Jump to main content

Privacy policy

Forward To Friends – Open a New Window Print View more services Share this:

The Marco Polo Club Customer Privacy Policy

The Marco Polo Club is an exclusive loyalty programme that offers a range of privileges to our most frequent flyers, all designed to enhance your journey before, during and after your flight. The Marco Polo Club is managed and operated by Cathay Pacific Airways Limited (“CPA”).

This Marco Polo Club Customer Privacy Policy (“Privacy Policy”) discloses how CPA collect, store and handle the Personal Data of members of The Marco Polo Club (“you”, “your”). Please read the following Privacy Policy to understand how we use the Personal Data we may collect from you.

By providing your Personal Data to us, you are consenting to this Privacy Policy and to the collection, use, access, transfer, storage and processing of your personal information as described in this Policy.

At CPA, we are committed to protecting your personal and data privacy. To ensure that you can make informed decisions and feel confident about supplying your Personal Data (as defined below) to us in connection with your Marco Polo Club membership, we provide this notice outlining our practices, and the choices you have, concerning how your Personal Data is being collected and used by us.

2.1 We may request you to provide information in several areas of our website, mobile services and other channels that may be used to verify your identification at a later time including but not limited to:  

2.1.1 A username or membership number and password that you will use to access to our website and services;

2.1.2 Your personal information such as your name, gender, date of birth, nationality, country of residence, passport or other personally identifiable numbers and information about your registered status with any of our subsidiaries, associated companies and/or business associates; 

2.1.3 Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers; 

2.1.4 Your frequent flyer programme number(s);

2.1.5 Your credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date; 

2.1.6 Your business information such as company name, business title and associated contact information; 

2.1.7 Your travel details such as flight information, travel companions’ personal information, languages spoken, destination contact information, seat and meal preferences, flight and hotel preferences, and other information related to traveller special needs; 

2.1.8 Your responses to market surveys and contests conducted by us or on our behalf;

2.1.9 Transactional data which includes records on accrual and redemption activities you have with The Marco Polo Club and Asia Miles programme.

2.2 Certain Personal Data (particularly relating to your personal information and contact information) are required for specific services and if you fail to supply such Personal Data as requested from each specific service, we may be unable to provide you the services in full.


3.1       We may use Personal Data for one or more of the following purposes:

3.1.1    To process and administer your application to join The Marco Polo Club;

3.1.2    To process your request for any products or services offered by us;

3.1.3.   To fulfill requests submitted by you, whether online, over the phone, through our mobile services, or through other methods;

3.1.4    To process or confirm your travel arrangements;

3.1.5    To provide disruption handling services;

3.1.6.   For the operations of The Marco Polo Club including mileage tracking, delivery of associated benefits and services, ongoing research and programme development, as well as delivering news and information to members of The Marco Polo Club, and for other record-keeping purposes related to The Marco Polo Club programme;

3.1.7    For marketing, promotional and customer relationship management purposes, such as conducting market research or sending you updates on the latest offers and promotions in connection with CPA, The Marco Polo Club,  other Cathay Pacific Group companies, e.g. Asia Miles Limited, or partners; (please see Section 10  - "Notice on Direct Marketing" for details);

3.1.8    For identification and verification purposes, in connection with any of the services or products that may be supplied to you;

3.1.9    To respond, handle and process any enquiries submitted by you;

3.1.10  To administer contests and sweepstakes conducted by us or on our behalf, including disclosing the winner of any such contest;

3.1.11  To disclose to a third party to comply with any law, legal requirements, orders, directors or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Hong Kong;

3.1.12  To facilitate payments for products and services provided by us or our subsidiaries, associated companies and business associates, including verification of credit card details with third parties and to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);

3.1.13    To improve our security, including in relation to the processing of payment by credit card to guard against the risk of fraud including carrying out matching procedures against databases of known fraudulent transactions (maintained by us or third parties);

3.1.14  To provide other Marco Polo Club, travel related and/or loyalty programme related services;

3.1.15  To pass on to and for the use by any of our subsidiaries, associate companies and/or business associates in connection with any of the above purposes and/or any other travel related services and offers such companies and associates may offer from time to time;

3.1.16  To fulfill the above purposes, you may be contacted via email, direct mailing, telephone marketing, SMS or other means that are allowed by local authorities.

