Welcome to visit Spring Airlines Platforms, an important channel to serve our customers. Beware that we may collect and utilize your personal information when you are using our Platforms and services. Through our statements in Privacy Policy (may also referred to as "the Policy" below), we would like to make you aware of important content pertaining to your personal information. If you are under 18 years of age or otherwise with incomplete civil capacity, please read through the Policy together with your guardian, and use our products and services or provide us with information following his/her consent.
This Policy is closely related to all our services for you. Please read carefully and understand all the content hereof, so that you can make appropriate choices. Our wording and phrasing are in adherence to the principle of simplicity and conciseness, and we've highlighted the clauses that may restrict your rights or have potential risks in bold to draw your attention. Other language versions of this Policy are only for the convenience of specific groups of customers to read and understand. In case of any ambiguity, the Simplified Chinese version shall prevail.
Spring Airlines Co., Ltd.
Updated on: August 28, 2024
Effective from: August 30, 2024
We are well aware of the importance of personal information to you and thus determined to protect it in accordance with the law. To this end, we abide by the following principles: parity of authority and responsibility, definite purpose, choice and consent, minimum and necessary, security guarantee, subject participation, openness and transparency. Meanwhile, we promise to take security measures aligned with mature industry standards to protect your personal information.
For any questions or suggestions, please contact us. If you are troubled by the ways we collect your personal information, please let us know. In case of opposition to any terms in the Privacy Policy, you should promptly discontinue accessing or using Spring Airlines Platforms.
This Policy will help you learn about the following:
1. Definitions
2. Scope of application
3. How do we collect and use your personal information
4. How do we share, transfer and disclose your personal information
5. How do we store personal information
6. How do we protect personal information
7. Your rights and personal information management
8. Third-party website links/third-party services
9. Protection of minors' information
10. Basis and updating of Privacy Policy
11. How to contact us
12. Legal notices
1. Definitions
(1) Spring Airlines: It refers to Spring Airlines Company Limited, "the Company" or "we", founded and existing pursuant to Chinese laws. Its domicile is Building 2, Hangyou Hotel, No. 528, Konggangyi Road, Changning District, Shanghai Municipality. Its English name is "SPRING AIRLINES COMPANY LIMITED", or "SPRING AIRLINES" for short. Its 2-letter code and 3-letter code are 9C and CQH, respectively; IATA accounting code 089. Spring Airlines is a public company listed on Shanghai Stock Exchange.
(2) Platform service providers and platform merchants: They refer to Spring Airlines Company Limited and its partners with independent legal status that display content, offer redirection or provide services on Spring Airlines Platforms. Since its establishment, unless otherwise specified, Shanghai Spring Airlines Technology Co., Ltd. ("Spring Airlines Technology"), as the maintainer and operator of such Platforms, serves as an information collector, controller and service provider together with Spring Airlines.
(3) Affiliate(s): It refers to an entity or entities in association with Spring Airlines.
"Association" refers to a relationship where a subject (including individuals, companies, partners, organizations, or any other entities), either directly or indirectly, controls Spring Airlines, is controlled by Spring Airlines, or is under control of another party together with Spring Airlines. The aforementioned "control" refers to the right to, directly or indirectly, instruct the management and decision-making of related entities or request others to make such instructions through voting rights, contracts or other means, or other relationships that constitute de facto control.
Shanghai Spring International Travel Service (Group) Co., Ltd. ("Spring Travel") is the controlling shareholder of Spring Airlines. Hence, Spring Travel and its affiliated entities are Affiliates of the Company.
Spring Airlines Technology is a wholly-owned subsidiary established by Spring Airlines to integrate the latter's functions surrounding information technology and marketing. Spring Airlines Technology provides information technology and business agency services for Spring Airlines, and serves as an important Affiliate thereof.
(4) Spring Airlines Platforms: They are controlled by Spring Airlines and its Affiliates, including online platforms (referring to online channels or interactive interfaces, such as our official websites, official APP, official WeChat public account (H5, mini-program), official Weibo account), offline channels (Spring Airlines stores), and all other stages or scenarios where you have access to Spring Airlines services, such as our customer service hotline (95524), mailing, human-computer interaction application scenarios (a variety of automatic response systems, self-service check-in kiosks, and self-service bag drop machines).
(5) Official websites: The official websites of Spring Airlines are www.ch.com and m.ch.com.
(6) Official APP: The download address of our official APP is https://www.ch.com/app-download.html.
(7) Official WeChat public account: Spring Airlines' official WeChat public account is springairlines, operated by Spring Airlines Company Limited.
(8) Device: It refers to any device that users may use to access Spring Airlines Platforms, including but not limited to desktop computers, laptops, tablets, smartphones, and other phones.
(9) Personal information: It refers to all kinds of information recorded electronically or in other ways that identify a specific natural person – independently or in combination with other information, including a natural person's name, date of birth, ID number, biometric information, address, telephone number, email address, health information, location information, etc. Your personal information is closely related to your personal interest, such as personal dignity or economic benefits. Therefore, notwithstanding the fact that third parties such as the Company, its Affiliates, platform merchants or partners may obtain your personal information in a legal manner under this Agreement, as long as it is not disclosed to the unspecified public, you will remain entitled to the right of privacy against other individuals or groups, and your personal information is protected pursuant to the law.
(10) Personal sensitive information: It refers to the personal information that, once leaked, illegally provided, or misused, may endanger the safety of people and property, or easily lead to damages to personal reputation, physical and mental health, or discrimination. For example, personal sensitive information includes a person's ID number, biometric information, bank accounts, communication records and content, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information, etc. Personal sensitive information is the core component of personal information, and its meaning or definition shall be adapted to applicable laws.
(11) Applicable laws: This Policy is formulated under Chinese laws, including the Cybersecurity Law of the People's Republic of China and other laws and regulations, the Information Security Technology – Personal Information Security Specification, and policies rolled out by the Civil Aviation Administration of China, among others. The EU GDPR and other regulations have also been referred to.
(12) GDPR: It refers to the General Data Protection Regulation, a data protection legislation introduced by the European Union and coming into force on May 25, 2018.
(13) DPO: It refers to Data Protection Officer. DPO of Spring Airlines oversees the Company's compliance practices, provides notifications and advice on the Company's data protection obligations, and acts as a liaison between the Company and you or any authority of personal data protection.
2. Scope of application
This Privacy Policy is applicable to all users of our services – no matter you are a member or not. For example, if you book our air tickets, take our flights or receive other services through a Spring Airlines Platform, you need to understand this Policy and agree to be bound thereby.
Where you entrust an agent to make purchases and receive our services, it will be assumed that you have agreed to be bound by this Policy. If you or your agent fails to purchase our services through a Spring Airlines Platform or a third-party platform approved by us, we bear no liability for the possible leakage of your personal information and other risks.
Where an Affiliate of Spring Airlines (e.g. Shanghai Chunhua Aviation Ground Services Co., Ltd., which acts as our ground service agent in Shanghai airports) provides you with relevant services but has not signed a separate service agreement with you, this Policy shall apply to the Affiliate and such services provided as well.
