Privacy Notice

Effective date: 24 May 2018

Last updated: 10 June, 2021

China Southern Airlines Company Limited (Hereinafter referred to as “CZ”, “China Southern ”, “We”) respects and takes measures to protect your personal information.

This Privacy Policy states how China Southern collects and uses your personal information and how you should exercise the relevant rights to protect it. This Privacy Policy shall apply to CZ’s ticketing businesses and any of our services to you, including but not limited to CZ authorized third party institutions or agencies assisting you booking a ticket, your use of CZ website (www.csair.com), China Southern’s App, WeChat account, mini-app or any other CZ authorized booking channels, and the personal information that CZ collects and uses when you access our services.

This Privacy Policy covers the following contents:

  1. I. What does CZ do?
  2. II. How and why does CZ collect your personal information and what kind of information do we collect?
  3. III. How does CZ entrust processing, share, transfer and disclose your personal information?
  4. IV. How does CZ use Cookies and similar technologies?
  5. V. On what legal basis does CZ process personal information?
  6. VI. How does CZ protect your personal information?
  7. VII. How does CZ store your personal information?
  8. VIII. Protection of children’s personal information
  9. IX. CZ’s transfer of your personal information worldwide
  10. X. Your rights on personal information protection
  11. XI. Updating of this Privacy Policy
  12. XII. How to report or complain against violations of this Privacy Policy or how to contact us?

In case of any doubts or concerns about our use of your personal information, or if you wish to report to us or complain against any violations of this Privacy Policy, please contact us by the contact details below this Privacy Policy.


I. What does CZ do?

With headquarters based in Guangzhou, CZ has its company logo seen around the globe with a brilliant red kapok delicately adorning a blue vertical tail fin. As an airline company with the largest number of transport aircraft, the most developed route network and the largest annual passenger volume in the People’s Republic of China, CZ operates several branches including Xinjiang and Northern Branches and several holding airline subsidiaries including Xiamen Air; the China Southern Airlines General Aviation Limited established in Zhuhai; several domestic sales offices in Hangzhou and Qingdao, etc., as well as several international branch offices located in Singapore, New York City, etc.

Working closely with its partners, CZ is currently extending its coverage to even more destinations around the world. During the creation of the Canton Route International Airline Hub, CZ has been developing flight system and improving transit operation, benefiting from 6th Freedom of the air. Based in South East, South and East Asia, centred upon Europe and Oceania with the reach covering North America, Mideast and Africa, CZ has become the largest gateway hub connecting China to Oceania and South East Asia. For more information about CZ, please see the section of our Website at “Company Profile”.


II. How and why does CZ collect your personal information and what kind of information do we collect?

CZ may, according to the business scenarios, collect personal information in the following ways:

  1. 1. Information that you provide voluntarily

    We may, to provide you with air transit services, request you to supply the following personal information:

    1. ● Identification and contact information: your gender, date of birth, ID No., passport No., nationality, country of domicile; your name, address, phone No., E-mail address, Fax No.; and the personal information of any other persons that you travel with (including their contact information). Such information will be used to pass to you or your contact person messages on flights and orders (including flight departure, security check, boarding, reimbursement, flight delay, insurance services and notification of accident), organize your itinerary, mail itinerary or other products to you, verify your identity, solicit your comments on service quality, receive your complaints and suggestions, provide you with CZ Account service, CZ Happy Fly service and other CZ products, and push to you, provided that you agree to receive, promotional and marketing messages.Please note, when you book for others the relevant services, you need to provide such passengers’ personal information, and, before providing us their information, please make sure such passengers agree to the effect and make sure they understand and agree to this Privacy Policy.
    2. ● Sky Pearl member information: your member account No. and flight information, mileage redemption recipient’s information, trustee’s information, and minor member’s guardian information. Such information will be used to maintain our Sky Pearl members, verify member identity and process your accumulation, reward and redemption of points and other FFP services.
    3. ● Data and images of identity documents required in business processing: ID card, passport, visa page, papers required by CAAC for taking a flight, validity period, authorities of issuance, age or date of birth, gender, and their corresponding images. Such information and images will be used, as dictated by the law and regulations, to verify your identity when you book an air ticket, reserve a seat, check in, take a flight, handle entry/exit formalities, purchase air insurance, enjoy CZ Account services and any other services (e.g., filing a complaint).
    4. ● Payment information: your credit card No., billing address, credit card validity, online payment platform (Alipay, WeChat) account information (e.g., Alipay, WeChatPay), CZ Account information, CZ Account balance, orders and operation records, log and risk control information. Such information will be used, when you purchase an air ticket, to maintain your payment information, verify your identity and provide you with CZ Account service and CZ Happy Fly service.
    5. ● Information to improve travel and other services: emergency contact person, special service requirements and personal likes and dislikes (in-flight meals, location of seats in cabin, in-flight services). Such information will be used to improve the relevance of our products and services so that we can provide you with services that address better your needs and may push to you, subject to your agreement, our promotional and marketing messages.
    6. ● Personal information contained in contract: contact person’s name, position, address and contact information (one or any of the data). Such information will be used to facilitate the communication between enterprise contact and us and to post contracts and/or relevant documents.
    7. ● Any other personal information: personal information involved in transactions and online businesses in relation to any other airlines’ points and mileage promotions; personal information obtained from the use of our products and services, e.g., self-service terminal, notification of flight status, Internet boarding, etc.; personal information gathered at questionnaire, solicitation of opinions and/or any other marketing investigations; personal information supplied to CZ for the investigation or solution of any problems, e.g., verification of your identity.