3.2       We may also from time to time use aggregate non-identifying information about our customers to better design our website and/or to improve our services and products. This means we may provide this information to third parties.  However, this information will never identify any single member of the programme in particular.

3.3       Except as provided below, we will not knowingly or intentionally use or share the Personal Data you provide to use in ways unrelated to the aforementioned purposes without your prior consent. 

4.1       You may request access to and correct your Personal Data held by us.  If you wish to obtain a copy of any of your Personal Data; if you believe that the Personal Data relating to you which we collect and maintain is incorrect; or if you believe that the Personal Data held by us was used beyond the scope of the purposes of use disclosed above or was acquired by fraudulent or unlawful means or provided to a third party without your prior consent, please write to us at the address below.

4.2       A request for access or correction to, or deletion of Personal Data or for information regarding policies and practices and kinds of Personal Data held by us must be in writing and sent to us via feedback form at www.cathaypacific.com or via postal mail at the following address:

The Data Protection Officer
6th Floor, North Tower, Cathay Pacific City,
8 Scenic Road,
Hong Kong International Airport, Lantau, Hong Kong

4.3       We may charge a reasonable fee for the processing of any data access request(s).

5.1       A cookie is an alphanumeric string of identifier that websites of the Cathay Pacific Group companies including. cathaypacific.com, dragonair.com and asiamiles.com and shop.asiamiles.com (“CX Group Sites”) use to transfer to the cookie file of the browser on your computer's hard disk. With the use of cookies, we can better serve you and/or maintain your information across multiple web pages within or across one or more sessions. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

5.2       We use two types of cookies on the CX Group Sites:

5.2.1    Session Cookies, which are temporary cookies that remain in the cookie file of your browser until you leave the site;

5.2.2    Persistent Cookies, which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie);

5.3       Cookies cannot be used by themselves to identify you.

5.4       Examples of how we use cookies on our CX Group Sites and what information we collect:

5.4.1    Session Cookies

·  To allow you to carry information across web pages of our respective CX Group Site and avoid having to re-enter information, such as logging in for every page.

·  Within registration to allow you to access stored information.

·  During the booking process so that we can remember your selections.

5.4.2    Persistent Cookies

·  To compile anonymous, aggregated statistics that allow us to understand how users use CX Group Sites, and to help us improve the structure of CX Group Sites. We cannot identify you personally in this way.

·  To store your chosen country homepage destination.

·   To store your Marco Polo Club membership number in the login box if you have selected the “Remember this no.” option.

5.4.3    Third Party Cookies

·  To determine and track website traffic coming in from advertisement banners that have been placed on third parties' websites.

5.5       List of major Cookies that are essential for a desirable navigation experience on CX Group Sites

Cookie Name



Used to record your country of residence and your preferred language choice.

The Marco Polo Club_userid_cookie

Used to remember the login ID of member of The Marco Polo Club when “Remember this no.” option is selected during login.

session cookie

Cookies that will expire at the end of session or after idling for 30 minutes. Used to maintain the transaction with CX Group Site.


Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.


Used to recognise repeated visitors to the site and in conjunction with other information we hold to attempt to record specific browsing information (that is, about the way you arrive at the site, pages you view, options you select, information you enter and path you take through the site) against an individual customer profile.


5.6       List of major Cookies that are set by third-parties on CX Group Sites


Used for the purpose of serving our Internet advertisements on other [third party] websites. Some of our web pages may contain electronic images that allow us to track user interactions on these pages. They may also report back some information to DoubleClick about the interaction performed.


