dissatisfied with our reply, and particularly if you believe that our processing of personal information has infringed your lawful rights and interests, you can also file a complaint with or report to regulators such as the civil aviation administration authorities, cyberspace administrations, market regulation administrations, consumer rights and interests protection authorities. In case of any inconsistency or conflict between the terms of this Policy and personal information-related legal provisions or regulatory requirements, the relevant legal provisions or regulatory requirements shall prevail.