The Privacy Policy

Welcome to visit Spring Airlines Platforms! Spring Airlines Platforms are an important window for us to serve customers. When you use our Platforms and services, we may collect and use your personal information. To let you know important matters about our collection and use of your personal information, we’ve prepared this Privacy Policy (may also referred to as "the Policy" below). If you are under 18 years of age or otherwise with incomplete civil capacity, please read the Policy together with your guardian, and use our products and services or provide us with information with his/ her permission.

This Policy is closely related to your use of all our services. Please read carefully and understand all the terms hereof, so that you can make appropriate choices. Our wording and phrasing follow the principle of simplicity and conciseness, and we’ve highlighted the clauses that may restrict your rights or have potential risks in bold to draw your attention. This Policy in other language versions are only for the convenience of specific customer groups to read and understand. In case of any ambiguity, the Simplified Chinese version shall prevail.

Spring Airlines Co., Ltd.

Updated on: 13 04, 2021

Effective from: 20 04, 2021

We are well aware of the importance of personal information to you and thus determined to protect it in accordance with the law. To this end, we abide by the following principles: parity of authority and responsibility, definite purpose, choice and consent, minimum and necessary, security guarantee, subject participation, openness and transparency. Meanwhile, we promise to take security measures aligned with mature industry standards to protect your personal information.

    For any questions or suggestions, please contact us. If you are troubled by the ways we collect personal information, please let us know. In case you do not agree to any terms in the Privacy Policy, you should promptly discontinue accessing or using Spring Airlines Platforms.

 

This Policy helps you learn about the following:

1. Definition

2. Scope of application

3. How do we collect and use your personal information

4. How do we share, transfer and disclose your personal information

5. How do we store personal information

6. How do we protect personal information

7. Your rights and personal information management

8. Third-party website links/ third-party services

9. Protection of minors’ information

10. Basis and updating of Privacy Policy

11. How to contact us

12. Legal notices


1. Definitions

(1) Spring Airlines: It refers to Spring Airlines Company Limited, or “the Company” or “we”, founded pursuant to Chinese laws. Its domicile is Building 2, Hangyou Hotel, No. 528, Konggangyi Road, Changning District, Shanghai Municipality. Its name in Chinese is 春秋航空股份有限公司, or春秋航空 for short. Its 2-letter code and 3-letter code are 9C and CQH, respectively; IATA accounting code 089. Spring Airlines is a public company listed on Shanghai Stock Exchange.

(2) Platform service providers and platform merchants: They refer to Spring Airlines Company Limited and its partners with independent legal status that display content, offer redirection or provide services on Spring Airlines Platforms. Unless otherwise specified, since its establishment, Shanghai Spring Airlines Technology Co., Ltd. ("Spring Airlines Technology"), as the maintainer and operator of such Platforms, serves as an information collector and controller and a service provider together with Spring Airlines.

(3) Affiliate(s): It refers to an entity or entities in association with Spring Airlines.

"Association" refers to a relationship where a subject (including individuals, companies, partners, organizations, or any other entities), either directly or indirectly, controls Spring Airlines, is controlled by Spring Airlines, or is under control of another party together with Spring Airlines. The aforementioned "control" refers to the right to directly or indirectly instruct the management and decision-making of related entities or to request others to make such instructions by holding voting rights, contracts or other means, or other relationships that constitute de facto control.

Shanghai Spring International Travel Service (Group) Co., Ltd. ("Spring Travel") is the controlling shareholder of Spring Airlines. Hence, Spring Travel and its affiliated entities are Affiliates of the Company.

Spring Airlines Technology is a wholly-owned subsidiary established by Spring Airlines to integrate the latter’s functions surrounding information technology and marketing. Spring Airlines Technology provides information technology and business agency services for Spring Airlines, and serves as an important Affiliate thereof.

(4) Spring Airlines Platforms: They are controlled by Spring Airlines and its Affiliates, including online platforms (referring to online channels or interactive interfaces, such as our official websites, official APP, official WeChat public account (H5, mini-program), official Weibo account), offline channels (Spring Airlines stores), and all other stages or scenarios where you have access to Spring Airlines services, such as our customer service hotline (95524), mailing, human-computer interaction application scenarios (a variety of automatic response systems, self-service check-in kiosks, and self-service bag drop machines).

(5) Official websites: The Official Websites of Spring Airlines are www.ch.com and m.ch.com.

(6) Official APP: The download address of our official APP is https://www.ch.com/app-download.html.

(7) Official WeChat public account: Spring Airlines’ official WeChat public account is springairlines, operated by Spring Airlines Company Limited.

(8) Device: It refers to any device that users may use to access Spring Airlines Platforms, including but not limited to desktop computers, laptops, tablets, smartphones, and other phones.

(9) Personal information: It refers to all kinds of information recorded electronically or in other ways that identifies a specific natural person – independently or in combination with other information, including a natural person’s name, date of birth, ID number, biometric information, address, telephone number, email address, health information, location information, etc. Your personal information is closely related to your personal interest, such as personal dignity or economic benefits. Therefore, notwithstanding the fact that third parties such as the Company, its Affiliates, platform merchants or partners may obtain your personal information legally under this Agreement, as long as it is not disclosed to the unspecified public, you remain entitled to the right of privacy against other individuals or groups, and your personal information is protected pursuant to the law.

(10) Personal sensitive information: It refers to the personal information that, once leaked, illegally provided, or misused, may endanger the safety of people and property, or easily lead to damages to personal reputation, physical and mental health, or discrimination. For example, personal sensitive information includes a person’s ID number, biometric information, bank accounts, communication records and content, property information, credit information, whereabouts, accommodation information, health information, transaction information, etc. Personal sensitive information is the core component of personal information, and its meaning or definition shall be adapted to applicable laws.

(11) Applicable laws: This Policy is formulated under Chinese laws. They include the Cybersecurity Law of the People's Republic of China and other laws and regulations, the Information Security Technology – Personal Information Security Specification, and policies rolled out by the Civil Aviation Administration of China, among others. The EU GDPR and other regulations have also been referred to.