In case of any inconsistency between the Policy and the legal provisions of any jurisdiction governing the services provided by us, unless the final judicial ruling finds it invalid, this Policy shall remain complete and effective to the maximum extent allowed by local laws.
3. How do we collect and use your personal information
3.1 Purposes of information collection
(1) We collect personal information for the purpose of fulfilling the contract(s) signed with you and observing our legal obligations, as well as enabling our core service functions, additional service functions and cooperative service functions.
(2) In case we use your personal information for purposes other than those listed herein or use information collected for specific purposes for other purposes, we are required to seek your explicit consent or authorization in advance.
3.2 How is information collected
For the purposes described herein, we may collect, store and use the following information about you. Without such information, relevant services might not be available to you. Thus, you have agreed to our conducts to collect your information in the following ways for the purpose of offering better services for you:
(1) Information provided by users
Under normal circumstances, you are not required to enter any personal information to visit Spring Airlines Platforms. However, on certain pages, we might ask you to enter personal information in order to provide services or perform transactions as required by you. We do not request you to provide specific personal information, but without such information, we may not be able to provide you with services or complete transactions at your request. For example,
1. When booking a ticket within China, you need to at least provide the passenger's name, ID type, ID number and mobile phone number, as well as the contact person's name, mobile phone number and email address (optional), so that ticket reservation, information notification, subsequent refunds/changes and other related services could be made available to you.
2. When booking a ticket for the China region or an international ticket, you need to at least provide the passenger's last name (in pinyin or English), first name (in pinyin or English), gender, date of birth, nationality, ID type, ID number, ID validity period, ID issuing country and mobile phone number, as well as the contact person's name, mobile phone number and email address (optional), so that ticket reservation, information notification, subsequent refunds/changes and other related services could be made available to you.
3. When paying in foreign currency, you should at least provide the bank card number, bank card type, bank card validity date, CVC/CV2, cardholder name, cardholder email address, billing country, billing code, billing city and billing address, so that ticket reservation service could be made available to you.
(2) Information collected automatically by us
We collect information on your visit to our website, including the pages you browse, the number of bytes sent, the links you click, the information you access, and other operations performed on the website. On the site you access with your user ID, we may associate such information with your identity to predict the services you may be interested in. Where we combine such non-personal information with other information to identify a specific natural person, or combine it with personal information, during the period of such combination, such non-personal information is deemed personal information; unless authorized by you or otherwise provided by laws and regulations, such personal information will go through special processing by us to ensure its security.
(3) Information provided by third parties
The prerequisite for us to acquire your information from a third party is that we've obtained your consent or the third party is required by law or has authorized us to use your information properly. We promise to use your information obtained from third parties where lawful, rightful and necessary, process the relevant and necessary information to the limited extent, and ensure its accuracy and confidentiality.
3.3 Where is information collected and used
(1) Your personal information is used by us in the following circumstances:
• The preparation, provision, and summary of regular passenger services related to air transportation such as inquiries, reservations, ticket sales, boarding, airport services, and in-flight services, or special passenger services such as wheelchairs provision and infant services (regular passenger services and special passenger services are collectively referred to herein as basic services or essential services); essential services are mainly provided by us, but considering legal, technical or commercial restrictions, other services (such as airport security check) may be provided with the participation of third-party service providers or directly by such providers.
• The sales and fulfillment of non-essential services (also referred to as additional services or value-added services) related to air transportation, such as advanced seat booking, extra baggage allowance, and onboard catering, which are mainly provided by Spring Airlines; or the sales and fulfillment of non-essential services mainly provided by third parties (also referred to as third-party services), such as airport transfers, VIP services, WIFI access, onboard retail, accommodation, travel products, and insurance. All such non-essential services are either gifted by Spring Airlines or selected by passengers themselves. Providers of non-essential services may be Spring Airlines, or a third party designated or provisionally arranged under a service contract, depending on factors such as how strong the non-essential service is associated with basic services.
• The above-mentioned services provided by means of airline change, wet lease, code sharing, combined transportation, etc.
• The guiding, supply and management of other services provided by Spring Airlines.
• Operations incidental to or related to the above-mentioned circumstances.
• Survey on services provided by Spring Airlines.
• Sales analysis, research, or new services development.
• Notification of services provided by Spring Airlines.
• All kinds of services, products, projects and promotional events provided by Spring Airlines and its parent company, subsidiaries and other partners. For example, in the financial services of an affiliate of Spring Airlines, if the user changes the mobile phone number used for payment verification, the user's face needs to be verified for security during payment. Therefore, when you use this function, your facial information will be collected, and this service will be provided by a qualified and authoritative third party, who will save the recognition video and photo. What particular services are provided and how they are delivered should be specified in the Spring Airlines Terms of Service, displayed on Spring Airlines Platforms, stipulated in agreements signed by and between service providers and you or formally announced by service providers. You should understand that the content of services is subject to changes. Therefore, in case of any ambiguity or inconsistency between different circumstances, the agreement signed by and between the service provider and you or its official announcement shall prevail.
• Responses to inquiries and requests.
(2) Member registration and login
To register as our ordinary member, you need to provide your mobile phone number or an eligible third-party account to log in, and only after that can you receive such services provided by us. To go through real-name authentication or register as a SpringPass member, we need your name, gender, country/region, ID type, ID number, ID validity period, date of birth, and mobile phone number that is consistent with your identity and can be used to contact you.
• If you browse, query, and search for information only, you are not required to register as our member or provide the above information, but your login ID, device model, login time, and history of searching and browsing will be collected.
(3) Provision of specific goods or services that you purchase or use
If you need to apply for special passenger services for a passenger who has booked a ticket, including seat-occupying infant service, wheelchair service, blind passenger service, and deaf passenger service, you need to provide the passenger's name, ID number and reserved mobile phone number. The above information will be used to match the flight information of the user applying for special passenger services.
If you book any of the following goods or services for another person, you may need to provide the personal information of the actual user. Following the successful booking, it is deemed that the user has also agreed to this Privacy Policy. Therefore, before you book any goods or services for others, please ensure that you have obtained their consent.
• Pick & Drop: You need to provide the user's name, mobile phone number, date and time of use, and place of use.
• Itinerary Delivery: You need to provide the recipient's name, mobile phone number, and address.
• VIP Lounge: You need to provide the user's name, mobile phone number, time of use, and airport information.
• Parking: You need to provide the user's name, mobile phone number, time of use, and airport information.
• Tickets: You need to provide the user's name, mobile phone number, and time of use.
• WIFI Rental: You need to provide the user's name, mobile phone number, time of use, and airport information.
• Onboard WIFI: You need to provide the user's name, mobile phone number, seat number, and last six digits of his/her ID number.
• Insurance: You need to provide the applicant's name, ID type, ID number, and mobile phone number; when applying for insurance for another person, you need to provide the name, ID type and ID number of the insured.
• Air Ticket (including air-rail and air-bus through transport): You need to provide the passenger's name, gender, ID type, ID number, date of birth, mobile phone number, email address, and date of travel.
• Hotel: You need to provide the guest's name, gender, ID type, ID number, mobile phone number, date of check-in, and date of check-out.
