American Express | Thailand Online Privacy Statement

Effective Date: June 2022

American Express is committed to protecting your privacy. Our global set of Data Protection and Privacy Principles set out our commitment to the privacy of all our customers.

This Online Privacy Statement outlines what information we collect online, why we collect it, and how we access, use, disclose, and protect it. This includes information we collect online through:

Online services we operate – such as our websites and mobile apps.
Services or content we provide to third party platforms – such as online communications, social media pages, voice assistant apps, and digital ads.
All other services or content that link to or reference this statement.

Our websites and apps are not intended for use by data subjects, who are minors (whose age is below 20 years and not legally married), incompetent and/or quasi-incompetent persons as defined under the Civil and Commercial Code of Thailand. We do not knowingly collect information online from or market online to such data subjects. If we need to collect the information from such data subjects, and the processing of the information of such data subjects requires consent, we will not process such information until the valid consent from the data subjects and/or the legal guardians (as the case may be) has been obtained.

Here’s something to keep in mind

We may provide you with more details about how we use your information, depending on the product or service you use. In this case, we’ll provide additional Terms & Conditions, privacy statements, or notices. For example, the clauses stated in the Card Application forms includes more specific details about how we use information tied to your Card.

Third-party services – such as social media sites – have additional terms that explain how they handle your information. Please take a moment to review the terms of any other online services you use, to ensure the security of your information.

What’s in this statement?

A. Information We Collect

B. Use of Information

C. Disclosure of Information

D. Aggregated and Anonymized Information

I. Changes to This Statement

The type of information we collect depends on the product or service you use. We generally collect, use and/or disclose (“process” and “processing”) your “Personal Information”, which, under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), refers to the information pertaining to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular, in the ordinary course of our business. Examples of Personal Information is as follows:

Category	Examples of Personal Information
Contact information	Full name, email address, telephone number, mobile number, address, etc.
Identification and background information	Passport number, identification card number, employment details, information about your background, etc.
Financial/credit information	Card number, name specified on the card, payment transactions, etc.
Product/service-related Information	Any information, which is specified and/or provided to us when applying for a product or service, and during the use of our products and services (including digital data originate from your online usage of our products and services), etc.
Sensitive Personal Information	Criminal record, religion and/or blood type as shown in a copy of Thai identification card, etc.

In some cases, you provide us with this information directly. You disclose information such as the contact information and the product/service-related information when you:

Apply for an American Express product or service online.
Access our online account services.
Book a flight through American Express Travel or purchase something on our websites.
Enroll in an Amex Offer, participate in a promotion, or take one of our surveys.

If you apply for an American Express Card online, we may collect more detailed Personal Information such as identification and background information and the financial/credit information.

We may collect sensitive Personal Information in some instances. We’ll use this information only as permitted or required by law, or where provided by you with your explicit consent

Cookies and Similar Technologies

We also collect information through Cookies and Similar Technologies when you use our online services or access content online.

A cookie is a small data file that a website transfers to your computer. Similar technologies include clear GIFs, web beacons, and pixel tags, which tend to be transparent images on websites. Our Cookies and Similar Technologies collect information about your device, operating system, and web browser. They also collect information about your use of the device.

Cookies and Similar Technologies collects information that includes:

The operating system or type of device you use to open emails from American Express.
Information related to your IP address, such as your domain, internet provider, and general geographic location.
How you use our websites and apps, such as what you search for on our websites and apps, the pages you view, how long you stay, and how often you visit them.
How you search for our websites or apps, which website or apps directed you to us, and, in some cases, if you’ve visited a website operated by one of our business or commercial partners.
Ads or online content created by American Express or our business and commercial partners that you view, access, or click.
Whether you open our emails, which sections you click, and how often you open them.
If you use your mobile device to access our products or services, we may collect information related to that device, such as your location.

Other Sources of Information

In certain circumstances, your Personal Information may be collected through various means, as follows:

(i) Your Personal Information is collected through third parties. Such third parties include but are not limited to other customers or business, including co-branded partners of companies within the worldwide American Express group of companies (“Amex Group companies”) who have referred you to us; and/or

(ii) Your Personal Information is publicly available.

You acknowledge that, in certain circumstances, your Personal Information can be processed without your consent, and that is permitted and conducted in accordance with the PDPA.

If we will collect the Personal Information other than those proscribed in this Online Privacy Statement, we will inform you about the collection and/or the processing of the Personal Information and may request for your consent (if required), in accordance with the Online Privacy Statement and the PDPA.

