Hong Kong airline Cathay Pacific is collecting images of its passengers in the air, tracking their use of inflight entertainment and retaining it for “as long as is necessary”, its updated privacy policy has revealed.

The alarming privacy policy was released at the start of the month, and outlines the range of ways that the airlines tracks and collects data on its passenger, and how this highly personal information is used and stored.

Included in the data Cathay Pacific collects on its passengers is the “use of our inflight entertainment system and inflight connectivity and your images captured via CCTV in our airport lounges and aircraft”.

It confirmed that this information would be stored for “as long as is necessary”, and its security cannot be fully guaranteed.

“No data transmission over the internet, a website, mobile application or via email or other message service can be guaranteed to be secure from intrusion,” the privacy policy said.

“However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal data in accordance with the requirements of data protection legislation.”

“Your personal data may be transferred outside the country in which you are located, including to countries with a lower level of data protection than in the country in which you are located.”

The data will also be potentially shared with “third party partners for marketing purposes” under the new privacy policy.

“We may disclose your personal data to third parties so they can provide marketing services or conduct marketing or social interaction activities on our behalf such as campaigns, contests, sweepstakes, market research, customer survey and data analytics,” it said.

A Cathay Pacific spokesperson denied that there are any recording devices inside the inflight entertainment devices, and that the camera on the aircraft refers to one camera positioned near the cockpit door for “security purposes”.

“We will retain the personal data as long as is necessary to fulfill business needs,” the spokesperson said. “The information that is no longer needed is either irreversibly anonymised or securely destroyed.

“In line with standard practice and to protect our customers and frontline staff, there are CCTV cameras installed in our airport lounges and onboard aircraft for security purposes. All images are handled sensitively with strict access controls. There are no CCTV cameras installed in the lavatories.

“Our inflight entertainment systems do not have any cameras, microphones or sensors to monitor passengers, nor have they in the past.”

Cathay Pacific has a checkered history with personal data after a massive data breach involving 9.4 million passengers was revealed last year.

The airline confirmed that the personal data of more than 9 million passengers, including their names, nationalities, phone numbers, addresses and passport numbers were exposed as part of the breach.

The airline first identified suspicious activity in its network in March last year and confirmed “unauthorised access to certain personal data” in early May, but did not inform the impacted passengers until October, six months after it was detected.

Cathay Pacific said it took “immediate action to contain the event”, that there was no evidence the personal data was misused and there was no impact on flight safety.