The type of information we collect depends on the product or service you use.  We’ll only collect personal information that is reasonably necessary for legitimate business purposes.

In some cases, we collect information if you directly provide it to us. For example, we may collect personal information such as your name, account number, date of birth, address, phone number, and/or email address. When you interact online with American Express, we may also process digital data and other information originating from your online behavior, such as your IP address or whether you have previously visited us online during the application process.

For instance, we collect personal information when you:

• apply for an American Express product or service online;
• access our online account services;
• book a flight through American Express Travel or purchase something on our websites;
• enroll in an American Express offer, participate in a promotion or take one of our surveys.

If you apply for an American Express card account, we may collect more detailed personal information such as your employment details or your income.

Please note that we may also collect special categories of personal information (such as information regarding health or biometric data) in some instances. We’ll use this information only as permitted or required by law, or where provided by you with your explicit consent.

Cookies and similar technologies

We also collect information through cookies and similar technologies when you use our online services or access our content online. A cookie is a small data file that a website transfers to your computer.

We place cookies when you visit our website or another company’s website where our ads appear or when you make purchases, request or personalise information, or register for certain services. If you accept the cookies used on our website, websites that are “powered by” another company on our behalf, or websites where our ads appear, you give us access to information about your interests. We use that information to personalise your experience.

Similar technologies include clear GIFs, web beacons, and pixel tags, which tend to be transparent images on websites. Our cookies and similar technologies collect information about your device, operating system and web browser. They also collect information about your use of the device, as described in more detail below.

Most cookies and similar technologies will only collect de-identified information such as how you arrive at our website or your general location. However, certain cookies and similar technologies do collect personal information. For example, if you click “remember me” when you log in to our website, a cookie will store your username.

Cookies and similar technologies may collect information that includes: 

• the device(s) you use (for example, the operating system or type of device you use to open electronic communications from American Express);
• information related to your IP address, such as your domain information, internet provider and general geographic location;
• how you use our websites and apps, such as what you search for on our websites and apps, the pages you view, how long you stay and how often you visit them;
• how you search for our websites or apps, which website or app you came from, and which of our business or commercial partners’ websites you visit;
• which ads or online content from us and our business or commercial partners you view, access or click on;
• whether you open our electronic communications, which sections you click, or how often you open them

If you use your mobile device to access our products or services, we may collect information related to that device, such as your location to provide location-based content you request.

For more information about cookies and similar technologies, please refer to our policy “About Cookies and Similar Technologies”.

Other Sources of Information

We may obtain information about you from other sources and combine it with information we collect under this Statement.  For example, we may obtain information about other American Express products and services you use, in accordance with those privacy notices. In accordance with your Card Member Privacy Statement, we may collect information from your paper application form and your card transactions. We may also obtain information from publicly available records or databases or third-party sources, such as credit bureaus or business and commercial partners.

We use information about you either on its own or combined with other information: (i) where it is necessary to administer our contractual relationship with you; (ii) for our own legitimate interests to provide you with better products and services (such as to reduce fraud); (iii) where we have obtained your consent, such as for certain marketing purposes; or (iv) for compliance with laws. Please note that we consider and balance any potential impact on you and your rights before processing your personal information for our legitimate interest.

(i)    More specifically, to administer our contractual relationship with you and deliver products and services, including, for instance, to:

• process your applications;
• process and complete transactions;
• manage your accounts;
• update you about new features and benefits;
• provide location-based services you may request;
• better communicate with you;
• provide you with open banking services (see the Open banking section for more information).

(ii)    For our legitimate interests or for the legitimate interests of others, we may use information about you to:

• conduct research and analysis to better understand our online visitors, customers and our business, including to:
  • request feedback or reviews about our products and services and those of our commercial and business partners;
  • determine the effectiveness of our advertising and marketing campaigns;
  • improve our websites or apps and make them easier to use;
  • place you in groups with similar customers to make predictions about you, deliver more personalized services and help determine whether you may be interested in new products or services
• manage our business risks, such as fraud, credit and security risks, including to:
  • detect and prevent fraud or criminal activity and safeguard your accounts, including by using the location and other technical attributes of your mobile device or browser;
  • review and approve individual transactions you make through digital channels;
  • develop and refine our risk management policies, models and procedures for applications and customer accounts;
  • inform our collection practices and share information with credit reference agencies and fraud-management agencies (for more information, see the Credit Reference Agency Information Notice).
• advertise and market our products and services and those of our business and commercial partners, including to present content that is tailored to your interests, including targeted advertising across multiple devices (see the Digital Advertising section for more information).

