At American Express:
- We collect only customer information that is needed, and we tell customers how we use it. We limit the collection of information about our customers to
what we need to know to administer their accounts, to provide customer
services, to offer new products and services, and to fulfill any legal
and regulatory requirements. We tell our customers about the general
uses of information we collect about them, and we will provide
additional explanation if customers request it
- We give customers choices about how their data will be used. On a regular basis, we
give our customers the option to decide whether or not they wish to have
their names removed from lists used for mail, telephone and online
marketing. These opt-out choices include product and service offers from
American Express and those made in conjunction with our business
- We ensure information quality. We use advanced technology and well-defined employee
practices to help ensure that customer data is processed promptly,
accurately and completely. We require high standards of quality from the
consumer reporting agencies and others who provide us with information
about prospective customers.
- We use information security safeguards. Access to customer data is limited to those who
specifically need it to conduct their business responsibilities. We use
security techniques designed to protect our customer data -- especially
when certain data is used by employees and business partners to fulfill
- We limit the release of customer information. In addition to providing customers with the
opportunity to opt out of marketing offers, we release information only
with the customers' consent or request, or when required to do so by law
or other regulatory authority. When a court order or subpoena requires
us to release information, we notify the customer promptly to give the
customer an opportunity to exercise his or her legal rights. The only
exceptions to this policy are when we are prohibited by court order or
law from notifying the customer, or cases in which fraud and/or criminal
activity is suspected.
- We are responsive to customers' requests for explanations. If we deny an application for
our services or end a customer's relationship with us, to the extent
permitted by applicable laws, we provide an explanation, if requested.
We state the reasons for the action taken and the information upon which
the decision was based, unless the issue involves potential criminal
activity. Medical information about an applicant for insurance, or an
insured individual, may be disclosed to a physician designated by the
customer rather than to the customer directly.
- We extend these privacy principles to our business relationships. We expect the companies we
select as our business partners to honor our privacy principles in the
handling of customer information. These include companies that (a)
assist us in providing services to our customers; (b) supply us with
information for identifying or evaluating prospective customers; or (c)
are given the opportunity to send mailings to approved American Express
customer lists. In selecting business partners, American Express
considers the accuracy and quality of the data they provide, how they
respond to consumer complaints and whether or not they provide opt-out
choices for those whose information they process. We also participate
actively in industry associations to support strong and effective
privacy guidelines and practices.
- We hold employees responsible for our privacy principles. Each American Express employee is personally responsible for maintaining consumer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of these Customer Privacy Principles. We conduct internal audits and commission outside-expert reviews of our compliance with the privacy principles and the specific policies and practices that support the principles. Employees who violate these principles or other company policies and practices are subject to disciplinary action, up to and including dismissal. Employees are expected to report violations -- and may do so confidentially -- to their managers, to their business unit's compliance officer, or to the company's Office of the Ombudsperson.
American Express is a diversified, worldwide travel, financial and network services provider founded in 1850. The company is a leader in charge and credit cards, stored value products, travel services, financial planning, investment products, insurance and international banking. In each of these businesses, we have relationships with customers -- individuals who are potential or existing customers and clients. We collect information necessary to enroll them as customers, to provide the services they have selected, to administer their accounts and to offer them additional or related American Express products and services.
We also obtain information about customers from other companies and public sources to identify those who we think will be interested in specific American Express products and services, and we use this information to offer these products and services to them.
Because we strongly advocate the protection of customer information, we believe that the adoption and implementation of the American Express Customer Privacy Principles, above, are good business practices, and will serve the interests of our customers in effective privacy protection. These principles are an update of those published in 1991. Minor changes reflect the current business mix of the company, a more competitive and global marketplace and advances in technology.
These Customer Privacy Principles guide our conduct in the collection, use, release and security of customer information, as well as the responsibilities we assume as employees, including our dealings with our business partners.
In working with our partners and vendors to compile and use lists of customers and prospective customers for marketing purposes, we require strict contractual obligations regarding security, allowing us to audit those who are involved in the process.
These principles define our commitment to protect the privacy of our various customers. Each American Express business unit maintains its own additional rules and practices, which are fully consistent with these principles, and which they may modify as needed for particular products and services, or to conform to local laws or customs around the world.
If you have questions or comments about the American Express Customer Privacy Principles, please contact the PT. Bank Danamon Indonesia, Tbk., American Express Card Services, Graha Aktiva, Jl. H.R. Rasuna Said Blok X-1, Kav 03, PO Box 1357/JKT, Jakarta 12950, Indonesia.