    We use this personal information to facilitate your travel, provide you with other goods and services related to your travel, to administer our Sky Pearl Club programme, to carry out marketing activities and to provide you with our information and contact details. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

  2. 2. Information that we collect automatically

    When you access our website, App, mini-app, WeChat account, etc., we will, as required by technology and equipment, automatically collect specific information about you from your devices.Such information that we collect automatically may include:

    1. ● Equipment information: equipment model, operating system version, browser version number, IMEI number, Mac address, IP address, port information, DNS, mobile operator, data network format, ROOT identifier, network access mode, login channel, APP version number, login time, hardware number, and other log information and technical parameter information related to user network, system and equipment.
    2. ● General position in geography (including location of country or municipality) and other technical data of your device. We may also collect information on how your device interacts with us, including the webpage you have visited and the links you have clicked on.

    Please understand that these information is used by such third parties as Gridsum, Taobao, MTA, Jpush and Alipay to analyze and judge the uniqueness of equipment and safety risk control. We will use such information on operation to better understand our visitor community and improve our website quality and its relevance to visitors. If you refuse to agree to our collection of such information, we will be unable to provide you with basic functions and/or services (App, official website, mini-app and WeChat account) that require an online environment.

    Part of such information will be collected by Cookies and similar tracking technologies, as stated in “IV. How does CZ use Cookies and similar technologies”.

  3. 3. Information that we obtain from third party sources

    From time to time, we will receive personal information about you from third party sources, but only where these parties confirm that they either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

    The types of information we collect from third parties include travel professionals and others who assist in booking and arranging travel. We use the information we receive from these third parties to provide services to you, and maintain the accuracy of the records we hold about you.

  4. 4. List of permissions to use your device we will request

    The permissions and explanations to use your device we will request at startup to provide you with quality service are listed below. When a request pops up, you are recommended to grant the relevant permissions. No permission will be obtained without your prior agreement. You may turn off any permission in your device’s OS Settings.

    Permissions Notes
    Telephone Permission This permission allows reading its hardware data, which serve as a basis to generate a device’s unique identifier, and, by technologies and risk control rules, improve relevance between user and device. It also facilitates the functions of Pay by Friends, Airport Pickup, Call Drop-off Driver, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Storage Permission This permission allows the functions to store and upload pictures, R/W personal settings in cache, create system and log files, cache itinerary/share screenshot/save pictures in album, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Positioning Permission This permission allows personalized recommendation of services, e.g., Site Services, Public Services, Map & Navigation, etc. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Contacts Permission to access Contacts is required to view contacts’ information. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Network Service Network is required to start Southern Airlines's App for the first time. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    SMS Transmission Access to SMS is required to share information by SMS. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Camera & Album This permission facilitates operations to scan codes and read boarding pass/human image/documents. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    MIC Access to MIC is required to pick up your voice message. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Phone Status Access to Phone Status is required to pay by China UnionPay.
    Bluetooth Access to Bluetooth allows Southern Airlines to connect to devices. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.
    Calendar Access to Calendar is required to manage your flight changes and itinerary memo. When you refuse to grand this permission, you will be unable to use the relevant services, and all other functions will not be affected.

