Privacy Policy
Last Updated: 1 April 2019
This Privacy Policy applies to Singapore Airlines Limited (“SIA”) and SilkAir (Singapore) Private Limited (“SilkAir”, and collectively with SIA, “we”, “us”, “our”).
SilkAir is a corporation registered in the Republic of Singapore with company number 197500236D and a registered office at 25 Airline Road, Airline House, Singapore 819829, and is a fully-owned subsidiary of SIA.
For the purposes of the General Data Protection Regulation (“GDPR”) and other applicable data protection laws, we are data controller. Our data protection officer can be contacted at dpo@singaporeair.com.sg. Our representative in the European Union is our UK establishment, Singapore Airlines Limited a branch registered at Building 11, Chiswick Park, 566 Chiswick High Road, London W4 5YS, United Kingdom.
We collect, use and disclose Customer Data (as defined below) in order to provide you with a safe, smooth, efficient and customised experience with us. The collection, use and disclosure of Customer Data enables us to provide services and products that are most likely to meet your needs and requirements. This Privacy Policy outlines our policy and responsibility in relation to the collection, use and disclosure of Customer Data.
What information do we collect about you?
We collect information when you purchase flights or other products on our website, mobile application or when you travel with us, such as your contact details, travel information and credit card details. We also collect information about your preferences from your interactions with our in-flight and ground-based staff, and from specific requests you make. In addition, we collect device and technical information from you when you use our website or mobile application. More Information
How will we use the information about you?
We use your information to fulfil our contract of carriage with you, to administer your membership with our frequent flyer programme, KrisFlyer, and/or our corporate travel programme for small and medium enterprises, HighFlyer, and our Registered Customer programme. We only use your passport number and other national identification information where this is required by law, or where we need to verify individual identities to a high degree of fidelity to prevent fraudulent claims or transactions. We will only do so where we have assessed that there is no suitable alternative to collecting or using such national identification information, and that a failure to accurately identify an individual to a high degree of fidelity could pose significant safety or security risks, or a risk of significant impact or harm to any individuals or to us. We also use your information to maintain our website and mobile application, and to tailor our products and services to your preferences to provide the best service possible. In addition, we use your information to market our products and services to you, and those of our group companies, partners and agents (with your consent where required by applicable laws). More Information
Who do we share your information with?
We share your data with our third party service providers, to the extent necessary for them to provide their services, such as payment processors, ground-operating personnel and in-flight entertainment. We use these third parties’ services solely to process or store your information for the purposes described in this policy. We also share your information with our interline, code share and strategic alliance partners, other carriers who help us provide our services, related group companies, our overseas stations, government bodies as required by applicable laws and your authorised representatives. More Information
Where do we process your information?
Our servers are located in Singapore, Germany, Japan and the United States. We transfer your information to airports and ground staff in destinations that you are flying to and where we operate. Our staff are located in our offices around the world. More Information
How long do we keep hold of your information?
We retain your information for as long as it is necessary to fulfil the purpose for which it was collected, for the legal or business purposes of SIA, or as required by applicable laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. For EU and Swiss residents, we will endeavour to delete your Customer Data within 30 days of a request for erasure, or contact you if it will take longer. More Information
How can I exercise my rights over my information?
You may have various rights in relation to your data.
More Information for non-EU residents
More Information for EU and Swiss residents
Dispute Resolution
If you have any concerns or complaints, please contact us here.
How will we notify you of changes?
We will amend this Privacy Policy from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including by banner on our website.
The types of Customer Data that we collect depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.
There are two broad categories of Customer Data that we collect:
• Personal Data. The data we collect includes but is not limited to:
(i) personal information that can be used to identify an individual, such as name, gender, date of birth, passport or other personal identification numbers;
(ii) contact information, such as mailing address, phone number, email address;
(vii) information about your in-flight WiFi usage, such as whether you use in-flight WiFi, what WiFi plan you used, the mode of payment to pay for in-flight WiFi and how much data was utilised for your WiFi sessions;
(xi) information we receive from the queries you enter into our chatbot, Kris, on our global Facebook page, website and mobile application;
(xii) information we receive from flight bookings made via our online corporate booking platform;
(xiii) information we receive from other sources e.g. our page on social media websites and our contractual partners; and
(xiv) business contact information, such as the contact details of the employees of our vendors and corporate customers, as well as the contact details collected by our divisions including the Cargo Division and Engineering Division.
