Privacy Policy

Last Update: 01 August 2023

This Privacy Policy applies to Singapore Airlines Limited (“SIA”).

SIA is a corporation registered in the Republic of Singapore with company number 197200078R and a registered office at 25 Airline Road, Airline House, Singapore 819829.

For the purposes of the General Data Protection Regulation (“GDPR”), and other applicable data protection laws, we are the data controller. Our data protection officer can be contacted at dpo@singaporeair.com.sg.

If you have made a flight booking with us but one or more flights in your booking are to be operated by other airline(s), such other airline(s) are also a “data controller” for the purposes of the GDPR. If you have made a booking for non-flight services through us, including hotel or car rental bookings, the provider of such services is also a “data controller”. You may access the privacy policies of the other airlines and non-flight service providers via their own websites or request a copy of the same from them directly.

We collect, use and disclose Customer Data (as defined below) in order to provide you with a safe, smooth, efficient and customised experience with us. The collection, use and disclosure of Customer Data enables us to provide services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines our policy and responsibility in relation to the collection, use and disclosure of Customer Data.

By continuing to use our services, you signify that you have read and understood this Privacy Policy. If you are based in Singapore, you provide your consent to us collecting, using and disclosing your personal data in accordance with this Privacy Policy.

Summary

What information do we collect about you?

We collect information when you purchase flights or other products on our website, mobile application or when you travel with us, such as your contact details, travel information and credit card details. Your failure to provide such information may cause your inability to use our services normally. We also collect information about your preferences (at your option) from your interactions with our in-flight and ground-based staff, and from specific requests you make. In addition, we collect device and technical information from you, and any other information you may submit when you use our website or mobile application. Refusing to provide such optional information will only render the relevant special feature unavailable to you, but will not affect your use of our basic services.

How will we use the information about you?

We use your information to fulfil our contract of carriage with you or otherwise deliver any other products or services you have requested for or signed up to, and to administer your membership with our frequent flyer programme, KrisFlyer, our corporate travel programme for small and medium enterprises, HighFlyer, and/or our Registered Customer programme. We only use your passport number and other national identification information where this is required by law, or where we need to verify individual identities to a high degree of fidelity to prevent fraudulent claims or transactions. We will only do so where we have assessed that there is no suitable alternative to collecting or using such national identification information, and that a failure to accurately identify an individual to a high degree of fidelity could pose significant safety or security risks, or a risk of significant impact or harm to any individuals or to us. We also use your information to maintain our website and mobile application, and to tailor our products and services to your preferences to provide the best service possible. In addition, we use your information to market our products and services to you, and those of our group companies, partners and agents (with your consent where required by applicable laws).

Who do we share your information with?

We share your data with our third-party service providers, to the extent necessary for them to provide their services, such as payment processors, ground-operating personnel and in-flight entertainment. We use these third parties’ services solely to process or store your information for the purposes described in this policy. We also share your information with our interline, code share and strategic alliance partners, other carriers who help us provide our services, related group companies, our overseas stations, government bodies as required by applicable laws and your authorised representatives.

Where do we process your information?

Our servers are located in Singapore, Germany, Japan and the United States. We transfer your information to airports and ground staff in destinations that you are flying to and where we operate. Our staff are located in our offices around the world.

How long do we keep hold of your information?

We retain your information for as long as it is necessary to fulfil the purpose for which it was collected, for the legal or business purposes of SIA, or as required by applicable laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. For China, EU and Swiss residents, we will endeavour to delete your Customer Data within the prescribed timelines of a request for erasure, or contact you if it will take longer.

Dispute Resolution

If you have any concerns or complaints, please contact us here.

How will we notify you of changes?

We will amend this Privacy Policy from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including via email notification.

1. The types of Customer Data we collect

The types of Customer Data that we collect depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.

