English | Dansk

Corporate Cardmember Privacy Statement

Effective Date: 14/07/2025

Corporate Cardmember Privacy Statement

What is this document?

American Express Europe Denmark, filial af American Express Europe S.A., Spanien, CVR-no. 39560542 (“American Express”) is committed to protecting your privacy. For the contact details of our Data Protection Officer please see the “Query or Complaint” section.

In this Corporate Cardmember Privacy Statement, we describe how American Express, in its capacity as data controller, collects, uses, shares and keeps Personal Data about you in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation) and Danish Data Protection Act ("DDPA").When you request our products or services and we also explain the rights and choices that are available to you. This Corporate Cardmember Privacy Statement includes specific details about how we use information tied to your card and related services.

If you interact with us online, there is a separate Online Privacy Statement that describes how we collect, use, share and keep Personal Data about you in that context. It is not specific to our products or services. It applies whenever we collect information online through: (a) services we operate such as our websites and mobile “apps”; (ii) services or content we offer on third party platforms, such as our electronic communications, social media pages, voice assistant apps and digital ads; and (iii) any other services or content linked to or referenced in the Online Privacy Statement.

The information provided under this Corporate Cardmember Privacy Statement explains how we use Personal Data tied to your card and for related services. This Personal Data will be used with information we collect about you online. We therefore ask that you also take time to consider the Online Privacy Statement. If you’re ever unsure about which privacy statement applies to a particular activity, remember that this Corporate Cardmember Privacy Statement will take precedence over the Online Privacy Statement and will apply to the extent the activity relates to the processing of Personal Data tied to your card.

From time to time, we may change our Corporate Cardmember Privacy Statement. If it is a material change, we will need to tell you about it. We’ll either do that by contacting you in writing (by mail or e-mail), by making it clear on your monthly statement, or by letting you know that it has been updated when you visit our website, https://www.americanexpress.com/da-dk/.

This version was last updated on the date set out above.

This Corporate Cardmember Privacy Statement is provided in a layered format, so if you’re accessing the privacy statement online you can click through to the specific areas set out below:

Personal Data is any information relating to you as an identified or identifiable natural person, such as your name, addresses, telephone number, and email address and other information specific to you such as demographic details, nationality, employment details and/or transaction information. If you do not provide us with Personal Data that we tell you is mandatory (for example, if we need to collect Personal Data by law or if it is necessary to enter into a contract with you), we may not be able to provide you with our products and services. We will notify you if this is the case at the time.

We collect and process various categories of Personal Data about you throughout your relationship with us as a cardmember (and beyond, subject to appropriate retention periods as further explained below). The types of information we collect will depend on which product or service you request or use. We will only collect Personal Data that is necessary for our business or to comply with our legal obligations. Personal Data may include:

your personal details, including name and address, date and place of birth, personal identity number, nationality, contact details
financial information, such as your bank account number, card numbers, expiry date and card cryptogram, and details of your transactions (e.g. payments you make and receive)
information about your function or role in your company
information about your preferences (for example, your marketing preferences and the offers you redeem through your Membership Rewards)
information about your financial and credit history, including proof of income, employment details, outgoings and credit and borrowing history when you have an individual liability corporate card
information about your position as, or relationship with, a Politically Exposed Person
criminal data for collating evidence and investigate about a suspected crime

We collect your Personal Data directly from you, through the following means:

From your application form for a card account;
Through the way you communicate with us and use your account (such as information provided during servicing calls);
Any research, surveys or competitions you enter or respond to or any marketing offers for which you register; and
From other information you directly provide to us.

We also collect your Personal Data from different sources depending on which product or service you request or use, such as:

when you request or utilise products, goods or services (such as when you use your card to make transactions with merchants, ATM operators, use concierge services or book travel);
from publicly available records or third-party databases (for example, CPR or Experian;
the forms related to any benefits, insurance, travel or other corporate programmes in which you or your company is enrolled
third parties, such as:
- Business Partners. These are third parties with whom we conduct business or have a contractual relationship, such as co-brand partners or merchants; or
- Open banking providers. Information we receive from open banking third party providers you (or a third party properly authorised on your behalf) have authorised. Open banking providers provide payment-initiation or account-information services (for example, you may authorise such providers to collect account information from your bank, which is subsequently shared with American Express for the purpose of completing our underwriting verifications to issue you with a card).

