American Express®
Online Privacy Statement Canada

icon

Effective Date: May 1, 2023

American Express (Amex Bank of Canada and Amex Canada Inc.) is committed to protecting your privacy.

This online privacy statement (“Statement”) outlines what information Amex Bank of Canada, Amex Canada Inc., and our Service Providers, Business Partners, parent company and affiliates (collectively, we, us, our or Amex Canada) may collect about you online, why we collect it and how we access, use, disclose and protect it. This Statement applies to Online Information we collect if you:

Visit or use our websites or applications (“apps”);
Participate in the online programs we offer with our Business Partners;
Receive or reply to electronic communications from us;
View or click on our ads or other online content;
Interact with us through social media websites and other websites and apps.

This Statement applies to all other services or content that link to or reference this Statement. This Statement does not apply to online services operated by American Express that have their own online privacy statements.

Our websites and apps are not intended for children under 14 years of age. We do not knowingly solicit data online from, or market online to, children under 14 years of age.

Other Applicable Privacy Notices

Depending on the product or service you use, we may provide you with more details about how we use information about you in relation to that specific product or service. This will usually be in the form of terms and conditions or an additional privacy statement or notice. For example, our Privacy Code includes more specific details about how we use your Card or other information related to our products and services.

Please note that third-party services, such as social media sites, have additional terms that explain how operators of those services handle your information. Please review the terms of the specific online services you use.

What is in this statement?

A. Information we Collect
B. Use of Information
C. Sharing of Information
D. Aggregated and Anonymized Information
E. Security
F. Your Rights
G. Your Choices
H. Contacting Us
I. Changes to this Statement

The types of information we collect depends on which product or service you use.

Sometimes you give information directly to us (or to our Service Providers). For example, you might give us your name, account number, email, mailing address, phone number, or date of birth when you:

fill out an online form or survey, including when you complete a card application or book travel with us;
register, log into or update the settings on your account using our online services;
register or enroll in our programs;
enter a contest or register for a marketing offer; or
buy something on our websites or apps.

If you apply online for an American Express Card account, we may collect more detailed information such as your employment details and income. We will only collect information that is reasonably necessary for legitimate
business purposes and permitted by law.

Cookies and Similar Technologies

We (and our Service Providers or Third-Party Ad-Servers) also collect information through Cookies and Similar Technologies when you use our online services or access online content.

Cookies are small text files which are placed on your computer, mobile device or tablet whenever you visit a website. We use cookies for many different purposes, like helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. They can also help ensure that ads you see online are more relevant to you and your interests. Some of the functions that cookies perform can also be achieved using alternative technology, which is why we use the term 'Cookies and similar technologies' in this Statement.

Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username.

The information we (and our Service Providers or Third-Party Ad-Servers) collect using Cookies and Similar Technologies may include information about:

the device you use to browse our websites or use our apps (for example, we may collect information about the operating system or the browser version and the type of device you use to open electronic communications from us);
the IP Address and information related to that IP Address (such as domain information, your internet provider and geographic location);
your browsing and app use activities over time (such as what you search for, the pages you view, how long you stay, and how often you come back) and across other websites and apps, following your visit to one of our websites or apps (Service Providers or Third-Party Ad-Servers perform such activities on our behalf);
the likely associations among different browsers and devices that you use to access our products and services (for example, to detect or prevent fraud);
how you search for our websites or apps, from which website or app you came from, and which of our Business Partners' websites you visit;
which ads or online content from us and our Business Partners you view, access, or click on;
whether you open our electronic communications and which parts you click on (for example, how many times you open the communication); and
the location of your mobile device (for example, to detect or prevent fraud or when you register to receive or we otherwise provide location-based content on our mobile websites or apps).

In addition, if you use your mobile device to access our products or services, we may collect information about that device, such as your location to provide location-based content you request.

