American Express Online Privacy Statement
Effective Date: June 2022
American Express is committed to protecting your privacy. Our global set of Data Protection and Privacy Principles set out our commitment to the privacy of all our customers.
This Online Privacy Statement outlines what information we collect online, why we collect it, and how we access, use, disclose, and protect it. This includes information we collect online through:
Our websites and apps are not intended for use by data subjects, who are minors (whose age is below 20 years and not legally married), incompetent and/or quasi-incompetent persons as defined under the Civil and Commercial Code of Thailand. We do not knowingly collect information online from or market online to such data subjects. If we need to collect the information from such data subjects, and the processing of the information of such data subjects requires consent, we will not process such information until the valid consent from the data subjects and/or the legal guardians (as the case may be) has been obtained.
Here’s something to keep in mind
We may provide you with more details about how we use your information, depending on the product or service you use. In this case, we’ll provide additional Terms & Conditions, privacy statements, or notices. For example, the clauses stated in the Card Application forms includes more specific details about how we use information tied to your Card.
Third-party services – such as social media sites – have additional terms that explain how they handle your information. Please take a moment to review the terms of any other online services you use, to ensure the security of your information.
The type of information we collect depends on the product or service you use. We generally collect, use and/or disclose (“process” and “processing”) your “Personal Information”, which, under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), refers to the information pertaining to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular, in the ordinary course of our business. Examples of Personal Information is as follows:
Category | Examples of Personal Information |
---|---|
Contact information |
Full name, email address, telephone number, mobile number, address, etc. |
Identification and background information | Passport number, identification card number, employment details, information about your background, etc. |
Financial/credit information | Card number, name specified on the card, payment transactions, etc. |
Product/service-related Information | Any information, which is specified and/or provided to us when applying for a product or service, and during the use of our products and services (including digital data originate from your online usage of our products and services), etc. |
Sensitive Personal Information | Criminal record, religion and/or blood type as shown in a copy of Thai identification card, etc. |
In some cases, you provide us with this information directly. You disclose information such as the contact information and the product/service-related information when you:
If you apply for an American Express Card online, we may collect more detailed Personal Information such as identification and background information and the financial/credit information.
We may collect sensitive Personal Information in some instances. We’ll use this information only as permitted or required by law, or where provided by you with your explicit consent
Cookies and Similar Technologies
We also collect information through Cookies and Similar Technologies when you use our online services or access content online.
A cookie is a small data file that a website transfers to your computer. Similar technologies include clear GIFs, web beacons, and pixel tags, which tend to be transparent images on websites. Our Cookies and Similar Technologies collect information about your device, operating system, and web browser. They also collect information about your use of the device.
Cookies and Similar Technologies collects information that includes:
Other Sources of Information
In certain circumstances, your Personal Information may be collected through various means, as follows:
(i) Your Personal Information is collected through third parties. Such third parties include but are not limited to other customers or business, including co-branded partners of companies within the worldwide American Express group of companies (“Amex Group companies”) who have referred you to us; and/or
(ii) Your Personal Information is publicly available.
You acknowledge that, in certain circumstances, your Personal Information can be processed without your consent, and that is permitted and conducted in accordance with the PDPA.
If we will collect the Personal Information other than those proscribed in this Online Privacy Statement, we will inform you about the collection and/or the processing of the Personal Information and may request for your consent (if required), in accordance with the Online Privacy Statement and the PDPA.
We use information about you either on its own or combined with other information: (i) where it is necessary to administer our contractual relationship with you; (ii) for our own legitimate interests to provide you with better products and services (such as to reduce fraud); (iii) where we have obtained your consent, such as for certain marketing purposes; or (iv) for compliance with laws. Please note that we consider and balance any potential impact on you and your rights before processing your personal information for our legitimate interest.
(i) More specifically, to administer our contractual relationship with you and deliver products and services, including, for instance, to:
(ii) For our legitimate interests or for the legitimate interests of others, we may use information about you to:
(iii) With your consent, to:
(iv) To comply with applicable laws and regulation around the world, we may use information about you:
Digital Advertising
We advertise through our websites and apps, as well as third-party platforms. We may use information about you to display online marketing content tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.
Keep in mind, we don’t own these websites and apps, and we are required to use information about you only in ways that are consistent with the privacy policies and terms & conditions of these platforms.
You can choose how we market to you, as specified in the “Your Choices” section below.
We may disclose information about you when necessary for the purposes specified in this Online Privacy Statement. We could disclose information to:
Cross-Border Transfers of Personal Information
We may need to transfer Personal Information to be process in, accessed in or disclosed to other countries outside Thailand for the purposes specified in this Online Privacy Statement, in order to provide you with our products or services, unless it’s restricted by applicable law. We transfer Personal Information to countries including United States, Singapore, India. We may transfer Personal Information outside Thailand to jurisdictions that may not protect your Personal Information to the standards under the PDPA. Keep in mind, no matter where we process Personal Information about you, we will always protect it in the manner described in the Data Protection and Privacy Principles, this Online Privacy Statement, and in accordance with applicable laws including the PDPA.
We sometimes process information so that it no longer identifies any individual. This is referred to as aggregated and anonymized information.
We use aggregated and anonymized information to:
We sometimes share aggregated and anonymized information with third parties, for many of the same reasons mentioned above.
We use administrative, organizational, technical, and physical security measures to protect the confidentiality, integrity, and availability of your personal information. Here’s what you should know:
You may have the right to access, update, restrict, object to, and/or erase personal information any time, subject to conditions and restrictions prescribed in the PDPA. They include:
You agree that we may impose a reasonable charge to cover the costs of complying with the requests in the second and third paragraphs. Please make such requests in writing to our Data Protection Officer, whose details are set out in this Online Privacy Statement.
If your Personal Information is required for entering into a contract with American Express, for performing our rights and duties under the agreement between you and American Express, and/or for the compliance with applicable laws, if you refuse to provide such Personal Information required for said purposes, or where you request that we suspend our use of such Personal Information, (1) we may not be able to provide you the American Express Card, products, or services that you require; (2) you may not be able to use your American Express Card and/or any of our products and services; and/or (3) we may cancel the use of the American Express Card and cease to provide any products/services.
You have the power to make choices about how American Express uses your information for marketing and advertising purposes. We work with a range of advertising partners including ad networks, ad servers, and social media platforms to serve you our ads online. Your choices may vary, depending on whether we’re serving you ads through websites, email, apps, or social media.
Keep in mind, even if you opt out of direct marketing, we’ll still communicate with you in order to service your account, fulfill your requests, or administer a promotion or program you’ve opted to be part of.
Communication Preferences
You can also make choices about how we communicate with you. To update your communication preferences, you can:
Alternatively, you can also reach out to us at the number on the back of your card. You can update your Personal Information by logging into your account online. We’re here for you 24/7.
We may change this statement when necessary. Depending what we change, we may let you know in advance. Whenever we make any changes, we’ll update the “Effective Date” at the top of this page. Any changes to this statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you accept the revised statement.