American Express®
Online Privacy Statement 

The type of information we collect depends on the product or service you use. We only collect Personal Data that is reasonably necessary for legitimate business purposes.

In some cases, we collect information when you provide it directly to us. We may, for instance, collect Personal Data, e.g. your name, account number, date of birth, address, telephone number and/or e-mail address. When you interact with American Express online, we may also process digital data and other information derived from your online behaviour, e.g. your IP address or that you have previously paid us a visit online during the application process. We collect Personal Data, for instance, when you:

• apply online for an American Express product or service;
• access our online services related to your account;
• book a flight through American Express Travel or buy something on our websites;
• sign up for an American Express offer, participate in a promotion or one of our surveys.

If you apply for an American Express account, we may collect additional detailed Personal Data, e.g. your employment details or income.

Please note that in some cases, we may also collect special categories of Personal Data (e.g. health information or biometric data). We will only use this information as permitted or required by law or if you provide it with your explicit consent.

Cookies and comparable technologies

We also collect information using cookies and comparable technologies when you use our online services or access our content online.

A cookie is a small data file that a website transfers to your computer. We set cookies when you visit our website or another company's website where our advertisements appear or when you make purchases, request or personalise information, or sign up for certain services. If you accept the cookies used on our website, websites operated by another company on our behalf or websites where our advertisements appear, you provide us access to information about your interests. We use this information to personalise your experience. Comparable technologies include small images, web beacons and pixel tags, which are typically transparent images on websites. Our cookies and comparable technologies collect information about your device, operating system and web browser. They also collect information about your device use, as described in more detail below.

Most cookies and similar technologies only collect anonymised information, e.g. how you found our website or your general location. However, certain cookies and comparable technologies collect Personal Data. For example, a cookie will store your username if you click "Remember me" when
logging into our website.

Cookies and comparable technologies may collect information, e.g.:

• the devices you use (for example, the operating system or type of device you use to access American Express electronic communications);
• information related to your IP address, e.g. your domain information, internet service provider and general geographical location;
• how you use our websites and apps, e.g. what you search for on our websites and apps, the pages you view, how long you stay and how often you visit;
• how you search for our websites or apps, which website or app you come from and which of our business or commercial partners' websites you visit;
• which advertisements or online content from us and our business or commercial partners you view, open or click;
• whether you open our electronic communications or not, which parts you click or how often you open them.

If you use your mobile device to access our products or services, we may collect information about that device, e.g. your location, to deliver the location-based content you requested.

For more information on cookies and comparable technologies, please see our policy: About cookies and comparable technologies.

Other sources of information
We may obtain information about you from other sources and combine it with the information we collect under this Statement. According to privacy statements, for example, we may obtain information about other American Express products and services you use. According to the Cardholder Privacy Statement, we may collect information from your paper application form and card transactions. We may also obtain information from publicly available files, databases or third-party sources, e.g. credit bureaus or business and commercial partners.

We use information about you on its own or aggregated with other information: (i) when this is necessary to manage our contractual relationship with you; (ii) for our own legitimate interests to offer you better products and services (e.g. fraud reduction); (iii) when we have obtained your consent, e.g. for certain marketing purposes; or (iv) to comply with legislation. Please note that we consider and weigh up any potential impact on you and your rights before processing your Personal Data for our legitimate interests.

(i) By managing our contractual relationship with you, and providing products and services, we mean, for example:

• processing your requests;
• processing and completing transactions;
• managing your accounts;
• notifying you of new features and benefits;
• providing location-based services you requested;
• providing you with better communication;
• offering you the option to open banking services (see Open banking for more information).

(ii) We may use information about you for our legitimate interests or the legitimate interests of others to:

• conduct research and perform analysis to better understand our online visitors, customers and our company, including to:
  • solicit feedback or reviews on our products and services, and those of our commercial and business partners;
  • determine the effectiveness of our advertising and marketing campaigns;
  • improve and make our websites or apps more user-friendly;
  • classify you into groups with similar customers to make predictions about you, provide more personalised services and help determine whether you are interested in new products or services;
• manage our operational risks, e.g. fraud, credit and security risks, including:
  • detect and prevent fraud or criminal activity and protect your accounts, including using the location and other technical characteristics of your mobile device or browser;
  • monitor and approve individual transactions you make through digital channels;
  • develop and refine our risk management policies, models and procedures for applications and customer accounts;
  • inform our collection agencies and share information with credit reference agencies and fraud management agencies;
• advertise and market our products and services, and those of our business and commercial partners, including presenting content tailored to your interests, e.g. targeted advertisements across multiple devices (see Digital advertising for more information).

