Privacy Policy

FCM Personal Information Protection Policy

Effective date: December 1, 2021

Last updated on: December 5, 2023

Reminders

Welcome to use our products and services. Your trust is of vital importance to us. We are aware of the significance of personal information to you. We will take appropriate security measures as required by applicable laws and do our utmost to ensure that your personal information is secure and controllable. For this purpose, FCM service provider (Flight Centre China International Travel Co., Ltd and its affiliated companies, or "we" hereinafter) has formulated this FCM Personal Information Protection Policy (hereinafter referred to as the “Policy” or the "Personal Information Protection Policy") in accordance with the provisions of relevant laws and regulations and the relevant provisions of the Service Agreement signed between your company and us to help you fully understand how we will collect, use, share, store and protect your personal information during your use of our products and services and how you can manage your personal information so that you can make appropriate choices in a better manner.

Before using FCM Mobile products or services, you must carefully read and thoroughly understand this Policy, especially the terms in underlined/in bold and underlined and be sure that you have fully understood and agreed to them. For the professional terms in the Policy, we try our best to explain to you in a concise and common way to facilitate your understanding. If you have any questions, comments, or suggestions regarding the Policy, you can contact us through FCM Customer Service (Beijing + 86 1058292929, Shanghai + 86 212211888, Guangzhou + 86 2081133900) or using the contact information at the end of the Policy.

Your consent to the Personal Information Protection Policy means that you have understood the functions provided by the application and the personal information necessary for the operation of the functions and have given authorization for relevant data collection and use, but it does not mean that you have separately agreed to activate additional functions or process unnecessary personal information. We will ask for your consent separately before activating additional functions, processing unnecessary personal information or sensitive personal data based on your actual use.

The Personal Information Protection Policy contains the following sections:

I. Scope of Application

II. Information Collection and Use

III. Transfer Information to the External Parties

IV. Storage of Information

V. Your Rights

VI. Protection of Minors

VII. Policy Update

VIII. Contact Us

Appendix A: The Third-party Sharing List

Appendix B: Relevant Definitions

1. Scope of Application

This Policy applies to all products and services provided to you by FCM Mobile Platform service providers through website, clients, applets, and new forms emerging with the development of technology. If there is a separate privacy policy for the products or services that we and our Affiliates provide to you, such privacy policy shall apply to such products or services.

Except for the relevant information collection and use activities set forth in this Policy, the Policy does not apply to services provided by any content provider or other third party to you, and such services shall be subject to the privacy policy of the content provider or third party made available to you (for example, when you choose to become a content provider user or an independent third party user, the use of your personal information by such merchant or third party is subject to their own personal information protection policies or rules made available to you).

1. Information Collection and Use

When you use our products and/or services, the scenarios in which we need/may need to collect and use your personal information and sensitive personal information (in bold and underlined) include:

1. To provide you with basic functions of our products and/or services, you need to authorize us to collect and use necessary information. If you refuse to provide foregoing necessary information, you cannot normally use our products and/or services.

2. To provide you with the extended functions of our products and/or services, you may choose to authorize us to collect and use the information. If you refuse to provide the foregoing information, you will be unable to use relevant extended functions or unable to realize the intended results of functions, but it will not affect your usage of basic functions of our products and/or services.

You understand and agree that we are committed to creating a variety of products and services to meet your needs. Considering that we provide a wide variety of products and services, and different users may opt for different products or service scopes, the basic/additional functions and the types and scope of personal information collected and used may differ accordingly and are subject to the specific product/service functions.

If you have any questions, comments, or suggestions during the process, you can contact us through various contact methods provided on FCM platform, and we will reply to you as soon as possible.

Scenarios in which we will provide you with specific functions include:

1. Help you become our user.

1. Basic User Services

We provide you with basic FCM business travel user services through FCM special user accounts. To register as a user and access the user services, you need to provide your mobile phone number or email address to create an FCM business travel platform account. Since FCM business travel platform only provides business travel services to the registered users, you may not use our products if you do not register a user account.

1. Additional User Services

Special User Rights and Interests: if you choose to provide health information and preferences related to your travel arrangements or required by relevant travel content providers (such as airlines and accommodation or travel providers), we will provide you with more personalized user services. Among them, your nickname and profile picture will be displayed publicly to ensure transaction identification.

Real Name Authentication: you need to provide us with corresponding identity information (ID card, passport) according to the authentication requirements to complete real person authentication.