• Finance/Payment: You need to provide your payment information and property information, apart from basic information.
• Tour: You need to provide information on your itinerary and fellow travelers (if any), apart from your basic personal information.
• We will collect the order information generated when you are using our services, so that you can view and manage your orders.
• In the event that you contact us, we may save your communication/call records and content or the contact information and other information you leave in order to contact you or assist you to solve problems; we may also record the solutions and results of such problems.
• You may use the products or services provided by us and our business partners through the links provided by Spring Airlines. When you use such products or services, it is deemed that you have authorized us to receive from our Affiliates your personal information or transaction information that we confirm is sourced legally or that you consent to provide to us, or consolidate or analyze such information , as required by our business and cooperation. Prior to your use of the services provided by a third party, please ensure that you have fully understood its rules on personal information collection and use; for any questions, please contact customer service of such party.
(4) Display and notification of personalized products or services
To improve our products or services, and provide you with personalized information search and transaction services, upon your explicit consent and activation of the corresponding permissions, we may extract your browsing & search preferences, habits, and location information characteristics from your browsing and search records, as well as information on devices, locations, logs, and orders. The aim is to display or deliver to you information that you are interested in or need, or to send you products or services that we think you may be interested in. Of course, if you don't want to receive such information, you can choose to inactivate the function of activity reminder, service reminder or personalized recommendation through "My" - "System Settings" in the APP, or contact us to inactivate or cancel the notification.
• Device information: We will receive and record the information related to the devices you use (model, operating system version, settings, unique device identifier and other software and hardware features) according to the permissions granted by you at the time of software installation and use.
• Location information: It refers to information on your location, IP address, GPS location, Wi-Fi access point that can provide relevant information, Bluetooth and base station sensor when you turn on the device positioning function and use our location-based services. You are advised to enable location permissions, so that we can recommend you location-specific products and services.
• Log information: When you use the products or services provided by us, we will automatically collect your detailed usage of our services and save such information as web logs. The information shall include your query content, IP address, browser type, telecom operator, language used, access date and time, and access records.
Please note: Device information, log information, or location information alone is not sufficient to identify specific natural persons. Where we combine such non-personal information with other information to identify a specific natural person, or combine it with personal information, during the period of such combination, such non-personal information is deemed personal information; unless authorized by you or otherwise provided by laws and regulations, such personal information is processed and protected in accordance with this Privacy Policy.
For the normal operation of service functions, we need necessary permissions required by particular use scenarios, but will notify you and ask for your consent before we require such permissions.
(5) Specified extended functions
If you need to use the following functions, the following access permissions should be enabled in your device (including but not limited to Android, HarmonyOS, IOS, etc.):
• Camera: To use QR code scanning and face recognition, please enable the camera permission.
• Photos/Photo Gallery: To use save, share, and upload functions, please enable the photos permission.
• Microphone: To use the voice recording function for online customer service, please enable the microphone permission.
• Notification: To receive notification messages from us, please enable the notification permission. If you choose to receive notifications via WeChat or Alipay, we may need your account information provided to the third party and your authorization to use such information, so that we can provide the notification services as you choose.
• Calendar: To manage your flights more conveniently and add the itinerary memo function, you need to enable the calendar permission. Of course, you can also refuse to enable it, which will not affect your normal use of other functions.
• Clipboard: To open marketing activities through the password pop-up in the clipboard, you need to enable the clipboard function. The information on the clipboard will be used to pop up the activity corresponding to the password.
• External storage: To read and update the local city information database, and read local images; upload user avatars, refund attachments, identification and other files; save and use the airport city relationship table and electronic boarding passes; share detailed flight information, share the list of orders, save boarding passes, cancel an account, and use the speech-to-text function.
Please note: Once you enable these permissions, it is deemed that you have authorized us to collect and use the personal information involved to offer the above functions. And when you disable such permissions, your authorization will be canceled, and we will no longer be able to collect and use your personal information, nor are we allowed to provide you with the corresponding functions. Your decision to cancel authorization does not affect the previous processing of personal information as authorized by you.
(6) Protection of your transaction security
We may use or combine your user information, transaction information, device information, location information, log information, MAC address, Android ID, SSID, BSSID, as well as information that our partners have obtained due to your authorization or are allowed to share in accordance with the law, to make your use of the services provided by us and our partners safer, ensure the safety of the operating environment, identify the irregularities of registered accounts, protect you or other users or the public from personal and property damages, prevent phishing websites, frauds, network vulnerabilities, computer viruses, network attacks, network intrusions and other security risks in a better way, and identify violations of the laws and regulations of the People's Republic of China or the related agreements and rules of Spring Airlines Platforms more accurately. In this way, we are allowed to comprehensively identify your account and transaction risks, conduct identity verification, detect and prevent security incidents, and make necessary records, audits, analysis and disposal according to law. Among them, user MAC, Android ID, SSID, and BSSID information will be used by NEXTDATA SDK for risk control and anti-fraud actions, thereby safeguarding account and transaction security.
(7) Other uses
We may perform de-identified research, statistical analysis, and prediction on the information collected, or use anonymized data for machine learning or model algorithm training. You acknowledge and agree that we have the right to use de-identified information, and analyze and commercialize user databases to optimize our service content and product mix, provide support for business decisions, and improve our products and services, provided that your personal information is not disclosed. For example, we may use user MAC and Android ID information for statistical analysis on the data activation effectiveness of marketing advertisement placement, so that we can provide better services.
3.4 You acknowledge and agree that we may, prior to your consent, collect and use your information in the following circumstances:
• If national security or national defense security is concerned;
• If public safety, public health, or major public interests are concerned;
• If criminal investigation, prosecution, trial or execution of judgments is involved;
• Such collection or use is for the purpose of protecting the life, or safeguarding property and other major legal rights and interests of you or other users, but it is hard to obtain your consent;
• The personal information collected has been disclosed to the public by yourself;
• Your personal information is collected from the information made public legally;
• Such collection or use is essential to signing a contract as required by you;
• Such collection or use is essential to maintaining the safe and stable operation of the services provided, such as detecting and tackling service failures;
• Such collection or use is essential to legal news coverage;
• Such collection or use is essential for academic research institutions to conduct statistical or academic research based on public interests, and when resulting academic research findings or descriptions are made public, the personal information contained therein has been de-identified;
• Other circumstances stipulated by laws and regulations.
