AMEX Canada Privacy Code

icon

American Express has long recognized and fully accepted our responsibility to safeguard the privacy, confidentiality and security of the personal information entrusted to us. This Privacy Code ("Code") sets out the privacy policy of Amex Bank of Canada and Amex Canada Inc. (“Amex Canada”), and applies to their products, services and customers (including prospective customers) in Canada. The Code is consistent with the American Express Data Protection and Privacy Principles, which apply to all American Express operations worldwide.

This Code should be read in conjunction with our Online Privacy Statement which is part of the Code and addresses how Amex Canada collects, uses and safeguards the personal information you provide to us online. The Online Privacy Statement describes and provides illustrative descriptions and examples to help you understand how we collect, use, disclose and safeguard information online including through websites, mobile applications and other online communications and content.

This Code and our Online Privacy Statement are available on our website. We may update this Code and the Online Privacy Statement and the most recent version will be available at www.americanexpress.ca/privacy.

In this Code “personal information” means any information which relates to an individual and allows that individual to be identified (“Information”).

We limit the collection, use, retention, and disclosure of Information about individuals who are customers to what we need to know:

to initiate and administer their accounts,
to provide customer services,
to offer new products and services,
to understand the current and future needs of our customers and to otherwise analyze and manage our business,
to assess and manage our credit risk,
to detect and protect us against error, fraud and other criminal activity,
to exchange Information with customers who are jointly liable to us,
to share Information with third party suppliers who provide or participate in services or benefits provided in relation to our products and services,
in the case of business accounts or business travel, to provide account reports or data about the business account or business travel to a customer’s employer or its related businesses or their agents or service providers,
to comply with any legal and regulatory requirements,
or for any other purpose in accordance with applicable law.

We tell our customers about the purposes for which we collect, disclose, use and process Information we collect. We also provide our customers with illustrative descriptions and examples to help them understand the nature of this Information and how it relates to the purposes. For example, the Online Privacy Statement describes and provides illustrative descriptions and examples to help you understand how we collect, use, disclose and safeguard information online including through websites, mobile applications and other online communications and content.

Nature of Information Collected

The Information we collect will vary by product and can change over time. Here are some examples of the type of Information we collect and how they relate to certain purposes.

The Information we collect from time to time may include:

Information to identify you such as name, date of birth, contact information, government issued documentation details (for example, a driver’s license), and your background (for example, occupation) or biometric information (for example, your voice print for voice identification);
Information about your financial circumstances, such as your income, assets, payment history and credit worthiness;
Information for the provision of products and services (for example, language, travel, lifestyle and other preferences, and information on a loyalty or reward program attached to your product);
Information relating to transactions arising from your relationship with or through us (depending on the product or service, this may include purchase details, details about how you make payments to us or use our products to make payments to others); and
Information about your browsing history and the device you use to browse our websites, mobile applications or other online communications and content and your IP address. Please see our Online Privacy Statement for more information about cookies and similar technologies.

We collect Information from various sources including from you directly through applications, correspondence or other communications, through the products and services you use online and offline, from others with your consent such as credit reporting agencies and other lenders, third party databases (including registries, licensing authorities, identification services, telecom providers), references provided by you or other permitted sources.

Health Information - In certain appropriate circumstances, we or others providing services through us may ask for health information for specific services (such as insurance) or requests. This type of Information will not be used for any purpose other than to address the specific service or request. We will not request or use health information to assess a credit application.
Social Insurance Number - Disclosure of Social Insurance Numbers (SIN) to match credit bureau information is optional for credit/charge or other loan products. If you provide your SIN for a credit product, we will use it to match credit bureau/reporting agency information. This allows us to distinguish you from other individuals, particularly those with similar names, and helps ensure the accuracy of the Information collected and reported.
Date of Birth - Date of birth is required in certain circumstances to comply with “know your customer” standards, or for security reasons. It also allows us to determine your eligibility for certain products or services.
Email, Text Message and Other Electronic Communications - We may send customer service and marketing communications to you electronically. Examples of customer service include electronic statement, collection and other notices. We may also provide payment due, account balance, approaching credit limit, payment received and other account alerts.
Online Information - We may use online information available through the websites, mobile applications and other online communications and content that you use on its own or combined with other Information we have about you to deliver products and services, prevent fraud, update you about new features and benefits and conduct research and analysis. Please see our Online Privacy Statement for more about how we collect information online about you.
Travel and Lifestyle Preferences - If you hold a product in which we provide concierge services and travel services offered by Amex Canada Inc., your travel and lifestyle preferences like the individual authorized to make bookings on your behalf, your preferred retailers, restaurants and leisure activities could be used by us to customize, personalize and coordinate concierge and travel recommendations and bookings. We may also access account Information to assist in providing you with these services.