(12) GDPR: It refers to the General Data Protection Regulation, a data protection legislation introduced by the European Union and coming into force on May 25, 2018.

(13) DPO: It refers to Data Protection Officer. DPO of Spring Airlines oversees the Company’s compliance practices, provides notifications and advice on the Company’s data protection obligations, and acts as a liaison between the Company and you or any authority of personal data protection.

2. Scope of application

This Privacy Policy applies to all users of our services – no matter you are a member or not. For example, if you book our air tickets, take our flights or receive other services through a Spring Airlines Platform, it is deemed you agree to be bound by this Policy.

Where you entrust an agent to make purchases and receive our services, we assume that you agree to be bound by this Policy. If you or your agent fails to purchase our services through a Spring Airlines Platform or a third-party platform approved by us, we bear no liability for the possible leakage of your personal information and other risks.

Where an Affiliate of Spring Airlines (e.g. Shanghai Chunhua Aviation Ground Services Co., Ltd., which acts as our ground service agent in Shanghai airports) provides you with relevant services but has not separately signed a service agreement with you, this Policy applies to the Affiliate and such services provided as well.

 

In case of any inconsistency between the Policy and the legal provisions of any jurisdiction governing the services provided by us, unless the final judicial ruling finds it invalid, this Policy shall remain complete and effective to the maximum extent allowed by local laws.

3. How do we collect and use your personal information

3.1 Purposes of information collection

(1) We collect personal information for the purpose of fulfilling the contract(s) signed with you and observing our legal obligations, as well as enabling our core service functions, additional service functions and cooperative service functions.

(2) In case we use your personal information for purposes other than those listed herein or use information collected for specific purposes for other purposes, we are obligated to seek your explicit consent or authorization in advance.

3.2 How information is collected

For the purposes described herein, we may collect, store and use the following information about you. If you do not provide such information, relevant services might not be available to you. To allow us to provide you with better services, you agree that we collect information in the following ways:

(1) Information provided by users

Under normal circumstances, you are not required to enter any personal information to visit Spring Airlines Platforms. However, on certain pages, we might ask you to enter personal information in order to provide services or perform transactions as required by you. We do not request you to provide specific personal information, but without such information, we may not be able to provide you with services or complete transactions at your request. For example, when booking a ticket, you should at least provide the passenger’s name, ID document type, ID number, and the contact person’s name, mobile phone number and email address, so that ticket reservation, information notification, subsequent refunds/ changes and other related services could be made available to you.
(2) Information collected automatically by us

We collect information on your visit to our website, including the pages you browse, the number of bytes sent, the links you click, the information you access, and other operations performed on the website. On the site you access with your user ID, we may associate such information with your identity to predict the services you may be interested in. Where we combine such non-personal information with other information to identify a specific natural person, or combine it with personal information, during the period of such combination, such non-personal information is deemed personal information; unless authorized by you or otherwise provided by laws and regulations, such personal information will go through special processing by us to ensure its security.

(3) Information provided by third parties

The prerequisite for us to acquire your information from a third party is that we’ve obtained your consent or the third party is required by law to allow us to use your information properly. We promise to use your information obtained from third parties where lawful, rightful and necessary, perform the limited processing of relevant and necessary information, and ensure its accuracy and confidentiality.

3.3 Where information is collected and used

(1) Your personal information is used by us in the following circumstances:

        The preparation, provision, and summary of regular passenger services related to air transportation such as inquiries, reservations, ticket sales, boarding, airport services, and in-flight services, or special passenger services such as wheelchairs provision and infant services (regular passenger services and special passenger services are collectively referred to herein as basic services or essential services); essential services are mostly provided by us, but some of them (such as airport security check) may be participated or directly provided by third-party service providers due to legal, technical or commercial restrictions.

        The sales and fulfillment of non-essential services (also referred to as additional services or value-added services) related to air transportation, such as advanced seat booking, extra baggage allowance, and onboard catering, which are mostly provided by Spring Airlines; or the sales and fulfillment of non-essential services mostly provided by third parties (also referred to as third-party services), such as airport transfers, VIP services, WIFI access, onboard retail, accommodation, travel products, insurance, etc. All such non-essential services are either gifted by Spring Airlines or selected by passengers themselves. Providers of non-essential services may be Spring Airlines, or a third party designated or provisionally arranged under a service contract, depending on factors such as how strong the non-essential service is associated with basic services.

        The above-mentioned services provided by means of airline change, wet lease, code sharing, combined transportation, etc.

        The guiding, supply and management of other services provided by Spring Airlines.

        Operations incidental to or related to the above-mentioned circumstances.

        Survey on services provided by Spring Airlines.

        Sales analysis, research, or new services development.

        Notification of services provided by Spring Airlines.

        All kinds of services, products, projects and promotional events provided by Spring Airlines and its parent company, subsidiaries and other partners; what particular service is about and how it is delivered should be specified in the Spring Airlines Terms of Service, displayed on Spring Airlines Platforms, stipulated in agreements signed by service providers and you or formally announced by service providers. You should understand that the content of services is subject to changes. Therefore, in case of any ambiguity or inconsistency between different circumstances, the agreement signed between the service provider and you or its official announcement shall prevail.

        Responses to inquiries and requests.

(2) Member registration and login

To register as our ordinary member, you need to provide your mobile phone number or an eligible third-party account to log in, and then receive services provided by us; to go through real-name authentication or register as a SpringPass member, we need your name, gender, country/ region, ID document type, ID number, validity period of your ID document, date of birth, and mobile phone number that is consistent with your identity and can be used to contact you.

        To use face recognition, face ID login or fingerprint login, you need to provide your biometric information (face/ fingerprint).

        If you browse, query, and search for information only, you are not required to register as our member or provide the above information, but your login ID, device model, login time, and history of searching and browsing will be collected.

(3) Provision of specific goods or services that you purchase or use

If you book any of the following goods or services for another person, you may need to provide the personal information of the actual user. Once the booking succeeds, it is deemed that the user also agrees to this Privacy Policy. Therefore, before you book goods or services for others, please ensure that you have obtained their authorization.