3.5 Types of information collected
(1) The types of personal information we collect through the above scenarios and methods are as follows:
• Detailed contact information: Name (in Chinese + English), email, telephone/mobile phone number, fax number, contact address, zip code, and geo-location;
• Detailed personal information: Gender, date of birth, ethnicity, nationality, country of residence, family relations, ID validity period, and ID issuing place;
• Biometric information: Facial features for recognition, and fingerprint;
• Personal identification: ID card, household register, passport, military officer certificate, police officer certificate, retired cadre certificate, military retirement certificate, soldier certificate, Mainland Travel Permit for Hong Kong and Macao Residents, travel permit, foreign resident certificate, flight attendant certificate, Taiwan Travel Permit for Mainland Residents, Mainland Travel Permit for Taiwan Residents, seaman certificate, Residence Permit for Hong Kong, Macao, and Taiwan Residents, Foreign Permanent Resident ID Card, student certificate, medical staff work permit, disability certificate;
• Network identification information: Spring Airlines Platform account, IP address, WeChat (union_id, open_id), brand, model, device identification code (IDFA/IMEI/IMSI/OAID/Android ID/UUID/SSID/BSSIDwifi/OPENUDID/GUID/hardware Serial Number) and device information (brand, model, screen size and other hardware and software information that the device is allowed to obtain) of the mobile device, MAC address, email address and passphrase, password and password security answer related to the foregoing. Please note that we may collect the above information even when the Spring Airlines App is switched to silent or background mode;
• Personal use history: History of browsing, software use, clicking, login, registration and account cancellation, and information about your preferences for receipt of our marketing communications; and information about your feedback on the content of our websites, products and services.
(2) We will try our best to take rational and feasible technical measures to avoid collecting personal information irrelevant to the services you need.
(3) You can find the specific scenarios in which we use the information we collect about you in "3.3 Where is information collected and used".
4. How do we share, transfer and disclose your personal information
Under the laws and regulations of the People's Republic of China, sharing and transferring personal information that has been de-identified and ensuring that data recipients are unable to recover and re-identify the subjects of personal information is not deemed the external sharing, transfer, and public disclosure of personal information. The storage and processing of such data do not require separate notice or your consent.
4.1 Information sharing
(1) To make available the services chosen by you on Spring Airlines Platforms or upon redirection via Spring Airlines Platforms, and to improve our service quality, we will share your information with service providers, technology operators, our Affiliates and partner airports to the extent permitted by law and necessary, so that we can deliver more convenient and safer services. We pledge to only share necessary personal information limited to the purposes stated herein. Should our sharing or a recipient be beyond the scope of authorization, or the use and processing purpose of personal information be changed, we will seek your consent by sending a prompt or require the recipient to obtain your consent.
(2) Necessary sharing to provide you with the products or services you need: When you purchase goods or book services through Spring Airlines Platforms, we will, according to your choice, share necessary information related to the transaction in your order information with the merchant or the actual service provider of relevant goods and services to fulfill your need mentioned above, and enable them to complete the subsequent after-sale services. You can check the information listed on the business license or the electronic link logo of the business license of the provider of relevant goods and services on its main page of business activities, so as to identify the person you are dealing with.
(3) Sharing with explicit consent: After obtaining your explicit consent, we may share your personal information with other parties.
(4) Sharing under legal circumstances: We may share your personal information with external parties in accordance with the provisions of laws and regulations or the need to resolve litigation disputes, or at the request of administrative or judicial authorities according to law.
(5) Sharing with Affiliates: In order for us to provide you with products and services, recommend information that you may be interested in, identify abnormalities in member accounts, and for the personal and property safety of Affiliates or other users, or to protect the public from infringement based on Spring Airlines Platforms, your personal information may be shared with our Affiliates. We only share necessary personal information limited to the purposes stated herein. If we share your personal sensitive information or our Affiliates change the purposes for which the personal information is used and processed, we will again seek your consent.
(6) Sharing with authorized partners: We may entrust authorized partners to provide you with certain services or to perform functions on our behalf. We will only share your information for legal, legitimate, necessary, specific, and explicit purposes, and the authorized partners will only have access to the information necessary to perform their duties, and will be required by us via agreements not to use this information for any other purposes.
4.2 Information transfer
We will not transfer your personal information to any organization, company or individual, except in the following circumstances or for the following purposes:
a) We've obtained your consent to do so;
b) We are obligated to provide such information pursuant to laws and regulations, legal procedures, mandatory judicial or administrative requirements, etc.;
c) When it comes to mergers, acquisitions, asset transfers or similar transactions, if the transfer of personal information is involved, we will request the new company or organization that holds your personal information to continue to be bound by this Privacy Policy, otherwise we will require the company or organization to ask for your consent again.
4.3 Business entrustment
We may entrust our business activities to a third party to provide you with certain services or perform functions on our behalf. In this case, your personal information may be disclosed to the third party as needed. Under such circumstances, your personal information will be disclosed to third parties for legal, legitimate, necessary, specific, and explicit purposes only. We will take all appropriate measures with such third parties to guarantee the confidentiality and security of customer data, including establishing an agreement on the processing of such personal information to ensure that it is not used for any other purposes by a third party.
Such third parties include but are not limited to the following:
1) | Affiliates of Spring Airlines |
2) | Agents, contractors or third-party service providers who deliver administration, promotion & research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services for the purpose of the operations of Spring Airlines Platforms |
3) | Other business partners, including air carriers, ground or maritime transport operators, loyalty program operators, and other companies engaged in providing customer services or fulfilling customer requirements |
4) | Credit reference agencies |
5) | Companies and/or banks issuing the credit card, debit card and/or charge card |
6) | Government or non-government agencies, agencies and/or regulatory authorities |
7) | Medical professionals, insurance companies and clinics/hospitals |
8) | Third parties that Spring Airlines is allowed to entrust and authorize under legal regulations |
4.4 Public disclosure
We will disclose your personal information to the public in the following circumstances only:
• Under your explicit consent or active choice, we may disclose the personal information you specify to the public;
• In case your personal information must be provided as mandated by the laws and regulations of the People's Republic of China, compulsory administrative law enforcement or judicial authorities, we are obligated to disclose your personal information to the public as required. Under laws and regulations, when receiving the above-mentioned request for information disclosure, we will ask for the presentation of corresponding legal documents, such as subpoenas or investigation letters.
5. How do we store personal information
(1) In principle, the personal information we collect and generate within the territory of China is stored in China, and the information we collect from abroad may be stored in China as well. In case of any conflict between your local information collection regulations and our storage policy, please inform us in time so that we could timely respond to your request and avoid any unnecessary disturbance to the protection of your personal information.
(2) Cross-border data transfer
In view of the fact that the services we provide and the third-party services that we need to accept for the purpose of providing the said services may cross borders, your personal information may be – with your consent or under certain special circumstances permitted hereby – transferred to the overseas jurisdiction of the country/region where you use the services, or accessed from such jurisdiction. Where some of our services are cross-border, and we need to transfer relevant personal data collected domestically to overseas institutions, we will abide by laws and regulations and the provisions of competent regulatory authorities, and take effective measures such as signing agreements to request overseas institutions to keep your personal information confidential.
There might be varied or even no data protection laws in force in such jurisdictions. In this case, we will ensure that your personal information will be under sufficient protection equivalent to that within the territory of China. For any cross-border transfer of your personal information, we will ask for your consent, or take security measures such as data de-identification before such transfer.
