American Express Canada Privacy Code
This Code should be read in conjunction with our online Privacy Statement which addresses how Amex Canada collects, uses and safeguards the personal information you provide to us on our website. This Code and our online Privacy Statement are available on our website. We may update this Code and the Privacy Statement and the most recent version will be available at www.americanexpress.ca/privacy.
In this Code “personal information” means any information which relates to an individual and allows that individual to be identified (“Information”).
1. We collect only customer Information that is needed and we tell customers how we use it.
We limit the collection, use, retention, and disclosure of Information about individuals who are customers to what we need to know:
- to initiate and administer their accounts
- to provide customer services
- to offer new products and services
- to understand the current and future needs of our customers and to otherwise analyze and manage our business
- to assess and manage our credit risk
- to detect and protect us against error, fraud and other criminal activity
- to exchange Information with customers who are jointly liable to us
- to share Information with third party suppliers who provide or participate in services or benefits provided in relation to our products and services
- in the case of business accounts or business travel, to provide account reports or data about the business account or business travel to a customer’s employer or its related businesses or their agents or service providers
- to comply with any legal and regulatory requirements
- or for any other purpose for which a customer consents.
Nature of Information Collected
The Information we collect will vary by product and can change over time. Here are some examples of the type of Information we collect and how they relate to certain purposes.
The Information we collect from time to time may include:
- Information to identify you such as name, date of birth, contact information, government issued documentation details (for example, a driver’s license), and your background (for example, occupation);
- Information about your financial circumstances and behaviour, such as your income, assets, payment history and credit worthiness;
- Information for the provision of products and services (for example, language, travel, lifestyle and other preferences, and information on a loyalty or reward program including those attached to your product);
- Information relating to transactions arising from your relationship with or through us (depending on the product or service, this may include purchase details, details about how you make payments to us or use our products to make payments to others).
- Health Information In certain appropriate circumstances, we or others providing services through us may ask for health information for specific services (such as insurance) or requests. This type of Information will not be used for any purpose other than to address the specific service or request. We will not request or use health information to assess a credit application.
- Social Insurance Number Disclosure of Social Insurance Numbers (“SIN”) to match credit bureau information is optional for credit/charge or other loan products. However for deposit and income-earning products, SIN is required for income reporting purposes of Canada Revenue Agency (“CRA”). If you provide your SIN for a credit product, we will use it to match credit bureau/reporting agency information. This allows us to distinguish you from other individuals, particularly those with similar names, and helps ensure the accuracy of the Information collected and reported.
- Date of Birth Date of birth is required in certain circumstances to comply with “know your customer” standards, for security reasons or for retirement products registered with the CRA. It also allows us to determine your eligibility for certain products or services.
- E-mail, Text Message and Other Electronic Communications We may send customer service and marketing communications to you electronically. Examples of customer service include electronic statement, collection and other notices. We may also provide payment due, account balance, approaching credit limit, payment received and other account alerts.
- Travel and Lifestyle Preferences: If you hold a product for which we provide concierge services (such as Platinum Concierge Service) and travel services offered by Amex Canada Inc. (such as Platinum Card Travel Service), your travel and lifestyle preferences such as the individual authorized to make bookings on your behalf, your preferred retailers, restaurants and leisure activities could be used by us to customize, personalize and coordinate concierge and travel recommendations and bookings.
We are required by law to determine whether we have customers who are politically exposed foreign persons and comply with certain legal requirements. There are also regulatory guidelines which indicate we should assess the risk associated with customers who are politically exposed persons. We use Information, publicly available information and commercial database(s) to determine whether a customer is politically exposed. More information is available at the website fintrac.gc.ca.
When, with your consent, we promote and market to you products and services offered by us or from other well-established companies (“promotions”), each promotion is carefully developed to ensure that it meets our standards. We try to make sure these promotions reach only those customers most likely to take advantage of them. To do this, we develop lists for use by us based on Information you have provided us on your applications, in surveys and other communications, Information derived from how you use our products that may indicate purchasing preferences and lifestyle, as well as Information available from external sources including consumer reports. We may also use that Information, along with non-credit information from external sources, to develop lists that are used by us. The lists used to send you promotions are developed under strict conditions designed to safeguard the privacy of customer Information.
2. We give customers choices about how their Information will be used.
At the beginning of a customer relationship, and on a regular basis, we give customers the choice of not receiving promotions and marketing offers. These include product and service offers from American Express businesses and those made by other well established companies. This will not limit information we may provide you when you contact us. In addition, we will continue to provide information to our customers in keeping with the nature of their relationship with us.
If you do not wish to receive promotions and marketing offers, please call us at 1-800-869-3016. You can choose to be excluded from all promotions or from certain promotions based on the partial exclusions that we may make available. For example, if you have a credit card product, you may choose not to receive special offers with your statements or in separate mailings that include personalized cheques to access your credit card account. Your request will be processed promptly but may not be captured for promotions already in progress.