There are two broad categories of Customer Data that we collect:

  • Personal Data. The data we collect includes but is not limited to:

1.personal information that can be used to identify an individual, such as name, gender, date of birth, nationality, passport or other personal identification numbers; 2.contact information, such as mailing address, phone number, email address; 3.payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date; 4.travel information, such as ticket numbers, destinations, flight information; 5.information on your other activity and purchases made through SIA (such as chargeable seats, excess baggage, seat upgrades), our website or mobile applications (such as hotel accommodation, car rentals and insurance), and purchases of packages such as the Singapore Stopover Holiday and other linked travel arrangements; 6.your customer preferences, such as dietary, seating, entertainment viewed, information on your KrisShop purchases (including the transaction dates, channel in which purchase was made, KrisFlyer miles accrued) and membership details (including membership tier and membership tier qualification status), places that you would like to visit or other service preferences; 7.information about your in-flight Wi-Fi usage, such as whether you use in-flight Wi-Fi, what Wi-Fi plan you used, the mode of payment to pay for in-flight Wi-Fi and how much data was utilised for your Wi-Fi sessions; 8.information about your in-flight interactions with our staff, such as types of beverages requested or other in-flight requests and preferences; 9.information about your interactions with our ground staff, such as the details of any complaint cases, incidences of lost baggage, call details, and other information relevant to assist our ground staff to service you; 10.health information, such as vaccination status, pre-departure test results, doctors’ notes, medical certificates and letters and requests related to medical conditions; 11.information you choose and/or consent to submit when you use features on our website, mobile applications, or other online facilities, including, but not limited to

  • information in the queries you enter into our chatbot, Kris, on our global Facebook page, website and mobile application;
  • audio clips and images you submit to us via the “Capture and Discover” tool to provide travel recommendations
  • audio clips or text you submit when using the Translation Assistant, and
  • your location information.

13.information we receive from flight bookings made via our online corporate booking platform; 14.information we receive from other sources e.g. our page on social media websites and our contractual partners; and 15.business contact information, such as the contact details of the employees of our vendors and corporate customers, as well as the contact details collected by our divisions including the Cargo Division and Engineering Division. 16.Technical Data. This includes device and technical information you give us when using our website or mobile application, such as IP addresses or other unique identifiers, cookies, mobile carrier, time zone setting, operating system and platform, and information about your customer journey on the website or mobile application. Information on cookies may be found in our cookie policy. Please note that in limited circumstances, this Technical Data may be linked with your Personal Data in order to identify you. For the purposes of this policy statement, Customer Data means Personal Data and Technical Data. We also use Customer Data to derive Statistical Data, such as the number of passengers. This is processed and stored purely for analytical purposes, and is entirely anonymous. This information will not be stored to your customer record, and will only be aggregated for statistical analysis so that we can better understand our customers’ profile and improve our service offering.

Special categories of information or "sensitive personal data"

Certain categories of Customer Data, such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under certain applicable laws, including the GDPR. Certain other categories of Customer Data, such as your payment information (credit or debit card number), is also considered sensitive personal data under the Personal Information Protection Law of PRC (“PIPL”).

Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because it is required to complete the payment and conclude the transaction with you, or you have made certain requests in connection with your travel arrangements that reveal or suggest something about you that could be considered “sensitive personal data”, if you otherwise choose to provide such information to us (or a third party such as the travel agent through which you made your booking), or if such information is required by public or regulatory authorities for health, customs and immigration purposes.

For example:

  • If you request a particular type of meal, e.g. halal or kosher meals, this may imply or suggest that you are a member of a particular religion; or
  • If you request specific medical assistance from us and/or an airport operator, e.g. the provision of a wheelchair, this may reveal that you have a particular medical condition.

How we collect data from you

We collect Customer Data whenever you use our services, including when you travel with us, when you use our website or mobile applications, or when you interact with us via email, social media, our contact centres or any other channels such as our ticketing counters and airport operations.

We also collect Customer Data from your authorised representatives. This includes persons whom you have authorised (e.g. your organisation’s corporate travel manager) and persons who have been validly identified as acting on your behalf pursuant to our security procedures.

We may receive your Customer Data from other entities within our group of companies, which include Scoot Pte. Ltd. (“Scoot”), Kris+ Pte. Ltd., KrisShop Pte. Ltd. and Encounters Pte Ltd (collectively with SIA, the “SIA Group”). In addition, we may receive Customer Data from third parties which are located in various countries. This includes, but is not limited to, travel agents, our retailer KrisShop, our KrisFlyer partners (including, amongst others, airlines and non-airlines such as Hilton, Avis, Hertz, American Express, the Economist and Esso) and other contractual parties, our service providers, and other airlines including our subsidiaries to facilitate travel on code share or multi-airline flights.

Where you disclose personal data of another person to us, including but not limited to situations where you make reservations on behalf of another person, you undertake to ensure that the individual whose Customer Data is supplied to us has, where required under applicable data protection laws, authorised the disclosure, is informed of, and agrees to the provisions of this Privacy Policy.