(iii) With your consent, we will:

• promote our products and services;
• send advertisements, promotions and offers to you related to products and services for companies within the American Express group and those of our business and commercial partners;
• recognise you when you return to our websites, receive our e-mails or use our apps, including on multiple devices (e.g., to send you tailored advertisements, promotions, offers or content, e.g. targeted advertisements). See Cookies and comparable technologies above for more information.

(iv) To comply with applicable laws and regulations around the world, we may use information about you:

• to establish, exercise or defend legal rights or claims and help resolve disputes;
• for reasons of substantial public interest (including, for example, the use of your biometric data, e.g. your voice recording) for security screening and fraud prevention;
• as required or permitted by law (e.g. conducting 'due diligence' on you before we approve your application).

Open banking
We may use your Personal Data to provide our open banking services. These services include:

• providing consolidated information on one or more payment accounts you hold with one or more banks or payment institutions; or
• contacting your bank to make a transfer to a merchant, for example when you use our Pay With Bank Transfer services (which, for example, allow you to pay for a purchase on a participating website
  directly from your bank account, with your money being sent directly to the merchant's bank account).

In this context, we will process your Personal Data to provide you with regulated open banking services or as otherwise described in "Use of information".

Automated decision-making
We may use fully automated processes to help us make certain decisions, including evaluating certain of your characteristics to deliver our services. We can use such processes, for example, to:

• assess security risks, detect and manage fraud;
• process card applications;
• assess credit risks, including checking whether you meet our eligibility criteria and to decide whether we can issue you a card.

These assessments are based on information we lawfully obtain, e.g. information you have provided in your application form (including your stated income), your payment history with American Express and information we obtain from third parties, e.g. credit bureaus. We also look at digital data (e.g. information about your device, browser or patterns in your online interactions with American Express) to help us detect fraud. These methods are regularly tested to ensure they remain fair, effective and unbiased. Some decisions made solely by automated means have legal or comparable consequences. However, we will only do this if:

• this is necessary to enter into or implement a contract between you and American Express;
• this is authorised by a law to which American Express is subject, which also establishes appropriate measures to protect your rights, freedoms and legitimate interests;
• you have provided your explicit consent to such processing. See section F: 'Your rights' for more information on your rights regarding automated decision-making.

Digital advertising
We advertise through our websites, apps, and third-party platforms. We may use information about you to display marketing content online, across multiple devices you use, tailored to your interests or general geographical location. Below are some ways this works.

• We engage in targeted advertising using Personal Data, your e-mail address and other information collected using cookies and comparable technologies relating to your browsing behaviour over a certain period and on different websites.
• We also use information about you to present advertising content or participate in targeted advertising campaigns on social media platforms. If you follow our social media pages or "like" our content
  on these platforms, we may use information about you to improve the content and how we deliver it to you through social media.

Please note that these websites and apps do not belong to us, and we are obliged to use information about you only in ways consistent with these platforms' privacy policies and terms and conditions.

You can choose what we offer you, as indicated in section G: 'Your options'.

In some cases, we may disclose information about you, for example to:
 

• service providers who provide services for us, e.g. printing, mailing, advertising, marketing, etc. We require all our service providers to protect Personal Data according to our standards and use it only for the purposes we permit;
• regulatory authorities, courts, government agencies and fraud prevention agencies, to comply with legal or regulatory requirements, assist in legal or regulatory investigations and protect the rights of American Express or others;
• credit reference agencies and comparable institutions to report or investigate your financial situation, and to report or collect any debts you owe;
• companies or other products and services within the American Express group;
• business or commercial partners, e.g. other financial institutions, loyalty programmes, travel partners and certain advertising partners with whom we offer or develop products and services;
• third parties to provide open banking services and related services you requested, for example when you try to link your account details to another platform or initiate payments through other accounts;
• necessary parties involved in the sale of any company in the American Express group or its assets;
• other relevant third parties as required or permitted by law or with your consent.

Cross-border transfers of Personal Data

Where necessary, in order to provide you with our products or services, we will transfer Personal Data to other countries with different data protection legislation (including countries outside the European Economic Area, such as the United States, where our main operational data centres are located), unless restricted by applicable legislation.
 

Please note that wherever we process Personal Data related to you, we will always protect it as described in our privacy statements and according to applicable legislation. When we share Personal Data with other companies within the American Express group located outside the European Economic Area, for example, we ensure an adequate level of protection through our binding corporate rules. When we share Personal Data with third parties outside the European Economic Area, we include appropriate contractual protections in agreements. In addition, we assess whether other technical and organisational measures are needed for such a transfer.