Used for the purposes of understanding more about visitors on CX Group Sites then apply this understanding to provide web environments that save visitors time and make the sites easier to use. This data could include search engine referral, affiliate referrals, traffic driven by banner ads or other promotions, visitor navigation around the site, popular pages, processed or abandoned transactions and sales conversions. It also receives certain technical information, such as the visitor's browser version and operating system. Ticket booking information will be captured such as IP address, The Marco Polo Club membership number, Asia Miles membership number, login name and email address. All information about individual visitors to a web site belongs to Cathay Pacific. IBM Coremetrics is not allowed to disclose individual information collected for Cathay Pacific to any other IBM Coremetrics client.

On CX Group Sites Coremetrics is used in conjunction with CoreID6 for online web analytics.


Below technologies are used by IBM Coremetrics on CX Group Sites:


Session Cookie: The ‘Session’ cookie exists only for the lifetime of the current browser session. The Session cookie will exist from the point at which the first tag is received from the website until 1) the visitor closes all browser windows for the browser in question or 2) more than 30 minutes pass without receiving a data collection tag from the browser session. One or more ‘sessions’ may be associated with a ‘visitor’.


Visitor Cookie: The ‘Visitor’ cookie persists after the visitor closes all browser windows. The ‘Visitor’ cookie contains a cookie ID referenced by Coremetrics to identify a visitor returning to the site across multiple ‘sessions’.

Web Beacon: Also known as a "clear GIF", "pixel tag", "data tag" or "image tag". It is a mechanism by which a small section of code that is placed on web site pages to execute an image request to IBM data collection servers. Web beacons facilitate the transfer of data by requesting and delivering the transparent graphic GIF image from IBM Coremetrics to relevant CX Group Site.

Opt-Out Options

If you do not want IBM Coremetrics to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a web site tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use some of the products and/or services at our web site.

IBM Coremetrics offers two methods by which visitors can opt-out of data collection associated with their online activities:


1) "Anonymous Visitor" and

2) "Total Opt-Out" (which are both discussed below).


For either of these options to take effect, you must first accept a cookie from this site which will allow us to recognise you with a random and unique alphanumeric identifier so that we can honour your opt-out selection. If you do not accept this cookie, or later delete it, we cannot honour your request to opt-out and you will continue to be served cookies.

Anonymous Visitor

Your IBM Coremetrics cookie contains a random and unique alphanumeric identifier. If you select the "Anonymous Visitor" option, then your cookie will be modified to read "anonymous", meaning that IBM Coremetrics will continue to collect or receive data about your experience on CX Group Sites. However, such data will be presented as part of a pool of general, anonymous visitors.

Total Opt-Out

If you select "Total Opt-Out", then your cookie will be modified to read "opt-out", meaning that no data will be collected about you on the relevant CX Group Site. IBM Coremetrics will in such cases record that a "Total Opt-Out" election has been made, so that aggregated totals of "Total Opt-Out" elections can be calculated and recorded. Once you make your selection, a dialog box should appear to confirm that your opt-out choice was successful. The opt-out will remain in effect for as long as the cookie remains on your hard drive. If you remove this cookie from your hard drive (for instance, if you reinstall or update your browser or choose to delete all cookies), you will need to renew your opt-out selection.

Remember, if you choose to opt out of the Site Analytics cookie [from a particular CX Group Site] you will need to do so the first time you visit such site which provide opt-out to avoid having your information collected by that site. Further, if you use more than one web browser or computer, you will need to opt-out in each one. Please note that if you upgrade your browser to a new version (including, but not limited to, Microsoft's Internet Explorer 8.0), you may need to opt out again.

You can click here to understand IBM Coremetrics privacy policy in details.

Please click here if you wish to opt-out from data collection associated with IBM Coremetrics.

Remarks:  Rejecting cookies may affect your ability to use of some of the services on CX Group Sites.

5.7       Disabling / Enabling Cookies

All browser releases from 4.0 and beyond have a "cookie filter" imbedded in the Privacy settings.

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features on our site if cookies acceptance have been disabled completely.

Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future.

You need to set each browser, on each device you use to surf the web. You should repeat this procedure with each one if you use multiple browsers (e.g., Safari, Internet Explorer, Firefox, Google Chrome, etc.). Similarly, if you connect to the web from multiple devices (e.g., work and home), you need to set each browser on each device. However, if you disable cookies or refuse to accept a request to place a cookie, it is possible that some parts of this website, and certain areas of the website for which you need to log in, will not function properly, and the advertising you receive when you visit this website may not be advertisements tailored to your interests.