Other Sources of Information

We (and our Service Providers or Third-Party Ad-Servers) may obtain information about you from other sources. For example, we may obtain information about other American Express products and services you use, in accordance with those privacy policies. In accordance with our Privacy Code, we may collect information from your application, card transactions and credit bureaus. We may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained. We may combine this other information with the online information we have collected about you under this Statement.

For more information about cookies and similar technologies, please refer to our policy About Cookies and Similar Technologies.

We may use Online Information we collect about you on its own or combine it with Other Information to:

deliver and improve our products and services, including to:
- recognize you when you return to our websites or use our apps;
- complete transactions;
- tell you about updates to your accounts, products, and services;
- update you about new features and benefits;
- answer questions and respond to your requests made through our websites or apps and through third-party websites (including social media);
- use the location of your mobile device for location-based services that you may request;
- determine how to best provide services to you and manage your accounts, such as the best way and time to contact you;
- improve our websites or apps and make them easier to use;
advertise and market our products and services – and those of our Business Partners – including to:
- present content that is tailored to your interests, including Targeted Advertising;
- send or provide you with ads, promotions, and offers;
- analyze whether our ads, promotions, and offers are effective;
- help us determine whether you may be interested in new products or services;
- provide location-based content and advertising personalization;
conduct research and analysis, including to:
- better understand our customers and our website or app users;
- allow you to give feedback by rating and reviewing our products and services and those of our Business Partners;
- produce data analytics, statistical research, and reports;
- review and change our products and services;
manage fraud and security risk, including to:
- detect and prevent fraud or criminal activity;
- safeguard the security of your information;
assess credit risks relating to our business, including to:
- evaluate and process your applications for our products and services and manage your existing accounts; (for example, to contact you with important information about your account) and
use it in other ways as required or permitted by law or with your consent.

Automated Decision Making

We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:

assess security risks, detect and manage fraud;
process card and loan applications;
assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card or loan or approve a transaction.

These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with Amex Canada, and

information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with Amex Canada) and transaction particulars (such as merchants and Card present or not) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.

Please see the section “Your Rights” for more information about your rights related to automated decision making.

Digital Advertising

We advertise through our own websites and apps as well as third-party websites or apps. We may use information about you in order to display online marketing content or ads that are tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.

We and our Third-Party Ad-Servers may use Precise Location Data which may be obtained from a mobile device to deliver Targeted Advertising to you. In this case, additional personal information is not shared with us when our Third-Party Ad-Servers deliver the Targeted Advertising.

If Precise Location Data is used with the Amex app, that app will provide you with additional details and choices.

We participate in advertising programs offered by various social media and online partners such as Facebook and Google. These programs allow us to serve you with advertising when you use those services. We use
information we hold about you to help ensure those advertisements are relevant to you. We may provide a hashed version of your email address or other information to the platform provider for such purposes.

We may use information from one app to provide you with Targeted Advertising on another app. For example, if you begin completing an online form on the Amex app and do not complete it, we may follow up with Targeted Advertising through social media and online partners. In this context we do not share the relevant online activity with the third party. To opt-out or change your preferences for these advertising programs, please see the "Your Choices" section below.

We may share your Personal Information as required or as permitted by applicable law, such as;

with credit bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe;
with regulatory authorities, courts, and governmental agencies to comply with legal orders, legal or regulatory requirements, and government requests;
with our Service Providers, regulatory authorities, and governmental agencies to detect and prevent fraud or criminal activity, and to protect the rights of American Express or others;
within the American Express Family of Companies;
with our Service Providers who perform services for us and help us operate our business (we require Service Providers to safeguard Personal Information and only use your Personal Information for the purposes we specify);
with financial institutions or Co-brand Partners with whom American Express jointly offers or develops products and services (but they may not use your Personal Information - in particular your email address - to independently market their own products or services to you unless you consent that they can do so);
in the context of a sale of all or part of the American Express Family of Companies or their assets; or
for specific products or services, when you have given your consent.