1. Provide you with display of product or service information.

In order to display the product or service information, including your access footprint and search history, we may collect and use your browsing and search history when you visit or use the FCM website or application. Combining the device information, service log information, and other information authorized by you, we may use an algorithm to predict your preference attributes and match the possibilities with products, services, or other information of interest, and sort the products, services, or other information shown to you based on your clicks, browsing, or purchases. To meet your diverse needs, we will introduce diversified recommendation techniques in the sorting process, expand the recommended content, and avoid excessive concentration of the same type of content. Meanwhile, such information will be provided to your company according to the Service Agreement. We may also push commercial advertisements and other information you may be interested in based on your preference attributes using FCM and other third-party applications or send you commercial short messages according to business needs.

Based on the above requirements, we suggest that you manage your privacy experience through the following measures:

1. If you want to delete your browsing and search history, you can choose to delete in "My - Browsing History" and "search box-Recent Searches".
2. If you no longer wish to receive our promotional/marketing materials, participate in market research, or receive other types of information from us, you can unsubscribe from receiving electronic marketing materials by following the unsubscribe prompt in your email, SMS, MMS, iM or other forms of electronic marketing.
3. If you do not wish to see the products or services we recommend to you on the home page, you can long press on the picture of the products or services to turn off the recommendation algorithm.
4. If you want to manage the personalized content we push to you, you can update your setting in "My - Settings - Privacy".

To provide you with more convenient and personalized content, search, and push services, we will extract your preference attributes based on your device information and service log information on FCM website and application and produce indirect group portraits based on feature tags for displaying, pushing information and possible commercial advertisements.

1. Help to place your booking and manage.

When you customize specific products and/or services on FCM platform, the system will generate the booking for the products and/or services you purchased. During the booking process, name and contact number will be require as contact. The booking will include products and/or services information you purchased, the specific booking reference, creation time, and the amount of purchase. That information is purpose to collect for the transaction completion, ensure transaction security, enable booking information inquiry, provide customer service and after-sales service, and for other purposes that we have clearly informed you of.

You may book products and/or services for others on FCM platform, on condition that you provide the aforementioned personal information of the actual purchaser. Where the booking of air tickets, train tickets, bus tickets, hotel rooms and other travel products or services for a child is involved, you must obtain the authorization and consent from the corresponding legal guardian of the child beforehand.

To help you learn about, inquire about, and manage the booking information, we will collect the booking information generated during your use of our services, which will be displayed to you and used to facilitate your booking management.

You may fill in or choose additional information, including other contact numbers and the time of receipt, to ensure the accurate delivery of products or services.

In addition, due to the particularity of travel products and services, you must further submit necessary information to complete the reservation. You will require to fill in necessary information or authorize us to complete the information input on behalf. At the meantime, please pay attention to the following matters in the booking process:

1. When you book a domestic flight (excluding flights to/from Hong Kong, Macao and Taiwan), you should be required to provide the passenger’s name, ID document type, ID document number, name of contact person, mobile phone number and email address. When you book an international flight (including flights to/from Hong Kong, Macao, and Taiwan), you should be required to provide the passenger’s name, passenger type, gender, date of birth, nationality, document type, document validity period, document issuing country, phone number, email address, work unit, document number, total price, airline name, flight number, class, departure date and time, arrival date and time, departure airport, arrival airport, flight mileage. Such information will facilitate the ticket reservation, information notification and subsequent ticket refund and change services provided by FCM and FCM air ticket content provider in accordance with their respective responsibilities.
2. When you book a train ticket, you need to provide the passenger’s name, type of travel document, ID document number, name of contact person and mobile phone number ; When you book an international train ticket, you need to provide  the passenger's name, phone number, document type, work unit, document number, order number, ticket collection number, train number, seat, departure city, arrival city, departure date and time, arrival date and time, total price to facilitate authorized train ticket booking, information notification and subsequent ticket refund and change services provided by FCM and FCM train ticket content provider in accordance with their respective responsibilities. When you opt for real name authentication to "associate with 12306", you also need to provide 12306 username and password.
3. When you book a domestic hotel (excluding hotels in Hong Kong, Macao and Taiwan), you should at least provide the guest’s name and mobile phone number. When you book an international hotel (including hotels in Hong Kong, Macao and Taiwan), you should at least provide the guest’s name, phone number, email address, passenger type, work unit, order date, order number, total price, order remarks, hotel check-in date, hotel departure date, hotel name, hotel address. Such information will facilitate the hotel reservation, information notification and subsequent refund and change services provided by FCM and FCM hotel content provider in accordance with their respective responsibilities. In addition, you need to provide credit card number, credit card validity, credit card verification code, to guarantee the reservation or payment in case some overseas hotels do not accept Alipay/WeChat Pay as payment methods.
4. When you book the car service, you should at least provide the passenger's name, phone number, date and time of car use, end date and time of car use and rented car type to facilitate car service provided by FCM and FCM car rental content providers in accordance with their respective responsibilities.
5. When you use MICE (Meeting, Incentive, Conference and Exhibition) services, you may need to provide different types of information depending on different service types, including departure point, destination, meeting venue, travel/meeting date, number of travelers/participants, per capita/meeting budget, name of contact and his/her mobile phone number.