    In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (including archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.


III. How does CZ entrust processing, share and disclose your personal information?

We may disclose your personal information to the following categories of recipients:

  1. ● Our group companies, related parties, and third-party service providers we entrust (including aviation meal providers, ground service providers, information systems providers, shuttle service providers, security service providers) who process your personal information on our behalf, and will process your personal information as required by this Privacy Policy for purposes that are described in this Privacy Policy or notified to you when we collect your personal information.
  2. ● Third-party partners who share your personal information, including but not limited to cooperative online travel ticketing agencies, ticket distributors, agencies, travel agencies, hotels, airlines such as code-sharing, interline and joint venture partners, insurance companies, financial/payment institutions you choose to use,and third party service providers who provide us with necessary, reasonable and justifiable data verification and ID check services for the sake of risk control. Specifically, the cooperative online travel ticketing agencies, ticket distributors and agencies arrange discount prices, purchase tickets and provide you with other services such as refunding and changing tickets, points and accumulated mileages on your behalf; the cooperative travel agencies and hotels provide more convenient and efficient quality services in your travel, accommodation and so on, and arrange discount prices and points exchange for your travel on your behalf; the cooperative airlines provide you with more route and price options on code sharing, interline and joint venture, provide you with services such as airport VIP lounges, assistance in carrying or re-booking when your journey is interrupted; the cooperative insurance companies obtain your necessary information to insure you and provide appropriate services; the financial / payment institutions you choose to use will help you pay through our e-wallets; the third party service providers, in accordance with our requirement of risk control, obtain necessary and reasonable personal information for data verification and ID check to help us improve our website security on user information. We will share your personal information to the third parties after seeking your consent, or following your request to the extent it is necessary for the performance of our contract with you.
  3. ● Competent administrative law enforcement authorities, judicial authorities, other regulatory authorities and other such third-parties (including civil aviation authorities, customs, market supervision and administration, public security, national security, courts, procuratorates, network information departments or industry information departments) whom we share or disclose your personal information with in accordance with the provisions of laws and regulations or the mandatory requirements of government authorities: (1) to comply with the requirements of laws and regulations, for example, when it is related to national security, national defense security, public security, public health, major public interests, or to crime investigation, prosecution, trial and execution of sentences; (2) to enforce, establish and safeguard our legitimate rights; (3) to safeguard the vital interests of you or others, such as the safety of life, property, etc.
  4. ● to an actual or potential counterparty (and its agents and advisers) in connection with any actual or proposed transaction, merger or acquisition of any part of our business, provided that we will inform the counterparty it must use your personal information only for the purposes disclosed in this Privacy Notice;
  5. ● Any other person with your consent to the disclosure. This will include the situation that you authorize your personal information to others to book, manage your itinerary, etc.
  6. ● Our App uses the SDK of the following suppliers. During your use of the App's specific functions, we may share or disclose your personal information to the following SDK suppliers for the following scenarios or service purposes:
    Name Business scenarios used Purpose Personal information field Name of third party
    CCB Dragon Pay
    SDK
    Pay for the order Payment Device information China Construction Bank
    UnionPay (Cloud Flash Pay)
