Effective Date: May 1, 2023
American Express (Amex Bank of Canada and Amex Canada Inc.) is committed to protecting your privacy.
This online privacy statement (“Statement”) outlines what information Amex Bank of Canada, Amex Canada Inc., and our Service Providers, Business Partners, parent company and affiliates (collectively, we, us, our or Amex Canada) may collect about you online, why we collect it and how we access, use, disclose and protect it. This Statement applies to Online Information we collect if you:
This Statement applies to all other services or content that link to or reference this Statement. This Statement does not apply to online services operated by American Express that have their own online privacy statements.
Our websites and apps are not intended for children under 14 years of age. We do not knowingly solicit data online from, or market online to, children under 14 years of age.
Other Applicable Privacy Notices
Depending on the product or service you use, we may provide you with more details about how we use information about you in relation to that specific product or service. This will usually be in the form of terms and conditions or an additional privacy statement or notice. For example, our Privacy Code includes more specific details about how we use your Card or other information related to our products and services.
Please note that third-party services, such as social media sites, have additional terms that explain how operators of those services handle your information. Please review the terms of the specific online services you use.
What is in this statement?
The types of information we collect depends on which product or service you use.
Sometimes you give information directly to us (or to our Service Providers). For example, you might give us your name, account number, email, mailing address, phone number, or date of birth when you:
If you apply online for an American Express Card account, we may collect more detailed information such as your employment details and income. We will only collect information that is reasonably necessary for legitimate
business purposes and permitted by law.
Cookies and Similar Technologies
We (and our Service Providers or Third-Party Ad-Servers) also collect information through Cookies and Similar Technologies when you use our online services or access online content.
Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username.
The information we (and our Service Providers or Third-Party Ad-Servers) collect using Cookies and Similar Technologies may include information about:
In addition, if you use your mobile device to access our products or services, we may collect information about that device, such as your location to provide location-based content you request.
Other Sources of Information
We (and our Service Providers or Third-Party Ad-Servers) may obtain information about you from other sources. For example, we may obtain information about other American Express products and services you use, in accordance with those privacy policies. In accordance with our Privacy Code, we may collect information from your application, card transactions and credit bureaus. We may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained. We may combine this other information with the online information we have collected about you under this Statement.
For more information about cookies and similar technologies, please refer to our policy About Cookies and Similar Technologies.
We may use Online Information we collect about you on its own or combine it with Other Information to:
Automated Decision Making
We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:
These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with Amex Canada, and
information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with Amex Canada) and transaction particulars (such as merchants and Card present or not) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.
Please see the section “Your Rights” for more information about your rights related to automated decision making.
We advertise through our own websites and apps as well as third-party websites or apps. We may use information about you in order to display online marketing content or ads that are tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.
We and our Third-Party Ad-Servers may use Precise Location Data which may be obtained from a mobile device to deliver Targeted Advertising to you. In this case, additional personal information is not shared with us when our Third-Party Ad-Servers deliver the Targeted Advertising.
If Precise Location Data is used with the Amex app, that app will provide you with additional details and choices.
We participate in advertising programs offered by various social media and online partners such as Facebook and Google. These programs allow us to serve you with advertising when you use those services. We use
information we hold about you to help ensure those advertisements are relevant to you. We may provide a hashed version of your email address or other information to the platform provider for such purposes.
We may use information from one app to provide you with Targeted Advertising on another app. For example, if you begin completing an online form on the Amex app and do not complete it, we may follow up with Targeted Advertising through social media and online partners. In this context we do not share the relevant online activity with the third party. To opt-out or change your preferences for these advertising programs, please see the "Your Choices" section below.
We may share your Personal Information as required or as permitted by applicable law, such as;
Cross-Border Transfers of Personal Information
In providing you with our products or services, we will transfer Information outside of your province or territory of residence or outside of Canada (“other locations”) where different data protection laws apply, such as to the United States (where our main operational data centres are located). No matter where we transfer Information about you, we will protect it in the manner described in our privacy notices and in accordance with applicable laws using appropriate contractual protections. We also assess whether other technical and organizational measures are required. However, governments, courts, law enforcement or regulatory agencies in other locations may be able to obtain disclosure of customer Information through their laws. For information about the manner in which we or our service providers (including service providers outside of Canada) treat Personal Information, please contact us as set out below.
We sometimes process Personal Information so that it no longer identifies any individual. Once processed, this is referred to as Aggregated Information or Anonymized Information. We use aggregated and anonymized information in several ways, for example:
We sometimes share aggregated and anonymized information with Business Partners, Third Party Ad Servers and other third parties, for many of the same reasons mentioned above.
We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity and availability of your Personal Information. These measures include physical and technological safeguards, and appropriate access controls to data and facilities. We take reasonable steps to securely destroy or anonymize Personal Information and sensitive Personal Information when we no longer need it, unless we are required to keep it longer by law, regulation or for the purposes of litigation or regulatory investigations.