Where you are required to further provide necessary information to complete the product or service reservation shall be subject to the specific prompt or authorization in the reservation process. Please read the content carefully.

The traveler information, contact information and mailing address provided by you when you use the above services will be automatically saved as your frequently used information. You can also save the invoice information you have input as your frequently used information, so that you can directly retrieve the information when you make subsequent reservations. You can view and update the above information at any time by visiting "My" - "Frequent Passengers" / "Personal Information" on FCM Mobile App.

Please note that when you fill in the traveler or contact information, to minimize your trouble, FCM may provide a way to enter the information by taking a picture of the ID document based on business needs. If you choose to enter personal information this way, FCM will also obtain the document information of you or other travelers and/or contacts you provide.

If you reserve products or services for others through FCM, you need to provide the information of the actual traveler according to the prompt. Before providing FCM with the information of the actual traveler/passenger, you ensure that you have obtained his/her consent, and that he/she is aware of and accepts this Personal Information Protection Policy.

1. Help you complete the payment.

To complete the payment, you need to choose the payment method on the order page. We will share your FCM Account username, the corresponding Alipay or WeChat account username, booking number, transaction time, transaction party, transaction product, booking transaction amount, booking status, device information related to transaction security and other necessary information required by anti-money laundering laws with Alipay or WeChat through the Alipay or WeChat Software Development Kit (SDK) embedded in the application. If you choose other financial institution to facilitate your payment, we will also share the necessary information required for bank card payment including your bank card number, the validity period, and the name of the account holder with the corresponding financial institution that you choose.

You can ask others to pay for you, then you need to provide the Alipay or WeChat account and/or mobile phone number of the payer.

To keep us updated about and be able to confirm your payment progress and status in a timely manner and to provide you with after-sales and dispute resolution services, you agree that we may collect information related to payment progress from the transaction party, Alipay or WeChat, or other payment institutions you choose.

You can check the information of Alipay or WeChat account bound to your FCM Platform account or apply for replacement of the bound Alipay or WeChat account.

1. Help complete the delivery of products or services to you.

If the products or services you purchased on FCM Platform need to be mailed (such as invoices and tickets), in order to ensure smooth, safe and accurate delivery of your purchased products and/or services, we will disclose the booking related logistics information to SF Express Group Shanghai Express Co. Ltd., which provides logistics information system and technical services to FCM Platform, and it will synchronize the relevant logistics information to the corresponding logistics entities according to the designation of the product and/or service provider. You acknowledge and agree that the relevant logistics entities will inevitably learn about and use your logistics information for delivery purpose.

To keep us updated about and be able to confirm your delivery progress and status in a timely manner and to provide you with after-sales and dispute resolution services, you agree that we may collect information related to delivery progress from the logistics service provider.

1. Customer Services and Dispute Resolution.

To ensure the security of your account and system, when you contact us or apply for resolution of a dispute arising during or after sales, we require that you provide us with the necessary personal information to verify your user identity.

We may keep records of your correspondence/calls with us and related content (including account information, booking information, other information you provided as evidence of relevant facts, or the contact information you provide) for the purpose of contacting you, helping you resolve the problem as quickly as possible, or documenting the solution and result of the case. In the event that you consult about, complain against, or make suggestions for a specific booking, we may use your account information and booking information accordingly.

We may also use your other information on a reasonable basis to provide the service and improve the quality of the service, including the information you provide in your contact with the customer service, and the information you offer in our questionnaires you participate in.

1. Provide you with Security Guarantee.

In order to improve the security of your use of the services provided by us, our affiliated companies and partners, protect the personal and property safety of you or other users or the public from infringement, better prevent security risks such as phishing, fraud, network vulnerabilities, computer viruses, network attacks and network intrusion, and more accurately identify violations of laws and regulations or the relevant agreements and rules of FCM Platform, we embed application security SDKs developed by our affiliated company into our app to collect your device information and service log information, and may use or integrate your user information, transaction information, device information, relevant network logs, and other information obtained by our affiliated companies or partners that you authorize or share under the law (among which we may collect MAC address, IMEI and other device identifiers for risk verification during the background operation of the app), to comprehensively analyze the risk of your account and transactions, conduct identity verification, detection and prevention of security incidents, and take the necessary records, auditing, analysis and disposal measures in accordance with the law.

