We are Changi Airport Group (Singapore) Pte. Ltd., the company that manages and operates Singapore Changi Airport (hereinafter “CAG” or “we”, “us” or “our”).
For the purposes of this Policy:
“CAG Group” refers to CAG and its subsidiaries and related corporations (as defined in the Companies Act 1967) including Changi Travel Services Pte. Ltd (“CTS”), E-Concierge Pte Ltd (“Sift&Pick”) and Jewel Changi Airport Development Pte Ltd (“Jewel”).
“Personal Data” means data, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access.
“Process”, “Processes”, “Processed” and “Processing” means the carrying out of any operation or set of operations in relation to Personal Data and includes recording, holding, organization, adaptation or alteration, retrieval, combination, transmission, erasure or destruction.
2. Scope of this Policy
This Policy applies to all Personal Data Processed by CAG (regardless of how such Personal Data is collected). CAG may collect such Personal Data through various social media sites, websites, applications, domains or other platforms (collectively, the “Platforms”), which include, but are not limited to, the following:
3. Personal Data collected by CAG
Examples of your Personal Data which may be collected include the following:
- Identity and Contact Data, such as your name, address, telephone number, date of birth, email address, country of nationality or residence, national identification number, passport number, employment history, educational background, professional qualifications, job title and function, biometric data;
- Financial and Payment Data, such as your bank account, credit/debit card numbers, and other related billing or payment information;
- Business Information, such as information provided in the course of our contractual relationship with you or your organisation and CAG, or otherwise voluntarily provided by you or your organization, including Identity and Contact Data;
- Claims Information, including any Personal Data such as photographs, statements or voice recordings provided in the course of any investigations that CAG may need to undertake;
- Physical Access Data such as information provided when you visit Singapore Changi Airport or captured on our closed-circuit television (“CCTV”) devices; and
- Immigration-related information such as the Personal Data contained on your passport, boarding pass, your flight details and your photo image.
4. How we collect your Personal Data
CAG collects Personal Data about you in a number of ways, including the following:
- Direct interactions. You may give us your Personal Data by filling in forms or through your use of our customer interface touchpoints (such as our manned customer service counters and self-help automated kiosks) or when you correspond with us by post, phone, email, chatbot or otherwise.
We may also directly collect Personal Data in other ways, including when:
- You apply for any product or service offered by any member of the CAG Group;
- You register and participate in any of the memberships offered by any member of the CAG Group;
- You create an account on the Platforms;
- You subscribe to any of the communications or publications offered by any member of the CAG Group;
- You request marketing to be sent to you by any member of the CAG Group;
- You enter a competition, promotion or survey offered by any member of the CAG Group;
- You give us feedback;
- You connect to WiFi at Singapore Changi Airport;
- You use mobile or web applications developed by or for any member of the CAG Group; or
- Your image (including video recordings) is recorded by our installed cameras or videos or official photographers/videographers at our events and programmes at Singapore Changi Airport.
- Automated technologies or interactions. As you interact with the Platforms, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. The foregoing technologies are required to allow certain functions on the Platforms (where applicable) to function. Please refer to our Cookies Policy for further details. If you prefer not to allow certain cookies, you can manage them in accordance with our Cookies Policy.
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties, including any member of the CAG Group, our agents or from your organisation) and publicly available sources, including financial and transaction data from providers of technical, payment and delivery services.
- CCTV systems or other surveillance devices. CAG or our authorised third parties have installed CCTV systems and other surveillance devices at Singapore Changi Airport which may record your image for the purposes of: (i) monitoring the security and safety of persons; (ii) assisting in investigations of crime and other incidents; and (iii) managing the services provided at Singapore Changi Airport.
5. How we use your Personal Data
Members of the CAG Group strive to optimise their operations and the products and/or services offered to you through different channels (including the Platforms) such as providing relevant and personalised content designed to make your user experience smoother and more enjoyable. To effectively understand and meet your needs, the CAG Group (or any one of its members) may Process your Personal Data for purposes directly related to their functions and activities, including for any one or more of the following purposes:
- To provide you with services and to help us develop, improve, manage and administer the services the CAG Group (or any one of its members) provides to you, including services provided on—and through—the Platforms and WiFi services;
- To help us verify your identity for the purposes of processing and administering any membership application, registration or services;
- To send you notifications and marketing messages in relation to the promotional events, offers, opportunities, products, benefits and programmes offered by any member of the CAG Group;
- To conduct marketing activities including market research, customer profiling, customer insights and targeted marketing activities;
- To carry out profiling and statistical analysis to improve the services provided to you, including matching and aggregating the information you provide through different channels to understand how the CAG Group (or any one of its members) can serve you better;
- To inform you of changes to the CAG Group’s (or any one of its members) programmes, policies, terms and conditions, Platform updates and other administrative information;
- To administer and conduct programmes, promotions, events and games organised by any member of the CAG Group;
- To prevent, detect and investigate security incidents or breaches, crime, including fraud, and analysing and managing other risks;
- To customise the Platforms and their content to your particular preferences;
- To conduct surveys, questionnaires and requests for feedback;
- To respond to your queries, requests, feedback and complaints;
- For promotional and publicity purposes, including to record or take photographs of participants at events or functions organised, hosted or participated in by any member of the CAG Group;
- To meet the requirements of any applicable laws/regulations, enforceable governmental request or court order;
- To administer any contract that you or your organization has with CAG;
- To detect, prevent or otherwise address security or technical issues in connection with services provided through the Platforms; and/or
- To fulfil such other purpose as may be specified in a data protection and privacy notice given to you at the time that your Personal Data is collected.