Cross-Border Transfers of Personal Information

In providing you with our products or services, we will transfer Information outside of your province or territory of residence or outside of Canada (“other locations”) where different data protection laws apply, such as to the United States (where our main operational data centres are located). No matter where we transfer Information about you, we will protect it in the manner described in our privacy notices and in accordance with applicable laws using appropriate contractual protections. We also assess whether other technical and organizational measures are required. However, governments, courts, law enforcement or regulatory agencies in other locations may be able to obtain disclosure of customer Information through their laws. For information about the manner in which we or our service providers (including service providers outside of Canada) treat Personal Information, please contact us as set out below.

We sometimes process Personal Information so that it no longer identifies any individual. Once processed, this is referred to as Aggregated Information or Anonymized Information. We use aggregated and anonymized information in several ways, for example:

for the same reasons as we might share Personal Information;
to help develop and market programs, products or services and present targeted content including Targeted Advertising;
to conduct analysis and research about customers, website and app users; or
to place ads on various websites and apps, and to analyze the effectiveness of those ads.

We sometimes share aggregated and anonymized information with Business Partners, Third Party Ad Servers and other third parties, for many of the same reasons mentioned above.

We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity and availability of your Personal Information. These measures include physical and technological safeguards, and appropriate access controls to data and facilities. We take reasonable steps to securely destroy or anonymize Personal Information and sensitive Personal Information when we no longer need it, unless we are required to keep it longer by law, regulation or for the purposes of litigation or regulatory investigations.

Our Roles and Responsibilities

We have governance to support adherence to this Statement and the Privacy Code including procedures, training, reporting, oversight (including by the Chief Privacy Officer or person-in-charge of Personal Information) and committees of management and our Board of Directors (as applicable). Amex Canada employees are required to comply with this Statement and Privacy Code. Business Partners are also required to comply with our privacy standards.

In certain instances, you have a right to access, update, change or correct, dispose or make a complaint about your Personal Information, including by

Requesting details on the Personal Information we have about you
Requesting a review of certain automated processing activities
Requesting that Personal Information we have about you be changed or corrected
Make a complaint regarding the protection of your Personal Information
Withdrawing the consent you have given for the processing of Personal Information at any time or restricting or objecting to the use of personal information, subject to legal and contractual restrictions

If you would like to exercise any of your rights or if you have questions about how we process information about you, please see the “Contacting Us” section below.

You have choices about how we use information about you for marketing and advertising. Like most companies, we work with a range of advertising partners such as ad networks, ad servers and social media platforms to present our ads online. Your choices may differ depending on whether we are communicating with
you through a website, email app or social media.

Choices about Marketing Communications

You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email and/or telephone. If you choose to not receive marketing communications from us, we will honour your choice. Please be aware that if you choose not to receive such communications, certain offers attached to the products or services you have chosen may be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.

For additional information and to manage your marketing preferences, please see Additional Information and Marketing Preferences .

Online Behavioural Advertising

American Express participates in Targeted Advertising programs. We use information we have about you in order to provide you with advertising messages that are relevant to you. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Online Behavioural Advertising and DAAC’s Application of Self-Regulatory Principles to the Mobile Environment. The DAAC program is designed to provide information about and greater control over online advertising. It enables you to opt out from online behavioural advertising served by participating companies. The DAAC program applies to websites and mobile applications. You can use the Ad Choices opt out tool to opt-out online or get the free DAAC App Choices App for each of your mobile devices. With the App Choices App you can set your preferences for Targeted Advertising and use of data across apps. Click here to learn more about the DAAC and your choices.

If you do not want to receive Targeted Advertising from American Express in apps, you can also turn off mobile device ad tracking or reset the advertising identifier in your device settings, where these tools are available from your device platform, on each of the devices that you use. If you do not want to receive Targeted Advertising using Precise Location Data, you can also turn off location-based services in your device settings.