1. Other Uses

1. Additional Services based on System Permissions

To provide you with more convenient, high-quality, and personalized products and/or services, and improve your user experience, we may collect and use your personal information when providing you with the following additional services. It will not affect your use of the basic services (except the necessary operating system permissions that the basic business functions depend on) on FCM Platform if you do not provide such information, but you may not be able to enjoy the user experience offered by these additional services. You can check the status of the above-mentioned permissions in your device settings or in "My - Settings – Privacy - System Permissions" on FCM client and decide to enable or disable these permissions at any time.

Please note that, by enabling any of the permissions, you authorize us to collect and use relevant personal information to provide you with the corresponding service. Once you revoke any of the permissions, it represents that you cancel the authorization, then we will no longer continue to collect and use relevant personal information based on the corresponding permission, nor will we be able to provide you with the corresponding service. However, your decision to revoke the permissions does not affect the collection and use of information that was previously done based on your authorization.

1. How do we use cookies and similar technologies?

Cookies and similar device information identification technologies are commonly used technologies on the Internet. When you use our services, we may use related technologies to send one or more cookies or anonymous identifiers (hereinafter referred to as "Cookies") to your device to collect, identify and store information about your visit and use of this product. We promise that we will not use cookies for any purpose other than those specified in this Personal Information Protection Policy. We use cookies mainly to ensure the safe and efficient operation of products and services, allowing us to confirm the security status of your account and transactions, troubleshoot crashes and delays, and help you avoid repeating the steps of filling out forms and entering search content and process.

At the same time, we may use cookies to show you information or features that may be of interest to you and optimize your advertising choices. Most browsers provide users with the function of clearing the browser cache data. You can perform the corresponding data clearing operation, or you can modify the acceptance level of cookies or reject our cookies. You may not be able to use the services or corresponding functions that rely on cookies because of these modifications.

1. Others

1. If the information you provide contains the personal information of other users, make sure that you have obtained legal authorization before providing such personal information to FCM Platform. If any personal information of a child is involved, you must obtain the consent of the child's legal guardian prior to posting the information. In such cases, the legal guardian has the right to request the correction or deletion of the child's personal information by contacting us through the channels described in Section VIII of this Policy.
2. We will get your consent in advance if we use the information for other purposes not specified in this Policy, or use the information collected for specific purposes for other purposes, or we take the initiative to obtain your personal information from a third party.
3. If we obtain your information indirectly from a third party, we will ask the third party in writing to collect your personal information after obtaining your consent in accordance with the law and inform you of the content of the shared information. In the case of sensitive information, the third party will be required to explicitly confirm your consent before providing the information to us and will be required to make a commitment to the legitimacy and compliance of the source of the personal information. If the third party violates the law, we will explicitly require the third party to bear the corresponding legal responsibility; at the same time, our professional security team will conduct security reinforcement of personal information (including sensitive information reporting, encrypted storage of sensitive information, and access control). We will protect the personal information we indirectly obtain with the means and measures that are in no event less stringent than those we use to protect the personal information of our users.

Please be aware that if we take technical and other measures necessary to process the personal information in a way that makes it impossible for the data recipient to re-identify a specific individual and cannot be recovered, or we may de-identify the information we collect for research, statistical analysis, and forecasting to improve the content and layout of FCM Platform, to support product or service decisions for business purposes, and to improve our products and services (including the use of anonymized data for machine learning or model algorithm training), the applicable law does not require that we must separately inform you of and obtain your consent to the use of the processed data.

1. If we cease operating products or services on FCM Platform, we will stop collecting your personal information in a timely manner and notify you of the operation cease individually or through an announcement and delete or anonymize all personal information related to the ceased business that we hold. If any personal information of a child is involved, we will also inform the child's guardian of the cessation of operation in a timely manner.