       Pick & Drop: You need to provide the user's name, mobile phone number, date and time of use, and place of use.

       Itinerary Delivery: You need to provide the recipient's name, mobile phone number, and address.

       VIP Lounge: You need to provide the user's name, mobile phone number, time of use, and airport information.

       Parking: You need to provide the user's name, mobile phone number, time of use, and airport information.

       Tickets: You need to provide the user's name, mobile phone number, and time of use.

       WIFI Rental: You need to provide the user's name, mobile phone number, time of use, and airport information.

       Onboard WIFI: You need to provide the user's name, mobile phone number, seat number, and last six digits of his/ her ID number.

       Insurance: You need to provide the applicant’s name, ID document type, ID number, and mobile phone number; when applying for insurance for others, you need to provide the insured’s name, ID document type and ID number.

       Air Ticket (including air-rail and air-bus through transport): You need to provide the passenger's name, gender, ID document type, ID number, date of birth, mobile phone number, email address, and date of travel.

       Hotel: You need to provide the guest’s name, gender, ID document type, ID number, mobile phone number, date of check-in, and date of check-out.

       Finance/ Payment: You need to provide your personal credit data, payment information, and property information, apart from basic information.

       Tour: You need to provide information on your itinerary and fellow travelers (if any), apart from your basic personal information.

       We collect the order information generated during your use of our services, so that you can view and manage your orders.

       When you contact us, we may save your communication/ call records and content or the contact information and other information you leave in order to contact you or assist you to solve problems; we may also record the solutions and results of such problems.

       You may use the products or services provided by us and our business partners through the links provided by Spring Airlines. When you use such products or services, you authorize us to receive from our affiliates, consolidate or analyze your personal information or transaction information that we confirm is sourced legally or that you authorize and agree to provide to us, as required by our business and cooperation. Prior to your use of the services provided by a third party, please ensure that you have fully understood the third party's rules on personal information collection and use; for any questions, please contact its customer service.

(4) Display and notification of personalized products or services

To improve our products or services, and provide you with personalized search and transaction services, upon your explicit approval and activation of the corresponding permissions, from your browsing and search records, as well as information on devices, locations, logs, and orders, we extract your browsing & search preferences, habits, and location information characteristics. The aim is to display or deliver to you information that you are interested or in need, or to send you advertisements and other commercial information that we think you might be interested in.

        Device information: We receive and record the information related to the devices you use (model, operating system version, settings, unique device identifier and other software and hardware features) according to the permissions granted by you at the time of software installation and use.

        Location information: It refers to your location, IP address, GPS location, Wi-Fi access point that can provide relevant information, and Bluetooth and base station sensor information when you turn on the device positioning function and use our location-based services. You are advised to enable location permissions, so that we can recommend you location-specific products and services.

        Log information: When you use the products or services provided by our website or applications, we automatically collect your detailed usage of our services and save such information as web logs. Involved information includes the keywords you enter for searching, your IP address, browser type, telecom operator, language used, date and time of visit, and records of webpages you visit.

Please note: Device information, log information, or location information alone is not sufficient to identify specific natural persons. Where we combine such non-personal information with other information to identify a specific natural person, or combine it with personal information, during the period of such combination, such non-personal information is deemed personal information; unless authorized by you or otherwise provided by laws and regulations, such personal information is processed and protected in accordance with this Privacy Policy.

For the normal operation of service functions, we need to call necessary permissions required by particular use scenarios, but will notify you and ask for your consent before calling.

(5) Specified extended functions

The following extended functions may require you to enable the corresponding permissions in your device:

•        Camera: To use QR code scanning and face recognition, please enable the camera permission.

•        Photos: To use save, share, and upload functions, please enable the photos permission.

•        Notification: To receive notification messages from us, please enable the notification permission. If you choose to receive notifications via WeChat or Alipay, you need to provide your account information in the third party and authorize us to use it, so that we can provide the notification services as you choose.

Please note: Once you enable these permissions, you authorize us to collect and use the personal information involved to offer the above functions. And when you disable such permissions, such authorization is canceled, and we will no longer collect and use your personal information, nor are we allowed to provide you with the corresponding functions. Your decision to cancel authorization does not affect the previous processing of personal information as authorized by you.

(6) Protection of your transaction security

We may use or combine your user information, transaction information, device information, location information, and log information, as well as information that our partners have obtained your authorization for or are allowed to share in accordance with the law, to make your use of the services provided by us and our partners safer, ensure the safety of the operating environment, identify the irregularities of registered accounts, better protect you or other users or the public from personal and property damages, better prevent phishing websites, frauds, network vulnerabilities, computer viruses, network attacks, network intrusions and other security risks, and more accurately identify violations of the laws and regulations of the People’s Republic of China or the applicable agreements and rules of Spring Airlines Platforms. In this way, we are allowed to comprehensively identify your account and transaction risks, conduct identity verification, detect and prevent security incidents, and make necessary records, audits, analysis and disposal according to law.

(7) Other uses

We may perform de-identified research, statistical analysis, and prediction on the information collected, or use anonymized data for machine learning or model algorithm training. You acknowledge and agree that we have the right to use de-identified information, and without disclosing your personal information, we have the right to analyze and commercialize user databases, to optimize our service content and product mix, provide support for business decisions, and improve our products and services.

3.4 You acknowledge and agree that we may collect and use your information without your consent in the following circumstances:

        National security or national defense security is concerned;

        Public safety, public health, or major public interests are concerned;

        Criminal investigation, prosecution, trial or execution of judgments is involved;

        Such collection or use is for the purpose of protecting the life, property and other major legal rights and interests of you or other user, but it is hard to obtain your consent;

        The personal information collected has been disclosed to the public by yourself;

        Your personal information is collected from the information made public legally;

        Such collection or use is essential to signing a contract as required by you;

        Such collection or use is essential to maintaining the safe and stable operation of the services provided, such as detecting and tackling service failures;

        Such collection or use is essential to legal news coverage;

        Such collection or use is essential for academic research institutions to conduct statistical or academic research based on public interests, and when resulting academic research findings or descriptions are made public, the personal information contained therein has been de-identified;

        Other circumstances stipulated by laws and regulations.