In addition, we also collect digital data, such as your IP address or other information about your online interactions, as described in the Online Privacy Statement.

We sometimes process Personal Data so that it no longer identifies any individual. Once processed, this is referred to as aggregated and anonymised information. We process Personal Data to aggregate and anonymise it to:

analyse patterns among groups of people, such as cardmembers;
create business insights or statistical research reports; and/or
improve our advertising and our business.

We sometimes share aggregated and anonymised information with Business Partners or other trusted third parties, for many of the same reasons mentioned above.

We use your Personal Data either on its own or combined with other information. We need a “lawful reason” under data protection laws to process your Personal Data, which are as follows: (i) where it is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract with you; (ii) where necessary for our legitimate interests, such as to prevent fraud and/or enhance our products or services; (iii) where we have obtained your consent, such as for marketing purposes when you opt-in to receive marketing from us; or (iv) for compliance with legal obligations and we are required by law to process your Personal Data, such as for the due diligence that financial institutions are required before approving card accounts.

The table below sets out what we use your Personal Data for and our legal basis for doing so. Please note that we consider and balance any potential impact on you and your rights before processing your Personal Data for our legitimate interests. The legitimate interest relied upon is also set out in the table below.

Please note that we may process your Personal Data for more than one legal basis depending on the specific purpose for which we are using your Personal Data. Please contact us if you need details about the specific legal basis, we are relying upon to process your Personal Data where more than one basis has been set out in the table below.