1. Providing Information to the External Parties

1. Sharing

We will not share your personal information with companies, organizations, or individuals other than the service providers on FCM Platform, except in the following circumstances:

1. Sharing is necessary for the purpose of the conclusion and performance of the contract to which you are a party: When you purchase products and book services through FCM, we will share the necessary transaction-related information in your booking information with the merchant or the actual service provider of the relevant products and services according to your choice to fulfill your needs for purchasing products or booking services from them and prompt them to complete the follow-up after-sales service. You can check the information published in the business license or the electronic link identification of the business license on the main page of the relevant product and service provider engaged in business activities to identify your transaction partner.
2. Sharing with explicit consent: After obtaining your explicit consent, we will share your personal information with other parties.
3. Sharing under statutory circumstances: We may share your personal information with others in accordance with provisions of laws and regulations, litigation and dispute resolution needs, or legitimate demands of administrative and judicial authorities, as well as the necessity of performing other legal obligations.
4. Sharing with affiliated companies: We may share your personal information with our affiliated companies and/or their designated service providers in order to provide you with products and services based on your FCM Account, to recommend information that may be of interest to you, to identify anomalies in user accounts, and to protect the personal and property safety of our affiliated companies, other users, or the general public from infringement. We will only share the necessary personal information and, subject to the purposes stated in this Policy, if we share your personal sensitive information or our affiliated companies change the purpose of use and processing of your personal information, we will ask for your authorization and consent again.

Please note that the information you share voluntarily or even publicly when using our services may involve your or others' personal information or even sensitive personal information. Please consider carefully before making a decision.

Please refer to Appendix A for the Third-party sharing list

1. Entrusted Processing

We may entrust authorized partners to process your personal information in order to authorize partners to provide you with certain services or perform functions on our behalf. We will only entrust them to process your information for the legal, legitimate, necessary, specific, and clear purposes stated in this Policy. Authorized partners can only access the information they need to perform their duties, and we will require them not to use this information for any other purpose beyond the scope of entrustment. If you authorize a partner to use your information for purposes not entrusted by us, they will separately obtain your consent.

At present, our authorized partners include the following types:

1. Authorized partners for analysis services. We will entrust these partners to process the information related to the safety of your travel destination on the premise of adopting the common security technology in the industry. We will not entrust the partners to process your personal identity information.
2. Suppliers, service providers and other partners. We entrust information to suppliers, service providers, and other partners who support our business. Such support includes offering technical infrastructure services, analyzing how our services are used, providing customer services, facilitating payments, or conducting academic research and surveys under our entrustment.
3. Publishers, printers and distributors of marketing materials; event and exhibition organizers; marketing, market research, research analysis and communication institutions; postal companies, freight services, express services; external business advisors (such as lawyers, accountants, auditors and recruitment consultants).
4. When you entrust us to book a flight on your behalf, we will provide your personal information (i.e., name, e-mail address and/or mobile phone number) to the relevant airlines so that the airlines can directly inform the passengers of abnormal flight and flight interruption (such as flight cancellation and schedule change).

In order to ensure the stable operation and function realization of our client, so that you can use and enjoy more services and functions, our application will embed the SDK of authorized partners or other similar applications. We will conduct strict security inspections on the application program interface (API) and software tool development kit (SDK) for authorized partners to obtain relevant information, and agree strict data protection measures with authorized partners to comply with this Policy and any other relevant confidentiality and security measures to handle personal information, unless authorized partners obtain your consent separately.

Details of the SDK we access are as follows:

1. Transfer

If we need to transfer personal information due to merger, division, dissolution or declaration of bankruptcy, we will inform you of the name or contact information of the recipient. The recipient shall continue to perform the obligations set forth in this Policy as well as other legal obligations. If the receiving party changes the original processing purpose or processing method, it shall re-obtain your personal consent.

1. Public Disclosure

We will publicly disclose your personal information only under the following circumstances:

1. We may disclose your personal information publicly with your explicit consent or based on your active choice.
2. If we determine that you have violated laws or regulations or seriously breached relevant agreements or rules of FCM Platform, or for the purpose of protecting the personal and property security of the users of FCM Platform and our affiliated companies or the public, we may disclose your personal information, including the relevant violations and the measures that we have taken against you, in accordance with laws and regulations or relevant agreements or rules of FCM Platform, with your consent.

1. Storage of Information

1. Duration of Storage

We will retain your personal information only for the period necessary to achieve the purposes stated in this Policy, unless a longer retention period is compulsorily required by law. For example, the Electronic Commerce Law of the People's Republic of China requires that the commodity and service information and transaction information shall be retained for no less than three years from the date of completion of the transaction.

The main criteria for judging the storage period of personal information include:

1. Achieving the purpose of a transaction associated with you, maintaining the corresponding transaction and business records, and responding to your possible queries or complaints.
2. Guaranteeing the security and quality of our services provided to you.
3. Whether you agree to a longer retention period.
4. Whether there is any other special agreement or laws and regulations on the retention period.

