We collect only customer information that is needed, and we
tell customers how we use it.
We limit the collection of information about our customers to what
we need to know to administer their accounts, to provide customer
services, to offer new products and services, and to fulfill any
legal and regulatory requirements. We tell our customers about the
general uses of information we collect about them, and we will
provide additional explanation if customers request it
We give customers choices about how their data will be
used.
On a regular basis, we give our customers the option to decide
whether or not they wish to have their names removed from lists
used for mail, telephone and online marketing. These opt-out
choices include product and service offers from American Express
and those made in conjunction with our business partners.
We ensure information quality.
We use advanced technology and well-defined employee practices to
help ensure that customer data is processed promptly, accurately
and completely. We require high standards of quality from the
consumer reporting agencies and others who provide us with
information about prospective customers.
We use information security safeguards.
Access to customer data is limited to those who specifically need it to conduct their business responsibilities. We use security techniques designed to protect our customer data -- especially when certain data is used by employees and business partners to fulfil customer services.
We limit the release of customer
information.
In addition to providing customers with the opportunity to opt out
of marketing offers, we release information only with the
customers' consent or request, or when required to do so by law or
other regulatory authority. When a court order or subpoena requires
us to release information, we notify the customer promptly to give
the customer an opportunity to exercise his or her legal rights.
The only exceptions to this policy are when we are prohibited by
court order or law from notifying the customer, or cases in which
fraud and/or criminal activity is suspected.
We are responsive to customers' requests for
explanations.
If we deny an application for our services or end a customer's
relationship with us, to the extent permitted by applicable laws,
we provide an explanation, if requested. We state the reasons for
the action taken and the information upon which the decision was
based, unless the issue involves potential criminal activity.
Medical information about an applicant for insurance, or an insured
individual, may be disclosed to a physician designated by the
customer rather than to the customer directly.
We extend these privacy principles to our business
relationships.
We expect the companies we select as our business partners to
honour our privacy principles in the handling of customer
information. These include companies that (a) assist us in
providing services to our customers; (b) supply us with information
for identifying or evaluating prospective customers; or (c) are
given the opportunity to send mailings to approved American Express
customer lists. In selecting business partners, American Express
considers the accuracy and quality of the data they provide, how
they respond to consumer complaints and whether or not they provide
opt-out choices for those whose information they process. We also
participate actively in industry associations to support strong and
effective privacy guidelines and practices.
We hold employees responsible for our privacy
principles.
Each American Express employee is personally responsible for
maintaining consumer confidence in the company. We provide training
and communications programs designed to educate employees about the
meaning and requirements of these Customer Privacy Principles. We
conduct internal audits and commission outside-expert reviews of
our compliance with the privacy principles and the specific
policies and practices that support the principles. Employees who
violate these principles or other company policies and practices
are subject to disciplinary action, up to and including dismissal.
Employees are expected to report violations -- and may do so
confidentially -- to their managers, to their business unit's
compliance officer, or to the company's Office of the Ombudsperson.
American Express is a diversified, worldwide travel, financial and
network services provider founded in 1850. The company is a leader
in charge and credit cards, stored value products, travel services,
financial planning, investment products, insurance and
international banking. In each of these businesses, we have
relationships with customers -- individuals who are potential or
existing customers and clients. We collect information necessary to
enroll them as customers, to provide the services they have
selected, to administer their accounts and to offer them additional
or related American Express products and services.
We also obtain information about customers from other companies and
public sources to identify those who we think will be interested in
specific American Express products and services, and we use this
information to offer these products and services to them.
Because we strongly advocate the protection of customer
information, we believe that the adoption and implementation of the
American Express Customer Privacy Principles, above, are good
business practices, and will serve the interests of our customers
in effective privacy protection. These principles are an update of
those published in 1991. Minor changes reflect the current business
mix of the company, a more competitive and global marketplace and
advances in technology.
These Customer Privacy Principles guide our conduct in the
collection, use, release and security of customer information, as
well as the responsibilities we assume as employees, including our
dealings with our business partners.
In working with our partners and vendors to compile and use lists
of customers and prospective customers for marketing purposes, we
require strict contractual obligations regarding security, allowing
us to audit those who are involved in the process.
These principles define our commitment to protect the privacy of
our various customers. Each American Express business unit
maintains its own additional rules and practices, which are fully
consistent with these principles, and which they may modify as
needed for particular products and services, or to conform to local
laws or customs around the world.
If you have questions or comments about the American Express
Customer Privacy Principles, please contact the American Express
International Inc., 18th Floor, Cityplaza 4, 12 Taikoo Wan Road,
Hong Kong.