(iii)   With your consent, to:

• promote our products and services;
• send you ads, promotions, and offers about products and services for companies within the American Express group and those of our business and commercial partners;
• recognise you when you return to our websites , receive our emails, or use our apps including across multiple devices (for example, to send you tailored ads, promotions, offers or content, including targeted advertising). Please refer to the “Cookies and Similar Technologies” section above for more information.

(iv)  To comply with applicable laws and regulation around the world, we may use information about you:

• to establish, exercise, or defend legal rights or claims and assist in dispute resolution;
• for reasons of substantial public interest (including for instance the use of your biometric information such as your ID voice print) for security verification and fraud prevention purposes;
• as required or permitted by law (such as performing due diligence on you before approving your application).

Open banking

We may use your personal information to provide our open banking services. Those services include:

• providing you with consolidated information on one ormore payment account(s) that you hold with one or more bank(s) or payment institution(s); or
• contacting your bank to perform a credit transfer to a merchant, for example, when you use our Pay With Bank Transfer service (which allows you, for instance, to pay for any purchase made on a participating website directly from your bank account, with your money being sent directly to the merchant's bank account).

In this context, we will process your personal information to provide you with the regulated open banking services or as otherwise described in this “Use of Information” section.

Automated decision making

We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:

• assess security risks, detect and manage fraud;
• process card applications;
• assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card.

These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with American Express, and information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with American Express) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.

Some of those decisions that are made solely by automated means have legal effects or similar effects. However, we will only perform such processing if it’s:

• necessary for entering into or performing a contract between you and American Express;
• authorized by a law to which American Express is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
• based on your explicit consent to such processing.

Please see the section “Your Rights” for more information about your rights related to automated decision making.  

Digital Advertising

We advertise through our websites and apps, as well as third-party platforms. We may use information about you to display online marketing content tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.

• We engage in targeted advertising, which involves the use of personal information, your emailaddress and other information collected through cookies and similar technologies, regarding your browsing behavior over time and across different websites.
• We also use information about you to present advertising content or participate in targeted advertising campaigns on social media platforms. If you follow our social media pages or “like” our content on these platforms, we may use information about you to improve what and how we serve content to you on social media.

Keep in mind, we don’t own these websites and apps, and we are required to use information about you only in ways that are consistent with the privacy policies and terms & conditions of these platforms.

You can choose how we market to you, as specified in the “Your Choices” section below.

In some circumstances, we may disclose information about you, including with:

• service providers, who perform services for us, such as printing, mail, advertising, marketing, etc. We require all of our service providers to protect personal information according to our standards and use it only for the purposes we allow; 
• regulatory authorities, courts, governmental agencies and fraud prevention agencies, in order to comply with legal or regulatory requirements, assist in legal or regulatory investigations, and protect the rights of American Express or others;
• with credit reference agencies and similar institutions to report or inquire about your financial circumstances, and to report or collect debts you owe;
• companies or other lines of products and services within the American Express group; 
• business or commercial partners such as other financial institutions, loyalty programs, travel partners, and certain advertising partners with whom we offer or develop products and services;
• third parties for the provision of open banking and related services upon your request, for example where you seek to connect your account information to another platform or to initiate payments from other accounts;
• necessary parties involved in the sale of all or part of a company in the American Express group, or its assets;
• other relevant third parties, as required or permitted by law or with your consent.

Cross-Border Transfers of Personal Information.
  

Where necessary, we’ll transfer personal information to other countries with different data protection laws to provide you with our products or services (including to countries outside of the United Kingdom unless it’s restricted by applicable law, such as to the United States (where our main operational data centres are located). Keep in mind, no matter where we process personal information about you, we’ll always protect it in the manner described in our privacy notices and in accordance with applicable laws.  For example, when we share personal information with other companies within the American Express group that are outside the United Kingdom, we ensure an adequate level of protection though our Binding Corporate Rules. When we share personal information with third parties outside the United Kingdom, we include appropriate contractual protections in those agreements. In addition, we assess whether other technical and organizational measures are required for those transfers. 

We sometimes process personal information so that it no longer identifies any individual. Once processed, this is referred to as aggregated and anonymized information. We use aggregated and anonymized information to:

• analyze patterns among groups of people, such as card members and online users;
• create business insights or statistical research reports;
• improve our advertising and our business. 