3.5 Types of information collected

(1) The types of personal information we collect through the above methods are as follows:

        Detailed contact information: Name (in Chinese + English), email, telephone/ mobile phone number, fax number, contact address, zip code, and geo-location;

        Detailed personal information: Gender, date of birth, ethnicity, nationality, country of residence, family relations, validity period of ID document, and issuance place of ID document;

        Biometric information: Genetic information, facial features for recognition, fingerprint, and iris;

        Personal identification: ID card, household register, passport, military officer certificate, police officer certificate, retired cadre certificate, military retirement certificate, soldier certificate, hometown visit permit, Permit for Hong Kong and Macao Residents Traveling to Mainland, travel permit, foreign resident certificate, permit for traveling to Hong Kong Macao, and Taiwan, flight attendant certificate, Permit for Mainland Residents Traveling to Taiwan, seaman certificate, residence permit of Hong Kong, Macao and Taiwan, Foreign Permanent Resident ID Card, student certificate, medical staff work permit, disability certificate, driver’s license;

        Network identification information: Spring Airlines Platform account, IP address, device number, MAC address, email address and the passwords and password security answers related to the foregoing;

        Personal internet use records: History of browsing, software use, clicking, login, registration, and logout/ account cancellation;

        Personal financial information: credit card or account information, regular member/ SpringPass member information, reward points, coupons, Alipay account, WeChat Pay account, information used for Spring Installment, and information used for Spring Wallet;

        Your preferences for receiving our marketing emails;

        Information that helps us determine the products and services that best match your needs;

        Event registration information; and your overall feedback on our websites, products and services.

(2) We try our best to take rational and feasible technical measures to avoid collecting personal information irrelevant to the services you need.

4. How do we share, transfer and disclose your personal information

Under the laws and regulations of the People’s Republic of China, sharing and transferring personal information that has been de-identified and ensuring that data recipients are unable to recover and re-identify the subjects of personal information is not deemed the external sharing, transfer, and public disclosure of personal information. The storage and processing of such data do not require separate notice or your consent.

4.1 Information sharing

To make available the services chosen by you on Spring Airlines Platforms or upon redirection via Spring Airlines Platforms, and to improve our service quality, we share your information with service providers, technology operators, our Affiliates and partner airports to the extent permitted by law and necessary, so that we are allowed to deliver more convenient and safer services. We pledge to only share necessary personal information limited to the purposes stated herein. Should our sharing or a recipient be beyond the scope of authorization, or the use and processing purpose of personal information be changed, we will seek your authorization and consent by sending a prompt or require the recipient to obtain your authorization and consent.

4.2 Information transfer

We do not transfer your personal information to any organization, company or individual, except in the following circumstances or for the following purposes:

a) We’ve obtained your consent to do so;

b) We are obligated to provide such information pursuant to laws and regulations, legal procedures, mandatory judicial or administrative requirements, etc.;

c) When it comes to mergers, acquisitions, asset transfers or similar transactions, if the transfer of personal information is involved, we will request the new company or organization that holds your personal information to continue to be bound by this Privacy Policy, otherwise, we will require the company or organization to ask for your authorization and consent again.

4.3 Business entrustment

We are likely to entrust our business activities to a third party to provide you with certain services or perform functions on our behalf. In this case, your personal information may be disclosed to the third party as needed. Under such circumstances, your personal information is disclosed to third parties for legal, legitimate, necessary, specific, and explicit purposes only. We take all appropriate measures with such third parties to guarantee the confidentiality and security of customer data, including establishing an agreement on the processing of such personal information to ensure that it is not used for any other purpose by a third party.

Third parties include but are not limited to the following:

1)

Affiliates of Spring Airlines

2)

Agents, contractors or third-party   service providers who deliver administration, promotion & research,   distribution, data processing, telemarketing, telecommunications, computer,   payment or other services for the purpose of the operations of Spring Airlines   Platforms

3)

Other business partners, including   air carriers, ground or maritime transport operators, loyalty program   operators, and other companies engaged in providing customer services or   fulfilling customer requirements

4)

Credit reference agencies

5)

Credit card, debit card and/ or   charge card companies and/ or banks

6)

Government or non-government   agencies, agencies and/ or regulatory authorities

7)

Medical professionals, insurance   companies and clinics/ hospitals

8)

Third parties that Spring Airlines   is allowed to entrust and authorize under legal regulations

4.4 Public disclosure

We publicly disclose your personal information in the following circumstances only:

        Under your explicit consent or active choice, we may publicly disclose the personal information you specify;

        In case where your personal information must be provided as mandated by the laws and regulations of the People's Republic of China, compulsory administrative law enforcement or judicial authorities, we are obligated to publicly disclose your personal information as required. Under laws and regulations, when receiving the above-mentioned request for information disclosure, we will ask for the presentation of corresponding legal documents, such as subpoenas or investigation letters.

5. How do we store personal information

(1) In principle, the personal information we collect and generate within the territory of China is stored in China. The information we collect from abroad may be stored in China as well. In case of any conflict between your local information collection regulations and our storage policy, please inform us in time so that we could respond to your request timely and avoid any unnecessary disturbance to the protection of your personal information.

(2) Cross-border data transfer

In view of the fact that the services we provide and the third-party services that we need to accept for the purpose of providing the said services may cross borders, your personal information may be – with your authorization or consent or under certain special circumstances permitted hereby – transferred to the overseas jurisdiction of the country/ region where you use the services, or accessed from such jurisdiction. Where some of our services are cross-border, and we need to transfer relevant personal data collected domestically to overseas institutions, we will abide by laws and regulations and the provisions of competent regulatory authorities, and take effective measures such as legal agreements and on-site inspections to request overseas institutions to keep your personal information confidential.

There might be varied or even no data protection laws in force in such jurisdictions. In this case, we ensure your personal information will be under sufficient protection equivalent to that within the territory in China. For any cross-border transfer of your personal information, we will ask for your consent, or take security measures such as data de-identification before such transfer.