Use of Information Collected

We will review and analyze Information in various ways. For example, we monitor transactions using proprietary techniques to help identify transactions that may be of risk from a credit, fraud or money laundering and terrorist financing perspective.

This involves our understanding you and your ordinary use of our products and services in order to identify unusual activity. It also includes assessing Information in relation to information from other sources including our own records to detect suspicious patterns or connections.

We are required by law to determine whether we have customers who are politically exposed persons and comply with certain legal requirements. We use Information, publicly available information and commercial database(s) to determine whether a customer is politically exposed. More information is available at the website www.fintrac.gc.ca.

When, with your consent, we promote and market to you products and services offered by us or from other well-established companies (“promotions”), each promotion is carefully developed to ensure that it meets our standards. We try to make sure these promotions reach only those customers most likely to take advantage of them. To do this, we develop lists for use by us based on Information you have provided us on your applications, in surveys and other communications, Information derived from how you use our products that may indicate purchasing preferences and lifestyle, as well as Information available from external sources including consumer reports. We may also use that Information, along with noncredit information from external sources, to develop lists that are used by us. The lists used to send you promotions are developed under strict conditions designed to safeguard the privacy of customer Information.

We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:

assess security risks, detect and manage fraud;
process card and loan applications;
assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card or loan or approve a transaction.

These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with Amex Canada, and

information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with Amex Canada) and transaction particulars (such as merchants and Card present or not) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.

We give customers the choice of not receiving promotions and marketing offers. These include product and service offers from American Express businesses and other well-established companies. Choosing to opt-out of promotions and marketing offers will not limit information we may provide you when you contact us. In addition, we will continue to provide information to our customers in keeping with the nature of their relationship with us.

If you do not wish to receive promotions and marketing offers, please call us at 1-800-869-3016 or you can manage your marketing preferences through Online Services (if enrolled) at www.americanexpress.com/canada/prefEN. You can choose to be excluded from all promotions or from certain promotions or certain communication channels based on the options that we may make available. Additionally, you can unsubscribe from our marketing email messages by clicking the “unsubscribe” link included in each message. Your request will be processed promptly but may not be captured for promotions already in progress.

Subject to legal and contractual restrictions, you can withdraw your consent to our use of your Information at any time with reasonable notice. For example, as described above you may choose not to receive marketing offers or other promotional materials. If you refuse or withdraw your consent for any purpose that is required by us to fulfill our product or service contract with you, we will not be able to provide you, or continue to provide you, with the product or service. In some cases, certain consents are mandatory and cannot be withdrawn. For example, once you have a card or other credit product from us, you may not withdraw your consent relating to ongoing collection and disclosure of credit information. This is necessary to support and maintain the integrity of the credit granting process. Similarly, you cannot withdraw your consent on matters that are essential to the management of our businesses, including the disclosure of Information when we assign our rights to others such as for the sale or collection of debts.

We use advanced technology, documented procedures, and internal monitoring practices to help ensure that customer Information is processed promptly, accurately and completely. In addition, we prescribe standards of quality from the consumer reporting agencies and others who provide us with Information about prospective customers.

Customers have access to Information that is reasonably available and retrievable in the ordinary course of business. Upon written specific request, we will disclose to customers Information about them that is entered in our records, and customers may correct Information that is inaccurate or incomplete or request that their information be disposed. We will respond to a customer’s request and advise the customer in advance of any charges for copies. Some information may not be accessed if it refers to others, is subject to legal privilege, contains confidential information, cannot be retrieved using a customer’s name or account number, cannot be disclosed for legal reasons, or as otherwise permitted by law.

.

If we are informed and it is determined that a customer’s Information in our files is inaccurate, we will correct it.

Customers may exercise their rights to access, correct or dispose their Information by writing to the Person in Charge of the protection of personal information: Chief Privacy Officer, Amex Canada, PO Box 3204 STN F, Toronto, ON M1W 3W7. We will respond to a written request from you within 30 days of its receipt. If for any reason we deny your request, we will provide you with written reasons.

Credit Reports

With your consent, in dealing with you we may obtain and consult credit reports on you prepared by credit reporting agencies. You have rights of access and correction in relation to the files held on you by these agencies by contacting them. Please write us at the above address to the attention of the Person in Charge of the protection of personal information if you wish to obtain the name and address of the agency or agencies from whom we have obtained a credit report about you.

