|
At American Express:
- We collect only customer information that is needed, and we tell customers how we use
it. We limit the collection of information about our customers to what we need to know
to administer their accounts, to provide customer services, to offer new products and
services, and to fulfill any legal and regulatory requirements. We tell our customers
about the general uses of information we collect about them, and we will provide
additional explanation if customers request it
- We give customers choices about how their data will be used. On a regular basis,
we give our customers the option to decide whether or not they wish to have their names
removed from lists used for mail, telephone and online marketing. These opt-out choices
include product and service offers from American Express and those made in conjunction
with our business partners.
- We ensure information quality.We use advanced technology and well-defined
employee practices to help ensure that customer data is processed promptly, accurately and
completely. We require high standards of quality from the consumer reporting agencies and
others who provide us with information about prospective customers.
- We use information security safeguards. Access to customer data is limited to
those who specifically need it to conduct their business responsibilities. We use security
techniques designed to protect our customer data -- especially when certain data is used
by employees and business partners to fulfill customer services
- We limit the release of customer information. In addition to providing customers
with the opportunity to opt out of marketing offers, we release information only with the
customers' consent or request, or when required to do so by law or other regulatory
authority. When a court order or subpoena requires us to release information, we notify
the customer promptly to give the customer an opportunity to exercise his or her legal
rights. The only exceptions to this policy are when we are prohibited by court order or
law from notifying the customer, or cases in which fraud and/or criminal activity is
suspected.
- We are responsive to customers' requests for explanations. If we deny an
application for our services or end a customer's relationship with us, to the extent
permitted by applicable laws, we provide an explanation, if requested. We state the
reasons for the action taken and the information upon which the decision was based, unless
the issue involves potential criminal activity. Medical information about an applicant for
insurance, or an insured individual, may be disclosed to a physician designated by the
customer rather than to the customer directly.
- We extend these privacy principles to our business relationships. We expect the
companies we select as our business partners to honor our privacy principles in the
handling of customer information. These include companies that (a) assist us in providing
services to our customers; (b) supply us with information for identifying or evaluating
prospective customers; or (c) are given the opportunity to send mailings to approved
American Express customer lists. In selecting business partners, American Express
considers the accuracy and quality of the data they provide, how they respond to consumer
complaints and whether or not they provide opt-out choices for those whose information
they process. We also participate actively in industry associations to support strong and
effective privacy guidelines and practices.
- We hold employees responsible for our privacy principles. Each American Express
employee is personally responsible for maintaining consumer confidence in the company. We
provide training and communications programs designed to educate employees about the
meaning and requirements of these Customer Privacy Principles. We conduct internal audits
and commission outside-expert reviews of our compliance with the privacy principles and
the specific policies and practices that support the principles. Employees who violate
these principles or other company policies and practices are subject to disciplinary
action, up to and including dismissal. Employees are expected to report violations -- and
may do so confidentially -- to their managers, to their business unit's compliance
officer, or to the company's Office of the Ombudsperson.
American Express is a diversified, worldwide travel, financial and network services
provider founded in 1850. The company is a leader in charge and credit cards, stored value
products, travel services, financial planning, investment products, insurance and
international banking. In each of these businesses, we have relationships with customers
-- individuals who are potential or existing customers and clients. We collect information
necessary to enroll them as customers, to provide the services they have selected, to
administer their accounts and to offer them additional or related American Express
products and services.
We also obtain information about customers from other companies and public sources to
identify those who we think will be interested in specific American Express products and
services, and we use this information to offer these products and services to them.
Because we strongly advocate the protection of customer information, we believe that
the adoption and implementation of the American Express Customer Privacy Principles,
above, are good business practices, and will serve the interests of our customers in
effective privacy protection. These principles are an update of those published in 1991.
Minor changes reflect the current business mix of the company, a more competitive and
global marketplace and advances in technology.
These Customer Privacy Principles guide our conduct in the collection, use, release and
security of customer information, as well as the responsibilities we assume as employees,
including our dealings with our business partners.
In working with our partners and vendors to compile and use lists of customers and
prospective customers for marketing purposes, we require strict contractual obligations
regarding security, allowing us to audit those who are involved in the process.
These principles define our commitment to protect the privacy of our various customers.
Each American Express business unit maintains its own additional rules and practices,
which are fully consistent with these principles, and which they may modify as needed for
particular products and services, or to conform to local laws or customs around the world.
If you have questions or comments about the American Express Customer Privacy Principles, please contact the American Express International Inc., 18/F Cityplaza 4, 12 Taikoo Wan Road, Taikoo Shing, Hong Kong.
|