(3) Maximum retention period allowed by applicable laws and regulations: We promise to store your personal information only during the period necessary for the purposes described herein and within the time limit prescribed by laws, regulations and regulatory provisions. We keep your personal information no longer than is necessary for the purposes for which it is processed, and may retain it for as long as necessary for the purposes for which it is collected under our data retention policy, unless it is necessary to extend the retention period or permitted by law.

6. How do we protect personal information

(1) We put your personal information under proper management and protection, take rational and feasible measures in line with industry standards to protect your personal information, and discreetly prevent your personal information from authorized access, leakage, use, tampering, damage or loss. You are also obligated to keep your login account and password properly. We deem all the operations performed through your account and password your own operations.
(2) In case a personal information security incident occurs, we will promptly inform you of the basic information and possible impacts of the incident, the countermeasures we have taken or will take, suggestions for you to prevent and reduce risks on your own, remedies for you, etc. pursuant to laws and regulations. Such information will be notified to you by email, mail, telephone, push notification, etc. If it is found difficult to notify the subjects of personal information one by one, we will make announcements in a rational and effective manner. We will also report how the personal information security incident is handled as required by regulatory authorities.

7. Your rights and personal information management

(1) Your rights:

a) Right to know: At the time of collecting and acquiring your personal information, we offer channels for you to know about our identity, why, how and what information is collected and processed, how to protect your legitimate rights and interests, etc., and obtain your consent in advance.

b) Right to access: You have the right to check your personal information, whether it has been processed, the purpose for processing, retention period and other information from us.

c) Right to correct: You have the right to request us to correct the data inconsistent with your personal information.

d) Right to delete: You have the right to request us to delete your personal information, and we are obligated to delete your personal information under certain circumstances. Please note: Under the special provisions of laws and regulations and the policies of the Civil Aviation Administration of China – for example, the Provisions on the Administration of Flight Regularity require the complaint records of irregular flights be kept for 2 years, then we may not be able to respect your right to delete.

e) Right to restrict processing: Under certain circumstances, you have the right to restrict our processing of your personal information. (In case of any doubts about the accuracy of your personal information, you may grant us a certain period of time to verify its accuracy)

f) Right to data portability: If permitted by law, you may request us to transfer your personal information to a third party, and we should try our best to cooperate with your request within a reasonable scope. Please note: Our cooperation with you to exercise such right is subject to the availability of technical support and our capabilities.

g) Right to object: You have the right to object to our processing of your personal information for legitimate reasons.

(2) Personal information management

a) Access your personal information

Membership information: If you wish to view or edit the personal information and payment information in your SpringPass member account, change your login password or linked mobile phone, or log out, please visit "My" on our mobile APP or "My Spring Airlines" on our website.

Order information: You may check your orders, transaction records, etc. via "My" on our mobile APP or "My Spring Airlines" on our website.

If you fail to access your personal information by the above means, you may contact us at 95524. We will reply to your access request within 30 days.

b) Correct your personal information

In case you find errors in the personal information we process, you have the right to ask us to make corrections, additions or improvements. You may request that through 95524, and we will address your reasonable request upon evaluation.

c) Delete your personal information

In the following circumstances, you may request us to delete your personal information:

        If we process your personal information in violation of laws and regulations;

        If we collect or use your personal information without obtaining your explicit consent;

        If we process your personal information in serious violation of our agreement with you;

        If you no longer use our products or services, or you cancel your account;

        If we permanently stop providing you with products or services.

Ø To delete some or all of your information, including cancelling your member account, or deleting information as a non-member, you need to send an email to Spring Airlines (mailbox: cs@ch.com, title: member account cancellation/ non-member information deletion).

Ø When you delete information from us, we may not promptly delete the corresponding information from our backup system, but delete it at the time of backup updates. After you voluntarily cancel your account, we will stop providing you with products or services, and delete or anonymize your personal information as soon as possible as required by applicable laws and regulations.

Ø Please note: We will cancel the account within 15 working days after confirming that you are the account owner. In case you need to use our services again upon account cancellation, you may register a new account with your mobile phone number, email address or in other ways recognized by Spring Airlines, after reaching the re-registration criteria (you are allowed to apply for a new account again at least 6 months after the previous account is cancelled). We need to keep the mobile phone number and email address used when you apply for cancellation for 6 months to verify the historical cancellation information of the account.

d) Change the scope of your consent

Each service function we offer requires certain basic personal information. While regarding the collection and use of additional personal information, you may contact us at 95524 to grant or withdraw your authorization and consent. Upon consent withdrawal, we will no longer process the corresponding personal information. However, your decision to withdraw your consent has no influence on the previous processing of personal information as authorized by you.

e) Request to transfer personal information

To transfer your personal information to a third party, you may raise a request by calling 95524, and we will respond to your request as appropriate upon evaluation of its legality and technical feasibility. Please note the risks, charges and other issues that may arise from this request.

f) Request to reject our processing

Where you decide to reject our processing of your personal information for legitimate reasons provided by laws, regulations and policies, you may raise a request by calling 95524, and we will handle your request upon review.

g) Restrict automatic decision-making by systems

Some of our service functions may contain decisions made solely through non-manual or automatic decision-making mechanisms including information systems and algorithms. If such decisions have significant influences on your legitimate rights and interests, you are entitled to ask us for explanations, and we also provide appeal methods without infringing on Spring Airlines’ trade secrets, the rights and interests of other users or public interests.

h) Respond to your request

In the light of the aforementioned methods for you to manage your personal information, to better respond to your requests, we need you to make your request in writing or prove your identity in other ways (all the information provided by you remain being protected and properly stored). Upon verification of your identity and confirmation of your request, we will handle it as appropriate, and reserve the right to refuse it. Please note: You are fully aware of the potential risks arising from your request, and we will charge you fees as the case may be.