Our Roles and Responsibilities
We have governance to support adherence to this Statement and the Privacy Code including procedures, training, reporting, oversight (including by the Chief Privacy Officer or person-in-charge of Personal Information) and committees of management and our Board of Directors (as applicable). Amex Canada employees are required to comply with this Statement and Privacy Code. Business Partners are also required to comply with our privacy standards.
In certain instances, you have a right to access, update, change or correct, dispose or make a complaint about your Personal Information, including by
If you would like to exercise any of your rights or if you have questions about how we process information about you, please see the “Contacting Us” section below.
You have choices about how we use information about you for marketing and advertising. Like most companies, we work with a range of advertising partners such as ad networks, ad servers and social media platforms to present our ads online. Your choices may differ depending on whether we are communicating with
you through a website, email app or social media.
Choices about Marketing Communications
You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email and/or telephone. If you choose to not receive marketing communications from us, we will honour your choice. Please be aware that if you choose not to receive such communications, certain offers attached to the products or services you have chosen may be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.
For additional information and to manage your marketing preferences, please see Additional Information and Marketing Preferences .
Online Behavioural Advertising
American Express participates in Targeted Advertising programs. We use information we have about you in order to provide you with advertising messages that are relevant to you. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Online Behavioural Advertising and DAAC’s Application of Self-Regulatory Principles to the Mobile Environment. The DAAC program is designed to provide information about and greater control over online advertising. It enables you to opt out from online behavioural advertising served by participating companies. The DAAC program applies to websites and mobile applications. You can use the Ad Choices opt out tool to opt-out online or get the free DAAC App Choices App for each of your mobile devices. With the App Choices App you can set your preferences for Targeted Advertising and use of data across apps. Click here to learn more about the DAAC and your choices.
If you do not want to receive Targeted Advertising from American Express in apps, you can also turn off mobile device ad tracking or reset the advertising identifier in your device settings, where these tools are available from your device platform, on each of the devices that you use. If you do not want to receive Targeted Advertising using Precise Location Data, you can also turn off location-based services in your device settings.
In addition, we also work with online and social media companies to deliver Targeted Advertising on those platforms and they also have privacy content options.
Choices About the Information We Collect
You have choices about how American Express uses your information, such as how we market to you or how we manage Cookies and Similar Technologies.
If you do not want us to collect information about you using Cookies and Similar Technologies you can disable or delete them. Most computer systems and browsers offer their own privacy settings. We encourage you to use them to enhance your choices. Most browsers’ advanced settings (such as those in Internet Explorer, Google Chrome or Safari) allow you to disable Cookies and Similar Technologies.
Important: If you do disable or delete Cookies and Similar Technologies, some site features and services may not work. You will need to manage your settings for each computer and browser you use to access the Internet.
For more information go to About Cookies and Similar Technologies.
If you have any questions about our Statement, please talk to one of our customer service representatives at Amex Canada Click here for a list of contact numbers or, write to the Person in Charge of the protection of personal information:
Chief Privacy Officer
PO Box 3204, STN F
We may change this Statement when necessary. Depending on what we change, we may let you know in advance. Whenever we make any changes, we will update the “Effective Date” at the top of this page. Any changes to this Statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you
accept the revised Statement.
Aggregated Information - data or information, relating to multiple people, which has been combined or aggregated. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.
American Express (we, our, us), - the American Express Company as identified at the beginning
of this Statement.
Anonymized Information - data or information that is irreversibly or permanently modified to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.
Business Partners - any third parties with whom we conduct business and have a contractual relationship, such as a business that accepts American Express branded cards.
Co-brand Partners - businesses we partner with to offer cards featuring both brand logos.
De-identified Information - data or information used in a way that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.
IP Address - a number assigned to a device when connecting to the Internet.
Online Information - data or information collected on the American Express websites and apps as well as on websites and apps of third parties relating to topics about our business which includes Personal Information, Aggregated Information and De-Identified Information.
Other Information - American Express internal information (for example, transaction data), external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you.
Personal Information- information that can identify a person, such as name, address, telephone number, and email address.
Precise Location Data- data that allows the location of a mobile device to be used for the purposes of delivering Targeted Advertising.
Service Providers - any vendor, third party and/or company that performs business operations on our behalf, such as printing, mailing, fulfillment, communications services (email, direct mail, etc.), marketing, sales, data processing and platforms, servicing, collections, or ad management.
Targeted Advertising - ads we, or our Service Providers or Third-Party Ad-Servers, display on websites outside the American Express Family of Companies based on the preferences or interests inferred from our data, such as transaction data, or data collected from a particular computer or device regarding web viewing behaviours or app use over time and across different websites and mobile apps. Targeted Advertising may occur across browsers or mobile devices that have been associated together. Targeted Advertising includes Interest-Based Advertising. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Interest-Based Advertising. The DAAC program is designed to provide information about and greater control over online advertisements. It also enables you to opt out from Interest-Based Advertising served by any, or all of the participating companies. Click here to learn more about the DAAC and your choices.
Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.