Subject to legal and contractual restrictions, you can withdraw your consent to our use of your Information at any time with reasonable notice. For example, as described above you may choose not to receive marketing offers or other promotional materials. If you refuse or withdraw your consent for any purpose that is required by us to fulfill our product or service contract with you, we will not be able to provide you, or continue to provide you, with the product or service. In some cases, certain consents are mandatory and cannot be withdrawn. For example, once you have a Card or other credit product from us, you may not withdraw your consent relating to ongoing collection and disclosure of credit information. This is necessary to support and maintain the integrity of the credit granting process. Similarly, you cannot withdraw your consent on matters that are essential to the management of our businesses, including the disclosure of Information when we assign our rights to others such as for the sale or collection of debts.
3. We ensure Information quality.
We use advanced technology, documented procedures, and internal monitoring practices to help ensure that customer Information is processed promptly, accurately and completely. In addition, we prescribe standards of quality from the consumer reporting agencies and others who provide us with Information about prospective customers.
4. We give customers rights to access and correct their Information.
Customers have access to Information that is reasonably available and retrievable in the ordinary course of business. Upon written specific request, we will disclose to customers Information about them that is entered in our records, and customers may correct any of such Information that is inaccurate or incomplete. We will respond to a customer’s request, and advise the customer in advance of any charges for copies of his/her file. Some information may not be accessed if it refers to others, is subject to legal privilege, contains confidential information, cannot be retrieved using a customer’s name or account number, cannot be disclosed for legal reasons, or as otherwise permitted by law.
It should be noted that we do not record in customers’ individual files when Information was disclosed to third parties for routine purposes such as cheque printing, data processing, storage and regular updating of credit information to credit bureaus.
If we are informed and it is determined that a customer’s Information in our files is inaccurate, we will correct it. If we correct a customer’s file, we will, where appropriate, notify persons who received the incorrect Information in the preceding six months and, where applicable, to the person who provided the incorrect Information.
Customers may access their Information by writing to: Compliance Department, Protection of Personal Information at our head office at 101 McNabb Street, Markham, Ontario L3R 4H8. We will respond to a written request from you within 30 days of its receipt. If for any reason we do not grant you access, we will provide you with written reasons.
- Credit Reports
5. We use prudent Information security safeguards.
We limit access to customer Information to those who specifically need the Information to conduct their business responsibilities, to meet our customer servicing commitments, for the purposes set out in this Code or as otherwise disclosed to customers. We employ safeguards designed to protect the confidentiality and security of our customer Information.
6. We limit the disclosure of customer Information.
We will not disclose customer Information to entities other than the Amex Canada entity that collected the Information and its affiliates, and their agents and service providers, unless we have previously informed the customer, have been authorized by the customer, or are permitted or required to do so by law or other regulatory authority. In particular, when a court order or subpoena requires us to disclose Information, we notify the customer promptly to provide the customer an opportunity to exercise his or her legal rights. The only exceptions to this policy are when we are prohibited by court order or law from notifying the customer, or in cases in which fraud and/or criminal activity is suspected.
We are part of a global payment and travel network with affiliates, service providers and agents located both within and outside of Canada. As a result, customer Information may be processed and stored in other countries including the United States. While we use contractual and other measures to ensure protection of customer Information, governments, courts, law enforcement or regulatory agencies in these other countries may be able to obtain disclosure of customer Information through the laws of these countries.
We may disclose customer Information in order to manage our businesses including when we assign our rights to others. This encompasses disclosing on a confidential basis customer Information to parties that may be participating in a proposed or an actual business transaction with us including financings, securitizations, insurance, or the assignment of our rights such as for the sale or collection of debts.
7. We are responsive to customers’ requests for explanations.
If we deny an application for our services or end a customer’s relationship with us, if requested and to the extent permitted by applicable laws, we provide an explanation. We state the reasons for the action taken and the Information upon which the decision was based, unless the issue involves potential criminal activity.
8. We hold ourselves responsible for our Privacy Code.
Each Amex Canada employee is personally responsible for maintaining customer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of this Code. We conduct a combination of compliance self-assessments, internal audits, and may commission outside-expert reviews of our compliance with the Code and the specific policies and practices that support the Code.
Employees who violate the Code or other company policies and practices are subject to disciplinary action, up to and including dismissal. Employees are expected to report violations – and may do so confidentially – to their managers, to their business unit’s compliance officer, or to the company’s Office of the Ombudsperson.
9. We extend the protection under this Privacy Code to our business relationships.
We require companies we select as our business partners to agree to keep our customer Information confidential and secure, to protect the Information against unauthorized access, use, or disclosure by the recipient company, and limit its use to the purposes for which it was disclosed. We also encourage our business partners to respect their customers’ Information by adopting strong and effective privacy policies and practices. In addition, we participate actively in industry associations to advocate development of comprehensive privacy policies and implementation strategies.
10. Our customers’ privacy concerns are important to us.
Our Chief Privacy Officer is responsible for ensuring that our day-to-day procedures comply with our Privacy Code.