6. Disclosure and Transfer of your Personal Data
In carrying out one or more of the purposes set out in section 5 of this Policy, we may disclose your Personal Data to one or more of the following third parties:
- Our agents;
- Our authorised service providers such as marketing partners and web analysis companies, and their business partners;
- Our auditors and professional advisors;
- Our business partners;
- Our underwriters and insurers;
- Law enforcement agencies;
- Any person to whom disclosure is permitted—or required by—any applicable laws/regulations, enforceable governmental request or court order; and/or
- Any member of the CAG Group (including CTS, Sift&Pick and Jewel).
To facilitate our interaction with you, we may need to transfer your Personal Data outside of Singapore. We will only do so when measures are in place to provide the same level of protection provided under the Personal Data Protection Act 2012.
Unless the applicable laws or regulations allow otherwise, we will obtain express written consent from you for the Processing of your Personal Data by methods or means such as making you sign a form or check a box. When you do so, you represent that you are over 16 years of age and can give valid consent. Where you provide information to us about any individual other than yourself (eg, an employee or child), you represent that you have valid authority and consent to do so and you must ensure that the other individual(s) consent to this Policy and understand how their information will be used. You can withdraw such consent at any time by contacting our data protection officer at the contact details set out in this Policy.
Depending on the extent to which you withdraw consent, such withdrawal of consent may result in our inability to provide the relevant services to you and may be considered as a termination by you of any agreement between CAG and you. CAG’s legal rights and remedies are expressly reserved in such an event.
Minors: If an individual under 16 years of age has provided us with Personal Data without parental or guardian consent, the parent or guardian should contact us at the contact details set out in this Policy to remove the relevant Personal Data. If we become aware that Personal Data has been collected from an individual under the age of 16 without parental or guardian consent, we will delete this Personal Data and any account that the individual may have with us.
8. Links to third-party websites
9. Keeping your Personal Data secure
We have put in place reasonable technical and procedural measures to safeguard your Personal Data, for example, by:
- Ensuring that access to any personal account you have with us is controlled by a password and username which are unique to you;
- Storing your Personal Data on secured servers; and
- Restricting access to Personal Data on a ‘need to know’ basis.
Please note that the use of the Internet and/or the Platforms cannot be made entirely secure and we therefore are unable to guarantee the security or integrity of any Personal Data which is transferred from you or to you via the Platforms. You undertake to bear the risks of any transfer.
10. Personal Data – Access and Correction
The accuracy of our data collection begins with you – you undertake that you will provide accurate and complete Personal Data, and update such Personal Data with us from time to time. Before providing your Personal Data to us, you should carefully check that the information that you have provided us is complete and accurate.
You may request access to and/or correction of your Personal Data held by us by contacting us at the contact details set out in this Policy. All requests for access and/or correction will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations. In some situations, you may be able to access and correct your Personal Data directly through the Platforms. For requests other than through self-service functions on the Platforms, we may need to verify your identity before proceeding with your request. For verification purposes, we may require you to provide supporting information or documentation.
For all requests other than through self-service functions on the Platforms, we may charge you a reasonable fee for the handling and processing of your request.
11. Further rights of data subjects in the European Union ("EU")
CAG is a company incorporated in Singapore. We do not have an establishment in the EU.
However, if you are a data subject in the EU, and you believe that the General Data Protection Regulation (EU 2016/679) (“GDPR”) applies to the Personal Data you have provided us, you may contact us if you wish to exercise the following further rights:
- Request for the erasure of your Personal Data;
- Request for the restriction of processing of your Personal Data;
- Object to the processing of your Personal Data; and/or
- Request to transfer your Personal Data to you or a third party.
We may ask to verify your identity and claim before proceeding with your request.
In the event that the GDPR applies, you also have the right to lodge a complaint with the relevant EU supervisory authority if we have contravened any applicable laws or regulations.
All requests made to us in exercising the rights above will be processed within a reasonable time except where we refuse such requests in accordance with any applicable laws or regulations.
12. Data retention
We will cease to retain your Personal Data when the purposes for which we collected your Personal Data have ceased and/or when we are no longer required to continue retaining your Personal Data for any legal or business purposes.
13. Unsolicited information
Where you have provided us with unsolicited Personal Data, for example in unsolicited emails or public posts on message boards, you will be regarded as having given CAG consent to use the unsolicited Personal Data as we see fit, on a non-confidential basis, and CAG shall be free to use, disclose, distribute and exploit such unsolicited Personal Data without limitation or attribution. CAG will strive to take reasonable steps to destroy or de-identify unsolicited Personal Data that CAG has no purpose for, but it cannot guarantee that all unsolicited Personal Data will be disposed of given system and operational limitations. You bear responsibility for not providing CAG with Personal Data beyond what we have requested from you, should you not consent to how we intend to treat unsolicited Personal Data provided by yourself.
14. Changes to this Policy
We may amend this Policy (including the Cookies Policy) from time to time to reflect any changes to the way in which we process your Personal Data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you on the Platforms or other communication channels. By using our services, you undertake to check the relevant websites or sections of the Platforms regularly for any updates.
15. How to contact us
We welcome your feedback, comments and any questions that you may have.
For specific queries on any of the Platforms, you can contact us via the email/portals listed in section 2 above.
Data Protection Officer
Changi Airport Group (Singapore) Pte. Ltd.
PO Box 168
Singapore Changi Airport
If you are a job, internship or scholarship applicant, please refer to our privacy notice here.
Updated as of 5 May 2023.