Whilst currently we are only using cookie in the ways we have stated out, new cookies will be implemented as necessary in order to better serve you.

5.8       Log Files
We may collect information regarding your IP address, browser type, domain name and access time. This information is used for our own research purposes and is separated from the Data. We do not link IP addresses to any personal information. In rare instances, IP addresses may be used to assist in deterring and/or preventing abusive or criminal activity on the website.


This website contains links to other sites that are operated by third party companies with different privacy practices. You should remain alert when you leave our site and read the privacy statements of other websites. We have no control over Personal Data that you submit to or the information you receive from these third parties.

7.1      To maintain the accuracy of the Personal Data, as well as to prevent unauthorised access to and ensure the correct use of Personal Data, we have implemented appropriate physical, technical, and administrative measures to safeguard and secure the Personal Data that we collect.


7.2       For example, we use Secure Socket Layer (SSL) protocol—an industry standard for encryption over the Internet—to protect in transmission the Personal Data we collect online.  When you type in sensitive information such as credit card details, these will be automatically converted into codes before being securely dispatched over the Internet.  All electronic Personal Data that we maintain is securely stored and further protected through our use of appropriate access controls.  When disposing of Personal Data, paper documents containing Personal Data are securely destroyed, and electronic files storing Personal Data are permanently deleted.

7.3       In addition, to better protect certain Personal Data, you must enter your personal username and password to access your Marco Polo Club account on our website.

7.4       As stated above, in some instances we may entrust Personal Data to third party service providers (including service providers outside of your jurisdiction), binding them to protect the security of Personal Data and only to use it for the purposes we specify.  

8.1       The Marco Polo Club programme is offered to you by CPA, a global airline company with operations, offices, affiliates and business partners located worldwide.  As such, the Personal Data you submit to us in one country may be transferred, used, processed, stored and accessed worldwide in one or more additional countries, as described in this Privacy Policy.

8.2       In addition, we may disclose and transfer Personal Data to and jointly use Personal Data with (whether within or outside of your jurisdiction) our subsidiaries, associated companies, business associates, service providers, and other persons who we consider appropriate, in connection with the services and products provided to or requested by you.  We may disclose this information to facilitate communication of news and information about such services and products and otherwise for the purposes mentioned above, under Section 3, “Purposes for which the Personal Data are Collected and Used.” 

8.3       The entities with whom CPA may share your Personal Data include but are not limited to:

8.3.1        Any Cathay Pacific Group companies, including but not limited to Asia Miles Limited, Cathay Holidays Limited, Cathay Pacific Catering Services (HK) Ltd, Hong Kong Airport Services Ltd. and Hong Kong Dragon Airlines;

8.3.2    Any agent, contractor or third party service provider who provides administrative, marketing and research, distribution, data processing, telemarketing, telecommunications, computer, payment or other services to Cathay Pacific in connection with the operation of its business and/or The Marco Polo Club programme;

8.3.3    Other business associates such as The Marco Polo Club partners, air carriers, land or sea transport operators, loyalty programme operators, hotel operators, credit card issuers, retailers, restaurants and other companies involved in qualifying, offering or providing customer service, or fulfilling customer requests in connection with The Marco Polo Club programme; and

8.3.4    Government or non-government authorities, agencies and/or regulators.

8.4       Where permitted by applicable local law, we may also disclose your Personal Data to third parties (i) when required by law, by court order, or in response to a search warrant or other legally valid inquiry; (ii) to an investigative body; (iii) to enforce our agreements with you; (iv) when requested by other government or law enforcement authorities (such as immigration and customs control and/or border control agencies); (v) with your express consent, or, (vi) pursuant to our good faith belief that disclosure is required by law or otherwise necessary to the establishment of legal claims or defenses, to obtain legal advice, to exercise and defend our legal rights, to protect our rights or properties and those of our subsidiaries or associated companies, or to protect the life, body or property of any individual. This also applies when we have reason to believe that disclosing the Personal Data is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

8.5       We may also transfer any information we have about you that may be considered as an “asset” in connection with a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Cathay Pacific or as part of a corporate reorganisation or stock sale or other change in corporate control.

