Effective Date: 15th May 2018
At American Express® (American Express Services Europe Ltd. and American Express Payment Services Ltd.) we are committed to safeguarding your privacy. We want you to know how we may collect, use, share, and keep information about you and the choices that are available to you.
When we provide American Express products or services to you or your company, we also give you specific additional details about how we will use your personal information in contract terms and/or additional privacy disclosures.
This online privacy statement applies to American Express websites, online applications that run on smart phones, tablets, and other mobile devices (“apps”) as well as your use or access of any of our online services, content and other online programmes that we offer with our partners and link to this statement. In those contexts where we indicate, it also applies to certain offline information that we process about you. It does not apply to those websites that have their own online privacy statements such as the American Express Network website, amexnetwork.com.
Our websites and apps are not intended for children under 16 years of age. We do not knowingly solicit data online from, or market online to, children under 16 years of age.
From time to time, we will change this online privacy statement. Depending on the nature of these changes, we will inform you through our written communications or through our website. Otherwise, we recommend that you check the current version available here. If we make changes to this statement, we will update the “Effective Date” at the top of this page.
What is in this online privacy statement?
What information does this online privacy statement cover?
What information do we collect online and how do we collect it?
The types of information we collect depends on which product or service you use.
Sometimes you give information directly to us (or to our Service Providers). For example, you might give us your name, account number, email, mailing address, phone number, or date of birth when you:
We (and our Service Providers or Third-Party Ad-Servers) also collect information through Cookies and Similar Technologies. Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username.
We (and our Service Providers or Third-Party Ad-Servers) also collect information (which may include Personal Information such as creditworthiness information or your contact details), made publicly available through third-party platforms (such as online social media platforms), credit reference agencies, online databases or directories, or that is otherwise legitimately obtained.
How do we use the information we collect about you?
We use Online Information we collect about you, either on its own or combined with Other Information: (i) where it is necessary for the performance of a contract or compliance with a legal obligation; (ii) for our legitimate interests, such as to establish, exercise or defend legal claims, prevent fraud and/or enhance our products or services; or (iii) where we have obtained your consent, such as for marketing purposes. More specifically, we use your information to do the following:
• deliver products and services, including to:
• recognise you when you return to our websites or use our apps;
• complete transactions;
• tell you about updates to your accounts, products, and services;
• update you about new features and benefits;
• answer questions and respond to your requests made through our websites or apps and through third-party websites (including social media);
• use the location and other technical attributes of your mobile device or browser to prevent fraud, improve security or for other location-based services that you may request;
• determine how to best provide services to you and manage your accounts, such as the best way and time to contact you;
• improve our websites or apps and make them easier to use;
• advertise and market products and services for the American Express Family of Companies and those of our Business Partners, including to:
• present content that is tailored to your interests, including Targeted Advertising;
• send or provide you with ads, promotions, and offers;
• analyse whether ads, promotions, and offers are effective;
• help determine whether you may be interested in new products or services;
• conduct research and analysis, including to:
• better understand our customers and our website or app users;
• allow you to give feedback by rating and reviewing our products and services and those of our Business Partners
• produce data analytics, statistical research, and reports;
• review and change our products and services;
• manage fraud and security risks (using automated processing and/or manual reviews) including to:
• review and approve individual transactions you make through digital channels;
• detect and prevent fraud or criminal activity;
• safeguard the security of your information;
• develop and refine our risk management policies, models and procedures for applications and customer accounts, relying on information such as your experience with our websites or products;
• comply with law and regulation, including to establish, exercise, or defend legal claims and assist in dispute resolution;
• to process your application for a card, account or other product (using automated processing and/or manual reviews) including to
• manage your existing accounts;
• inform our collection practices and share information with credit reference agencies and fraud-management agencies (for more information, see Credit Reference Agency Information Notice); and
• as required or permitted by law (such as performing due diligence on customers before approving their applications).
How do we share your information?
To protect your security, prevent fraud, and comply with regulatory requirements, we share Personal Information about you, your account, and the details of any payments you send us, with third parties such as your bank, building society or payment card issuers, and local regulatory authorities.