• Technical Data. This includes device and technical information you give us when using our website or mobile application, such as IP addresses or other unique identifiers, cookies, mobile carrier, time zone setting, operating system and platform, and information about your customer journey on the website or mobile application. Information on cookies may be found in our cookie policy.
For the purposes of this policy statement, Customer Data means Personal Data and Technical Data.
We also use Customer Data to derive Statistical Data, such as the number of passengers. This is processed and stored purely for analytical purposes, and is entirely anonymous. This information will not be stored to your customer record, and will only be aggregated for statistical analysis so that we can better understand our customers’ profile and improve our service offering.
Special categories of information or “sensitive personal data”
Certain categories of Customer Data, such as information about your race, ethnicity, religion or health, are considered special categories of information, or “sensitive personal data” under the GDPR.
Generally, we try to limit the circumstances where we collect your sensitive personal data. However, this can occasionally occur because you have made certain requests in connection with your travel arrangements that reveal or suggest something about you that could be considered “sensitive personal data”, or if you otherwise choose to provide such information to us (or a third party such as the travel agent through which you made your booking).
For example:
How we collect data from you
We collect Customer Data whenever you use our services, including when you travel with us, when you use our website or mobile application, or when you interact with us via email, social media, our contact centres or any other channels such as our ticketing counters and airport operations.
We also collect Customer Data from your authorised representatives. This includes persons whom you have authorised (e.g. your organisation’s corporate travel manager) and persons who have been validly identified as acting on your behalf pursuant to our security procedures..
In addition, we may receive Customer Data from third parties which are located in various countries. This includes, but is not limited to, travel agents, our retailer KrisShop, our KrisFlyer partners (including, amongst others, airlines and non-airlines such as Hilton, Avis, Hertz, American Express, the Economist and Esso) and other contractual parties, our service providers, and other airlines including our subsidiaries to facilitate travel on code share or multi-airline flights.
Where you make reservations on behalf of another person, you undertake to ensure that the individual whose Customer Data is supplied to us has authorised the disclosure, is informed of, and agrees to the provisions of this Privacy Policy.
The collection of the following types of Customer Data is mandatory to enable us to fulfil our contract of carriage with you. These types of Customer Data are marked as mandatory on our booking form. If you do not provide this information, we will not be able to provide you with our services and/or products required.
Additional information may be mandatory if you are flying to a specific country, or if you are flying on behalf of a business registered in a specific country, e.g. your gender, nationality, passport number, the country of issue of your passport, the name, GST registration number and address of the business you are flying on behalf of, and your business email address and phone number. These mandatory fields will be clear when you make a booking.
The collection of the following types of Customer Data is mandatory to enable SIA to administer your membership with KrisFlyer: (i) title; (ii) last/family name; (iii) first/given name if you do not have a last/family name; (iv) date of birth; (v) email address; (vi) mobile phone number; (vii) mailing address; (viii) gender; (ix) nationality; and (x) whether you are an EU or Swiss resident.
The collection of the following types of Customer Data is mandatory to enable SIA to administer your membership with HighFlyer: (i) title; (ii) last/family name; (iii) first/given name if you do not have a last/family name; (iv) date of birth; (v) email address; (vi) mobile phone number; (vii) mailing address; (viii) gender; and (ix) nationality.
The collection of the following types of Customer Data is mandatory to enable us to administer your account as a Registered Customer: (i) last/family name; (ii) first/given name if you do not have a last/family name; (iii) date of birth; (iv) email address; and (v) whether you are an EU or Swiss resident.
The failure to supply the following types of Customer Data will result in (i) us being unable to update you on our latest products and/or launches; and/or (ii) your inability to enter or participate in contests, promotions or redemption activities organised by us:
• Contact Information e.g. email address, telephone number; and
• Country of residence.
If you are an EU or Swiss resident, we are required to disclose the legal basis for processing your data under the GDPR and the Swiss Data Protection Act. We will use the Customer Data in the following ways:
In accordance with our contract of carriage with you, we will use the Customer Data to:
As it is in our legitimate interests to be responsive to you, to provide customised services and marketing and to ensure the proper functioning of our products, services and organisation, we will use your Customer Data to:
• In relation to our KrisFlyer and Registered Customer programmes, we will use your Customer Data to:
Further, as a KrisFlyer member, Customer Data will be used to provide services to celebrate special occasions; and send KrisFlyer-related news and KrisFlyer e-statements and associated promotions and offers (with your consent where required by applicable laws)
• If you are a participating company under the HighFlyer programme (“Participating Company”) and if you are a Corporate Travel Manager (“CTM”) or Assistant Corporate Travel Manager (“ACTM”), we will use the Customer Data to:
vi. Send the CTMs and ACTMs programme information updates and other account related information.