2. Is the provision of Customer Data required?

The collection of the following types of Customer Data is mandatory to enable us to fulfil our contract of carriage with you. These types of Customer Data are marked as mandatory on our booking form. If you do not provide this information, we will not be able to provide you with our services and/or products required.

  • Passenger details, e.g title, first/given name, last/family name, date of birth and meal type (for infants).
  • Contact details, e.g. email address, mobile phone number, home number or business number.
  • Payment details, e.g. the name on the credit or debit card, the credit or debit card number, expiry date and card verification value on the credit or debit card, and billing address which will be transmitted to our payments processors.

Additional information may be mandatory if you are flying to a specific country, or if you are flying on behalf of a business registered in a specific country, e.g. your gender, nationality, passport number, the country of issue of your passport, your vaccination status and pre-departure test results, the name, GST registration number and address of the business you are flying on behalf of, and your business email address and phone number. These mandatory fields will be clear when you make a booking.

The collection of the following types of Customer Data is mandatory to enable SIA to administer your membership with KrisFlyer: (i) title; (ii) last/family name; (iii) first/given name if you do not have a last/family name; (iv) date of birth; (v) email address; (vi) mobile phone number; (vii) mailing address; (viii) gender; (ix) nationality; and (x) whether you are an EU or Swiss resident.

The collection of the following types of Customer Data is mandatory to enable SIA to administer your membership with HighFlyer: (i) title; (ii) last/family name; (iii) first/given name if you do not have a last/family name; (iv) date of birth; (v) email address; (vi) mobile phone number; (vii) mailing address; (viii) gender; and (ix) nationality.

The collection of the following types of Customer Data is mandatory to enable us to administer your account as a Registered Customer: (i) last/family name; (ii) first/given name if you do not have a last/family name; (iii) date of birth; (iv) email address; and (v) whether you are an EU or Swiss resident.

The failure to supply the following types of Customer Data will result in (i) us being unable to update you on our latest products and/or launches; and/or (ii) your inability to enter or participate in contests, promotions or redemption activities organised by us:

  • Contact Information e.g. email address, telephone number; and
  • Country of residence.

3. How we use your Customer Data

If you are an EU or Swiss or Chinese resident, we are required to disclose the legal basis for processing your data under the GDPR, the Swiss Data Protection Act and the PIPL. We are also required to disclose the purposes for processing your data under certain applicable laws, including the Singapore Personal Data Protection Act. If you are based in Singapore, you consent to each of the purposes for processing your data as set out below.

We will use the Customer Data in the following ways:

In accordance with our contract of carriage with you, we will use the Customer Data to:

  • Process and assist you with any transactions related to your booking (e.g., making a booking, providing services related to the booking (e.g., seat selection, accommodation, insurance, etc.), fulfilling such booking and investigating potential fraudulent transactions);
  • Notify you about changes to our service, including through flight alert messages via our mobile services facility;
  • Facilitate airport, internet check-in and self check-in;
  • Provide airport services such as processing information relating to connecting flights, arrangements at airports and customs and immigration facilities;
  • Provide baggage related services such as processing of any baggage related queries, including mishandled or missing baggage claims; and
  • Provide in-flight catering and other services (e.g. to provide you with a personalised in-flight experience);
  • In accordance with our contract with you as a KrisFlyer member or Registered Customer, we will use the Customer Data to:

1.Maintain your account; 2.Facilitate your transactions and services; 3.Enable you to log in using your account on any of the platforms hosted by us; and 4.Send you updates and other account related information.

Further, as a KrisFlyer member, Customer Data will be used to administer your KrisPay programme and mobile application.

As it is in our legitimate interests to be responsive to you, to provide customised services and marketing, to ensure the success of our business and to ensure the proper functioning of our products, services and organisation, we will use your Customer Data to:

