Your trust is very important to us, and we are aware of the importance of your personal information, and we will take appropriate security measures to protect your personal information in accordance with any applicable laws and regulations. In view of this, please read this Policy carefully and fully understand it before you use our services. By starting to use our services, you fully understand and agree to the contents of this Policy and consent to the collection, use, storage, and sharing of your information by us in accordance with this Policy. Any clause or element of this Policy which has or may have a material influence on your rights or interests has been highlighted in bold type for your attention.
Pursuant to applicable data protection laws, we have added additional information in this Policy for certain jurisdictions. Please refer to the Addendum to this Policy. If the data protection laws of certain jurisdictions in the Addendum apply to you, the provisions of this Addendum shall prevail in the event of any inconsistency between the contents of the Addendum and other parts of this Policy.
This Policy explains the principles of how we collect, use and serve you:
- How do we collect and use your personal information
- How do we store your personal information
- How do we entrust the processing, sharing, transfer, or public disclosure of your personal information
- How do we protect your personal information
- How do you manage your personal information
- Protection of children's personal information
- Information we may send you
- Changes to this Policy
- Contact us
- Addendum - EU GDPR
- Addendum - US California
1. How do we collect and use your personal information
1.1. Information you provide to us voluntarily
In order to understand your needs and enable you to become our buyer, you agree to provide us with personal information about you or your designated agents, including name, gender, mobile phone number, email, and access intent.
In order to buy a ticket on behalf of the passenger and provide services such as ticket booking notice, flight confirmation or change, you agree to provide us with personal information about the passenger, including the passenger's name, gender, nationality, certificate issuance place, the type of ID, ID number, the validity period of his or her ID and contact information (including but not limited to mobile phone number and email address).
When you act as an agent of the passenger using a credit card or through other methods to make payment, to help the passenger complete the payment, we will also collect the payment information you provide, including but not limited to the card number, account number, name, the validity period and identification code on your credit card or in a virtual payment method, and passenger's name.
1.2. Information we collect while you are using the service
When you buy a ticket on behalf of a passenger and submit an order, we will collect the passenger's voyage information, including each passenger's name, gender, date of birth, travel document information (including but not limited to credential type, validity period, credential number, issuance place and validity period), nationality, order number, contact information (including but not limited to mobile phone and email), and various itinerary information including the name of the airline or carrier, information of frequent flight passengers, routes and times of departure and destination, meal preference, baggage information, connecting and designing, etc.
If you are contacting us (e.g. through a third-party online tool for a chat, telephone, or email), we will back up our communication and request additional information to verify your identity.
When you access or use our services, we will automatically collect certain information about the device you are using (e.g. you are using a mobile device, PC, or tablet), including information about the hardware and software you are using, the device configuration and the nearby network, for the purpose of improving the service experience. We will also collect account login information, web browsing and search history, and language preference information about your interaction with our services for the purpose of optimizing the platform experience.
If you use our services, we will automatically collect your online identity information (IP address) and approximate location information (your country and city). We will use and store this information in order to provide and improve the functionality of our services to you and to personalize our services in a demand-based manner to better meet your requirements.
2. How do we store your personal information
We store your personal information for the purpose of fulfilling the obligations imposed on us by law or regulatory authorities or for the purpose of meeting our business needs. In principle, the personal information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China.
We store your personal information for the duration of compliance with legal or regulatory requirements and business purposes. If your account is deregistered, we will cease to provide services to you and, upon your request, delete or anonymize your personal information unless otherwise required by law or regulation.
We will notify you at least 30 days prior to the expiration of your retention period and continue to keep it in accordance with your authorization or delete it or anonymize it as you request.
We will notify you at least 30 days if we terminate our services or operations. We will delete or anonymize your personal information after terminating our services or operations.
3. How do we entrust processing, share, transfer or publicly disclose your personal information
3.1. Entrustment of processing
Certain specific modules or sub-functions of this business function are provided by external vendors. Of these, the cloud service providers that we use to provide us with data storage services are Ali Cloud and Microsoft Cloud. We will sign strict confidentiality agreements with companies, organizations, and individuals to whom we entrust the processing of personal information, which will bind them to process the personal information in accordance with our requirements, this Policy, and any other relevant confidentiality and security measures.
The personal information we collect (or otherwise generate or obtain) will be shared with:
a) With our travel partners (including airlines, third-party supplier partners, etc.). To assist passengers in purchasing tickets and provide you with our services such as ticket booking notice, flight confirmation, or change, you have obtained the Passenger's consent that we can provide our Travel Partner with your basic personal information and flight itinerary information. When the certain transactions we process (for example, passengers apply to book the tickets or to buy other products or services through our Travel Partner's platform and other third parties) need credit or debit card information or account information on the third-party platform (including the name of the account, the card number, name and expiration date of the card and CVV code if requested by the Partner),we may share payment information with our travel partners and other third-party service providers (including but not limited to fraud detection services provided to us and others).
b) With other service providers. Information may be shared with third-party vendors, consultants, and other service providers who provide services or functions to users on our behalf.
c) Comply with legal requirements. We may disclose your personal information to government agencies or other relevant third parties to comply with applicable law or to fulfill the legal requirements of judicial proceedings, court orders, legal proceedings, or government agencies.