8. Third-party website links/ third-party services

Spring Airline Platforms may contain links to third-party websites or services provided by independent third parties. The list of SDKs supplied by such third parties is shown in the table below, and SDK refers to software development kit. To learn more about the privacy policies on third-party SDKs or look for links to the developer documentation thereof, click on the links attached in the table below. Please note: The developer documentation or privacy policy pages redirected by the links in the table are produced and published by the corresponding SDK developers/ providers, who may change the links and the linked webpages within the scope permitted by law. Please refer to the latest links and linked webpages published by the SDK developers/ providers.

SDKs supplied by our authorized partners are subject to strict security technology testing and access control by us. We sign rigorous confidentiality agreements with companies and organizations with which we share personal information, requesting them to abide by this Privacy Policy and take our confidentiality and security measures to handle personal information. Our partners have no right to use your personal information shared by us for any other purposes; in case of any change to the purpose of processing your personal information, you will be asked again for authorization and consent.

 

SDK

Supplier

Use/ purpose of personal information   collected

Scope of information collection

Link to third-party privacy policy or   agreement

Operating system involved

QQ

Shenzhen Tencent Computer System Co.,   Ltd.

For login via third party and sharing

Device information

https://privacy.tencent.com/

IOS, Android

Weibo

Beijing Micro Dream Network Technology   Co., Ltd.

For sharing

Device information

https://m.weibo.cn/c/privacy

IOS, Android

NEXTDATA

Beijing Shumei Times Technology Co.,   Ltd.

For risk control and anti-fraud, to   ensure account and transaction security

Device’s MAC address, Bluetooth MAC address, SIM card   information (ICCID, IMSI), unique device identifier (IMEI, IDFA, Android ID,   hardware serial number), list of installed software, basic device configuration   information (device name, CPU, memory, display, model, operating system),   system and software configuration information, WIFI and cellular network   information (WIFI card’s MAC address, WIFI hotspot’s MAC address, WIFI name, list   of surrounding WIFI connections, network connection   method, operator information), IP address

https://www.ishumei.com/legal/cn/privacy.html

IOS, Android

APEX – codeless tracking SDK

Shanghai Apex Electronics Technology   Co., Ltd.

For compilation of APP operation index   reports, so that Spring Airlines can optimize APP interfaces and interactions

User behaviors of APP access, page   browsing, and button clicking

https://www.ch.com/privacy

IOS, Android

Apex –popup   window SDK

Shanghai Apex Electronics Technology   Co., Ltd.

For compilation of popup window   operation index reports, so that Spring Airlines can optimize the content and   display positions of popup windows

User behaviors of popup window   browsing and clicking

https://www.ch.com/privacy

IOS, Android

gt3 (GeeTest)

Wuhan JiYi Network Technology Co.,   Ltd.

For operation data support

IP information

https://www.geetest.com/Private

IOS, Android

UnionPay

China UnionPay Co., Ltd.

For use of UnionPay APP

Personal information, device   information

https://open.unionpay.com/

IOS, Android

Apple Pay

China UnionPay Co., Ltd.

For use of Apple Pay

Personal information, device   information

https://www.apple.com.cn/privacy/

IOS, Android

OCR ID Document Scanning

Shanghai Intsig Information Technology   Development Co., Ltd.

For OCR of ID documents used for   binding bank accounts

Personal information, device information

https://s.intsig.net/r/terms/PP_CamScanner_zh-cn.html

IOS, Android

Youzan

Hangzhou Youzan Technology Co., Ltd.

For mall shopping, order management,   member registration, order search, product search, and aftersales management

Personal information, device   information

https://www.youzan.com/intro/rule/detail?alias=132atyi19&pageType=rules

IOS, Android

JD.com Authentication - Oauth2.0

Beijing Jingdong Century Trade Co.,   Ltd.

For real-name authentication by JD.com

Under partnership between Spring   Airlines and JD.com, only our products requiring real-name authentication are   embedded with the SDK of JD.com, which are used to activate JD   Mall APP and JD Finance APP, which then sends users’ real-name   information to us. So the SDK does not acquire any user information from Spring   Airlines.

https://jauth.jd.com/st_auth/html/auth_policy.html

IOS, Android

Face   Recognition

Shenzhen Tencent Computer System Co., Ltd.

Device information collected is used for managing the   risks of face recognition and authentication, to prevent malicious behaviors;   there is a limit on the number of verifications via the same device within 24   hours.

Camera permission, network access permission, phone   model, androidid/ idfa (idfa unavailable for versions lower than IOS 5.0), user   name, ID card, face recognition video, face recognition photo

https://ida.webank.com/s/h5/protocolTencent.html?name=春秋航空股份有限公司

IOS, Android

WeChat

Shenzhen Tencent Computer System Co.,   Ltd.

For login via third-party, sharing and   payment

Device identifier, network information

https://privacy.tencent.com

IOS, Android

Getui SDK

Zhejiang Merit Interactive Network Technology Co., Ltd.   (Getui)

1. Device information: Your device   identifier is used to generate a unique notification target   ID, namely CID. Device information such as device platform, device   manufacturer, device brand, etc. allows us to help developers provide you   with better notification services and experience.
  2. List of applications installed: We send notifications   through the link combination technology: when there are more than one APP notification   links active in your device, we randomly merge them into one link to save   power and data traffic for you. So we need the list of applications installed   on your device. Also, as part of our smart notification function, the list   allows us to recommend information that better matches with your needs, and   reduce the interruption of useless information.
  3. Network information and location information: To ensure maximum stability   of network connection and establish a long link, we need access to the network   status and changes of your device, so as to deliver stable and sustained   notification services. As we offer a scenario-based notification function,   location information helps us provide you with refined notifications catering   to offline scenarios. This allows us to recommend information that better   matches with your needs, and reduce the interruption of useless information.

Device information, list of installed applications, network   information and location information

http://docs.getui.com/privacy/

IOS, Android

Gexiang SDK

Zhejiang Merit Interactive Network Technology Co., Ltd.   (Getui)

1. Device information: Your device identifier is used   to generate a unique user ID, namely GIUID. Device information such as device   platform, device manufacturer, and device brand helps us generate a more   complete user portrait, which consists of tags such   as device brand, device version and more.