After the expiration of the retention period of your personal information, we will delete or anonymize your personal information according to applicable laws.

1. Storage Location

The personal information collected and generated during our operations within the People's Republic of China will be stored in its territory. We will provide your personal information to possible overseas entities after fulfilling our legal obligations under the following circumstances:

1. There are explicit provisions in applicable laws.
2. Your explicit authorization has been obtained.
3. It is necessary for the purpose of conducting cross-booking transactions (such as purchasing international air tickets, booking international hotels) and the conclusion and performance of the contract to which you are a party.
4. We will provide your reports, analytics, and business intelligence dashboards of your travel activities to your employer, including business travel plans, as the part of the performance of services by the contracting party.

Under the above circumstances, we ensure that your personal information will be protected in accordance with this policy, relevant laws and regulations. At the same time, in accordance with the requirements of the applicable laws, regulations and national standards of the People's Republic of China, we will inform you in a reasonable manner about the name and the contact information of the overseas recipients, as well as the processing purpose, manner and type of your personal information. The overseas recipients that will offer the products or service to you. The manner and procedure of exercising your rights to the overseas recipients will also be provided by us. For example, when you are about to order the overseas products/services on the Platform, we will notify you of the above information in a prominent manner on the login page of the Platform through this Policy and the Consent Letter for Cross-border Transfer of Personal Information (the Consent Letter). In addition, if you are an employee of a corporate client, we will transfer your personal information to our overseas headquarters, for the purpose of generating a travel management report to fulfill your company's corporate travel management requirements. If necessary, we’ll obtain your individual consent for the provision of your personal information to overseas. We will generally inform you the specific information of the overseas recipient and the details for cross-border transfer of your personal information. We’ll inform you through this Policy and the Consent letter on the login page of the Platform. We are solely responsible for cross-border transfer activities of your personal information and will strictly follow the relevant laws and regulations. In the case of such cross-border transfers or accesses situation, we will process your personal information in accordance with this Policy, the Consent Letter and other relevant confidentiality and security measures.

1. Storage Security

1. Technical Measures for Data Protection

We have taken reasonable and feasible security measures in compliance with industry standards to protect your personal information against unauthorized access, public disclosure, use, modification, damage, or loss. For example, data exchanged between your browser and server is encrypted and protected by SSL protocol; we also provide the secure HTTPS browsing mode for FCM website; we use encryption technology to improve the security of personal information; we use trusted protection mechanisms to prevent malicious attacks on personal information; we deploy access control mechanisms to ensure that only authorized personnel can access personal information. Our important information systems will be rated Level 2 or above in the evaluation of the classified protection of cybersecurity.

1. Management and Organizational Measures for Data Protection

We have established an industry-advanced data security management system centered on data life cycle, which aims to enhance the security of personal information from the aspects of organizational construction, system design, personnel management, and product technology. We have set up a personal information protection department. We provide security and privacy protection training courses to enhance employees' awareness of personal information protection.

We have appointed special personnel to be responsible for the protection of children's personal information, strictly set information access permissions, applied the principle of least privilege to employees who may have access to children's personal information, and taken technical measures to record and manage the employees' processing actions to prevent illegal copying and downloading of children's personal information.

1. Account Security Risk Prevention

When making an online transaction through the services on FCM Platform, you will inevitably disclose your personal information, such as the name, contact information or address of the traveler, to the counterparty or potential counterparty. In addition, you may also establish contacts, exchange information, or share some content through our services. Please protect your personal information properly and provide it to others only when necessary. Always stay skeptical of transactions through other transaction tools to prevent information theft or even telecommunications network fraud.

If you are concerned that your personal information, especially your account or password, has been leaked, please contact FCM customer service immediately, so that we can take corresponding measures according to your application.

1. Response To Personal Information Security Incidents

If your legitimate rights and interests are damaged by unauthorized access, public disclosure, tampering, or destruction of information due to the destruction of our physical, technical or management protection facilities, we will activate the emergency response plan and take reasonable and necessary measures to reduce the impact on you as much as possible. In the event of a personal information security incident, we will, in accordance with the requirements of laws and regulations, inform you of the basic information and possible impact of the security incident, the measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and remedial measures for you. We will inform you by mail, letter, telephone, notification. When it is difficult to inform the subjects of personal information one by one, we will publish an announcement in a reasonable and effective manner. At the same time, we will report the handling of the personal information security incident in accordance with the requirements of regulatory authorities.