(3) Maximum retention period allowed by applicable laws and regulations: We promise to store your personal information only during the period necessary for the purposes described herein and within the time limit prescribed by laws, regulations and regulatory provisions. We keep your personal information no longer than is necessary for the purposes for which it is processed, and will retain it for as long as necessary for the purposes for which it is collected under our data retention policy, unless it is necessary to extend the retention period or permitted by law.
a) We will delete or anonymize your personal information after the storage period mentioned above or if you exercise your right to delete your personal information or cancel your account.
b) However, in the following circumstances, we may adjust the storage period of personal information due to the need to comply with legal requirements:
• There is a need to comply with applicable laws and regulations and other relevant provisions (e.g., the Anti-Money Laundering Law of the People's Republic of China stipulates that upon conclusion of any business relationship or transaction, the relevant client's identity data or transaction information shall be kept for at least five years);
• There is a need to comply with the provisions of court judgments, rulings or other legal procedures;
• There is a need to comply with the requirements of relevant government agencies or legally authorized organizations;
• There is a need to safeguard the public interest, and protect the personal and property safety or other legitimate rights and interests of users of Spring Airlines Platforms, us or our Affiliates, other users or employees.
6. How do we protect personal information
(1) We will put your personal information under proper management and protection, take rational and feasible measures in line with industry standards to protect your personal information, and discreetly prevent your personal information from authorized access, leakage, use, tampering, damage or loss. You are also obligated to keep your login account and password properly. All the operations performed through your account and password will be deemed as your own operations.
(2) In case a personal information security incident occurs, we will promptly inform you of the basic information and possible impacts of the incident, the countermeasures we have taken or will take, suggestions for you to prevent and reduce risks on your own, remedies for you, etc. pursuant to laws and regulations. Such information will be notified to you by email, mail, telephone, push notification, etc. If it is found difficult to notify the subjects of personal information one by one, we will make announcements in a rational and effective manner. We will also report how the personal information security incident is handled as required by regulatory authorities.
7. Your rights and personal information management
(1) Your rights:
a) Right to know: At the time of collecting and acquiring your personal information, we offer channels for you to know about our identity, why, how and what information is collected and processed, how to protect your legitimate rights and interests, etc., and will obtain your consent in advance.
b) Right to access: You have the right to check your personal information, whether it has been processed, the purpose for processing, retention period and other information from us.
c) Right to correct: You have the right to request us to correct the data inconsistent with your personal information.
d) Right to delete: You have the right to request us to delete your personal information, and we are obligated to delete your personal information under certain circumstances. Please note: Under the special provisions of laws and regulations and the policies of the Civil Aviation Administration of China – for example, the Provisions on the Administration of Flight Regularity require the complaint records of irregular flights to be kept for two years, then we may not be able to fulfill your right to delete.
e) Right to restrict processing: Under certain circumstances, you have the right to restrict our processing of your personal information. (In case of any doubts about the accuracy of your personal information, you may grant us a certain period of time to verify its accuracy)
f) Right to data portability: If permitted by law, you may request us to transfer your personal information to a third party, and we should try our best to cooperate with your request within a reasonable scope. Please note: Our cooperation with you to exercise such right is subject to the availability of technical support and our capabilities.
g) Right to object: You have the right to object to our processing of your personal information provided that it is for legitimate reasons.
(2) Personal information management
a) Access your personal information
Membership information: If you wish to view or edit the personal information and payment information in your SpringPass member account, change your login password or linked mobile phone, or log out, please visit "My" on our mobile APP or "My Spring Airlines" on our website.
Order information: You may check your orders, transaction records, etc. via "My" on our mobile APP or “My Spring Airlines” on our website.
If you fail to access your personal information through the above methods, you may contact us at 95524. We will reply to your access request within 30 days.
b) Correct your personal information
In case you find errors in the personal information we process, you have the right to ask us to make corrections, additions or improvements. You may make your request through 95524, and we will address your reasonable request upon evaluation.
c) Delete your personal information
In the following circumstances, you may request us to delete your personal information:
• We process your personal information in violation of laws and regulations;
• We collect or use your personal information without obtaining your explicit consent;
• We process your personal information in serious violation of our agreement with you;
• You no longer use our products or services, or you have cancelled your account;
• We will no longer provide you with products or services in a permanent way.
• To delete some or all of your information, including cancelling your member account, or deleting information as a non-member, you need to send an email to Spring Airlines (email address: cs@ch.com, title: member account cancellation/non-member information deletion).
• When you delete information from us, we may not promptly delete the corresponding information from our backup system, but may delete it at the time of backup updates. After you voluntarily cancel your account, we will stop providing you with products or services. After account cancellation, we will no longer collect, use or share the personal information related to the account, but we still need to keep the previous information for a period of time for compliance with regulatory requirements, and the competent authorities still have the right to inquire according to law during that time. For the rules and procedures related to account cancellation, please refer to Spring Airlines Account Cancellation Instructions.
• You can also cancel your account through the following path:
In the Spring Airlines APP, you can cancel your account by clicking "My - Settings - Modify Account Settings - Cancel Account".
• Please note: We will cancel the account within 15 working days after confirming that you are the account owner. In case you need to use our services again upon account cancellation, you may register a new account with your mobile phone number, email address or in other ways recognized by Spring Airlines after reaching the re-registration criteria (you are allowed to apply for a new account again at least six months after the previous account is cancelled). We need to keep the mobile phone number and email address used when you apply for cancellation for six months to verify the historical cancellation information of the account.
d) Change the scope of your consent
Each service function we offer requires certain basic personal information. Beyond that, regarding the collection and use of additional personal information, you may contact us at 95524 to grant or withdraw your consent. Upon consent withdrawal, we will no longer process the corresponding personal information. However, your decision to withdraw your consent has no influence on the previous processing of personal information as authorized by you.
e) Request to transfer personal information
To transfer your personal information to a third party, you may raise a request by calling 95524, and we will respond to your request as appropriate upon evaluation of its legality and technical feasibility. Please note the risks, charges and other issues that may arise from this request.
f) Request to reject our processing
Where you decide to reject our processing of your personal information for legitimate reasons provided by laws, regulations and policies, you may make a request by calling 95524, and we will handle your request upon review.
g) Restrict automatic decision-making by systems
Some of our service functions may contain decisions made solely through non-manual or automatic decision-making mechanisms including information systems and algorithms. If such decisions have significant influences on your legitimate rights and interests, you are entitled to ask us for explanations, and we also provide appeal methods without infringing on Spring Airlines' trade secrets, the rights and interests of other users or public interests.
h) Respond to your request
In the light of the aforementioned methods for you to manage your personal information, to respond to your requests in a better way, we need you to make your request in writing or prove your identity in other ways (we will of course protect and reasonably store the information you provide). Upon verification of your identity and confirmation of your request, we will handle it as appropriate, and reserve the right to refuse it. Please note: You are fully aware of the potential risks arising from your request, and we will charge you fees as the case may be.
8. Third-party website links/third-party services
Spring Airline Platforms may contain links to third-party websites or services provided by independent third parties. The list of SDKs (software development kits) supplied by such third parties is shown in the table below. To learn more about the privacy policies on third-party SDKs or look for links to the developer documentation thereof, click on the links attached in the table below. Please note: The developer documentation or privacy policy pages redirected by the links in the table are produced and published by the corresponding SDK developers/providers, who may change the links and the linked webpages within the scope permitted by law. Please refer to the latest links and linked webpages published by the SDK developers/providers.