  • Improve our website and mobile application and to ensure content from the website and mobile application is presented in the most effective manner for you and your device;
  • Administer the website and mobile application, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • Monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest of improving service delivery;
  • Send you surveys by email (including surveys related to our Registered Customer, KrisFlyer or HighFlyer programmes, if you are a member, as detailed below). You can opt-out of receiving these surveys at any time by contacting us;
  • Send you service emails, such as reminders when you have not checked out your purchases on our website or mobile application. You can opt-out of receiving service emails at any time by contacting us;
  • Respond to your enquiries, requests or feedback;
  • Enforce our terms, conditions and policies;
  • Allow you to participate in interactive features of the website and mobile application, when you choose to do so;
  • Customise our products and services to you, including by responding to and catering for your customer preferences;
  • Personalise the content you see on our website, mobile application and in-flight entertainment systems, including by enabling you to save your preferences on our in-flight entertainment systems and suggesting content for your next flight;
  • Keep the website and mobile application safe and secure;
  • Aggregate Customer Data into anonymised statistical data (such as number of passengers flown on a particular journey), which we will use for statistical analysis so that we can better understand our customers’ profile and improve our service offering;
  • To customise our marketing e.g. sending you targeted marketing on places you would like to visit, based on your responses to optional questions on our website and mobile application, and your prior travels. If you are an EU or Swiss resident, you can object to this profiling and opt-out of receiving such targeting marketing.
  • Share the Customer Data with selected partners to enable them to better tailor offers, promotions and other direct marketing to you. If you are an EU or Swiss resident, you can object to this profiling and opt-out of receiving such targeting marketing.
  • Participate in industry studies conducted by public agencies or regulatory authorities in Singapore; and

In relation to our KrisFlyer and Registered Customer programmes, we will use your Customer Data to:

1.Provide you with any information including promotions and offers from us and other KrisFlyer programme partners, where applicable (with your consent where required by applicable laws); 2.Deliver programme-related benefits including, but not limited to, automatically enrolling you in lucky draw promotions; 3.Contact you regarding product and customer related surveys and market research; and 4.Respond to your email and call enquiries;

Further, as a KrisFlyer member, Customer Data will be used to provide services to celebrate special occasions; sending you KrisFlyer-related news and KrisFlyer e-statements and associated promotions and offers (with your consent where required by applicable laws)

  • If you are a participating company under the HighFlyer programme or under our Corporate Travel Programme (“Participating Company”) and if you are a Corporate Travel Manager (“CTM”) or Assistant Corporate Travel Manager (“ACTM”), we will use the Customer Data to:

1.Maintain the Participating Company’s HighFlyer account; 2.Facilitate Participating Company-related transactions and services; 3.Market and communicate to the CTMs and ACTMs information on SIA and HighFlyer promotions, contests, events and lucky draws, including those conducted by HighFlyer program partners (with your consent where required by applicable laws); 4.Contact the CTMs and ACTMs regarding product and customer related surveys and market research; 5.Respond to email and call enquiries from the CTMs and ACTMs; and 6.Send the CTMs and ACTMs programme information updates and other account related information.

  • If you are a Participating Company under the HighFlyer programme or under our Corporate Travel Programme and if you are a Corporate Traveller (“CT”), we will use the Customer Data to:

1.Maintain your travel records in the Participating Company’s HighFlyer account; 2.Facilitate Participating Company-related transactions and services; 3.Contact the CTs regarding product and customer related surveys and market research; and 4.Respond to email and call enquiries from the CTs.

  • If you are an employee of an entity with a contractual relationship with us:

1.To contact you to perform our services, and in particular, to monitor and record calls for quality, training, legal compliance, analysis and other related purposes in order to pursue our legitimate interest to improve service delivery; 2.Enforce our terms and conditions against your employer; and 3.Communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.

If you are an EU or Swiss or Chinese resident, you can object to this profiling and opt-out of receiving such targeted marketing.

With your consent where required by applicable laws, we will use your Customer Data to:

  • send you marketing and promotional materials in relation to products and services offered by us, our subsidiaries and affiliated airlines and service partners (such as accommodation partners or transportation partners), as well as our appointed agents, in relation to the Registered Customer, KrisFlyer and HighFlyer programmes;
  • retarget you with advertisements (including adverts from the SIA Group) across multiple websites you visit, leveraging the cookies we have in place. The effect of this is that where you go to a different website after visiting the SIA website, you may see tailored SIA Group advertisements on these websites. Please see our cookie policy for more information on our use of cookies (and similar technologies).
  • retarget you with SIA advertisements across multiple websites you visit, leveraging the cookies other SIA Group companies have in place on your device. The effect of this is that where you go to a different website after visiting the relevant SIA Group company website, you may see tailored SIA advertisements on these websites. We only do this where you have consented to the relevant SIA Group company sharing your cookie information with us for these purposes. Please see our cookie policy for more information on our use of cookies (and similar technologies).
  • serve you with customised advertising from the SIA Group that is relevant to you on social media platforms. We use audience targeting technologies to do this. For example, we may display interest-based advertising to you when you are using Facebook through a tool offered by Facebook called the Custom Audience tool. This tool allows email addresses to be hashed locally on our browser and then sent to Facebook. There, the email addresses are matched against Facebook’s existing list of Facebook users’ hashed IDs and the matches are added to our Custom Audience for advertising. The matched and unmatched hashes are then deleted; and
  • register you for the Registered Customer and KrisFlyer programmes.