• If you are a Participating Company under the HighFlyer programme and if you are a Corporate Traveller (“CT”), we will use the Customer Data to:
• if you are an employee of an entity with a contractual relationship with us:
If you are an EU or Swiss resident, you can object to this profiling and opt-out of receiving such targeted marketing. For more information on this right, click here
With your consent where required by applicable laws, we will use your Customer Data to:
You have the right to withdraw your consent at any time by contacting us at saa_feedback@singaporeair.com.sg, by logging on to your KrisFlyer account for KrisFlyer members or by logging on to your HighFlyer account for HighFlyer Participating Companies.
We will share your Customer Data with selected third parties in the situations set out below:
We will share your Customer Data with any entities within our group, which includes Scoot Tigerair Pte. Ltd. (“Scoot”), Tradewinds Tours & Travel Private Limited and KrisShop Pte. Ltd. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the other airlines in the group we may use this information to understand more about the sorts of travel services you are likely to be interested in.
• For the purposes of our contract with you, i.e. to:
For example, we and other airlines are required by laws in the United States of America, France and other countries to provide border control agencies with access to your booking information or flight itinerary. Accordingly, relevant Customer Data (known as PNR or Advance Passenger Information (“API”)) will be disclosed to the appropriate customs and immigration authorities as required by law.
We will also disclose your Customer Data to third parties:
In addition, we may disclose Customer Data to our legal advisors for establishing, exercising or defending our legal rights, to our other professional advisors, or as otherwise authorised or required by law. We also reserve the right to share Customer Data as is necessary to prevent a threat to the life, health or security of an individual or corporate entities. Further, we will disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.
Our Head Offices are based in Singapore. Customer Data will be transmitted to data storage facilities where we keep our central records. Customer Data will be transferred to our offices and appointed agents, including ground handling agents, sales agents and contact centre agents, in Singapore and around the world in connection with our performance of the contract with you.
This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside the European Economic Area ("EEA"), and Switzerland, and in particular to Singapore, Germany, Japan and USA where we have data centres.
We will transfer Customer Data to airports and ground crew in destinations that you are flying to in and where we operate. The Customer Data is transferred outside the EEA and Switzerland on the basis that it is necessary for the performance of our contract of carriage with you.
We will also transfer Customer Data to our code share and joint venture partners in strategic alliances in Europe, West Asia and Africa, North Asia, Southeast Asia, Southwest Pacific and the Americas for the purposes of performing any contract of carriage. Please click here for a list of our partners.
If you are an EU or Swiss resident, where we transfer Customer Data outside the EEA and Switzerland, this is done either on the basis that it is necessary for the performance of our contract of carriage with you, or that the transfer is subject to the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and Decision 2010/87/EU as appropriate.
The Customer Data will also be processed by staff operating outside the EEA and Switzerland who work for us, for our suppliers or our business partners. Such staff are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
If you are not a resident in the EU (Switzerland excluded), you may have certain rights in relation to the Customer Data we hold about you, which we detail below.
Access.
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
Where permitted by law, we reserve the right to charge a reasonable administrative fee for this service. In exceptional circumstances, we reserve the right to deny you access to your Customer Data and may provide an explanation as required by applicable laws.
Exceptional circumstances include (to the extent allowable under applicable law) where:
Correction.
You have the right to correct any Customer Data held about you that is inaccurate.
Feedback and complaints
If you have any concerns, feedback or complaints about the use and/or sharing of your Customer Data, we are open to receiving your feedback or complaints.
Exercise of Rights.
To exercise any of your rights, please use the following form: Data Privacy Rights Form and submit it to saa_feedback@singaporeair.com.sg. For Registered Customers and KrisFlyer programme members, you may correct any Customer Data by logging into your account.
If you are a resident in the EU or Switzerland, you may have certain rights in relation to the Customer Data we hold about you, which we detail below. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights.
These rights include:
Please note that we will require you to provide us with proof of identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please use the following form: Data Privacy Rights Form and submit it to saa_feedback@singaporeair.com.sg.
Complaints.
In the event that you wish to make a complaint about how we process your Customer Data, please contact us and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.
Access.
You have the right to know whether we process Customer Data about you, and if we do, to access Customer Data we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the Customer Data we hold about you, we may charge an administration fee.