    SDK
    Payment Payment Device information China UnionPay
    https://open.unionpay.com/tjweb/index
    Alipay payment
    SDK
    Pay for the order Payment Device information
    Storage information
    Network information
    Alipay
    https://open.alipay.com/platform/home.htm
    WeChat
    SDK
    Share links and pictures to moments
    WeChat associated login
    Payment for tickets
    WeChat login, sharing and payment Application information
    Device information
    WeChat
    https://developers.weixin.qq.com/doc/oplatform/Mobile_App/Resource_Center_Homepage.html
    TINGYUN
    SDK
    Risk management Used for system risk management. Helping us to timely identify problems in the process of using App, and quickly locate and solve the problems. Improving the ability of digital operation and maintenance. Device information
    Network information
    TINGYUN
    https://doc.tingyun.com/app/html/ruhekaitong.html
    Security face
    SDK
    Face authentication
    Member's second password authentification
    Facial recognition Camera permission, storage permission, user name, user mobile phone number, user ID number Guangdong Public Security Authority
    GRIDSUM
    SDK
    Risk management Used for collecting users' behavior data and system stability so that we can analyze the use of system and business functions to improve the system experience Device information
    Location information
    Application information
    Beijing Gridsum Technology Co., Ltd.
    https://www.gridsum.com/
    UnionPay Face
    SDK
    Face authentication
    Member's second password authentification
    Facial recognition Device information
    Application information
    Camera access
    Storage permission
    China UnionPay
    https://open.unionpay.com/tjweb/index
    Baidu Map
    SDK
    City location, dynamic flight path Location, navigation Device information
    Location information
    Baidu
    http://lbsyun.baidu.com/index.php?title=%E9%A6%96%E9%A1%B5
    Baidu Voice
    SDK
    Knowledge search, flight search Voice recognition Device information
    Application information
    Audio access
    https://ai.baidu.com/tech/speech/asr
    OCR
    SDK
    Adding/modifying passenger
    Membership authentication
    Adding bank card for wallet
    Opening wallet account
    Scanning for identification of documents and bank cards Device information
    Application information
    Camera access
    Storage permission
    GRG Banking
    https://www.grgbanking.com/cn/
    Weibo
    SDK
    Weibo sharing Weibo sharing Device information
    Application information
    Sina Weibo
    https://open.weibo.com/
    QQ Interconnection
    SDK
    QQ login QQ login Device information
    Application information
    Tencent
    http://op.open.qq.com/
    Electronic Luggage Tag
    SDK
    Electronic luggage tag Electronic luggage tag None BAGTAG
    https://bagtag.com/
    JPUSH
    SDK
    Message push Push Device information
    Network information
    Application information
    jpush
    https://www.jiguang.cn
    usabilla Suggestion feedback Collecting users' feedback None usabilla
    https://usabilla.com/
    Daxing Face Scan
    SDK
    Daxing Airport One ID Facial recognition Device information
    User's Login ID, Name, Mobile Number, ID Number
    SenseTime
    https://v2-devcenter.visioncloudapi.com/#/doc/silent-liveness/android/online/_summary
    IJIAMI
    SDK
    Risk management Used for encrypting data to ensure the security of user data, system data and communication. None Beijing Zhi You Wang An Technology Co. Ltd.
    https://www.ijiami.cn/
    Ali EMAS
    SDK
    APP building packages Used for fast packaging integration of APP to improve R & D efficiency. None Ali Cloud
    https://www.aliyun.com
    Ali mPaaS
    SDK
    CZ APP Used for offline packages to improve users' experience of browsing H5 web pages in the APP Device information
    Storage information
    Ali Cloud
    https://www.aliyun.com
    ASRC
    SDK
    Risk management Used for encrypting data to ensure the security of user data, system data and communication. Device information Ali Cloud
    https://www.aliyun.com
    Ali waf
    SDK
    Risk management Used for system risk management. Monitoring and blocking crawlers to ensure system safety and stability and to prevent the crawlers crawling data and damaging the system. Device information Ali Cloud
    https://www.aliyun.com
    Apple Pay payment payment Device information Apple
    https://developer.apple.com/cn/apple-pay/resources/