SDKs supplied by our authorized partners are subject to strict security technology testing and access control by us. We sign rigorous confidentiality agreements with companies and organizations with which we share personal information, while requesting them to abide by this Privacy Policy and take our confidentiality and security measures to handle personal information. Our partners have no right to use your personal information shared by us for any other purposes; in case of any change to the purpose of processing your personal information, you will be asked again for consent.
SDK | Details |
Tencent QQ | Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: For login via third party and sharing Scope of information collected: Device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://privacy.tencent.com/ |
Source of SDK: Beijing Micro Dream Network Technology Co., Ltd. Use/purpose of personal information collected: For sharing and external memory Scope of information collected: Device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://m.weibo.cn/c/privacy | |
NEXTDATA SDK | Source of SDK: Beijing Shumei Times Technology Co., Ltd. Use/purpose of personal information collected: For risk control and anti-fraud, to ensure account and transaction security Scope of information collected: Device MAC address, Bluetooth MAC address, SIM card information (ICCID, IMSI), unique device identifier (IMEI, IDFA, Android ID, device hardware serial number), list of installed software, basic configuration information of the device (device name, CPU, RAM, screen, model, operating system), system and software related configuration information, WIFI and cellular network information (MAC address of WIFI card, MAC address of WIFI hotspot, WIFI name, list of neighboring WIFI information, network connection mode, carrier information), and IP address. System involved: iOS, Android, HarmonyOS, website, mini-program Link to third-party privacy policy or agreement: https://www.ishumei.com/legal/cn/privacy.html |
APEX – codeless tracking SDK | Source of SDK: Shanghai Apex Electronics Technology Co., Ltd. Use/purpose of personal information collected: For compilation of APP operation index reports, so that Spring Airlines can optimize APP interfaces and interactions Scope of information collected: User behaviors of APP access, page browsing, and button clicking System involved: iOS, Android, website and mini-program Link to third-party privacy policy or agreement: https://www.ch.com/privacy |
Apex – popup window SDK | Source of SDK: Shanghai Apex Electronics Technology Co., Ltd. Use/purpose of personal information collected: For compilation of reports for popup window operation index, so that Spring Airlines can optimize the content and display positions of popup windows Scope of information collected: User behaviors of popup window browsing and clicking System involved: iOS, Android, website and mini-program Link to third-party privacy policy or agreement: https://www.ch.com/privacy |
gt3 (GeeTest) SDK | Source of SDK: Wuhan Jiyi Network Technology Co., Ltd. Use/purpose of device information collected: For security policy identification and business data support Scope of information collected: Device model, device name, device network identification, system version, system type, system memory, screen width and height, app version, device battery, etc., and external memory System involved: iOS, Android, website and mini-program Link to third-party privacy policy or agreement: https://www.geetest.com/Private |
Password-less Authentication | Third-party name: Wuhan Jiyi Network Technology Co., Ltd. Purpose of use: For one-click login function Scope of information collected: Device model, device manufacturer, mobile phone system version, screen size, carrier type, network type, app name, app version, package name, package signature, and IP address System involved: iOS, Android Link to third-party privacy policy or agreement: https://www.geetest.com/Private |
UnionPay | Source of SDK: China UnionPay Co., Ltd. Use/purpose of personal information collected: For use of UnionPay APP Scope of information collected: Personal information and device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://open.unionpay.com/ |
Apple Pay | Source of SDK: China UnionPay Co., Ltd. Use/purpose of personal information collected: For use of Apple Pay Scope of information collected: Personal information and device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://www.apple.com.cn/privacy/ |
OCR ID Document Scanning | Source of SDK: Shanghai Intsig Information Technology Development Co., Ltd. Use/purpose of personal information collected: For OCR of ID documents used for binding bank cards Scope of information collected: Personal information, device information and external memory System involved: iOS, Android Link to third-party privacy policy or agreement: https://s.intsig.net/r/terms/PP_CamScanner_zh-cn.html |
Youzan | Source of SDK: Hangzhou Youzan Technology Co., Ltd. Use/purpose of personal information collected: For mall shopping, order management, member registration, order query, product search, and aftersales management Scope of information collected: Personal information and device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://www.youzan.com/intro/rule/detail?alias=132atyi19&pageType=rules |
JD.com Authentication - Oauth2.0 | Source of SDK: Beijing Jingdong Century Trade Co., Ltd. Use/purpose of personal information collected: For real-name authentication by JD.com Scope of information collected: Under partnership between Spring Airlines and JD.com, only our products requiring real-name authentication are embedded with the SDK of JD.com used to activate JD Mall APP and JD Finance APP, which then send users' real-name information to us. So the SDK does not acquire any user information from Spring Airlines. System involved: iOS, Android Link to third-party privacy policy or agreement: https://jauth.jd.com/st_auth/html/auth_policy.html |
Face Recognition | Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: Device information collected is used for managing the risks of facial recognition and authentication, to prevent malicious behaviors. There is a limit on the number of verifications via the same device within 24 hours. Scope of information collected: Camera permission, network access permission, phone model, androidid/idfa (idfa unavailable for versions lower than IOS 5.0), user name, ID card, facial recognition video and photo, and external memory System involved: iOS, Android Link to third-party privacy policy or agreement: https://ida.webank.com/s/h5/protocolTencent.html?name=春秋航空股份有限公司 |
Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: For login via third party, sharing, and payment Scope of information collected: Device identifier, network information System involved: iOS, Android Link to third-party privacy policy or agreement: https://privacy.tencent.com | |
Intelligent Customer Service | Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: IP address information is obtained for access source analysis, and personal information is obtained for customer-related order inquiries, air ticket booking, etc. Scope of information collected: IP address, name, mobile phone number, ID type, ID number, birthday, verification code and external memory System involved: iOS, Android, website, mini-program and customer service hotline Link to third-party privacy policy or agreement: https://www.ch.com/privacy |
Baidu Navigation | Source of SDK: Baidu Online Network Technology (Beijing) Co., Ltd. Use/purpose of personal information collected: For acquisition of user locations Scope of information collected: Device information, longitude and latitude data, external memory System involved: iOS, Android Link to third-party privacy policy or agreement: https://lbsyun.baidu.com/index.php?title=open/privacy |
Jpush SDK | Source of SDK: Shenzhen Hexun Huagu Information Technology Co., Ltd. Use/purpose of personal information collected: For pushing notification Scope of information collected: Device information, geographic location, network information System involved: iOS, Android Link to third-party privacy policy or agreement: https://www.jiguang.cn/license/privacy |
Mobile Security Alliance, MSA | Source of SDK: China Academy of Information and Communications Technology Use/purpose of personal information collected: For acquisition of unified supplementary device identifiers compatible with multiple vendors released by MSA Scope of information collected: Device information System involved: iOS, Android Link to third-party privacy policy or agreement: https://msa-alliance.cn/col.jsp?id=120 |
GrowingIOSDK | Source of SDK: Beijing Yishu Science and Technology Co., Ltd. Use/purpose of personal information collected: For statistics based on users' in-APP behavior data Scope of information collected: International Mobile Equipment Identity (IMEI), access data, behavior data and element browsing data System involved: iOS, Android, website and mini-program Link to third-party privacy policy or agreement: https://accounts.growingio.com/privacy |