You have the right to withdraw your consent at any time by contacting us at dpo@singaporeair.com.sg, by logging on to your KrisFlyer account for KrisFlyer members or by logging on to your HighFlyer account for HighFlyer Participating Companies.

4. Disclosure of your Customer Data

With your consent where required by applicable laws, we will share your Customer Data with selected third parties in the situations set out below:

  • our travel and freight service providers or travel-related businesses and service providers (including ground personnel, security personnel and providers of in-flight entertainment and WiFi (if available), if you elect to use this service), partner airlines, airport management, airport operators;
  • our interline, code share and strategic alliance partners so that they can fulfil their contract of carriage for the flights you booked through us and, where applicable, provide you with the relevant benefits of their frequent flyer programme. Where Customer Data is shared with such partners, the Customer Data will be used by that partner in accordance with their respective privacy policy. For a list of such privacy policies, click here.
  • advertisers and advertising networks that require the data to select and serve relevant adverts to you or others, as well as other selected partners to enable them to better tailor offers, promotions and other direct marketing to you or others;
  • our website or mobile application service providers, so that the services of the interactive features you choose to use may be provided to you;
  • our service providers for the provision of fraud detection services (e.g. Mastercard. Please click here to view Mastercard’s privacy policy);
  • analytics and search engine providers that assist us in the improvement and optimisation of the website and mobile application; and
  • public agencies and regulatory authorities in Singapore and their subcontractors, for the purposes of participating in industry studies.

We will share your Customer Data with any of the entities within the SIA Group, in the situations set out below:

  • For the purposes of fulfilling our contract with you, including to:

1.Fulfill bookings and facilitate flight transfers of passengers; 2.Manage passengers who travel on flights operated by our subsidiaries and are Registered Customers or members of our KrisFlyer or HighFlyer programmes; and 3.Manage passengers during flight disruptions and provide necessary assistance and services;

  • As it is in our legitimate interests to be responsive to you, and to provide customised services and marketing, and to ensure the safety of passengers flying with entities in our group, including to:

1.Respond to complaints or compliments received by us from passengers who are sharing their flight experience on flights operated by our subsidiaries; 2.Provide an enhanced customer experience and personalise offers to passengers; 3.Anticipate the servicing needs of passengers on flights with us; 4.Understand customers better through analytics and research (including marketing research) to support personalisation; 5.Contact customers about updates, surveys, and offers on and relating to our Registered Customer, KrisFlyer and HighFlyer programmes; and 6.If necessary, prevent passengers who have been issued banning notices from flying with other airlines within our group.

  • For the purposes of assisting other entities within the SIA Group to provide relevant services to you and to understand more about you. For example, if you have flown with one of the other airlines in the SIA Group, an entity within the SIA Group may use this information to understand more about the sorts of travel services you are likely to be interested in;
  • For the purposes of setting up your membership account(s) with other entities within the SIA Group, provided we have your consent where required by applicable law. For instance, with your consent where required by applicable law, we will share your Customer Data with KrisShop in order to link your KrisFlyer account with the KrisShopper programme; and
  • For the purposes of undertaking targeted direct marketing and other forms of marketing or advertisement, including marketing or advertisements for entities within the SIA Group, provided we have the consent of the recipient and/or have provided the opportunity to opt-out, in each case where required by applicable law.

We will also use and disclose your Customer Data to persons who have been validly identified as being you or acting on your behalf pursuant to our security procedures, for the purposes of the relevant transaction or enquiry. In particular, each of the passengers who are grouped under the same Passenger Name Record (“PNR”) number shall be deemed to be authorised representatives of each of the other passengers under the same PNR number.