    In addition to maintaining the necessary basic functions of CZ APP operation, you will have the right to choose whether to use the above functions voluntarily when using CZ APP. We will continue to use your authorization during your use of CZ APP, and will stop using after you stop using the APP.


IV. How does CZ use Cookies and similar technologies?

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookies Statement.


V. On what legal basis does CZ process personal information?

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only (1) where we need the personal information to perform a contract with you; (2) where the processing is in our legitimate interests and not overridden by your rights; (3) where we have your consent to do so. (4) In some cases, we may also have a legal obligation to collect personal information from you (5) We may need your personal information to protect your vital interests or those of another person under certain circumstances.

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our company and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, including responding to your queries, improving our products and services, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the“How to report or complain against violations of this Privacy Policy or how to contact us?” heading below.


VI. How does CZ protect your personal information?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include Secure Socket Layer (SSL) encrypting technology to secure the transmission of your data from your web browser to our internet system.


VII. How does CZ store your personal information?

In order to provide you with the air transport and related services you need (booking, refunding, changing tickets), membership services, CZ's various products, fulfill the agreements with you, comply with applicable legal, tax, financial and accounting requirements and CZ's legitimate business needs, we will encrypt or desensitize the personal information collected from you.

If we do not store your personal information for the above reasons, we will delete or anonymize it. If it can not be deleted immediately or anonymized for objective reasons, we will safely store your personal information and avoid further processing before it can be deleted or anonymized.


VIII. Protection of children’s personal information

CZ attaches great importance to the protection of minors' personal information. If you are a minor under the age of 14 or recognized as a child under the laws of other countries, you should obtain the written consent of your parents or legal guardians before using our products and / or services. CZ protects the personal information of children and minors of other ages in accordance with the relevant laws and regulations of the country.

For the collection of personal information of minors with the consent of their parents or legal guardians, we will only use or disclose this information with the permission of the law, the explicit consent of their parents or guardians or the necessary protection of the minors.

If the minors have provided us with personal information without the consent of their parents or guardians, their parents or guardians may contact us using the contact details provided under the heading "How to report or complain against violations of this Privacy Policy or how to contact us?" to delete such information or opt-out of mail and other activities in marketing promotion.


IX. CZ’s transfer of your personal information in the world

Your personal information may be transferred to countries other than the country in which you are resident for processing. These countries may apply different laws related to the protection of personal information (please note that the degree of protection of your personal information may vary under the laws of different countries).

Specifically, our Website servers are located in the People's Republic of China, and our group locations and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group locations, which require all group locations to protect personal information they process in accordance with applicable data protection law.


X. Your rights on personal information protection

You have the following rights to protect personal information:

  1. ● If you wish to access, correct, update or delete your personal information, you can do so at any time by contacting us using the contact details provided under the “How to report or complain against violations of this Privacy Policy or how to contact us?” heading below. However, please note that not all your personal information can be deleted in the exercise of the right to delete, and we will only delete it when the deletion conditions specified in the law are met, for example, delete your personal information when you log off, otherwise we will not be able to maintain and manage your membership.
  2. ● You can choose to cancel your Southern Airlines's Sky Pearl member account by opening the APP, clicking in turn "I-set-account center-cancel CZ member" on the front page and following the guidelines to complete the cancellation of membership, or call the customer service hotline 95539 to cancel your CZ membership. After you cancel the account, we will stop providing you with the corresponding products and services, and delete or anonymize your personal information. Please note that after cancellation, the unused points and mileage in your personal account will be cleared to zero.
  3. ● In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to report or complain against violations of this Privacy Policy or how to contact us?” heading below.
  4. ● You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to report or complain against violations of this Privacy Policy or how to contact us?” heading below.
  5. ● Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. You can change the scope of your authorization or withdraw your authorization via the "Settings" function of your mobile phone. As your mobile phone manufacturer or model and APP version may vary, should any problem, feel free to contact us. Please keep informed that, when you withdraw from or reject the consent, we will be unable to provide you with corresponding services and will no longer process your corresponding personal information. At the same time, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  6. ● You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your personal information protection regulator. Contact details for data protection authorities in the European Economic Area, Switzerland are available here.

We will respond to the requests for the protection of personal information of the individuals concerned in accordance with the applicable personal information protection laws. For the exercise of above access, correction, deletion, cancellation and other functions on the App, we will complete the above requests within 15 working days in accordance with the relevant regulations.


XI. Updating of this Privacy Policy

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. If the applicable data protection law requires us to obtain your consent in the substantive revision of the privacy notice, we will comply with the provisions of the law to notify you by one or more ways of the announcements on the official website, the push in App, email, mail and telephone. If you have any objection to the update of this Privacy Policy, please contact us by the information below.


XII. How to report or complain against violations of this Privacy Policy or how to contact us?

If you have any questions or concerns about our use of your personal information, please contact us:

Contact information of Southern Airlines personal information protection officer :

China: +86-4006695539

Overseas: +86-4008695539

Email: dpo@csair.com

Company's registration address: Room 301, 3rd Floor, Phase I Building, Guanhao Science Park, No.12 Yuyan Road, Huangpu District, Guangzhou, Guangdong Province

Other contact address: customer service counter of Southern Airlines, Baiyun Airport, Guangzhou, Guangdong Province


If you have questions other than privacy and personal information protection, please contact the following email address: 95539@csair.com