Your privacy is of utmost importance to Changi Airport Group (Singapore) Pte. Ltd. (“CAG”).
For the purposes of this Policy:
“Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access; and
“process”, “processed” and “processing” means the carrying out of any operation or set of operations in relation to Personal Data and includes recording, holding, organization, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.
2. Scope of this Policy
This Policy applies to all Personal Data processed online by CAG (regardless of how such Personal Data is collected). CAG may collect such Personal Data through its customer interface touchpoints (such as manned customer service counters and self-help automated kiosks), social media sites, websites, applications and domains or other platforms, which include—but are not limited to—the following:
(collectively, the “Platforms”).
3. Personal Data collected by CAG
CAG will collect Personal Data from an individual when it considers the Personal Data reasonably necessary for the relevant purposes underlying such processing.
Examples of your Personal Data which may be collected by us include the following:
- Identity and Contact Data, such as your name, address, telephone number, date of birth, country of nationality or residence, national identification number, employment history, educational background, professional qualifications, job title and function, biometric data, and other personal data concerning your preferences relevant to our goods and services;
- Financial and Payment Data, such as your bank account, credit/debit card numbers, and other related billing or payment information;
- Business Information, such as information provided in the course of our contractual relationship with you or your organisation and CAG, or otherwise voluntarily provided by you or your organisation;
- Claims Information, including any personal data such as photographs, statements or voice recordings provided in the course of any investigations that CAG may need to undertake;
- Physical Access Data such as information provided when you visit our premises or captured on our CCTV devices.
By providing information to us about any person other than yourself, you are representing that you have valid authority to do so and you must ensure that they understand how their information will be used.
4. How we collect your Personal Data
We use different methods to collect data about you, including the following:
- Direct interactions. You may give us your Personal Data by filling in forms or by corresponding with us by post, phone, email, chatbot or otherwise. We may also directly collect Personal Data in other ways, including when:
- You apply for our products or services;
- You register for any of our memberships;
- You create an account on our Platforms;
- You subscribe to our service or publications;
- You request marketing to be sent to you;
- You enter a competition, promotion or survey;
- You give us feedback;
- You connect to WiFi at our premises;
- You use mobile or web applications developed by us;
- You submit your resume or an application, or participate in interviews or testing, for employment or contracting opportunities with CAG; or
- Your image (including video recordings) is recorded by our installed cameras or videos or official photographers/videographers at our events and programmes in Changi Airport.
- Automated technologies or interactions. As you interact with our Platforms, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. The foregoing technologies are required to allow certain functions on our Platforms (where applicable) to function. Please refer to our Cookies Policy for further details. If you prefer not to allow certain cookies, you can manage them in accordance with our Cookies Policy.
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties (such as through our agents or from your organisation) and public sources, including financial and transaction data from providers of technical, payment and delivery services.
- Closed Circuit Television systems or other surveillance devices. CAG or our authorised third parties have installed closed circuit television systems and other surveillance devices at our Changi Airport premises which may record your image for the purposes of: (i) monitoring the security and safety of persons; (ii) assisting in investigations of crime and other incidents; and (iii) managing the services provided at our Changi Airport premises.
5. How we use your Personal Data
Your Personal Data is generally processed by us as necessary for purposes directly related to our functions and activities. This includes any one or more of the following purposes:
- To provide you with services and to help us develop, improve, manage and administer the services we provide to you, including services provided on—and through—our Platforms and WiFi services;
- To help us verify your identity for the purposes of processing and administering any membership application or registration;
- To send you notifications and marketing messages in relation to our promotional events, offers, opportunities, products, benefits and programmes;
- To conduct marketing activities including market research, customer profiling, customer insights and targeted marketing activities;
- To carry out profiling and statistical analysis to improve the services provided to you, including matching the information you provide through different channels to understand how we can serve you better;
- To inform you of changes to our programmes, policies, terms and conditions, Platform updates and other administrative information;
- To administer and conduct programmes, promotions, events and games;
- To prevent, detect and investigate security incidents or breaches, crime, including fraud, and analysing and managing other risks;
- To customise the Platforms and their content to your particular preferences;
- To conduct surveys, questionnaires and requests for feedback;
- To respond to your queries, requests, feedback and complaints;
- For promotional and publicity purposes, including to record or take photographs of participants at events or functions organised, hosted or participated in by CAG;
- To meet the requirements of any applicable laws/regulations, enforceable governmental request or court order;
- To detect, prevent or otherwise address security or technical issues in connection with services provided through the Platforms; and/or
- To fulfil such other purpose as may be specified in a data protection and privacy notice given to you at the time that your Personal Data is collected.