What we use your information for	The legal basis for using your Personal Data
To process applications for our products, including making decisions about whether to approve your application.	Where necessary to perform our contract with you or to take steps to enter into a contract with you.
To comply with our regulatory obligations when reviewing your application.	Where required by law.
To administer and manage your account and provide our services to you and/or your company, such as whether to process, approve and complete individual transactions.	Where necessary to perform our contract with you or to take steps to enter into a contract with you. It is in our legitimate interests to manage our business risks (such as fraud and security risks), fulfil our obligations towards your company and to ensure you and your company are provided with a high standard of customer care and service.
To manage any benefits, insurance, travel or other corporate programmes in which you or your company is enrolled.	It is in our legitimate interest to manage our contractual relationship with your company. Where necessary to perform our contract with you or to take steps to enter into a contract with you.
To provide you with the location-based services you requested (if any).	Where necessary to perform our contract with you or to take steps to enter into a contract with you.
To communicate with you through email, SMS or any other electronic methods, by post and/or phone about your accounts, products, and services for legal, regulatory or servicing purposes (such as updating you about features attached to your products or services).	Where necessary to perform our contract with you or to take steps to enter into a contract with you. To comply with our legal obligations including with respect to payment services and consumer protection and other complementary laws and other consumer regulations relevant for payment institutions It is in our legitimate interests to ensure we provide you with information you need to know about your products and services
To provide a more appropriate service and/or protecting your best interests by making reasonable adjustments, such as sending or providing you with information in an appropriate format (for example, if you have a visual disability), and to improve our websites and apps and make them more user-friendly.	It is in our legitimate interests to improve your customer experience and ensure our service meets and is appropriate for your needs. To comply with our legal obligations, including with respect to equality and accessibility and other complementary laws relating for example to equal treatment and protection against discrimination as well as other equality and accessibility regulations.
When interacting with some of our Business Partners available in your card benefits programme, to connect you to your Membership Rewards account (if applicable) and, depending on your card product, enable you to use Membership Rewards points to pay for products or services with a Business Partner.	It is in our legitimate interests to improve your customer experience, to promote the use of the benefits we offer to you and to facilitate the use of these benefits with our Business Partners (as applicable).
To carry out checks for the purpose of keeping your account and Personal Data secure, detecting and preventing fraud or criminal activity (including the review and approval of individual transactions) and to check your identity before providing services to you (including through “know your customer” screening and monitoring). This may include using the location and other technical features of your mobile device or browser.	To comply with our legal obligations including with respect to anti-money laundering and strong customer authentication, and any other laws and regulations relevant to and for payment institutions It is in our legitimate interests to manage our business risks, such as operational and security risks and to detect, prevent and investigate fraud. We have your permission to do so (for example, where use of your biometric data is optional and there is a legitimate need for secure identification, and the method is necessary to achieve such identification)
To answer questions submitted to us by you, respond to your requests (customer service) and manage and deal with any complaints you may have.	Where necessary to perform our contract with you or to take steps to enter into a contract with you. It is in our legitimate interests to make sure complaints are investigated and you are provided with a high level of service. To comply with our legal obligations including with respect to consumer protection and other complementary laws and other Consumer regulations.
To protect our business interests, recover debt and exercise other rights we have under any contract with you.	Where necessary to perform our contract with you or to take steps to enter into a contract with you. It is in our legitimate interests to ensure we manage and protect our business, including recovering any debts owed to us when you have an individual liability corporate card.
To manage mergers, acquisitions, sales of business assets and generally management of extraordinary corporate operations.	It is in our legitimate interests to manage our corporate operations.
To establish, exercise, or defend legal rights or claims and assist in dispute resolution.	It is in our legitimate interests to ensure we manage and protect our business and interests.
To develop and improve our products and services, including for the purpose of better understanding our customers, their needs, preferences and behaviours; place you in groups with similar customers to deliver products or services which may be more suitable for you or suit your preferences; and assess and analyse whether our ads, promotions and offers are effective.	It is in our legitimate interests to improve our products and services (for example, to make sure our products and services remain competitive and relevant for our customers).
To help us better understand your financial circumstances and behaviour so that we can make decisions about how we manage your existing accounts and what other products or services can be extended to you.	It is in our legitimate interests to improve our products and services. To comply with our legal obligations.
To check we have carried out your instructions correctly, to develop and improve our services and for training and quality purposes.	It is in our legitimate interests to improve our products and services and ensure we provide you with a consistently high standard of customer service. Compliance with our legal obligations (where applicable)
To record, transcribe and monitor calls for the following purposes: training, quality, compliance, fraud prevention and complaint handling.	It is in our legitimate interests to improve our products and services and ensure we provide you with a consistently high standard of customer service.
To provide you with open banking services (for more information, please see the “Open Banking” section).	Where necessary to perform our contract with you or to take steps to enter into a contract with you To comply with our legal obligations
For the purpose of conducting testing (to ensure security and when we update our systems), website administration, information technology system support and development and to safeguard the security of your Personal Data.	It is in our legitimate interests to manage our business risks, such as compliance and regulatory, operational and security risks.
To develop and refine our risk management policies, models and procedures for applications and customer accounts, relying upon information in your application or relating to your creditworthiness (including any information provided by third parties, such as collection agencies), fraud risk and account history (if applicable).	It is in our legitimate interests to manage our business risk, including credit, regulatory and fraud risks.
To inform our collection practice and share information with collection agencies and fraud management agencies	It is in our legitimate interest to manage our business and credit risk.
To conduct research and analytics, including allowing you to give feedback by rating and reviewing our products and services and those of our Business Partners and to produce data analytics, statistical research and reports on an aggregated basis.	It is in our legitimate interest to conduct research and analytics, to improve and develop our business and the services and products we offer to customers.
To prepare reports and statistics to enable your company to uphold an effective administration and procurement policy (this may also include information on outstanding debt).	It is in our legitimate interest to manage our business relationship with your company.
To respond to queries from regulators, law enforcement and other authorities and/or to cooperate with them.	To comply with our legal obligations pursuant to any laws that mandate us to cooperate with regulators, law enforcement and any other authorities. It is in our legitimate interests to support/and cooperate with regulators, law enforcement and other authorities in the detection and prevention of fraud and crime, particularly where it impacts our cardmembers.
To comply with legal and regulatory obligations (such as performing due diligence on you before approving your application).	To comply with our legal obligations. It is in our legitimate interests to perform due diligence to ensure our interests (as a business) are appropriately protected.
To market products and services which we think you will be interested in based on your relationship with us (by email, SMS or telephone (for example – if you call us)).	It is in your legitimate interests to market products and services which we think you will be interested in, based on your relationship with us (where the law allows us to do so, on the basis of opt-out). Your consent.
To advertise, market and send you promotions and offers about products and services for or from the American Express Group (i.e., any affiliate, subsidiary, joint venture, and any company owned or controlled by our parent company) and our Business Partners, including to present content that is personalised and tailored to your preferences and interests, including targeted advertising across multiple devices or showing you offers in your Manage Your Card Account (MYCA) environment.	It is in our legitimate interests to advertise and market products and services which we think you will be interested in, based on your relationship with us. Your consent when we provide you with varied offers of products and services when we provide these offers to you by any means different from those mentioned above