We use information about you either on its own or combined with other information: (i) where it is necessary to administer our contractual relationship with you; (ii) for our own legitimate interests to provide you with better products and services (such as to reduce fraud); (iii) where we have obtained your consent, such as for certain marketing purposes; or (iv) for compliance with laws. Please note that we consider and balance any potential impact on you and your rights before processing your personal information for our legitimate interest.

(i) More specifically, to administer our contractual relationship with you and deliver products and services, including, for instance, to:

process your applications;
process and complete transactions;
manage your accounts;
update you about new features and benefits;
provide location-based services you may request;
better communicate with you.

(ii) For our legitimate interests or for the legitimate interests of others, we may use information about you to:

conduct research and analysis to better understand our online visitors, customers and our business, including to:o request feedback or reviews about our products and services and those of our commercial and business partners;
- determine the effectiveness of our advertising and marketing campaigns;
- improve our websites or apps and make them easier to use;
- place you in groups with similar customers to make predictions about you, deliver more personalized services and help determine whether you may be interested in new products or services

manage our business risks, such as fraud, credit and security risks, including to:
- detect and prevent fraud or criminal activity and safeguard your accounts, including by using the location and other technical attributes of your mobile device or browser;
- review and approve individual transactions you make through digital channels;
- develop and refine our risk management policies, models and procedures for applications and customer accounts;
- inform our collection practices and share information with credit reference agencies and fraud-management agencies.

advertise and market our products and services and those of our business and commercial partners, including to present content that is tailored to your interests, including targeted advertising across multiple devices (see the Digital Advertising section for more information).

(iii) With your consent, to:

promote our products and services;
send you ads, promotions, and offers about products and services for companies within the Amex Group companies and those of our business and commercial partners;
recognise you when you return to our websites , receive our emails, or use our apps including across multiple devices (for example, to send you tailored ads, promotions, offers or content, including targeted advertising). Please refer to the “Cookies and Similar Technologies” section above for more information.

(iv) To comply with applicable laws and regulation around the world, we may use information about you:

to establish, exercise, or defend legal rights or claims and assist in dispute resolution;
for reasons of substantial public interest (including for instance the use of your biometric information such as your ID voice print) for security verification and fraud prevention purposes;
as required or permitted by law (such as performing due diligence on you before approving your application).

Digital Advertising

We advertise through our websites and apps, as well as third-party platforms. We may use information about you to display online marketing content tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.

We engage in targeted advertising, which involves the use of Personal Information, your emailaddress and other information collected through cookies and similar technologies, regarding your browsing behavior over time and across different websites.
We also use information about you to present advertising content or participate in targeted advertising campaigns on social media platforms. If you follow our social media pages or “like” our content on these platforms, we may use information about you to improve what and how we serve content to you on social media.

Keep in mind, we don’t own these websites and apps, and we are required to use information about you only in ways that are consistent with the privacy policies and terms & conditions of these platforms.

You can choose how we market to you, as specified in the “Your Choices” section below.

We may disclose information about you when necessary for the purposes specified in this Online Privacy Statement. We could disclose information to:

Providers who perform services for us that include printing, mail, advertising and marketing. We require all of such service providers to protect personal information according to our standards and use it only for the purposes we allow.
Regulatory authorities, courts, and governmental agencies, in order to comply with legal or regulatory requirements, assist in legal or regulatory investigations, and protect the rights of American Express or others.
Credit Bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe
Amex Group Companies
Business or commercial partners – other financial institutions, co-brand partners, loyalty programs, travel partners, and certain advertising partners with whom we offer or develop products and services.
Necessary parties involved in the sale of all or part of a company in the American Express group, or its assets.• Other relevant third parties, as required or permitted by law or with your consent.

Cross-Border Transfers of Personal Information

We may need to transfer Personal Information to be process in, accessed in or disclosed to other countries outside Thailand for the purposes specified in this Online Privacy Statement, in order to provide you with our products or services, unless it’s restricted by applicable law. We transfer Personal Information to countries including United States, Singapore, India. We may transfer Personal Information outside Thailand to jurisdictions that may not protect your Personal Information to the standards under the PDPA. Keep in mind, no matter where we process Personal Information about you, we will always protect it in the manner described in the Data Protection and Privacy Principles, this Online Privacy Statement, and in accordance with applicable laws including the PDPA.

We sometimes process information so that it no longer identifies any individual. This is referred to as aggregated and anonymized information.