2. List of applications installed: This information allows   us to help developers analyze your interests and hobbies, so as to provide a richer   set of portrait tags.
  3. Network information and location information: Both help us to provide   developers with more accurate portrait information generated from data online   and offline.
  With the above information, we enable developers to obtain accurate user   portraits; and with abundant portrait data, we provide you with more   accurate, comprehensive, and superior services. Thus, we are able to reduce   the interruption of useless information, and improve your experience in using   developer applications.

Device information, list of installed applications,   network information and location information

http://docs.getui.com/privacy/

IOS, Android

Baidu Navigation

Baidu Online Network Technology   (Beijing) Co., Ltd.

For acquisition of user locations

Device information, longitude and   latitude data

http://lbsyun.baidu.com/index.php?title=open/privacy

IOS, Android

Mobile Security Alliance, MSA

China Academy of Information and   Communications Technology

For acquisition of unified supplementary   device identifiers compatible with multiple vendors released by   MSA

Device information

http://msa-alliance.cn/col.jsp?id=120

Android

GrowingIO SDK

Beijing Yishu Science and Technology Co., Ltd.

For statistics based on users’ in-APP behavior data

Access data, behavior data, element browsing data

https://accounts.growingio.com/privacy

IOS, Android

Bugly

Shenzhen Tencent Computer System Co., Ltd.

For collection of APP crash information

Device information

https://bugly.qq.com/v2/contract

IOS, Android

Amap

Amap Software Co., Ltd.

For display of hotels on map

Device information, location information

https://lbs.amap.com/home/privacy/

Android

Alipay

Alipay (China) Network Technology Co., Ltd.

For login via third-party, payment

Device information, network   information, external memory

https://opendocs.alipay.com/open/01g6qm

IOS, Android

Riskified Mobile SDK

Riskified Ltd.

It applies Beacon for advanced fraud detection (device   fraud, proxy use), behavior analysis, and device fingerprint analysis.   Information collected is used to identify fraudsters who use stolen user   credentials or credit card information to defraud online merchants. The data   collected by Riskified SDK is used to analyze users’ devices and behaviors. With   such data, we set up online and anonymous device fingerprints for users,   which allows us to establish an anonymous identity indicator for each user in   the online environment. This is used to determine the one using the user's   shopping information is the user himself/ herself or a fraudster;

Device & network information, external memory, including the   following fields:
  Unique network identifier, time zone, cart_id (set session ID), user’s proxy   IP address, href, riskified_cookie, color depth, shop, proxy_measurements,   lang_accept_language, http_headers, battery_charging_time (battery charging   time), battery discharging time, battery level, hardware_concurrency,   has_touch (whether there is a touch screen), console_js_heap_size_limit,   console_used_js_heap_size, console_total_js_heap_size\mobile_network_code   (mobile network code), iso_country_code (ISO country code), carrier_name   (network operator name), system version, system name, device name,   riskified_cookie, social media account, longitude, latitude

https://www.riskified.com/privacy/

IOS, Android

Tingyun APP (Tingyun)

Beijing Network Bench Inc.

We receive and record information   about the device you use as per the specific permissions granted by you at   the time of software installation and use. Device information recorded is   mainly used for the analysis of device distribution in case of irregularities   (such as crashes, freezes, errors, etc.), in order to find out performance   deficiencies related to device adaptation.

To help mobile APP developers quickly   locate serious performance deficiencies such as crashes and freezes, we will   collect your device’s hardware information when any of such deficiencies   turns up.

To identify performance deficiencies such   as slow requests and errors, R&D staff need to know about the network   environment. Thus, information on network status is collected when the APP is   in use.

When you activate the location service   on your device and use our location-based services, the information about   your location will be collected to assist in R&D and analysis of network   quality and performance timings in different locations.

Device information, hardware   information, network information, location information

https://www.tingyun.com/legal_declaration.html

IOS

nbs-newlens-android-sdk (Tingyun)

Beijing Network Bench Inc.

We receive and record information   about the device you use as per the specific permissions granted by you at   the time of software installation and use. Device information recorded is   mainly used for the analysis of device distribution in case of irregularities   (such as crashes, freezes, errors, etc.), in order to find out performance deficiencies   related to device adaptation.

To help mobile APP developers quickly   locate serious performance deficiencies such as crashes and freezes, we   collect your device’s hardware information when any of such deficiencies turns   up.

To identify performance deficiencies   such as slow requests and errors, R&D staff need to know about the   network environment. Thus, information on network status is collected when   the APP is in use.

When you activate the location service   on your device and use our location-based services, the information about   your location will be collected to assist in R&D and analysis of network   quality and performance timings in different locations.

Device information, hardware   information, network information, location information

https://www.tingyun.com/legal_declaration.html

Android

Tecent X5

Shenzhen Tencent Computer System Co.,   Ltd.

For provision of browser services

Device information

https://x5.tencent.com/tbs/guide/develop.html#5

Android

To ensure the content is legible and usable, in most cases when you click on a link, your browser will open the link in a new window, together with a redirection prompt (“You are leaving Spring Airlines”, or similar wordings). For your better service experience, in some cases, independent third-party services may be embedded in our website (or displayed in a section or under a tag on the website), which will be prompted by the third-party service provider at the top or bottom of the page for which the provider is responsible (display the name of the business entity or copyright owner other than Spring Airlines or prompt "Services provided by XX", “Powered by XX”, or similar wordings). We recommend that you carefully read through all the information on links to third-party websites and third-party service providers that collect information from you.

Please note: These third-party website links or third-party services are owned or operated by companies or organizations other than Spring Airlines. When you provide them with your personal information at the time of accessing a third-party link or using third-party service, the privacy policy or similar statements of the third party or third-party service provider shall apply to such information, and we bear no legal responsibility for any third party's improper use or disclosure of the information provided by you. You are solely responsible for the risks arising from your access to such third-party website links and use of such third-party services. In case you find any third-party link or service compromised, we recommend you immediately terminate your operations to protect your legitimate rights and interests.