We will not transfer your personal information to any company, organization, or individual, except:
a) We may transfer your personal information to others with your express consent;
b) When the transfer of personal information is involved in a merger, acquisition, or bankruptcy liquidation, we will require new companies or organizations to which your personal information is transferred to continue to be bound by this Policy; otherwise, we will require new companies or organizations to seek your consent again.
3.4. Public Disclosure
We will only publicly disclose your personal information under the following circumstances
a) After we obtain your explicit consent;
b) Statutory disclosures: we may publicly disclose your personal information stipulated by law, regulations or the mandatory requirements of government agencies.
We use anonymous cookies to collect information about your use and activity when you use or access our services.
You can determine if and how a cookie will be accepted by configuring the browser which is installed in the computer you are using to access the Unififi Platform. If you choose, you can change those configurations. You may be able to change your browser preferences or settings to reject all cookies, or choose to consent each time a cookie is sent. If you reject all cookies by choosing the cookie-disabling function in your browser, you may be required to re-enter information on our Unififi Platform more often and certain features of our Unififi Platform may be unavailable.
By accessing and using our Unififi Platform and/or Services, and by accepting the cookies, you consent to the storage of cookies on your devices. You also consent to the access of such cookies by us and by our partners mentioned above.
5. How do we protect your personal information
We have employed technical, physical, and administrative security measures to protect your personal information and prevent unauthorized access to, disclosure, use, modification, damage, or loss of data. Security measures include firewalls, data encryption, physical access control of data centers, and access authorization control of information. While we are actively committed to ensuring the security of our systems and services, it is your responsibility to ensure the security and privacy of your password and account/user information and that the personal information we maintain about you is accurate and up-to-date. We are not responsible for the security of any personal information we share with third parties under an account we authorize you to use.
In the case of an unfortunate personal information security incident, we will, in a timely manner and in accordance with laws and regulations, inform you of the basic conditions and possible impacts of the security incident, response measures that are already taken or are to be taken by us, suggestions for you regarding self-prevention and risk mitigation, our remedial measures for you, etc. We will inform you of such information by email, fax, telephone, push notification, etc., and when it is difficult to notify each personal information subject individually, we will properly and effectively issue a public notice. At the same time, we will also take the initiative to report the handling of personal information security incidents as required by the regulatory authorities.
6. How do you manage your personal information
We attach great importance to your attention to personal information and will make every effort to protect your right to access, rectify, delete or withdraw your consent with respect to your personal information so that you are fully entitled to protect your privacy and security. Your rights include:
6.1. Access your personal information
You may request access to your personal information and request us to provide a copy of your personal information. If you wish to exercise access to personal information, you can do so through the Personal Center or a similar module. If you do not have access to your personal information in the above manner, you can send an email to firstname.lastname@example.org at any time. We will respond to your request within 15 business days after we receive your access or email.
6.2. Rectify your personal information
You have the right to request a correction from us when you find an error in the personal information we process about you. You can make changes to the information listed in the Personal Center or similar module. If you do not rectify your personal information in the above manner, you can send an email to email@example.com at any time. We will respond to your request for rectification within 15 business days after we receive your rectification or email.
6.3. Delete your personal information
You may request us to delete your personal information:
a) If we process personal information in violation of any law or regulation;
b) If we collect or use your personal information without your consent;
c) If we process personal information in violation of any agreement with you;
d) If you no longer use our products and/or services, or you have canceled your account;
e) If we no longer provide you with products and/or services.
When we respond to your deletion request, we will also inform the entity that acquires your personal information from us and ask it to delete your personal information without delay, unless otherwise required by law or regulation or if they have obtained your independent authority. You can send an email to firstname.lastname@example.org at any time. We will respond to your request for deletion within 15 business days after we receive your email.
6.4. D e-register
You can apply to de-register your account directly at our "Log Out". When you select "Log Out", we will prompt you if you are sure to de-register. After you de-register your account, we will cease to provide any of our services to you. We will delete or anonymize your personal information unless otherwise required by law or regulation. If you are not able to de-register your account in the manner described above, you can send an email to email@example.com at any time. We will close your account within 15 business days after we receive your email.
6.5. Change the scope of your consent or withdraw your consent
You can change the scope of your authority to continue collecting personal information or revoke your authorization by sending us an email. You can also revoke our authority to continue collecting personal information from you by de-registering of your account. You can send an email to firstname.lastname@example.org at any time. We will respond to your request within 15 business days after we receive your email.