We may transfer your Personal Information outside the UK or European Economic Area, such as to the United States (where our main operational data centres are located) to operate our business, process transactions and provide you with our products or services. Regardless of where we process your information, we will take appropriate steps to ensure an adequate level of protection for your information in other countries outside the UK or EEA, including the USA, where data protection laws may not be as comprehensive as the UK or EEA.
Please note that data transfers within the American Express Family of Companies are made under our Binding Corporate Rules. For more information, please read the Data Protection and Privacy Principles, which are available on the privacy section of our website.
How do we handle Aggregated Information and De-Identified Information?
Aggregated Information or De-Identified Information does not identify you individually; it helps us to analyse patterns among groups of people. We share Aggregated Information or De-Identified Information in several ways, for example:
How do we keep and safeguard your information?
We use organisational, administrative, technical and physical security measures to protect your Personal Information. These measures include computer safeguards and secured files and facilities. We require Service Providers to safeguard Personal Information and only use your Personal Information for the purposes we specify.
We will keep your Personal Information only as long as we need to deliver our products and services, unless we are required to keep it for longer periods because of law, regulation, litigation or regulatory investigations. For example, your Personal Information could be stored by American Express for seven years after you close your account due to Inland Revenue requirements. When your Personal Information is no longer necessary for our business, legal or regulatory needs, we will take reasonable steps to securely destroy such information or permanently de-identify it. For more information about American Express’s retention periods for Personal Information, please contact us.
What are your rights?
In certain instances, you have the right to access, update, and/or erase your Personal Information. You may also be entitled to restrict and/or object to the use of your Personal Information in the following ways:
What are your choices?
You can exercise choices about how American Express uses your information, such as how we market to you or how we manage Cookies and Similar Technologies.
You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email, SMS and/or telephone. If you choose to not receive marketing communications from us, we will honour your choice. Please be aware that if you choose not to receive such communications, certain offers attached to the products or services you have chosen could be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.
For additional information to manage your marketing communication, including your preferences related to direct marketing, please click here to log in and go to Profile and Preferences or call the number on the back of your card.
Do you have questions about the online privacy statement or want to make a complaint?
If you have questions about our online privacy statement or how your information is handled, call us at the number on the back of your card or please contact us.
If you wish to make a complaint or exercise other rights, you may contact our Data Protection Officer at DPO-Europe@aexp.com. You also have the right to contact the United Kingdom Data Protection Authority directly, please go to the ICO website for further details.
Aggregated Information - data or information relating to multiple people which has been combined or aggregated such that individuals cannot be re-identified. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.
American Express (we, our, us) - the American Express Company as identified at the beginning of this online privacy statement.
American Express Family of Companies – any affiliate, subsidiary, joint venture, and any company owned or controlled by, the American Express Company.
Business Partners - third parties with whom we conduct business and have a contractual relationship, such as digital payment providers and technology platforms which provide our services, insurance and travel service providers, and parties that accept American Express branded cards for payments of goods/services purchased by you (i.e., merchants).
Co-brand Partners - businesses we partner with to offer cards featuring both brand logos.
De-identified Information - data or information used in a way (for example, pseudonymised) that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.
IP Address - a number assigned to a device when connecting to the Internet.
Online Information – data or information collected on the American Express websites and apps as well as on websites and apps of third parties relating to topics about our business. Online Information may include your Personal Information, Aggregated Information and De-Identified Information.
Other Information – American Express internal information (for example, card transaction data or paper application form data), external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you. Other Information includes your Personal Information, Aggregated Information, and De-Identified Information, but does not include your Online Information.
Personal Information - any information relating to an identified or identifiable natural person, such as name, addresses, telephone number, and email address and other information specific to that individual such as demographic details and transaction information.
Service Providers - any vendor, third party and/or company that provides services or performs business operations on our behalf, such as printing, mailing, and other communications services (email, direct mail, etc.), marketing, data processing and outsourced technology, servicing, collections, ad management, auditors, consultants and professional advisors.
Targeted Advertising - ads we, or our Service Providers, display on websites outside the American Express Family of Companies based on the preferences or interests inferred from data collected from a particular computer or device regarding web viewing behaviours over time and across different websites or, more generally, on data internally available to us (for example, transaction data).
Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.