1. Your rights

You can access and manage your information in the following ways, and we will respond to your request in compliance with laws and regulations:

1. View, correct, or supplement your personal information.

You have the right to view, correct or supplement your information:

1. Log in to FCM APP and click personal account settings to view and correct personal data and personal account related information.
2. Visit FCM website and contact customer service through the service center to seek help for viewing, correcting, or supplementing your information.

1. Delete your personal information.

You may delete part of your information or cancel your account to delete all your information by means specified in "1. View, correct, and supplement your personal information".

You may request us to delete your personal information by logging in to FCM mobile client and selecting "My - My Customer Service - Contact Customer Service" if:

1. we handle your personal information in violation of laws and regulations.
2. we collect and use your personal information without your explicit consent.
3. we handle your personal information in serious violation of the agreement with you.
4. our processing purpose has been achieved, cannot be achieved or it is no longer necessary to achieve the processing purpose.
5. we no longer provide you with products or services, or retention period has expired.

If we decide to respond to your request for deletion, we will use our best efforts to notify the subjects that have obtained your personal information from us to delete your personal information in a timely manner, unless otherwise provided by laws and regulations, or such subjects have separately obtained your authorization.

After you delete or we assist you to delete the information, we may not be able to immediately delete the relevant information from the backup system due to applicable laws and security technologies, and we will securely store your personal information and isolate it from any further processing until the backup can be deleted or anonymized.

1. Change or withdraw the scope of your authorization and consent.

You may change or withdraw the scope of your authorization for us to collect and process your personal information in the following ways: Manage APP system permission authorization in “My – Settings - Privacy - System Permission Management.

For the authorization that you cannot set directly through the above method, you can log in to FCM mobile client and select "My - My Customer Service - Contact Customer Service" to revise. Please note that for some types of personal information, such as the information necessary to realize the basic functions of FCM Platform or the information necessary for us to fulfill our obligations under laws and regulations, we may not be able to respond to your request to change the scope of authorization. When you withdraw your authorization, we will no longer process the corresponding personal information. However, your decision to withdraw your authorization will not affect the personal information previously processed under your authorization.

1. Cancel your account.

You can visit FCM website and choose Contact Customer Service to assist you in requesting cancellation of your account. After you voluntarily cancel your account, we will stop providing you with products or services, delete or anonymize your personal information as required by applicable law.

1. Bind Information System Automated Decision Making

In some business functions, we may make decisions based solely on non-manual automated decision-making mechanisms including algorithms. If these decisions significantly affect your legitimate rights and interests, you may contact us through customer service.

1. Protect personal information of deceased users.

The close relatives of a deceased user may exercise the rights of access, copy, correction, deletion, etc., to the relevant personal information of the deceased for their own legal and legitimate interests through the contact channels described in Section VIII "Contact Us" of this Policy, unless otherwise arranged by the deceased.

You understand and confirm that, in order to fully protect the personal information rights and interests of the deceased user, the close relatives of the deceased user applying to exercise such rights need to submit the identity documents and death certificate of the deceased user, identity documents of the applicant, and proof of kinship between the applicant and the deceased user according to the designated process of the personal information protection team or customer service prompt, and provide the types and purposes of the rights to be exercised.

1. Respond to your above requests.

For the above requests made to us by you or your possible guardians, close relatives and other authorized subjects, as well as your relevant personal information rights stipulated by the laws of the People's Republic of China and other applicable laws, you may contact us through FCM customer service or directly file a complaint with our personal information protection department. We will reply within 15 days.

To ensure security, you may need to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

We will reply within 15 days. If you are not satisfied with our reply, you can also initiate complaints through FCM customer service.

We do not charge fees for your reasonable requests in principle, but we will charge a certain cost as appropriate for repeated requests that exceed the reasonable limit. We may reject those requests that are not directly related to your identity, are repeated for no reason, require excessive technical means (for example, a new system needs to be developed or the current practice needs to be changed fundamentally), pose risks to the legitimate rights and interests of others, or are very unrealistic.

1. Protection of minors

In e-commerce activities, we presume that you have the corresponding capacity for civil conduct. If you are a minor, you should request your parent or other guardian to carefully read this Policy, and you must not use our services or provide information to us without the consent of your parent or other guardian.

If you are a child under the age of 14, before you use our services, you and your guardian should carefully read the FCM Children’s Personal Information Protection Policy and Guardian’s Notice specially formulated by us, and make sure that you use our services under the guidance of your guardian only after obtaining your guardian’s consent to the FCM Children’s Personal Information Protection Policy and Guardian’s Notice to ensure your safety when using our services and conducting transactions.

