American Express is a diversified worldwide travel, financial and network services
provider founded in 1850. The company is a leader in charge and credit cards, stored value
products, travel services, financial planning, investment products, insurance and
international banking. In each of these businesses, we have relationships with customers
-- individuals to whom we provide personal financial products and services. As a part of
these customer relationships, we collect information necessary to enroll customers in
products and services, to provide the services they have selected, to administer their
accounts, and to offer them related or additional American Express products and services.
Because we strongly advocate the protection of customer information, we believe that
the adoption and implementation of the following American Express Customer Privacy
Principles makes good business sense and will serve the interests of our customers in
effective privacy protection.
Our Customer Privacy Principles were first published in 1991, and they were modified in
1997. We are republishing these principles now to reiterate our commitment and simplify
These Customer Privacy Principles guide our conduct in the collection, use, release,
and security of customer information. They outline the responsibilities we assume as
employees and our expectations of business partners.
In working with our partners and vendors to identify customers and prospective
customers for marketing purposes, we require strict contractual obligations regarding
information use and security, including our right to audit those partners and vendors to
ensure that they are adhering to our privacy requirements.
These principles define our commitment to protect the privacy of our customers. Each
American Express business unit may also maintain its own policies and practices, which are
fully consistent with these principles. In those jurisdictions that call for additional
information practices, our policies and practices will meet the requirements of applicable
WE COLLECT ONLY CUSTOMER INFORMATION THAT IS NEEDED, AND WE TELL CUSTOMERS HOW WE USE IT.
We limit the collection of information about our customers to what we need to know
to administer their accounts, to provide customer services, to offer new products and
services, and to satisfy any legal and regulatory requirements. We also tell our customers
about the general uses of information we collect about them, and we will provide
additional explanation if customers request it.
2. WE GIVE CUSTOMERS CHOICES ABOUT HOW THEIR INFORMATION WILL BE USED.
Our businesses give customers "opt out" choices about how information
about the customer's relationship with that business unit may be used to generate
marketing offers. These marketing choices include product and service offers from American
Express businesses and those made by our business partners. Of course, each of our
businesses will continue to send its customers information relating to products or
services they receive from that business.
3. WE ENSURE INFORMATION QUALITY.
We use advanced technology, documented procedures and internal monitoring practices
to help ensure that customer information is processed promptly, accurately and completely.
We will respond in a timely manner to customers' requests to correct inaccurate account or
transaction information. We also require high standards of quality from the consumer
reporting agencies and others that provide us with information about prospective
4. WE USE PRUDENT INFORMATION SECURITY SAFEGUARDS.
We limit access to customer information systems to those who specifically need it
to conduct their business responsibilities, and to meet our customer servicing
commitments. We employ safeguards designed to protect the confidentiality and security of
our customer information.
5. WE LIMIT THE DISCLOSURE OF CUSTOMER INFORMATION.
We do not disclose customer information unless we have previously informed or been
authorized by the customer, or we do so in connection with our efforts to reduce fraud or
criminal activity and to comply with regulatory requirements and guidelines. When a court
order or subpoena requires us to release information, we typically notify the customer to
give the customer an opportunity to exercise his or her legal rights. Further, we will not
disclose or use health information for marketing purposes or use it as a basis to make
6. WE ARE RESPONSIVE TO CUSTOMERS' REQUESTS FOR EXPLANATIONS.
If we deny an application for our services or end a customer's relationship with
us, to the extent permitted by applicable law, we will provide an explanation, if
requested. We state the reasons for the action taken and the information upon which the
decision was based, unless the issue involves potential criminal activity.
7. WE HOLD OURSELVES RESPONSIBLE FOR OUR PRIVACY PRINCIPLES.
Each American Express employee is responsible for maintaining consumer confidence
in the company. We provide training and communications programs designed to educate
employees about the meaning and requirements of these Customer Privacy Principles.
Employees who violate these principles are subject to disciplinary action, up to and
including dismissal. Employees are expected to report violations, and may do so
confidentially, to their manager, to their business unit's compliance officer, or to the
company's Office of the Ombudsperson.
We also conduct internal assessments of our privacy practices and periodically
commission outside expert reviews of our compliance with the Privacy Principles and the
specific policies and practices that support these principles.
8. WE EXTEND THESE PRIVACY PRINCIPLES TO OUR BUSINESS RELATIONSHIPS.
We require companies we select as our business partners to agree to keep our
customer information confidential and secure, to protect the information against
unauthorized access, use, or redisclosure by the recipient company, and limit its use to
the purposes for which it was provided to them.
We also encourage our business partners to respect their customers' information by
adopting strong and effective privacy policies and practices, including offering "opt
out" choices for marketing offers to their customers.
In addition, we participate actively in industry associations to advocate development
of comprehensive privacy policies and implementation strategies.
If you have questions or comments about the American Express Customer Privacy
Principles, please contact the American Express Int., Inc. Theodor Heuss Allee 112 60486
Frankfurt am Main.
top of page