Bugly | Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: For collection of APP crash information Scope of information collected: Device information and external memory System involved: iOS, Android Link to third-party privacy policy or agreement: https://bugly.qq.com/v2/contract |
Amap | Source of SDK: Amap Software Co., Ltd. Use/purpose of personal information collected: For display of hotels on map Scope of information collected: Device information and location information System involved: iOS, Android Link to third-party privacy policy or agreement: https://lbs.amap.com/home/privacy/ |
Alipay | Source of SDK: Alipay (China) Network Technology Co., Ltd. Use/purpose of personal information collected: For login via third party, and payment Scope of information collected: Device information, network information and external memory System involved: iOS, Android, HarmonyOS Link to third-party privacy policy or agreement: https://opendocs.alipay.com/open/01g6qm |
Riskified Mobile SDK | Source of SDK: Riskified Ltd. Use/purpose of personal information collected: It applies Beacon for advanced fraud detection (device fraud, proxy use), behavior analysis, and device fingerprint analysis. Information collected is used to identify fraudsters who use stolen user credentials or credit card information to defraud online merchants. The data collected by Riskified SDK is used to analyze users' devices and behaviors. With such data, we will set up online anonymous device fingerprints for users, which allow us to establish an anonymous identity indicator for each user in the online environment. This is used to determine the one using the user's shopping information is the user himself/herself or a fraudster; Scope of information collected: Device & network information, external memory, including the following fields: Unique network identifier, time zone, cart_id (set session ID), user's proxy IP address, href, riskified_cookie, color depth, shop, proxy_measurements, lang_accept_language, http_headers, battery_charging_time (battery charging time), battery discharging time, battery level, hardware_concurrency, has_touch (whether there is a touch screen), console_js_heap_size_limit, console_used_js_heap_size, console_total_js_heap_size\mobile_network_code (mobile network code), iso_country_code (ISO country code), carrier_name (network carrier name), system version, system name, device name, riskified_cookie, social media account, longitude and latitude System involved: iOS, Android, website Link to third-party privacy policy or agreement: https://www.riskified.com/privacy/ |
Tingyun APP (Tingyun) | Source of SDK: Beijing Network Bench Inc. Use/purpose of personal information collected: We receive and record information about the device you use as per the specific permissions granted by you at the time of software installation and use. Device information recorded is mainly used for the analysis of device distribution in case of irregularities (such as crashes, freezes, errors, etc.), in order to find out performance deficiencies related to device adaptation. To help mobile APP developers quickly locate serious performance deficiencies such as crashes and freezes, we will collect your device's hardware information when any of such deficiencies turns up. To identify performance deficiencies such as slow requests and errors, R&D staff need to know about the network environment. Thus, information on network status is collected when the APP is in use. When you activate the location service on your device and use our location-based services, the information about your location will be collected to assist R&D staff in analyzing the network quality and performance time in different locations. Scope of information collected: Device information, hardware information, network information, location information and external memory System involved: iOS Link to third-party privacy policy or agreement: https://www.tingyun.com/legal_declaration.html |
nbs-newlens-android-sdk (Tingyun) | Source of SDK: Beijing Network Bench Inc. Use/purpose of personal information collected: We receive and record information about the device you use as per the specific permissions granted by you at the time of software installation and use. Device information recorded is mainly used for the analysis of device distribution in case of irregularities (such as crashes, freezes, errors, etc.), in order to find out performance deficiencies related to device adaptation. To help mobile APP developers quickly locate serious performance deficiencies such as crashes and freezes, we will collect your device's hardware information when any of such deficiencies turns up. To identify performance deficiencies such as slow requests and errors, R&D staff need to know about the network environment. Thus, information on network status is collected when the APP is in use. When you activate the location service on your device and use our location-based services, the information about your location will be collected to assist R&D staff in analyzing the network quality and performance time in different locations. Scope of information collected: Device information, hardware information, network information, location information and external memory System involved: Android Link to third-party privacy policy or agreement: https://www.tingyun.com/legal_declaration.html |
Tencent X5 | Source of SDK: Shenzhen Tencent Computer System Co., Ltd. Use/purpose of personal information collected: For provision of browser services Scope of information collected: Device information System involved: Android Link to third-party privacy policy or agreement: https://x5.tencent.com/tbs/guide/develop.html#5 |
Bangcle APP Reinforcement SDK | Source of SDK: Beijing Bangcle Security Technology Co., Ltd. Description of SDK: For APP security Reinforcement to prevent the risk of cracking, decompiling and repackaging Usage scenarios of SDK: APP security reinforcement User information fields required by SDK: Android reinforcement uses getPackageInfoAsUser method to get the package name information of the APP at the time of startup in order to realize relevant security. After reinforcement, the code output class under reinforcement protection will be externally displayed as the characteristics of Bangcle, and the collection behaviors that may occur are all generated by the protected subject. Information collection method: This product does not collect personal information. Purpose of use: In accordance with national regulatory regulations, in order to ensure the legality and security of using this client side to conduct business and participate in activities, prevent network security risks, and avoid malicious tampering of mobile application software, APP reinforcement technology is used to protect mobile applications against malicious attacks such as decompiling, repackaging, memory injection, dynamic debugging, data theft, transaction hijacking, and application phishing, and safeguard the security of application software. System involved: Android, HarmonyOS Third-party privacy policy: https://www.bangcle.com/ (official website) |
Huawei Account One-Click Login | Source of SDK: Huawei Software Technology Co., Ltd. Use/purpose of personal information collected: For Huawei account login service Scope of information collected: Huawei account information System involved: HarmonyOS Link to third-party privacy policy or agreement: https://privacy.consumer.huawei.com/legal/id/authentication-terms.htm?code=CN&language=zh-CN |
To ensure the content is legible and usable, in most cases when you click on a link, your browser will open the link in a new window, together with a redirection prompt ("You are leaving Spring Airlines", or similar wordings). For your better service experience, in some cases, independent third-party services may be embedded in our website (or displayed in a section or under a tag on the website), which will be prompted by the third-party service provider at the top or bottom of the page for which the provider is responsible (displaying the name of the business entity or copyright owner other than Spring Airlines or prompting "Services provided by XX", "Powered by XX", or similar wordings). We recommend that you carefully read through all the information on links to third-party websites and third-party service providers that collect information from you.
Please note: These third-party website links or third-party services are owned or operated by companies or organizations other than Spring Airlines. When you provide them with your personal information at the time of accessing a third-party link or using third-party service, the privacy policy or similar statements of the third party or third-party service provider shall apply to such information, and we bear no legal responsibility for any third party's improper use or disclosure of the information provided by you. You are solely responsible for the risks arising from your access to such third-party website links and use of such third-party services. In case you find any third-party link or service compromised, we recommend you immediately terminate your operations to protect your legitimate rights and interests.