We will disclose your Customer Data to law enforcement agencies, public or regulatory authorities, securities commissions or other organisations for security, health, customs and immigration purposes, if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • Comply with any applicable legal obligation, process or request;
  • Enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • Detect, prevent or otherwise address security, health, fraud or technical issues; or
  • Protect the rights, property, health or safety of us, our users, a third party or the public as required or permitted by law (including exchanging Customer Data with other companies and organisations for the purposes of fraud protection and credit risk reduction).

For example, we and other airlines are required by laws in the United States of America, France and other countries to provide border control agencies with access to your booking information or flight itinerary. Accordingly, relevant Customer Data (known as PNR or Advance Passenger Information (“API”) will be disclosed to the appropriate customs and immigration authorities as required by law.

We will also disclose your Customer Data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case Customer Data held by us about our customers will be one of the transferred assets; or
  • To comply with any applicable legal obligations, processes or requests (such as disclosing Customer Data to executors in response to court orders).

In addition, we may disclose Customer Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. We also reserve the right to share Customer Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entities. Further, we will disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

If you are a Chinese resident, please note that our mobile application uses the following third-party software development kits (“SDK”). During your use of our mobile application, we may disclose Customer Data to these SDK providers for the purposes listed here.

5. Transfer of Information Overseas

Our Head Offices are based in Singapore. Customer Data will be transmitted to data storage facilities where we keep our central records. Customer Data will be transferred to our offices and appointed agents, including ground handling agents, sales agents and contact centre agents, in Singapore and around the world in connection with our performance of the contract with you.

This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside China, the European Economic Area (“EEA”), and Switzerland, and in particular Singapore, Germany, Japan and USA where we have data centres. We will transfer Customer Data to airports and ground crew in destinations that you are flying to in and where we operate. The Customer Data will also be processed by staff operating outside China, the EEA and Switzerland who work for us, for our suppliers or our business partners. Such staff are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. The Customer Data is transferred outside the EEA and Switzerland on the basis that it is necessary for the performance of our contract of carriage with you.

We will also transfer Customer Data to our code share and joint venture partners in strategic alliances in Europe, West Asia and Africa, North Asia, Southeast Asia, Southwest Pacific and the Americas for the purposes of performing any contract of carriage. If you are an EU or Swiss resident, where we transfer Customer Data outside the EEA and Switzerland, this is done either on the basis that it is necessary for the performance of our contract of carriage with you, or that the transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate.

(If you are a Chinese resident, where we transfer Customer Data outside the territory of China, (i) this is done on the basis that the security assessment is conducted in accordance with the Personal Information Protection Law of PRC and relevant regulations, or that the model contract terms issued by the China Administration of Cyberspace (“CAC”) are concluded for the transfer, or that the transfer is necessary for the performance of our contract of carriage with you, or for the protection of your life and property safety; and (ii) if not already specified in this Privacy Policy, we will notify you about the transfer to the extent explicitly required by the PIPL (such as the name and contact of the recipient and purpose of processing) and obtain the consent from you.

6. General Data Subject Rights

If you are not a resident in the EU, UK, Switzerland, or China, you may have certain rights in relation to the Customer Data we hold about you, which we detail below.

Access

You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.

Where permitted by law, we reserve the right to charge a reasonable administrative fee for this service. In exceptional circumstances, we reserve the right to deny you access to your Customer Data and may provide an explanation as required by applicable laws.

Exceptional circumstances include (to the extent allowable under applicable law) where:

  • An investigating authority or government institution objects to us complying with a customer’s request;
  • The information may, in the exercise of our reasonable discretion and/or assessment, affect the life or security of an individual; and
  • Data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.

Correction.

You have the right to correct any Customer Data held about you that is inaccurate.

Exercise of Rights.

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

For Registered Customers and KrisFlyer programme members, you may correct any Customer Data by logging into your account.

7. Rights of Data Subjects Who Reside in the EU, UK and Switzerland

If you are a resident in the EU, UK or Switzerland, you may have certain rights in relation to the Customer Data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.

These rights include:

  • The right of access.
  • The right of data portability.
  • The right of rectification.
  • The right of erasure.
  • The right to restrict processing.
  • The right to object.

Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We will respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances).

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

Complaints

In the event that you wish to make a complaint about how we process your Customer Data, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to lodge a claim with your data protection authority.

Access

You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.

If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.

We may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption applies.

Portability

You have the right to receive a subset of the Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.