Please understand that each business function requires some basic personal information to be completed. After you withdraw your consent or authorization, we can no longer provide you with the services for which you have withdrawn your consent or authorization and will no longer process your personal information. However, your decision to withdraw your consent or authorization will not affect any processing of personal information based on your authorization.
6.6. Respond to your requests mentioned above
You may contact us at the end of this Agreement if you are unable to access, rectify or delete your personal information in the manner described above, change the scope of your consent or withdraw your authorization and de-register your account, or if you believe that we are in breach of law or regulation or your agreement with you regarding the collection or use of personal information. For security, you may be required to provide a written request or otherwise establish your identity. We may ask you to verify your identity before processing your request. We will respond within 15 business days.
We may refuse unwarranted requests that require excessive technical means (for example, the development of new systems or fundamental changes to existing practices), that may pose a risk to the legitimate interests of others, or that are very impractical (for example, involving backing up of information stored on tape).
7. Protection of children's personal information
Our services are not targeted or intended for use by children. If we collect personal information from children under the age of 14 without our knowledge, we will delete the information as soon as we become aware of it unless we are required by law to retain it. If you believe we have collected information from children under 14 by mistake or unintentionally, please contact us✉️.
8. Information that we may send you
By your application to create an account, by your use of our platform, and by contacting us, you have acknowledged and accepted that we may contact you by telephone, email, etc. You also agree that you may receive communications from us such as account information, air change notices, special offers and financial reminders, and information submitted through relevant contact forms. The user also learns that he/she can remove himself/herself from these communications by clicking the unsubscribe link in the e-mail footer.
9. Changes to this Policy
10. Contact us
Company Name: [Hong Kong Unifififi International Limited]
Registered Address: [11/F, Lee Ka Industrial Building, 8 NG Fong Street, San Po Kong, Kowloon, Hong Kong]
11. Addendum - EU
The EU Addendum, which is the supplement to this policy, applies to the processing of personal data we perform on our EU business premises under the General Data Protection Regulation (GDPR) and to the provision of goods or services to or monitoring by us through the Platform to individuals located in the EU. In the event of any inconsistency between this Addendum and the rest of this Policy, this Addendum shall prevail.
11.1 Legal basis for data processing
We process personal data for the purposes described in this Policy. We have the following legal basis for data processing in accordance with the EU GDPR for this Policy:
1) Perform the contract we have with you or take any action necessary to enter into that contract. This includes purchasing/accessing applications, purchasing tickets on behalf of passengers and providing related services, collecting itinerary information, customer service communications, payment processing, and sharing personal data with our travel partners.
2) Necessary for the fulfillment of our legal interests and that will not affect your interests in personal data that need to be protected. This includes collecting information about your device for the purpose of improving your service experience; collecting account login information, web browsing and search history and language preferences for the purpose of optimizing the platform's experience with respect to your interaction with our services; and delegating your information to external service providers such as cloud service providers.
3) Complying with our legal obligations. This includes complying with the legal requirements of law enforcement agencies and other competent authorities.
If we require personal data from you to comply with our legal obligations, to perform a contract that we have with you, or to take any necessary action to enter into that contract, we will notify you at the relevant time. We will notify you whether you must provide your data (and the consequences if you do not provide it).
If you have any questions about the legal basis we use to collect and use your personal data or require further information, please contact us immediately.
11.2. Your rights
You also have the following data protection rights, and you may contact us at any time to exercise such rights by contacting us at the contact details provided above:
1) The right to refuse to process your personal data in accordance with your legal interests as well as the right to refuse direct marketing.
2) In some cases, we may be required to restrict the processing of your personal data or to require the portability of your personal data.
3) Stop receiving any marketing communications content we send you at any time.
4) Complain to the data protection agency about our rights to collect and use your personal data. For more information, contact your local data protection agency.
11.3. Cross-border transfer of personal data
We may transfer your personal data to countries/regions outside the European Union, including countries/regions that do not have the same level of data protection as your country, such as China. We shall take appropriate measures to ensure that your recipients of personal data are subject to confidentiality obligations under this Policy, and we shall implement appropriate measures, including the standard terms of the contract, to ensure the protection of your personal data. You may request a copy of such terms by sending an email to email@example.com.
12. Addendum - California, the USA
The California Addendum (the "California Addendum"), which is the supplement to this policy, governs our processing of personal information of California residents under the California Consumer Privacy Act (CCPA). In the event of any inconsistency between this California Addendum and the remainder of this Policy, this California Addendum shall control.
You also have the following data protection rights, and you may contact us at any time to exercise such rights by contacting us at the contact details provided above:
1) You may claim the right to portability of personal information, allowing us to transfer this information to other entities.
2) You have the option not to allow us to sell your personal information to a third party.