We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity and availability of your Information. These measures include technological safeguards and appropriate access controls to data and facilities. We take reasonable steps to securely destroy, de-identify or anonymize Information and sensitive Information, as appropriate, when we no longer need it. We will keep your Information only as long as we must to deliver our products and services, unless we are required to keep it longer by law, regulation or for the purposes of litigation or regulatory investigations.

We may share your Information as required or as permitted by law, such as:

with credit bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe;
with regulatory authorities, courts, and governmental agencies to comply with legal orders, legal or regulatory requirements, and government requests;
with our service providers, regulatory authorities, and governmental agencies to detect and prevent fraud or criminal activity, and to protect the rights of American Express or others;
within our parent company and our affiliates;
with our service providers who perform services for us and help us operate our business (we require service providers to safeguard Information and only use your Information for the purposes we specify);
with co-brand partners (to learn more about how we disclose your Information to our co-brand partners, see your Cardmember Agreement) and other partners and benefit providers with whom we jointly offer or develop products and services (but they may only use Information to market their own products or services if you consent);
in the context of a sale of all or part of our, our parent company or our affiliates or their assets; or
for specific products or services, when you have given your consent.

In providing you with our products or services, we will transfer Information outside of your province or territory of residence or outside of Canada (“other locations”) where different data protection laws apply, such as to the United States (where our main operational data centres are located). No matter where we transfer Information about you, we will protect it in the manner described in our privacy notices and in accordance with applicable laws using appropriate contractual protections. We also assess whether other technical and organizational measures are required. However, governments, courts, law enforcement or regulatory agencies in other locations may be able to obtain disclosure of customer Information through their laws. For information about the manner in which we or our service providers (including service providers outside Canada) treat Personal Information, please contact us as set out below.

We may share customer Information in order to manage our businesses including when we assign our rights to others. This includes disclosing on a confidential basis customer Information to parties that may be participating in a proposed or an actual business transaction with us including financings, securitizations, insurance, or the assignment of our rights such as for the sale or collection of debts.

If we deny an application for our services or end a customer’s relationship with us, if requested and to the extent permitted by applicable laws, we provide an explanation. We state the reasons for the action taken and the Information upon which the decision was based unless the issue involves potential criminal activity or the information is proprietary.

In certain circumstances where a decision was made based on automated processing of your Information, you may request an explanation of our decision. In our response we will describe the type of Information that was used, the source of the Information, and the principal factors that led to the decision. You will also be able to correct inaccuracies in the Information used in the automated processing.

Everyone involved in the life cycle of customer Information is responsible for maintaining customer confidence in Amex Canada. We provide training and communications programs designed to educate individuals about the meaning and requirements of this Code.

We conduct a combination of compliance self-assessments, privacy risk assessments, internal audits, and may commission outside-expert reviews of our compliance with the Code and the specific policies and practices
that support the Code.

We have governance to support adherence to this Statement and the Privacy Code including procedures, training, reporting, oversight (including by the Chief Privacy Officer or person-in-charge of Information) and committees of management and our Board of Directors (as applicable). Amex Canada employees are required to comply with this Statement and Privacy Code. Our business partners and vendors are also required to comply with our privacy standards.

Those who violate the Code or other Amex Canada policies and practices may be subject to disciplinary action, up to and including dismissal. Employees are expected to report violations – and may do so including to their managers, to their business unit’s compliance officer, or by contacting a confidential employee reporting hotline.

We require companies we select as our business partners to agree to keep our customer Information confidential and secure, to protect the Information against unauthorized access, use, or disclosure by the recipient company, and limit its use to the purposes for which it was disclosed. We also encourage our business partners to respect their customers’ Information by adopting strong and effective privacy policies and practices.

In addition, we participate actively in industry associations to advocate development of comprehensive privacy policies and implementation strategies.

Our Chief Privacy Officer is the person in charge of customer Information and is responsible for ensuring that our day-to-day procedures comply with our Privacy Code.

Questions and Concerns:

If a customer has any questions or concerns, or complaints about their privacy, please talk to one of our
customer service representatives at Amex Canada. Click here for a list of contact numbers or, write to the Person in Charge of the protection of personal information:

Chief Privacy Officer

Amex Canada

PO Box 3204, STN F

Toronto, Ontario

M1W 3W7

AMEX Canada Privacy Code

1. We only collect customer Information that is needed and we tell customers how we use it.

2. We give customers choices about how their Information will be used.

3. We ensure Information quality.

4. We give customers rights to access, correct and dispose of their Information.

5. We use prudent Information security safeguards.

6. We limit the sharing of customer information.

7. We are responsive to customers’ requests for explanations.

8. We hold ourselves responsible for our Privacy Code.

9. We extend the protection under this Privacy Code to our business relationships.

10. Our customers’ privacy concerns or complaints are important to us.