The relevant subset of Customer Data is data that you provide us with your consent (please see here for the types of Customer Data we process on the basis of your consent or for the purposes of performing our contract with you (please see here for the types of Customer Data we process on the basis of our contract with you.

If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party. We also may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person).

Correction

You have the right to correct any Customer Data held about you that is inaccurate. Please note that whilst we assess whether the Customer Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

For Registered Customers and KrisFlyer members, you may correct any Customer Data by logging into your account.

Erasure

You may request that we erase the Customer Data we hold about you in the following circumstances:

  • you believe that it is no longer necessary for us to hold the Customer Data we hold about you;
  • we are processing the Customer Data we hold about you on the basis of your consent (please see here for the types of Customer Data we process on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the Customer Data;
  • we are processing the Customer Data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such Customer Data;
  • you no longer wish us to use the Customer Data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or
  • you believe the Customer Data we hold about you is being unlawfully processed by us.

Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of services to you as we will not be aware of your preferences.

Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

Restriction of Processing to Storage Only.

You have a right to require us to stop processing the Customer Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Customer Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).

You may request we stop processing and just store the Customer Data we hold about you where:

  • You believe the Customer Data is not accurate, for the period it takes for us to verify whether the Customer Data is accurate;
  • We wish to erase the Customer Data for compliance with applicable laws but you want us to just store it instead;
  • You have objected to us processing Customer Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Customer Data whilst we determine whether there is an overriding interest in us retaining such Customer Data.

Objection

At any time you have the right to object to our processing of Customer Data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Customer Data for that purpose.

You also have the right to object to our processing of Customer Data about you and we will consider your request in other circumstances as detailed below.

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

You may object where we are processing the Customer Data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.

Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Customer Data whilst we make the assessment on an overriding interest by indicating this in your request.

8. Rights of Data Subjects Who Reside in China

If you reside in China, you may have certain rights in relation to the Customer Data we hold about you, which we detail below.

Access

You have the right to access the followings:

  • The type or content of the Customer Data we hold about you;
  • The source and purpose of the use of your Customer Data;
  • The identity or category of third parties that your Customer Data is shared with or disclosed to.

If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.

Portability

You have the right to receive a subset of the following types of Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.

  • Your basic information and information concerning your identity;
  • Information concerning your health conditions, and employment information.

If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party.

Deletion

You may request that we delete the Customer Data we hold about you in the following circumstances:

  • You cancel your account with us;
  • You withdraw the consent for us to hold and process your Customer Data;
  • We stop providing products or services or terminate operations;
  • The retention period of the relevant Customer Data has expired;
  • We process your Customer Data in violation of applicable laws and regulations or in breach of the contract(s) between you and us.

Where you have requested that we delete your Customer Data that we have made public and there are valid grounds for deletion, we will use reasonable steps to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.

Please note that after deleting the Customer Data, we may not be able to provide the same level of services to you as we will not be aware of your preferences.

Correction

You have the right to request corrections if you find that your Customer Data held by us is inaccurate or incomplete.

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

For Registered Customers and KrisFlyer programme members, you may correct any Customer Data by logging into your account.

Restriction of Processing

You have a right to withdraw your consent and restrict us from collecting certain Customer Data about you or processing your Customer Data for certain purposes or in certain ways (e.g., for us to share with third parties or disclose to the public, certain Customer Data about you), subject to the applicable laws. Please provide as much detail as possible on the scope of your withdrawal. Please note that such withdrawal of your consent shall not cause any impact to the processing activities that we already performed before duly receiving such withdrawal from you.

Objection

At any time you have the right to object to our processing of Customer Data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Customer Data for that purpose.

Exercise of Rights

In order to process your request promptly, we kindly ask you to include the necessary identification details with your request as well as any other information necessary to confirm your identity or to process your request. Such information may include the following:

  • Full Name;
  • Mailing Address;
  • Email Address;
  • Contact Number;
  • A copy of an official identity document (e.g. Identity Card or Passport information) with all information apart from your full name and address redacted (if applicable); and
  • KrisFlyer or HighFlyer number (if applicable).

All data privacy requests should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

We may reject your request to exercise the above rights if it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption under applicable laws or regulations applies or where applicable laws requires otherwise. An explanation of reason will be provided to you in case of our rejection. If you have further questions to such rejection, please contact through the email: dpo@singaporeair.com.sg.