We may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person) or where another exemption applies.
Portability.
You have the right to receive a subset of the Customer Data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such Customer Data to another party.
The relevant subset of Customer Data is data that you provide us with your consent (please see here for the types of Customer Data we process on the basis of your consent: How we use your Customer Data or for the purposes of performing our contract with you (please see here for the types of Customer Data we process on the basis of our contract with you: How we use your Customer Data
If you wish for us to transfer the Customer Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Customer Data or its processing once received by the third party. We also may not provide you with certain Customer Data if providing it would interfere with another’s rights (e.g. where providing the Customer Data we hold about you would reveal information about another person).
You have the right to correct any Customer Data held about you that is inaccurate. Please note that whilst we assess whether the Customer Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
To exercise any of your rights, please use the following form: Data Privacy Rights Form and submit it to saa_feedback@singaporeair.com.sg. For Registered Customers and KrisFlyer members, you may correct any Customer Data by logging into your account.
You may request that we erase the Customer Data we hold about you in the following circumstances:
• you no longer wish us to use the Customer Data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or
• you believe the Customer Data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing of the Customer Data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the Customer Data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the Customer Data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
Where you have requested that we erase Customer Data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the Customer Data or providing links to the Customer Data to erase the Customer Data too.
To exercise any of your rights, please use the following form: Data Privacy Rights Form and submit it to saa_feedback@singaporeair.com.sg. For Registered Customers and KrisFlyer members, you may correct any Customer Data by logging into your account.
Restriction of Processing to Storage Only.
You have a right to require us to stop processing the Customer Data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Customer Data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the Customer Data we hold about you where:
• you have objected to us processing Customer Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Customer Data whilst we determine whether there is an overriding interest in us retaining such Customer Data.
At any time you have the right to object to our processing of Customer Data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the Customer Data for that purpose.
You also have the right to object to our processing of Customer Data about you and we will consider your request in other circumstances as detailed below by using the following form: Data Privacy Rights Form and submitting it to saa_feedback@singaporeair.com.sg referencing: Data Subject Rights.
You may object where we are processing the Customer Data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing (please see here for the types of Customer Data we process on that basis: How we use your Customer Data
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the Customer Data whilst we make the assessment on an overriding interest by indicating this in our Data Privacy Rights form.
We will retain Customer Data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws. We will usually keep your Customer Data for up to 7 years to ensure that any contractual disputes can be addressed. This includes standing requests which contain sensitive personal data about yourself, e.g. a standing request that you wish to receive a halal meal or a wheelchair at the airport on all flights with us. You can amend your standing request at any time to change your preferences in the future.
If you opt-out or withdraw your consent to marketing, we will remove you from our marketing database.
We need your assistance to ensure that your Customer Data is current, complete and accurate. As such, please inform us of changes to your Customer Data by submitting your updated particulars to us (see Section 14). If you are a Registered Customer, KrisFlyer member or HighFlyer Participating Company, you may update your Customer Data at any time by logging on to your account.
We will also request Customer Data updates from you from time to time. As detailed above, your booking information or flight itinerary will be disclosed to the appropriate customs and immigration authorities as required by law. As such, it is important to ensure that the Customer Data contained in your booking information or flight itinerary is current, complete and accurate.
We will amend this Privacy Policy from time to time, and the updated versions will be posted on our website and mobile application; and date stamped so that you are aware of when the Privacy Policy was last updated. Please check back frequently to see any updates or changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will provide notice including by way of a banner on our website. Subject to applicable laws, the English version of this Privacy Policy will prevail over any version of this Privacy Policy in another language.
If you have comments, questions or complaints about or requests relating to this Privacy Policy statement, please contact SIA in writing at the address below referencing ‘Privacy Policy':
Singapore Airlines DPO
08D Airline House
25 Airline Road
Singapore 819829
Or email dpo@singaporeair.com.sg referencing: Privacy Policy.
Alternatively for queries specific to KrisFlyer, you may contact:
KrisFlyer Membership Services
PO Box 177
Singapore Post Centre Post Office
Singapore 914006
For queries specific to the Registered Customer programme, you may email registered_customer@singaporeair.com.sg
For queries specific to HighFlyer, you may email HighFlyer_Support@singaporeair.com.sg referencing: Privacy Policy


By proceeding with this chat, you agree to our privacy policy and the terms and conditions of using our website and chatbot.
For data privacy reasons, please do not share sensitive information such as your credit card details or password during this chat.Close this message
Got a question?