We sometimes share aggregated and anonymized information with third parties, for many of the same reasons mentioned above. 

We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity, and availability of personal information. Here’s what you should know:

• these measures include technological safeguards and appropriate access controls to data and facilities;
• we require service providers to safeguard personal information and only use it for the purposes we specify;
• we take reasonable steps to securely destroy or de-identify personal information when we no longer need it;

We keep personal information for only as long as necessary to provide you with products or services - unless we’re required or permitted to keep it for longer by law, regulation, or for litigation or regulatory investigations.

In certain instances, you have the right to access, update, restrict, object to, and erase your personal information. You are also entitled to exercise your right to data portability and/or to remove your consent. Such rights include:

• requesting details on the personal information we have about you;
• restricting and/or objecting to the use of personal information;
• requesting a manual review of certain automated processing activities that may impact your legal or contractual rights or that may have a similarly legal effect;
• receiving your personal information in a structured, commonly used and machine-readable format and/or transmit such data to another data controller;
• withdrawing the consent you have given for the processing of personal information at any time.

If you would like to exercise any of your rights or if you have questions about how we process information about you, please get in touch with our Data Protection Officer at amexukdpo@aexp.com.

If we receive a complaint from you, we’ll do our best to resolve it as soon as possible and no later than 30 days. If we can’t meet that deadline, we’ll send you a letter explaining the cause of the delay and providing an expected time for the response. Please note that your request will be free of charge, except if it incurs additional cost to our company, in which case you may be charged the tariff fee determined by the data protection authority.

You can also contact the United Kingdom Data Protection Authority directly. For further details, please visit the Information Commissioner Office’s website. You also have the option to take your case to the court where you live, work or where there may have been an infringement. 

You have the power to make choices about how American Express collects and uses information about you for marketing and advertising purposes.  We work with a range of advertising partners including ad networks, ad servers, and social media platforms to present our ads online. Your choices may vary depending on whether we’re serving you ads through websites, email, apps or social media.  

Choices About the Information We Collect

• If you don’t want us to collect information about you through cookies for marketing and advertising purposes, you can opt-out of cookies in the banner that appears the first time you visit our site by clicking on “Set Cookie Preferences” or through your browser settings as explained in the policy “About Cookies and Similar Technologies”.
• If you delete cookies, buy a new device, access websites from a different device, or change browsers, you’ll need to opt-out again.
• If you opt out of cookies, we’ll still show you advertising related to our products or services, but it won’t be based on information about you.

• You can adjust how we collect information about you through your mobile device settings - for example – you can turn off location-based services and device ad tracking.

Choices about Marketing Communications

• If you don’t want to receive direct marketing communications from us, you can opt out through:

-         Email: Click unsubscribe on the bottom of an e-mail and follow the instructions or go to https://global.americanexpress.com/privacy/uk/#/ipp

-         Your account online: Log in to your account and click on account management / alerts and preferences / manage your preferences.

-         Phone: Register for the National Do Not Call List at https://www.tpsonline.org.uk/tps/number_type.html

Keep in mind, even if you opt out of direct marketing, we’ll still communicate with you in order to service your account, fulfill your requests, or administer any promotion or program you’ve opted to be part of. These communications, which are necessary for us to inform you about the service you expect to receive from us, are not considered as direct marketing but are rather qualified as service message. For example, they can be used to inform you of a benefit on your account.

How to Access Your Customer Choices

If you are a customer, you can make choices about how we communicate with you.  To update your communication preferences, you can:

• Log into your account and click on account management> alerts and preferences> manage your preferences to update your marketing and data sharing choices.
• Call 0800 917 8054 or the number on the back of your Card

Prepaid Products

• Call 0203 564 7016 or find more information here. 

Merchants

• Login to your account at americanexpress.com/merchant and visit your settings to update your marketing communications preferences.
• Call 0800 032 7216 or visit our contact page here. 

If you have any questions about this Statement, feel free to get in touch at the number on the back of your card or visit the “Contact Us” page on our website. You may also contact our DPO at amexukdpo@aexp.com

If you are a customer, you can update personal information by logging into your account online or in your Amex® App anytime. We’re here for you 24/7.

We may change this Statement when necessary. Depending on what we change, we may let you know in advance. Whenever we make any changes, we’ll update the “Effective Date” at the top of this page. Any changes to this Statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you accept the revised Statement.