Effective Date: July, 2021
American Express® (American Express Europe S.A. and American Express Payments Europe S.L.), is committed to protecting your privacy.
In this Online Privacy Statement (“Statement”), we outline what information we collect about you online, why we collect it and how we access, use, disclose, and protect it. This Statement applies to information we collect online through:
This Statement also applies to all other services or content that link to or reference this Statement.
Here’s something to keep in mind
We may provide you with more details about how we use information about you, depending on the product or service you use. In this case, we’ll provide additional Terms & Conditions, privacy statements, or notices. For example, your Corporate Cardmember Framework Agreement includes more specific details about how we use information tied to your corporate card.
This Statement doesn’t apply to online services operated by American Express that have their own online privacy statements.
Third-party services, such as social media sites, have terms that explain how they handle information about you. Please take a moment to review the terms of any other online services you use.
Our websites and apps are not intended for children. We don’t knowingly collect information online from, or market online to, children under 16 years of age.
In some cases, we collect information if you directly provide it to us. For example, we may collect personal information such as your name, account number, date of birth, address, phone number, and/or email address. When you interact online with American Express, we may also process digital data and other information originating from your online behavior, such as your IP address or whether you have previously visited us online during the application process.
For instance, we collect personal information when you:
If you apply for an American Express card account, we may collect more detailed personal information such as your employment details or your income.
Please note that we may also collect special categories of personal information (such as information regarding health or biometric data) in some instances. We’ll use this information only as permitted or required by law, or where provided by you with your explicit consent.
Cookies and similar technologies
We also collect information through cookies and similar technologies when you use our online services or access our content online
A cookie is a small data file that a website transfers to your computer. We place cookies when you visit our website or another company’s website where our ads appear or when you make purchases, request or personalise information, or register for certain services. If you accept the cookies used on our website, websites that are “powered by” another company on our behalf, or websites where our ads appear, you give us access to information about your interests. We use that information to personalise your experience. Similar technologies include clear GIFs, web beacons, and pixel tags, which tend to be transparent images on websites. Our cookies and similar technologies collect information about your device, operating system and web browser. They also collect information about your use of the device, as described in more detail below.
Most cookies and similar technologies will only collect de-identified information such as how you arrive at our website or your general location. However, certain cookies and similar technologies do collect personal information. For example, if you click “remember me” when you log in to our website, a cookie will store your username.
Cookies and similar technologies may collect information that includes:
If you use your mobile device to access our products or services, we may collect information related to that device, such as your location to provide location-based content you request.
For more information about cookies and similar technologies, please refer to our policy “About Cookies and Similar Technologies”.
Other Sources of Information
We may obtain information about you from other sources and combine it with information we collect under this Statement. For example, we may obtain information about other American Express products and services you use, in accordance with those privacy notices. In accordance with your Corporate Cardmember Framework Agreement, we may collect information from your paper application form and your card transactions. We may also obtain information from publicly available records or databases or third-party sources, such as credit bureaus or business and commercial partners.
We use information about you either on its own or combined with other information: (i) where it is necessary to administer our contractual relationship with you; (ii) for our own legitimate interests to provide you with better products and services (such as to reduce fraud); (iii) where we have obtained your consent, such as for certain marketing purposes; or (iv) for compliance with laws. Please note that we consider and balance any potential impact on you and your rights before processing your personal information for our legitimate interest.
(i) More specifically, to administer our contractual relationship with you and deliver products and services, including, for instance, to:
(ii) For our legitimate interests or for the legitimate interests of others, we may use information about you to:
(iii) With your consent, to:
(iv) To comply with applicable laws and regulation around the world, we may use information about you:
We may use your personal information to provide our open banking services. Those services include:
In this context, we will process your personal information to provide you with the regulated open banking services or as otherwise described in this “Use of Information” section.
Automated decision making
We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:
- assess security risks, detect and manage fraud;
- process card applications;
- assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card.
These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with American Express, and information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with American Express) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.
Some of those decisions that are made solely by automated means have legal effects or similar effects. However, we will only perform such processing if it’s:
- necessary for entering into or performing a contract between you and American Express;
- authorized by a law to which American Express is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
- based on your explicit consent to such processing.
Please see the section “Your Rights” for more information about your rights related to automated decision making.
We advertise through our websites and apps, as well as third-party platforms. We may use information about you to display online marketing content tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.
You can choose how we market to you, as specified in the “Your Choices” section below.
Cross-Border Transfers of Personal Information.
Where necessary, we’ll transfer personal information to other countries with different data protection laws to provide you with our products or services (including to countries outside of the European Economic Area, such as to the United States, where our main operational data centers are located), unless it’s restricted by applicable law. Keep in mind, no matter where we process personal information about you, we’ll always protect it in the manner described in our privacy notices and in accordance with applicable laws. For example, when we share personal information with other companies within the American Express group that are outside the European Economic Area, we ensure an adequate level of protection though our Binding Corporate Rules. When we share personal information with third parties outside the European Economic Area, we include appropriate contractual protections in those agreements. In addition, we assess whether other technical and organizational measures are required for those transfers.
We sometimes process personal information so that it no longer identifies any individual. Once processed, this is referred to as aggregated and anonymized information. We use aggregated and anonymized information to:
We sometimes share aggregated and anonymized information with third parties, for many of the same reasons mentioned above.
We keep personal information for only as long as necessary to provide you with products or services - unless we’re required or permitted to keep it for longer by law, regulation, or for litigation or regulatory investigations.
In certain instances, you have the right to access, update, restrict, object to, and erase your personal information. You are also entitled to exercise your right to data portability and/or to remove your consent. Such rights include:
If you would like to exercise any of your rights or if you have questions about how we process information about you, please get in touch with our Data Protection Officer at DPO-Europe@aexp.com or you may contact us at Kartapln@aexp.com.
If we receive a complaint from you, we’ll do our best to resolve it as soon as possible and no later than 30 days. If we can’t meet that deadline, we’ll send you a letter explaining the cause of the delay and providing an expected time for the response. Please note that your request will be free of charge, except if it incurs additional cost to our company, in which case you may be charged the tariff fee determined by the data protection authority.
You can also contact the Polish Personal Data Protection Office directly. For further details, please visit www.uodo.gov.pl/en. You also have the option to take your case to the court where you live, work or where there may have been an infringement.
You have the power to make choices about how American Express collects and uses information about you for marketing and advertising purposes. We work with a range of advertising partners including ad networks, ad servers, and social media platforms to present our ads online. Your choices may vary depending on whether we’re serving you ads through websites, email, apps or social media.
Choices About the Information We Collect
Choices about Marketing Communications
If you don’t want to receive direct marketing communications from us, you can opt out through email sent to Kartapln@aexp.com or contact us using the phone number on the back of your card.
Keep in mind, even if you opt out of direct marketing, we’ll still communicate with you in order to service your account, fulfill your requests, or administer any promotion or program you’ve opted to be part of. These communications, which are necessary for us to inform you about the service you expect to receive from us, are not considered as direct marketing but are rather qualified as service message. For example, they can be used to inform you of a benefit on your account.
How to Access Your Customer Choices
If you are a customer, you can make choices about how we communicate with you. To update your communication preferences, you can contact us through Email sent to Kartapln@aexp.com.
We may change this Statement when necessary. Depending on what we change, we may let you know in advance. Whenever we make any changes, we’ll update the “Effective Date” at the top of this page. Any changes to this Statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you accept the revised Statement.