We use aggregated and anonymized information to:

Analyze patterns among groups of people, such as Card members and online users.
Create business insights or statistical research reports.
Improve our advertising and our business.

We sometimes share aggregated and anonymized information with third parties, for many of the same reasons mentioned above.

We use administrative, organizational, technical, and physical security measures to protect the confidentiality, integrity, and availability of your personal information. Here’s what you should know:

These measures include technological safeguards and appropriate access controls to data and facilities.
We take reasonable steps to securely destroy or de-identify your personal information when we no longer need it.
We keep personal Information for only as long as necessary to provide you with products or services – unless we’re required or permitted to keep it for longer by law, regulation, or for litigation or regulatory investigations.

You may have the right to access, update, restrict, object to, and/or erase personal information any time, subject to conditions and restrictions prescribed in the PDPA. They include:

withdraw your consent to the collection, use or disclosure of your personal Information, unless there is a restriction of the withdrawal of consent by law or the contract that benefits you;
request the access to and/or obtain a copy of information held by us about you or your Account or the disclosure of details on how your personal information may be collected without your consent;
request the sending or transferring of your Personal Information in machine readable formats to other parties when it can be done by automatic means, or request to directly obtain your Personal Information in such format that we send or transfer to other parties, unless it is impossible to do so due to technical constraints;
object to the collection, use or disclosure of your personal information under such circumstances as set out in the PDPA;
request the destruction or anonymization of your personal information under such circumstances as set out in the PDPA;
request the suspension of use of your personal information under such circumstances as set out in the regulations;
request that we ensure your personal information remains correct, up-to-date, complete and not misleading, and
file a complaint to the competent authority, if we, our employees, or contractors breach or violate the PDPA or other notifications issued in accordance with the PDPA.

You agree that we may impose a reasonable charge to cover the costs of complying with the requests in the second and third paragraphs. Please make such requests in writing to our Data Protection Officer, whose details are set out in this Online Privacy Statement.

If your Personal Information is required for entering into a contract with American Express, for performing our rights and duties under the agreement between you and American Express, and/or for the compliance with applicable laws, if you refuse to provide such Personal Information required for said purposes, or where you request that we suspend our use of such Personal Information, (1) we may not be able to provide you the American Express Card, products, or services that you require; (2) you may not be able to use your American Express Card and/or any of our products and services; and/or (3) we may cancel the use of the American Express Card and cease to provide any products/services.

You have the power to make choices about how American Express uses your information for marketing and advertising purposes. We work with a range of advertising partners including ad networks, ad servers, and social media platforms to serve you our ads online. Your choices may vary, depending on whether we’re serving you ads through websites, email, apps, or social media.

You can change your cookie preferences in your Browser (for example, Chrome, Safari or Internet Explorer) or your mobile device settings to limit the ways in which cookies may be used to collect and use information about you. Click here for more information.
You can adjust how we use your information through your mobile device settings – for example, you can turn off location-based services and device ad tracking.
If you don’t want to receive direct marketing communications from us, you can opt out through:
- Email: Click unsubscribe on the bottom of an email and follow the instructions or click here
- You may at any time opt out of marketing offers by: (1) contacting our Customer Care Professional at the telephone number on the back of your card; or (2) logging into your Account at www.americanexpress.com/thailand/en to update your privacy preferences.

Keep in mind, even if you opt out of direct marketing, we’ll still communicate with you in order to service your account, fulfill your requests, or administer a promotion or program you’ve opted to be part of.

Communication Preferences

You can also make choices about how we communicate with you. To update your communication preferences, you can:

Log into your account at at www.americanexpress.com/thailand/en to update your privacy preferences
Call the telephone number on the back of your card

American Express (Thai) Company Limited
Address: S.P. Building, 388 Phaholyothin Road, Samsennai, Phayathai, Bangkok 10400, Thailand.
If you have any questions about this Online Privacy Statement, feel free to get in touch with our Data Protection Officer in writing at: Data Protection Officer, American Express (Thai) Company, Limited, The Data Privacy Office, S.P. Building, 388 Phaholyothin Road, Samsennai, Phayathai, Bangkok 10400, Thailand.

Alternatively, you can also reach out to us at the number on the back of your card. You can update your Personal Information by logging into your account online. We’re here for you 24/7.

We may change this statement when necessary. Depending what we change, we may let you know in advance. Whenever we make any changes, we’ll update the “Effective Date” at the top of this page. Any changes to this statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you accept the revised statement.