In addition, we also work with online and social media companies to deliver Targeted Advertising on those platforms and they also have privacy content options.

Choices About the Information We Collect

You have choices about how American Express uses your information, such as how we market to you or how we manage Cookies and Similar Technologies.

If you do not want us to collect information about you using Cookies and Similar Technologies you can disable or delete them. Most computer systems and browsers offer their own privacy settings. We encourage you to use them to enhance your choices. Most browsers’ advanced settings (such as those in Internet Explorer, Google Chrome or Safari) allow you to disable Cookies and Similar Technologies.

Important: If you do disable or delete Cookies and Similar Technologies, some site features and services may not work. You will need to manage your settings for each computer and browser you use to access the Internet.

For more information go to About Cookies and Similar Technologies.

If you have any questions about our Statement, please talk to one of our customer service representatives at Amex Canada Click here for a list of contact numbers or, write to the Person in Charge of the protection of personal information:

Chief Privacy Officer

Amex Canada

PO Box 3204, STN F

Toronto, Ontario

M1W 3W7

We may change this Statement when necessary. Depending on what we change, we may let you know in advance. Whenever we make any changes, we will update the “Effective Date” at the top of this page. Any changes to this Statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you
accept the revised Statement.

Aggregated Information - data or information, relating to multiple people, which has been combined or aggregated. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.

American Express (we, our, us), - the American Express Company as identified at the beginning
of this Statement.

Amex Canada Privacy Code - This Privacy Code sets out the privacy policy of Amex Bank of Canada and Amex Canada Inc. (“Amex Canada”), and applies to their products, services and customers (including prospective customers) in Canada. The Code is consistent with the American Express Data Protection and Privacy Principles, which apply to all American Express operations worldwide.

Anonymized Information - data or information that is irreversibly or permanently modified to ensure that no individual can be identified from the information, whether directly or indirectly, by any means.

Business Partners - any third parties with whom we conduct business and have a contractual relationship, such as a business that accepts American Express branded cards.

Co-brand Partners - businesses we partner with to offer cards featuring both brand logos.

Cookies and Similar Technologies - cookies are small text files which are placed on your computer, mobile device or tablet whenever you visit a website. We use cookies for many different purposes, like helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. They can also help ensure that ads you see online are more relevant to you and your interests. Some of the functions that cookies perform can also be achieved using alternative technology, which is why we use the term 'Cookies and similar technologies ' in this Statement. More information about cookies.

De-identified Information - data or information used in a way that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.

IP Address - a number assigned to a device when connecting to the Internet.

Online Information - data or information collected on the American Express websites and apps as well as on websites and apps of third parties relating to topics about our business which includes Personal Information, Aggregated Information and De-Identified Information.

Other Information - American Express internal information (for example, transaction data), external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you.

Personal Information- information that can identify a person, such as name, address, telephone number, and email address.

Precise Location Data- data that allows the location of a mobile device to be used for the purposes of delivering Targeted Advertising.

Service Providers - any vendor, third party and/or company that performs business operations on our behalf, such as printing, mailing, fulfillment, communications services (email, direct mail, etc.), marketing, sales, data processing and platforms, servicing, collections, or ad management.

Targeted Advertising - ads we, or our Service Providers or Third-Party Ad-Servers, display on websites outside the American Express Family of Companies based on the preferences or interests inferred from our data, such as transaction data, or data collected from a particular computer or device regarding web viewing behaviours or app use over time and across different websites and mobile apps. Targeted Advertising may occur across browsers or mobile devices that have been associated together. Targeted Advertising includes Interest-Based Advertising. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Interest-Based Advertising. The DAAC program is designed to provide information about and greater control over online advertisements. It also enables you to opt out from Interest-Based Advertising served by any, or all of the participating companies. Click here to learn more about the DAAC and your choices.

Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.

American Express® Online Privacy Statement Canada

American Express®
Online Privacy Statement Canada