American Express®
Online Privacy Statement Canada

We may use Online Information we collect about you on its own or combine it with Other Information to:

• deliver and improve our products and services, including to:
  
  • recognize you when you return to our websites or use our apps;
  • complete transactions;
    
  • tell you about updates to your accounts, products, and services;
    
  • update you about new features and benefits;
    
  • answer questions and respond to your requests made through our websites or apps and through third-party websites (including social media);
    
  • use the location of your mobile device for location-based services that you may request;
    
  • determine how to best provide services to you and manage your accounts, such as the best way and time to contact you;
    
  • improve our websites or apps and make them easier to use;
    
• advertise and market our products and services – and those of our Business Partners – including to:
  • present content that is tailored to your interests, including Targeted Advertising;
  • send or provide you with ads, promotions, and offers;
  • analyze whether our ads, promotions, and offers are effective;
  • help us determine whether you may be interested in new products or services;
  • provide location-based content and advertising personalization;
• conduct research and analysis, including to:
  • better understand our customers and our website or app users;
  • allow you to give feedback by rating and reviewing our products and services and those of our Business Partners;
    
  • produce data analytics, statistical research, and reports;
    
  • review and change our products and services;
    
• manage fraud and security risk, including to:
  • detect and prevent fraud or criminal activity;
  • safeguard the security of your information;
• assess credit risks relating to our business, including to:
  • evaluate and process your applications for our products and services and manage your existing accounts; (for example, to contact you with important information about your account) and
• use it in other ways as required or permitted by law or with your consent.
  

Automated Decision Making

We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:

• assess security risks, detect and manage fraud;
• process card and loan applications;
• assess  credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card or loan or approve a transaction.

These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with Amex Canada, and

information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with Amex Canada) and transaction particulars (such as merchants and Card present or not) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.

Please see the section “Your Rights” for more information about your rights related to automated decision making.

Digital Advertising

We advertise through our own websites and apps as well as third-party websites or apps. We may use information about you in order to display online marketing content or ads that are tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.  

We and our Third-Party Ad-Servers may use Precise Location Data which may be obtained from a mobile device to deliver Targeted Advertising to you. In this case, additional personal information is not shared with us when our Third-Party Ad-Servers deliver the Targeted Advertising.

If Precise Location Data is used with the Amex app, that app will provide you with additional details and choices. 

We participate in advertising programs offered by various social media and online partners such as Facebook and Google. These programs allow us to serve you with advertising when you use those services. We use
information we hold about you to help ensure those advertisements are relevant to you. We may provide a hashed version of your email address or other information to the platform provider for such purposes. 

We may use information from one app to provide you with Targeted Advertising on another app. For example, if you begin completing an online form on the Amex app and do not complete it, we may follow up with Targeted Advertising through social media and online partners. In this context we do not share the relevant online activity with the third party. To opt-out or change your preferences for these advertising programs, please see the "Your Choices" section below.

We may share your Personal Information as required or as permitted by applicable law, such as;

• with credit bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe;
• with regulatory authorities, courts, and governmental agencies to comply with legal orders, legal or regulatory requirements, and government requests;
• with our Service Providers, regulatory authorities, and governmental agencies to detect and prevent fraud or criminal activity, and to protect the rights of American Express or others;
• within the American Express Family of Companies;
• with our Service Providers who perform services for us and help us operate our business (we require Service Providers to safeguard Personal Information and only use your Personal Information for the purposes we specify);
• with financial institutions or Co-brand Partners with whom American Express jointly offers or develops products and services (but they may not use your Personal Information - in particular your email address - to independently market their own products or services to you unless you consent that they can do so);
• with third parties for fulfillment of offers, and so those third parties can improve the effectiveness of their advertising;
• in the context of a sale of all or part of the American Express Family of Companies or their assets; or
• for specific products or services, when you have given your consent.

Cross-Border Transfers of Personal Information

In providing you with our products or services, we will transfer Information outside of your province or territory of residence or outside of Canada (“other locations”) where different data protection laws apply, such as to the United States (where our main operational data centres are located). No matter where we transfer Information about you, we will protect it in the manner described in our privacy notices and in accordance with applicable laws using appropriate contractual protections.  We also assess whether other technical and organizational measures are required. However, governments, courts, law enforcement or regulatory agencies in other locations may be able to obtain disclosure of customer Information through their laws. For information about the manner in which we or our service providers (including service providers outside of Canada) treat Personal Information, please contact us as set out below. 

