• We collect only customer information that is needed, and we tell customers how we use it. We limit the collection of information about our customers to what we need to know to administer their accounts, to provide customer services, to offer new products and services, and to fulfill any legal and regulatory requirements. We tell our customers about the general uses of information we collect about them, and we will provide additional explanation if customers request it
• We give customers choices about how their data will be used. On a regular basis, we give our customers the option to decide whether or not they wish to have their names removed from lists used for mail, telephone and online marketing. These opt-out choices include product and service offers from American Express and those made in conjunction with our business partners.
• We ensure information quality.We use advanced technology and well-defined employee practices to help ensure that customer data is processed promptly, accurately and completely. We require high standards of quality from the consumer reporting agencies and others who provide us with information about prospective customers.
• We use information security safeguards. Access to customer data is limited to those who specifically need it to conduct their business responsibilities. We use security techniques designed to protect our customer data -- especially when certain data is used by employees and business partners to fulfill customer services
• We limit the release of customer information. In addition to providing customers with the opportunity to opt out of marketing offers, we release information only with the customers' consent or request, or when required to do so by law or other regulatory authority. When a court order or subpoena requires us to release information, we notify the customer promptly to give the customer an opportunity to exercise his or her legal rights. The only exceptions to this policy are when we are prohibited by court order or law from notifying the customer, or cases in which fraud and/or criminal activity is suspected.
• We are responsive to customers' requests for explanations. If we deny an application for our services or end a customer's relationship with us, to the extent permitted by applicable laws, we provide an explanation, if requested. We state the reasons for the action taken and the information upon which the decision was based, unless the issue involves potential criminal activity. Medical information about an applicant for insurance, or an insured individual, may be disclosed to a physician designated by the customer rather than to the customer directly.
• We extend these privacy principles to our business relationships. We expect the companies we select as our business partners to honor our privacy principles in the handling of customer information. These include companies that (a) assist us in providing services to our customers; (b) supply us with information for identifying or evaluating prospective customers; or (c) are given the opportunity to send mailings to approved American Express customer lists. In selecting business partners, American Express considers the accuracy and quality of the data they provide, how they respond to consumer complaints and whether or not they provide opt-out choices for those whose information they process. We also participate actively in industry associations to support strong and effective privacy guidelines and practices.
• We hold employees responsible for our privacy principles. Each American Express employee is personally responsible for maintaining consumer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of these Customer Privacy Principles. We conduct internal audits and commission outside-expert reviews of our compliance with the privacy principles and the specific policies and practices that support the principles. Employees who violate these principles or other company policies and practices are subject to disciplinary action, up to and including dismissal. Employees are expected to report violations -- and may do so confidentially -- to their managers, to their business unit's compliance officer, or to the company's Office of the Ombudsperson.

American Express is a diversified, worldwide travel, financial and network services provider founded in 1850. The company is a leader in charge and credit cards, stored value products, travel services, financial planning, investment products, insurance and international banking. In each of these businesses, we have relationships with customers -- individuals who are potential or existing customers and clients. We collect information necessary to enroll them as customers, to provide the services they have selected, to administer their accounts and to offer them additional or related American Express products and services.

We also obtain information about customers from other companies and public sources to identify those who we think will be interested in specific American Express products and services, and we use this information to offer these products and services to them.

Because we strongly advocate the protection of customer information, we believe that the adoption and implementation of the American Express Customer Privacy Principles, above, are good business practices, and will serve the interests of our customers in effective privacy protection. These principles are an update of those published in 1991. Minor changes reflect the current business mix of the company, a more competitive and global marketplace and advances in technology.

These Customer Privacy Principles guide our conduct in the collection, use, release and security of customer information, as well as the responsibilities we assume as employees, including our dealings with our business partners.

In working with our partners and vendors to compile and use lists of customers and prospective customers for marketing purposes, we require strict contractual obligations regarding security, allowing us to audit those who are involved in the process.

These principles define our commitment to protect the privacy of our various customers. Each American Express business unit maintains its own additional rules and practices, which are fully consistent with these principles, and which they may modify as needed for particular products and services, or to conform to local laws or customs around the world.

If you have questions or comments about the American Express Customer Privacy Principles, please contact the American Express International Inc., 18/F Cityplaza 4, 12 Taikoo Wan Road, Taikoo Shing, Hong Kong.