9. Rights of Data Subjects Who Reside in Thailand

In relation to your personal data collected by us for the purposes as originally notified to you, as mentioned in this Privacy Policy, or for specific purposes, if you wish to withdraw your consent for us to continue processing your personal data, you may send your consent withdrawal request to us at dpo@singaporeair.com.sg. Please note that if there is a legal basis for us to continue processing (collect, use and disclose) your personal data, we will inform you accordingly.

You also have the right to request access to and obtain a copy of your personal data, to receive from us your personal data in a machine-readable format and to request that we transfer such personal data to another party, to object to our processing of your personal data, to ask us to erase or destroy your personal data, to ask us to restrict use of your personal data, to have us record your objection to your request in relation to your personal data, and to file a complaint against us if we violate the Personal Data Protection Act B.E. 2562 (A.D.2019) of Thailand (“Thailand PDPA”) or fail to comply with any notification issued under the PDPA.

All data privacy requests including requests to exercise your rights to opt-out / to withdraw consents according to the Thailand PDPA should be sent to dpo@singaporeair.com.sg. Please note that requests sent in via other channels or which do not contain sufficient supporting information may take longer to process and/or we may not be able to respond within the prescribed timelines.

10. Retention

We will retain Customer Data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. This includes standing requests which contain sensitive personal data about yourself, e.g. a standing request that you wish to receive a halal meal or a wheelchair at the airport on all flights with us. You can amend your standing request at any time to change your preferences in the future.

If you opt-out or withdraw your consent to marketing, we will remove you from our marketing database.

11. Accuracy

We need your assistance to ensure that your Customer Data is current, complete and accurate. As such, please inform us of changes to your Customer Data by submitting your updated particulars to us (see Section 16). If you are a Registered Customer, KrisFlyer member or HighFlyer Participating Company, you may update your Customer Data at any time by logging on to your account.

We will also request Customer Data updates from you from time to time. As detailed above, your booking information or flight itinerary will be disclosed to the appropriate customs and immigration authorities as required by law. As such, it is important to ensure that the Customer Data contained in your booking information or flight itinerary is current, complete and accurate.

12. Security Safeguards

We take the protection of your Customer Data seriously but, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Customer Data, we cannot guarantee the security of your Customer Data transmitted through the website or mobile application; any transmission is at your own risk.

13. Other Websites and Services

We may, from time to time, provide you with links to other websites for your convenience and information. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You access these websites at your own risk and we are not responsible for these websites. Whilst we will protect your Customer Data on our website and mobile application, we cannot control or be responsible for the policies of other sites we may link to, or the use of any Customer Data you may share with them. Please note that our Privacy Policy does not cover these other websites, and we would recommend that you are apprised of their specific policies.

In addition, some features on our website and mobile application rely on 3rd party services, including Application Programming Interface (“API”) services provided by Google LLC and/or any of its subsidiary companies (collectively, “Google”). Where you choose to use any feature on our website or mobile application that relies on a service provided by Google, you consent to the disclosure of information, including Customer Data, necessary for such use to Google, and agree that the information so disclosed may be processed in accordance with the Google Privacy Policy.

14. Minors

Our website and mobile application are not directed at children under the age of 16 and we cannot distinguish the age of persons who access and use the same. If a minor (according to applicable laws) has provided us with Customer Data without parental or guardian consent, the parent or guardian should contact us (see Section 16) to remove the relevant Customer Data and unsubscribe the minor. If we become aware that Customer Data has been collected from a person under the age of 16 without parental or guardian consent, we will delete this Customer Data and, where that minor has an account, terminate the minor’s account.

15. Updates to the Privacy Policy

We will amend this Privacy Policy from time to time, and the updated versions will be posted on our website and mobile application; and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice via email notification. Subject to applicable laws, the English version of this Privacy Policy will prevail over any version of this Privacy Policy in another language.

Contact Us

If you have comments, questions or complaints about or requests relating to this Privacy Policy statement, please contact SIA in writing at the address below referencing ‘Privacy Policy’:

Singapore Airlines DPO 08D Airline House 25 Airline Road Singapore 819829

Or email dpo@singaporeair.com.sg referencing: Privacy Policy.

Alternatively for queries specific to KrisFlyer, you may contact:

KrisFlyer Membership Services PO Box 177 Singapore Post Centre Post Office Singapore 914006

For queries specific to the Registered Customer programme, you may email HighFlyer_Support@singaporeair.com.sg referencing: Privacy Policy