What we use your Sensitive Personal Data for	The legal basis for doing so and the relevant condition allowing the processing
To comply with relevant laws and regulations and to cooperate with regulators, law enforcement and any other authorities.	To comply with our legal obligations. Establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Criminal data for the purpose of collating evidence and investigate about a suspected crime to establish, exercise or defend Amex’s legal rights.	Where necessary to establish, exercise or defend legal rights.
We may use information you’ve given us about your personal circumstances (including health and medical information) for some of the purposes set out in the above table. For example, to enable us to provide a more appropriate service to you and to make reasonable adjustments.	Your express consent Establishment, exercise or defence of legal claims

When you use open banking services (when available), we will process your Personal Data – such as:

during the card application process, for income check and verification purposes; or
providing you with consolidated information on the payment account(s) that you hold with one or more bank(s) or payment institution(s), or (where applicable) complying with a request made on your behalf by a payment initiation services provider, when they initiate a payment to pay a merchant on your behalf.

In this context, we will process your Personal Data for the above purposes or as otherwise described in the “Use of Personal Data” section..

We use fully automated processes to help us make certain decisions about you, including to evaluate certain attributes about you to provide our services. This also involves profiling. What this means is that we will use software and/or artificial intelligence to automatically evaluate your personal circumstances to identify or predict risks or certain outcomes. For example, we use automated processes to make decisions about you in relation to the following:

detect, monitor, and manage fraud; and
assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card when you have an individual liability corporate card.

This is known as “automated decision-making”. Some of those decisions that are made solely by automated means have legal effects or similar effects, which we explain further below. However, we will only perform such processing if it’s:

- necessary for entering into or performing a contract between you and American Express. For example, we may decide that some of our products and/or services may not be suitable for you, based on your credit history and if you do not meet our eligibility criteria; or

- authorised by a law to which American Express is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests (for example, to prevent fraud); or based on your explicit consent to such processing.

How we make decisions with automated processes

Fraud

We will assess payments to and from your account to identify any payments that are unusual. For example, if there is a payment you would not usually make (such as a payment of a significant sum, which is not in accordance with your transaction history), we may take action to stop us from making a payment that is likely to be fraudulent.

We will also assess your spending behaviour and transaction history to identify if you are likely to be a fraud risk (for example, if a sudden change in your spending and repayment behaviour suggests you have no intention of paying any outstanding balances owed to American Express). This may mean that we take steps to mitigate the risk to us, including declining charges you make using your card.

Assessing credit risks

When you have an individual liability corporate card, as part of managing our relationship with you, we take several factors into account to assess if there is a credit risk, or if you are getting into financial difficulties. This may include assessing the activity on your account, your payment history (for example, if you’ve missed payments due and payable), information you provided on your application form (for example, your income) and information we obtain from credit reference agencies and similar institutions (i.e., Experian). We will use this information to decide whether to take any actions in relation to your card to manage any credit risk.

We will take into account a number of factors to assess your creditworthiness as part of our assessment of credit risk, including information provided as part of your application (for example, your income and your outgoings and information we obtain from credit reference agencies (i.e. Experian). We will use this information to decide whether to offer you a card and (if applicable) what credit limit to place on the card.

These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with American Express, and information we obtain from third parties, such as Experian. We also look at digital data (information about your device, browser, or patterns in your online interactions with American Express) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.

Our automated decision-making methods are regularly tested to ensure that they remain fair, effective and unbiased.

Where we use automated decision making for entering into or performing a contract with you, as authorised by law or based on your explicit consent, you have the right to express your point of view, contest the decision made and request human intervention. Please see the section “Your Rights” for more information about your rights related to automated decision making.