8.6       Please be advised that the Personal Data that Cathay Pacific collects or obtains may be transferred jurisdictions that offer lesser protection of Personal Data than that provided in your domicile jurisdiction.  By submitting personal information to Cathay Pacific or using any Cathay Pacific website, you understand and consent to such transfer.  

We will post on our website at www.cathaypacific.com  any changes to this policy with the effective date of the changed policy, so that you can be informed of the way we collect and use your Personal Data any time you so choose.  If at any point we decide to use the Personal Data you submitted under this current policy in a way that differs materially from the Privacy Policy that applied at the time of that submission, you will be notified and given the opportunity via the website, email or in writing to opt out or otherwise prevent such usage. 

10.1     Occasionally, we may use your personal data (including your name and contact details and all other information collected during or subsequent to initial registration) to send you marketing communications such as printed material, email, telephone and SMS containing news, offers, promotions and joint marketing offers on products and services [in respect of which The Marco Polo Club may or may not be remunerated]. The products and services include:

10.2     Products and services offered by Cathay Pacific Group companies, including but not limited to, Asia Miles Limited, Cathay Holidays Limited, Cathay Pacific Catering Services (HK) Ltd, Hong Kong Airport Services Limited and Hong Kong Dragon Airlines,  including travel and lifestyle awards, food and beverage, catering and ground handling and airport services;

10.3     Products and services offered by co-branding partners of The Marco Polo Club. For a full list of The Marco Polo Club partners, please click here.

10.3.1     Air travel and accommodation services;

10.3.2     Financial, insurance, credit card, banking, foreign exchange, and other related services and products;

10.3.3     Reward, loyalty or privileges programme offered by The Marco Polo Club partners;

10.3.4     Telecommunication, Internet and mobile services;

10.3.5     Non-air transportation services such as hotel transfers, car rentals, limousine and taxi services, bus operators, train operators and cruise operators;

10.3.6     Food, wine and beverage services;

10.3.7     Travel and leisure services, including holiday package products and services offered by travel agents, tickets to theme parks and other attractions;

10.3.8     Other retail products and services, including but not limited to:

- consumer electronics;
- computers and peripherals;
- printed matter including books, newspapers subscriptions and magazine subscriptions;
- audio visual titles;
- computer software and games;
- toys;
- household goods;
- sporting equipment;
- fashion and apparel;
- watches and jewellery;
- suitcases and bags;
- food and consumables;
- beauty products and cosmetics;
- gift, flowers and hampers;
- health and beauty services, included but not limited to medical check-ups and spa packages;
- vouchers, coupons and gift cards; 

10.3.9     Professional and consulting services;

10.3.10     Tickets for concerts, sporting, art fairs and special events;

10.3.11     Real estate purchase or rental;

10.4     All products and services offered in Asia Miles iShop, a list of which can be found here.

Information collected may be transferred to a place outside Hong Kong.

10.5     You may indicate your consent to the above by the following ways:

10.5.1     When providing us with your personal data through our website or a form, ticking the box(es) indicating your consent; or

10.5.2     When providing us with your personal data through the telephone, tell our customer representative that you consent

10.6     You may opt-out from receiving marketing communications at any time, free of charge, by:

10.6.1     Following the “opt-out” instructions contained in the communications;

10.6.2     Writing to us at the address listed above, under Section 4 – “How to Access or Correct Your Personal Data”; or

10.6.3       Updating your email subscriptions preference in your profile

Any personal data provided to or gathered by Cathay Pacific is controlled primarily by Cathay Pacific.

All Personal Data that has been collected from you will only be stored for the duration that is relevant to the purpose for which it was processed and for as long as required by applicable law.  

This notice is written in English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

Effective date: 25 March 2013