9. Protection of minors' information
(1) We attach great importance to the protection of minors' personal information. If you are a minor under the age of 18 (in case of any different or changed definition of minors under your local laws, we will try our best to observe; for any questions, please let us know in time), you should obtain the written consent of your parent or legal guardian prior to your use of our services. We protect the personal information and privacy of minors in accordance with the Law of the People's Republic of China on the Protection of Minors and other applicable national laws and regulations.
(2) Spring Airlines does not actively collect personal information directly from minors. With regard to the personal information of minors collected with the consent of their parents or legal guardians, we use, share, transfer or disclose such information to the public only when permitted by law, necessary for minor protection, or with the parents' or guardians' explicit consent.
(3) We will do what we can to delete relevant data as soon as possible when we discover that we have collected personal information of a minor without the prior consent of his/her verifiable parent or legal guardian.
(4) With respect to the personal information of children under the age of 14, we will also collect, store, use, transfer and disclose such personal information in accordance with the principles of justifiable necessity, informed consent, clarity of purpose, safety and security, and utilization in accordance with the law, and as required by laws and regulations, such as the Provisions on the Network Protection of Children's Personal Information. When you, as a guardian, choose to use Spring Airlines' services for a child under your guardianship, we may need to collect personal information of the child under your guardianship in order to perform the relevant services for you. If you do not provide such information, you will not be able to enjoy the services provided by us. In addition, when you use the evaluation function, you are deemed to have voluntarily provided us with the personal information of children, so please be aware of this and choose carefully. As a guardian, you should properly fulfill your guardianship duties and protect the personal information of children.
(5) If you are a child under the age of 14, you and your guardians should also read the Spring Airlines Rules for the Protection of Children's Personal Information and Notice to Guardians and make sure that your guardian confirms his/her consent before you use the services of Spring Airlines. If your guardian does not agree to the Spring Airlines Rules for the Protection of Children's Personal Information and Notice to Guardians, it may result in us not being able to provide you with the services properly or not being able to achieve the intended effect of the services we provide, and you and your guardian should immediately stop registering for or using the services we provide. If you use or continue to use our services, it will be deemed that we have obtained your guardian's consent to the collection, storage, use, transfer, and disclosure of children's personal information in accordance with this Policy and the Spring Airlines Rules for the Protection of Children's Personal Information and Notice to Guardians.
(6) As the parent or guardian of a minor, if you have any questions about how we handle the personal information of the minor under your guardianship, please contact us through 95524 or the methods specified in Article 11 of this Policy.
10. Basis and updating of Privacy Policy
(1) Basis
This Policy is prepared under the Civil Code of the People's Republic of China, the Law of the People's Republic of China on the Protection of Consumer Rights and Interests, the Personal Information Protection Law of the People's Republic of China, the Cybersecurity Law of the People's Republic of China, the Anti-Money Laundering Law of the People's Republic of China, and the Information Security Technology – Personal Information Security Specification, along with other policies and recommended guidelines issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Civil Aviation Administration of China and other regulatory authorities. Amendments and improvements have also been made hereto with reference to the General Data Protection Regulation (GDPR) and other laws, regulations and documents.
(2) Updating
Within the scope permitted by the above-mentioned laws and regulations, Spring Airlines reserves the right to revise the Privacy Policy from time to time as the case may be. The latest version of the Privacy Policy - marked with the date of update - is available on Spring Airlines Platforms, to keep you abreast of the document. In this case, your continued use of our services is deemed that you've agreed to be bound by the Policy upon revision.
We undertake: Without your explicit consent (including other authorizations specified in any agreement between you and us), we will not substantially limit or reduce your entitlements hereunder, unless required by changes in laws and regulations and other mandatory provisions.
In case of any material changes, we will inform you in a more noticeable manner (regarding certain services, we will send notifications via email to elaborate the specific changes to the Privacy Policy).
Apart from changes in applicable laws and regulations or regulatory authorities, the "material changes" referred to herein also include (but are not limited to):
a) Substantial changes in our service types/models, such as the purposes of processing personal information, the types of personal information processed, the ways personal information is used, etc.;
b) Substantial changes in our ownership structure or organizational structure, such as changes in owners arising from business adjustments, mergers in bankruptcy, etc.;
c) Changes in the major objects that personal information is shared with and disclosed to;
d) Substantial changes in your right to participate in the processing of personal information and the ways to exercise it;
e) Changes in our department that is responsible for personal information security, its contact information or complaint channels;
f) High risks shown in personal information security impact assessment reports.
The previous version of the Privacy Policy has been archived by us for your reference.
11. How to contact us
(1) If you have any questions, comments or suggestions concerning the content of this Policy or matters related to your personal information, or you want to make a complaint or report on data security, please contact us by sending an email to cs@ch.com or calling our customer service at 95524.
(2) Under normal circumstances, we will reply to your request within 30 days. If you are not satisfied with the reply or believe the way we handle personal information has infringed on your legitimate rights and interests, you may also file a complaint or report to administrations of cyberspace, public security, industry and commerce, among others.
(3) The above arrangements will not prevent you from seeking resolution by filing a lawsuit with the competent people's court of Changning District, Shanghai, where the Company is domiciled.
(4) Data Protection Officer (DPO)
Email: DPO@ch.com
Address: No. 528, Konggangyi Road, Changning District, Shanghai, PRC
Zip code: 200335
12. Legal notices
In the event that a user receives any service via a Spring Airlines Platform, this Policy constitutes an integral part of the agreement relationship with the service (no matter such agreement is reached orally, in writing or otherwise) and should be considered along with relevant terms of service. In this case, unless a term of service explicitly excludes its application, the legal notices herein shall be applied preferentially.
Where personal information is unfortunately leaked due to objective reasons such as Spring Airlines' obligation to comply with legal provisions, force majeure, technical restrictions, etc., Spring Airlines shall not be liable for any losses that users may suffer as a consequence; in case there is a liable third party, Spring Airlines will assist users to hold the third party accountable. When Spring Airlines is found in violation of any legal provisions, the Company or responsible persons shall bear all legal liabilities according to law, including possible administrative penalties and criminal liabilities. However, under any circumstances that are not prohibited by law at the time when a claim takes place, as far as the claim under this Policy and relevant terms of service is concerned, unless Spring Airlines is proved to have violated mandatory legal provisions or committed active negligence or gross negligence that causes certain losses, Spring Airlines' liability for compensating the losses suffered by users due to leakage of personal information is limited to the actual losses of users (all unproven losses or unreasonable expenses or expenditures shall not be deemed as actual losses). The premise of the foregoing commitment to compensation is that users are found with no faults. Where a user is at fault for any loss, Spring Airlines shall be relieved or exempted from liability accordingly.
All disputes arising from the validity, interpretation and application of the Privacy Policy shall be subject to Chinese laws and the exclusive jurisdiction of the competent court in Changning District, Shanghai, where Spring Airlines is domiciled. For the purpose of this article, "Chinese laws" shall, to the maximum extent permitted by the law, exclude any law or part of it that may lead to the application of substantive laws outside the territory of China.
The validity of Article 12 shall not be waived due to the personal expression of any employee or agent, unless ruled by the final judicial decision.
(End of the main text)