We will only share your Personal Data with others where it is lawful for us to do so, and for a specific purpose (as set out in the above table or below)., including with:

credit reference agencies and similar institutions to ask about your financial circumstances;
police, regulatory authorities, courts, governmental agencies, tax authorities and any other third party (for example, third parties specified in a court order) to comply with legal orders, legal or regulatory requirements, law enforcement requests and/or otherwise in connection with actual or suspected fraud or criminal activities, or investigation of the same;
collection agencies and external legal counsel to collect debts and charges on your or your company account;
our Service Providers (including their subcontractors) who perform services for us and help us manage your account and/or operate our business (i.e., any vendor, third party and/or company that provides services or performs business operations on our behalf such as communications services, fraud checks, marketing, data processing and outsourced technology, servicing, ad management, auditors, consultants and professional advisors such as external legal counsel and accountants);
companies or other lines of products and services within the American Express Group. For example, where those companies provide services to us and/or where it is necessary for us to lawfully carry out our business activities;
Business Partners, such as parties that accept American Express branded cards for payments of goods/services purchased by you (i.e., merchants), banks or other payment card issuers to provide, deliver, offer, customise or develop products and services to you, and address or resolve claims. We will not share your contact information with Business Partners for them to independently market their own products or services to you without your consent. However, we may send you offers on their behalf with your consent. Please note that if you take advantage of an offer provided by a Business Partner and become their customer, they may independently send communications to you. In this case, you will need to review their privacy statement and inform them separately if you wish to decline receiving future communications from them;
any party approved by you, such as third parties for the provision of open banking and related services upon your request, for example where you seek to connect your account information to another platform or to initiate payments from other accounts;
our loyalty partners to connect your Membership Rewards account (if applicable) and dependent on your card product, with any partners available in your card benefits programme;
to your Company (including the programme administrator) or its affiliates, including their agents and processors and advisers (such as accountants, lawyers and other professional advisers) who your company has authorised, or any other person your company has told us is authorised to give instructions or use the account, as well as in order to fulfil contractual obligations towards your company; or
anyone to whom we transfer or assign our contractual rights.

We transfer your Personal Data to organisations in other countries and regulatory authorities in other countries. Some of these jurisdictions may not provide the same level of protection for Personal Data as provided in the European Economic Area (EEA). Some countries will have different data protection laws. This includes transfers to countries outside of the EEA, such as into the United States where our main operational data centres are located. We undertake these transfers to operate our business, process transactions on foreign purchases, administer your account and your company account and to provide our products and services to you and your company.

Keep in mind, no matter where we process your Personal Data, we will always protect it in the manner described in our privacy statements and in accordance with applicable law. When we transfer your Personal Data to certain countries outside of the EEA:

If that country has received an adequacy decision from the European Commission (please see the list of countries here), we will rely on that decision to undertake our transfer; or
In the case of transfers of Personal Data to a third party in the United States, we may rely on that third party’s certification to the EU-US Data Privacy Framework to transfer your Personal Data.

In other cases, we are required to put in place an “appropriate safeguard”. In particular:

When we share Personal Data with other companies within the American Express Group that are outside of the EEA, we ensure an adequate level of protection through our Binding Corporate Rules, available here. Our Binding Corporate Rules ensure your Personal Data is protected by requiring all of our group companies to follow the same rules when processing your Personal Data.
When we share your Personal Data with third parties (or American Express Group non-participating Binding Corporate Rules companies) outside the EEA to countries which have not received an adequacy decision from the European Commission, we include appropriate contractual protections (including the European Commission standard contractual clauses) in those agreements. In addition, we assess whether other technical and organisational measures are required for those transfers.

You can receive a copy of such contractual protections by contacting us, see the “Query or Complaint” section below.

We use organisational, administrative, technical and physical security measures to safeguard your Personal Data and to help ensure that your information is processed promptly, accurately and completely. We require Service Providers to safeguard your Personal Data and only use your Personal Data for the purposes we specify.

We will keep your Personal Data only for as long as you are a customer of ours and we need to perform the contractual relationship with you and deliver the products and services that you requested. Once our relationship with you has ended (for example, your account has closed), we will only keep your Personal Data for a period of time that is appropriate, taking into account the nature and the sensitivity of the data and what we continue to hold it for.

These retention periods will vary, depending on the reason for why we continue to hold your Personal Data, and considering the nature and the sensitivity of the data. Although there are some exceptions to this, generally we will retain Personal Data for the duration of your contractual relationship with American Express. We will also retain some Personal Data after your contractual relationship with us has ended, e.g., to be able to defend against legal claims or to comply with mandatory bookkeeping requirements. The retention period will be determined by various criteria, including:

comply or evidence compliance with our legal and regulatory requirements (for example, laws relating to money laundering)
defend or take legal action
maintain business records for analysis or audit purposes
keep records of anyone who does not want to receive marketing from us

When your Personal Data is no longer necessary for the above purposes, we will securely destroy such information. For more information about our data retention practices, you can contact us – please see the “Query or Complaint” section.