9. Protection of minors’ information

(1) We deem it equally important to protect the personal information of minors. If you are a minor under the age of 18 (in case of any different or changed definition of minors under your local laws, we will try our best to observe; for any questions, please let us know in time), you should obtain the written consent of your parent or legal guardian prior to your use of our services. We protect the personal information of minors in accordance with the Law of the People's Republic of China on the Protection of Minors and other applicable national laws and regulations.

(2) With regard to the personal information of minors collected with the consent of their parents or legal guardians, we use or publicly disclose such information only when permitted by law, necessary for minor protection, or with the parents’ or guardians’ explicit consent.

(3) We will do what we can to delete relevant data as soon as possible, when we discover that we have collected personal information of a minor without the prior consent of his/ her verifiable parent or legal guardian.

(4) As the parent or guardian of a minor, if you have any questions about how we handle the personal information of the minor under your guardianship, please contact us at 95524.

10. Basis and updating of Privacy Policy

(1) Basis

This Policy is prepared under the Civil Code of the People's Republic of China, the Law of the People's Republic of China on Protection of Consumer Rights and Interests, the Cybersecurity Law of the People's Republic of China, and the Information Security Technology – Personal Information Security Specification, along with other policies and recommended guidelines issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Civil Aviation Administration of China and other regulatory authorities. Amendments and improvements have also been made hereto with reference to the General Data Protection Regulation (GDPR) and other laws, regulations and documents.

(2) Updating

Within the scope permitted by the above-mentioned laws and regulations, Spring Airlines reserves the right to revise the Privacy Policy from time to time as the case may be. The latest version of the Privacy Policy – marked with the date of update – is available on Spring Airlines Platforms, to keep you abreast of the document. In this case, your continued use of our services is deemed that you’ve agreed to be bound by the Policy upon revision.

We undertake: Without your explicit authorization and consent (including other authorizations specified in any agreement between you and us), we do not substantially limit or reduce your entitlements hereunder, unless required by changes in laws and regulations and other mandatory provisions.

In case of any material changes, we will inform you in a more noticeable manner (regarding certain services, we will send notifications via email to elaborate the specific changes to the Privacy Policy).

Apart from changes in applicable laws and regulations or regulatory authorities, the "material changes" referred to herein also include (but are not limited to):

a) Substantial changes in our service types/ models, such as the purposes of processing personal information, the types of personal information processed, the ways personal information is used, etc.;

b) Substantial changes in our ownership structure or organizational structure, such as changes in owners arising from business adjustments, mergers in bankruptcy, etc.;

c) Changes in the major objects that personal information is shared with and disclosed to;

d) Substantial changes in your right to participate in the processing of personal information and the ways to exercise it;

e) Changes in our department that is responsible for personal information security, its contact information or complaint channels;

f) High risks shown in personal information security impact assessment reports.

The previous version of the Privacy Policy has been archived by us for your reference.

11. How to contact us

(1) For any questions, comments or suggestions concerning the Policy or matters related to your personal information, please contact us by sending an email to cs@ch.com or calling our customer service at 95524.

(2) Under normal circumstances, we reply to your request within 30 days. If you are not satisfied with the reply or believe the way we handle personal information has infringed on your legitimate rights and interests, you may also file a complaint or report to administrations of cyberspace, public security, industry and commerce, among others.

(3) The above arrangements do not prevent you from seeking resolution by filing a lawsuit with the competent people's court of Changning District, Shanghai, where the Company is domiciled.

(4) Data Protection Officer (DPO)

Email: DPO@ch.com

Address: 4F, Building 3, Hangyou Hotel, No. 528, Konggangyi Road, Changning District, Shanghai, PRC

Zip code: 200335

12. Legal notices

In the event that a user receives any service via a Spring Airlines Platform, this Policy constitutes an integral part of the agreement relationship with the service (no matter such agreement is reached orally, in writing or otherwise) and should be considered along with relevant terms of service. In this case, unless a term of service explicitly excludes its application, the legal notices herein shall be applied preferentially.

Where personal information is unfortunately leaked due to objective reasons such as Spring Airlines’ obligation to comply with legal provisions, force majeure, technical restrictions, etc., Spring Airlines shall not be liable for any losses that users may suffer as a consequence; in case there is a liable third party, Spring Airlines will assist users to hold the third party accountable. When Spring Airlines is found in violation of any legal provisions, the Company or responsible persons shall bear all legal liabilities according to law, including possible administrative penalties and criminal liabilities. Notwithstanding, under any circumstances that are not prohibited by law at the time when a claim takes place, as far as the claim under this Policy and relevant terms of service is concerned, unless Spring Airlines is proved to have violated mandatory legal provisions or committed active negligence or gross negligence that causes certain losses, Spring Airlines’ liability for compensating the losses suffered by users due to leakage of personal information is limited to the actual losses of users (all unproven losses or unreasonable expenses or expenditures shall not be deemed as actual losses), and shall be no more than twice the actual service charges received by Spring Airlines. If it is impossible to distinguish specific services or Spring Airlines has not charged for services, Spring Airlines’ liability for each of the aforementioned default complaints/ claims is limited to RMB 1,000. The premise of the foregoing commitment to compensation is that users are found with no faults. Where a user is at fault for any loss, Spring Airlines shall be relieved or exempted from liability accordingly. In order to avoid disputes, if a user fails to notify Spring Airlines in a timely manner or take other reasonably expected stop-loss measures, Spring Airlines has the right to claim exemption from liability for compensating any subsequent losses that may be aggravated by such failure; Spring Airlines does not promise compensation for the sole mental impairment suffered by users.

All disputes arising from the validity, interpretation and application of the Privacy Policy shall be subject to Chinese laws and the exclusive jurisdiction of the competent court in Changning District, Shanghai, where Spring Airlines is domiciled. For the purpose of this article, "Chinese laws" shall not include any law or part of it that may lead to the application of substantive laws outside the territory of China to the maximum extent permitted by the law.

The validity of Article 12 shall not be waived due to the personal expression of any employee or agent, unless ruled by the final judicial decision.

(End of the main text)