We sometimes process Personal Data in a way that does not allow individuals to be identified. Once processed, this is called aggregated and anonymised information. We use aggregated and anonymised information to:
 

• analyse patterns between groups of people, e.g. cardholders and online users;
• create business insights or statistical research reports;
• improve our advertising and our company.

For the reasons stated above, we sometimes share aggregated and anonymised information with third parties.

We use administrative, organisational, technical and physical security measures to protect the confidentiality, integrity and availability of Personal Data. Here is what you need to know:
 

• these measures include technological safeguards and appropriate access controls to data and facilities;
• we require service providers to safeguard personal Data and only use it for the purposes we specify;
  
• we take reasonable steps to securely destroy or de-identify  personal Data when we no longer need it;
  

We keep personal Data for only as long as necessary to provide you with products or services - unless we’re required or permitted to keep it for longer by law, regulation, or for litigation or regulatory investigations.

In certain cases, you have the right to access, update, limit, object to and delete your Personal Data. You can also exercise your right to data portability and/or withdraw your consent. These rights include:
 

• requesting access to any Personal Data we hold about you;
• limiting and/or objecting to the use of Personal Data;
• requesting a manual review of certain automated processing activities that may affect your legal or contractual rights or may have a comparable legal impact;
• receiving your Personal Data in a structured, commonly used and machine-readable format and/or sending such data to another Data Controller;
• withdrawing the consent you have provided to the processing of Personal Data at any time.

Click here if you want to exercise your rights.
 

If you have any questions about how we process your Personal Data, please contact us.
 

If we receive a complaint from you, we will endeavour to resolve it as soon as possible and within 30 days at the latest. If we cannot meet this deadline, we will send you a letter explaining the reason for the delay and indicating an expected time for our response. Please note that your request will be processed free of charge, except if it involves additional costs for our company, in which case we may charge you the rate determined by the data protection authority.

You can also contact the Dutch Data Protection Authority (Dutch DPA) directly. For more information, see autoriteitpersoonsgegevens.nl. You also have the option of taking legal action where you live, work or where an offence may have been committed.

You have the right to choose how American Express collects and uses information about you for marketing and advertising purposes. We work with various advertising partners to present our advertisements online, including advertising networks, advertisement servers, and social media platforms. Your options may vary depending on whether we serve you advertisements through websites, e-mail, apps or social media.

Options about the information we collect

• If you do not want us to collect information about you through cookies for marketing and advertising purposes, you can opt out of cookies in the banner displayed when you first visit our site by clicking on 'Set cookie preferences' or by adjusting your browser settings, as explained in the policy 'About cookies and comparable technologies'.
• If you delete cookies, buy a new device, access websites from another device or change browsers, you must log out again.
• If you opt out of cookies, we will still show you advertisements related to our products or services, but they will not be based on your information.

You can customise how we collect information about you through your mobile device settings. For example, you can disable location-based services and advertisement tracking on devices. Options concerning marketing communications.

If you do not want to receive direct marketing communications from us, you can unsubscribe by:

• e-mail by clicking on unsubscribe at the bottom of an e-mail and following the instructions;
• your account online: log in to your account and click on account management/alerts and preferences/manage your preferences;
• by phone: register with the do-not-call register at bel-me-niet.nl.

Even if you opt out of direct marketing, we will still communicate with you to manage your account, fulfil your requests, or administer a promotion or programme you have selected to participate in. This communication, which is necessary to inform you about the services you expect to receive from us, is not considered direct marketing but rather qualifies as a service message. For example, such communication may be used to notify you of a credit to your account.

How to access your options
You can choose how we communicate with you if you are a customer. If you want to update your communication preferences, you can:

• log in to your account and click 'manage your account/settings/change contact preferences' to update your marketing and data-sharing options.
• call the following numbers: +31 (0)20 504 80 00 (Consumer and Small Business cardholders) or +31 (0)20 504 87 00 (Corporate cardholders) / +31 (0)20 200 82 44 (KLM American Express Corporate cardholders).

Card acceptance companies

• Log in to your American Express Services Merchant account and go to your settings to update your preferences related to marketing communications.
• Call +31 (0)20 504 86 66.

If you have any questions about this Statement, please feel free to contact the number on the back of your card or visit the 'Contact Us' page. You can also contact DPO-Europe@aexp.com.

If you are a customer, you can update your Personal Data by logging into your account online or in your Amex® App anytime. We are available 24 hours a day. 

We may amend this Statement if necessary. We may provide you with advance notice, depending on what we change. Every time we make changes, we will update the "Effective Date" at the top of this page. Amendments to this Statement will take effect immediately after publication. Your continued use of our products and services after an update implies your acceptance of the revised Statement.