We encourage you to check regularly that all Personal Data held by us is accurate and up to date. If you believe that any information we hold about you is incorrect or incomplete, you may ask us to correct or remove this information from our records. We recommend that you go to americanexpress.dk, log in and update your Personal Data. If you prefer, you can contact us – please see the “Query or Complaint” section. Any information which is found to be incorrect or incomplete will be corrected promptly.

You have the right to access, update, restrict, port, erase or object to the processing of your Personal Data. More specifically, you have the right to:

Withdraw your consent for our use of your Personal Data at any time, where our processing is based on your consent.

This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Request restriction of the use of your Personal Data in certain cases.

You can ask us to restrict the processing of your Personal Data in the following scenarios:
- if you want us to establish the accuracy of the Personal Data;
- where our use of the Personal Data is unlawful, but you do not want us to erase it;
- where you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.
In certain cases, request the erasure of your Personal Data.

This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with applicable law. However, please note that we may not always be able to comply with your request for specific reasons set out in the law which will be notified to you, if applicable, at the time of your request.
Request a human review of automated decisions that impact your legal or contractual rights or that may have a similarly significant effect.

In certain circumstances, you have the right to request for an automated decision to be reviewed, to express your point of view and to contest the decision. This right only applies to fully automated decisions, so it won’t apply if there has already been input from someone as part of the decision-making process.
Request the transfer of your Personal Data to you or to a third party.

We will provide to you, or (where technically feasible) a third party you have chosen, your Personal Data in a structured, commonly used and machine-readable format. Note that this right only applies to processing activities carried out by automated means for which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request a copy of your Personal Data we have about you (often referred to as a “data subject access request” or a “DSAR”).

This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Establish guidelines for the retention, deletion and disclosure of Personal Data of a deceased person in accordance with applicable law.

Subject to applicable law you may establish guidelines regarding your Personal Data for when you become deceased in accordance with applicable law. In this regard, persons expressly designated by deceased data subjects or the public prosecutor in the case of minors or people with disabilities may request to access the Personal Data of the deceased data subject or the rectification of the Personal Data of the deceased data subject.

You can also object to our processing of your Personal Data:

on grounds relating to your particular situation, when the applicable legal basis is legitimate interests. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data, which override your rights and freedoms. If this is the case, we will let you know. and
when your Personal Data is processed for direct marketing purposes.

If we receive a request from you, we will respond as soon as possible but no later than one calendar month except as follows. If, due to the nature or circumstances of your request, we can’t meet that deadline, we may extend it by up to a further two months (complex requests). In this case, we will send you an email or letter explaining the cause of the delay.

If you have any questions about how we process your Personal Data, you can contact us – please see the “Query or Complaint” section.

You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email, SMS and/or telephone. Please see the above section for our lawful reasons which justify using your information to send you marketing communications. The lawful reasons for sending direct marketing communications to you will differ depending on a number of factors, including the marketing channel used (e.g. SMS, email, telephone), whether we have an existing relationship with you, or if you are an individual customer, or a business customer.

If after making your preferences you wish to opt out of receiving marketing, we recommend you go to www.americanexpress.com/da-dk/, log in, and update your privacy preferences. If you prefer, you can also contact us – please see the “Query or Complaint” section below. If you choose not to receive marketing communications from us, we will honour your choice.

Please be aware that if you choose not to receive such communications, certain offers attached to the products or services you have chosen could be affected.

We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or program in which you have elected to participate. These communications are necessary to provide the service you expect to receive from us and you may not opt out of receiving them.

If you have questions about this Cardmember Privacy Statement or how your information is handled or wish to make a complaint or exercise your rights, call us at the free phone number published in our web page under the Contact Us section. You can also contact our Data Protection Officer at DPO-Europe@aexp.com. You may also write to American Express Europe S.A., Avenida Partenon 12-14. 28042 Madrid.

You also have the right to contact the Danish Data Protection Agency at https://www.datatilsynet.dk/ the authority of the European Member State where you live, work or where there may have been an infringement. If your request is not resolved to your satisfaction, you may also take your case to court.