6. Disclosure and Transfer of your Personal Data
In carrying out one or more of the purposes set out in section 5 of this Policy, we may disclose your Personal Data to one or more of the following third parties:
- Our agents;
- Our authorised service providers such as marketing partners and web analysis companies, and their business partners;
- Our auditors and professional advisors;
- Our business partners;
- Our underwriters and insurers;
- Law enforcement agencies;
- Any person to whom disclosure is permitted—or required by—any applicable laws/regulations, enforceable governmental request or court order; and/or
- Any companies comprised in our group.
To facilitate our interaction with you, we may need to transfer your information to other countries. We will only do so when measures are in place to provide the same level of data protection as was given when you provided your information to us.
Unless the applicable laws or regulations allow otherwise, we will obtain express written consent from you for our processing of your Personal Data by methods or means such as making you sign a form or check a box. When you do so, you represent that you are over 16 years of age and can give valid consent. Where you provide information about another person (eg, an employee or child), you represent that you are able to and do give consent on behalf of such person.
You can withdraw such consent at any time by contacting our data protection officer at the contact details set out in section 15 of this Policy.
Depending on the extent to which you withdraw consent, such withdrawal of consent may result in our inability to provide the relevant services to you and may be considered as a termination by you of any agreement between CAG and you. CAG’s legal rights and remedies are expressly reserved in such an event.
8. Links to third-party websites
We may provide links to third-party websites on the Platforms. Your use of such third-party websites will be subject to their privacy policies and we do not accept any responsibility or liability for these policies. We encourage you to read the privacy policies on the other websites you visit. As we cannot control or be responsible for the policies of other sites we may link to, or the use of any data you may share with them, you access these third-party websites at your own risk.
9. Keeping your Personal Data secure
We have put in place reasonable technical and procedural measures to safeguard your Personal Data, for example, by:
- Ensuring that access to any personal account you have with us is controlled by a password and username which are unique to you;
- Storing your Personal Data on secured servers; and
- Restricting access to Personal Data on a ‘need to know’ basis.
Please note that the use of the Internet and/or our Platforms cannot be made entirely secure and we therefore are unable to guarantee the security or integrity of any Personal Data which is transferred from you or to you via the Platforms. You undertake to bear the risks of any transference.
10. Access to Personal Data
The accuracy of our data collection begins with you – you undertake that you will provide accurate and complete Personal Data, and update such Personal Data with us from time to time. Before confirming your transaction with us, you should carefully check that the information that you have provided us is complete and accurate.
You may request access to—and correction of—your Personal Data held by us by contacting us at the contact details set out in section 15 of this Policy. All requests for access and/or correction will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations. In some situations, you may be able to access and correct your personal information directly through our Platforms. Where you have requested access or correction other than through a self-service function, we may need to verify your identity before proceeding with your request.
For a request to access your Personal Data other than through self-service functions on our Platforms, we may charge you a reasonable fee for the handling and processing of your request.
11. Further rights of data subjects in the European Union ("EU")
CAG is a company incorporated in Singapore. We do not have an establishment in the EU.
However, if you are a data subject in the EU, and you believe that the General Data Protection Regulation (EU 2016/679) (“GDPR”) applies to the data you have provided us, you may contact us if you wish to exercise the following further rights:
- Request for the erasure of your Personal Data;
- Request for the restriction of processing of your Personal Data;
- Object to the processing of your Personal Data; and/or
- Request to transfer your Personal Data to you or a third party.
We may ask to verify your identity and claim before proceeding with your request.
In the event that the GDPR applies, you also have the right to lodge a complaint with the relevant EU supervisory authority if we have contravened any applicable laws or regulations.
All requests made to us in exercising the rights above will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations.
12. Data retention
We will cease to retain your Personal Data when the purposes for which we collected your Personal Data have ceased and/or when we are no longer required to continue retaining your Personal Data for any legal or business purposes.
13. Changes to this Policy
We may amend this Policy (including the Cookies Policy) from time to time to reflect any changes to the way in which we process your Personal Data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you on the Platforms or other communication channels. By using our services, you undertake to check the relevant websites or sections of the Platforms regularly for any updates.
14. How to contact us
We welcome your feedback, comments and any questions that you may have.
Data Protection Officer
Changi Airport Group (Singapore) Pte. Ltd.
PO Box 168
Singapore Changi Airport
Alternatively, you can send specific queries to the following emails:
Updated as of 22 October 2019.