If you are a child's parent or other guardian, please pay attention to whether the child under your guardianship uses our services after obtaining your authorization or consent. If you have any questions about the personal information of the child under your guardianship, please contact us through the contact information in Section VIII.

1. Policy Update

Our Personal Information Protection Policy may change, and we will specify the effective date of the updated version.

We will not restrict your rights under this Policy without your explicit consent. We will publish changes to the Policy on a special page. For major changes, we will also provide more noticeable notifications (including announcements of FCM and even onsite messages or pop-up prompts).

Major changes referred to in this Policy include but are not limited to:

1. Major changes in our service model, for example, changes to the purpose of processing personal information, the type of personal information processed, and the way we use personal information.
2. Major changes in our control rights, for example, change of owner arising from M&A or reorganization.
3. Changes of the main objects of personal information sharing, transfer, or public disclosure.
4. Major changes in your right to participate in the handling of personal information and the way you exercise such right.
5. Changes of the department responsible for ensuring personal information security, its contact information, or complaint channels.
6. Personal information security is considered to be highly risky as a personal information security impact assessment report indicates.

We will also archive the previous versions of this Personal Information Protection Policy on a special page on FCM Platform for your reference.

1. Contact us

You can contact us in the following ways and we will reply to your request within 15 days:

1. If you have any questions, comments, or suggestions concerning this Policy or children's personal information, you can contact us through FCM customer service.
2. If you discover that your personal information may be leaked, you can submit a complaint/report through customer service.
3. We have also set up a personal information protection department, which you can contact through dpo@fcm.asia (please indicate the relevance to FCM Platform and state the specific facts) or its office address at Unit 1502-1503, CIFI Tower, No.309 Changshou Road, Putuo District, Shanghai, P.R. China. It should be noted that we cannot ensure a response to questions regarding topics unrelated to this Policy or your personal information rights.

If you are not satisfied with our reply, especially if you believe that our handling of personal information has damaged your legitimate rights and interests, you can also seek a solution by filing a lawsuit to the court with jurisdiction in the defendant's domicile.

 

Appendix A: The Third-Party Sharing List

 

 

Appendix B: Relevant Definitions

FCM Platform refers to FCM website (the domain name involved is https://www.fcmtravel.com/zh-cn, app.fcmonline.com.cn, m.app.fcmonline.com.cn or other URLs adjusted by the platform operator according to the actual business) and mobile applications and software.

FCM refers to the network and software technology service provider of FCM Platform, Flight Centre China International Travel Co., Ltd (registered address: Room A403, First Shanghai Centre, No.39 Liangmaqiao Road, Chaoyang District, Beijing, P.R. China)

Affiliated Companies: The affiliates of Flight Centre China International Travel Co., Ltd. in the People's Republic of China include Flight Centre China International Travel Co., Ltd. Shanghai Branch, Flight Centre China International Travel Co., Ltd. Guangzhou Branch, Flight Centre - Comfort Business Travel Service Co., Ltd, Flight Centre - Comfort Business Travel Service Co., Ltd Shanghai Branch and Flight Centre - Comfort Business Travel Service Co., Ltd, Guangzhou Branch.

Personal Information refers to various information that is recorded electronically or otherwise, which can identify a specific natural person or reflect the activity of a specific natural person alone or in combination with other information.

Children refer to minors under the age of 14.

Sensitive Personal Information refers to personal information that, once leaked or illegally used, may cause infringement of human dignity or grave harm to personal or property security, including individual biometric features, religious beliefs, specific identity, medical health, financial accounts, personal whereabouts, and personal information of children under the age of 14 (we will highlight the specific personal sensitive information in bold in this Policy).

Deletion of Personal Information refers to the act of removing personal information in the system involving realizing the daily business functions, so that such information is kept irretrievable or inaccessible.

Device information includes device identifier (IMEI, IDFA, Android ID, MAC, OAID, IMSI and other device related information), application information (application crash information, notification switch status, application installation list and other application related information), device parameters and system information (device type, device model, operating system and hardware related information), and device network environment information (IP address, WiFi information, base station information and other network related information), subject to the actual acquisition of the product.

Service log information includes browsing record, click view record, search and query record, favorites, adding to cart, transactions, after-sales service, following and sharing information, publishing information, as well as IP address, browser type, telecom carrier, the language that you use, and access date and time.

De-identification refers to the processing of personal information in a way that makes it impossible to identify certain natural persons without the use of additional information.

Anonymization refers to the processing of personal information in a way that makes it impossible to identify certain natural persons and cannot be reversed.