We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity and availability of your Personal Information. These measures include physical and technological  safeguards, and appropriate access controls to data and facilities. We take reasonable steps to securely destroy or anonymize Personal Information and sensitive Personal Information when we no longer need it, unless we are required to keep it longer by law, regulation or for the purposes of litigation or regulatory investigations.

Our Roles and Responsibilities

We have governance to support adherence to this Statement and the Privacy Code including procedures, training, reporting, oversight (including by the Chief Privacy Officer or person-in-charge of Personal Information) and committees of management and our Board of Directors (as applicable). Amex Canada employees are required to comply with this Statement and Privacy Code. Business Partners are also required to comply with our privacy standards.

In certain instances, you have a right to access, update, change or correct, dispose or make a complaint about your Personal Information, including by

• Requesting details on the Personal Information we have about you
• Requesting a review of certain automated processing activities
• Requesting that Personal Information we have about you be changed or corrected
• Make a complaint regarding the protection of your Personal Information
• Withdrawing the consent you have given for the processing of Personal Information at any time or restricting or objecting to the use of personal information, subject to legal and contractual restrictions

If you would like to exercise any of your rights or if you have questions about how we process information about you, please see the “Contacting Us” section below. 

You have choices about how we use information about you for marketing and advertising. Like most companies, we work with a range of advertising partners such as ad networks, ad servers and social media platforms to present our ads online. Your choices may differ depending on whether we are communicating with
you through a website, email app or social media. 

Choices about Marketing Communications

You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email and/or telephone. If you choose to not receive marketing communications from us, we will honour your choice. Please be aware that if you choose not to receive such communications, certain offers attached to the products or services you have chosen may be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.

For additional information and to manage your marketing preferences, please see Additional Information and Marketing Preferences .

Online Behavioural Advertising

American Express participates in Targeted Advertising programs. We use information we have about you in order to provide you with advertising messages that are relevant to you. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Online Behavioural Advertising and DAAC’s Application of Self-Regulatory Principles to the Mobile Environment. The DAAC program is designed to provide information about and greater control over online advertising. It enables you to opt out from online behavioural advertising served by participating companies. The DAAC program applies to websites and mobile applications. You can use the Ad Choices opt out tool to opt-out online or get the free DAAC App Choices App for each of your mobile devices. With the App Choices App you can set your preferences for Targeted Advertising and use of data across apps. Click here to learn more about the DAAC and your choices.

If you do not want to receive Targeted Advertising from American Express in apps, you can also turn off mobile device ad tracking or reset the advertising identifier in your device settings, where these tools are available from your device platform, on each of the devices that you use. If you do not want to receive Targeted Advertising using Precise Location Data, you can also turn off location-based services in your device settings.

In addition, we also work with online and social media companies to deliver Targeted Advertising on those platforms and they also have privacy content options.

Choices About the Information We Collect

You have choices about how American Express uses your information, such as how we market to you or how we manage Cookies and Similar Technologies.

If you do not want us to collect information about you using Cookies and Similar Technologies you can disable or delete them. Most computer systems and browsers offer their own privacy settings. We encourage you to use them to enhance your choices. Most browsers’ advanced settings (such as those in Internet Explorer, Google Chrome or Safari) allow you to disable Cookies and Similar Technologies.

Important: If you do disable or delete Cookies and Similar Technologies, some site features and services may not work. You will need to manage your settings for each computer and browser you use to access the Internet. 

For more information go to About Cookies and Similar Technologies.

If you have any questions about our Statement, please talk to one of our customer service representatives at Amex Canada Click here for a list of contact numbers or, write to the Person in Charge of the protection of personal information:

Chief Privacy Officer

Amex Canada

PO Box 3204, STN F

Toronto, Ontario

M1W 3W7

Aggregated Information - data or information, relating to multiple people, which has been combined or aggregated. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.

American Express (we, our, us), - the American Express Company as identified at the beginning
of this Statement.

Amex Canada Privacy Code - This Privacy Code sets out the privacy policy of Amex Bank of Canada and Amex Canada Inc. (“Amex Canada”), and applies to their products, services and customers (including prospective customers) in Canada. The Code is consistent with the American Express Data Protection and Privacy Principles, which apply to all American Express operations worldwide.

Anonymized Information - data or information that is irreversibly or permanently modified to ensure that no individual can be identified from the information, whether directly or indirectly, by any means. 

Business Partners - any third parties with whom we conduct business and have a contractual relationship, such as a business that accepts American Express branded cards.

Co-brand Partners - businesses we partner with to offer cards featuring both brand logos.

Cookies and Similar Technologies - cookies are small text files which are placed on your computer, mobile device or tablet whenever you visit a website. We use cookies for many different purposes, like helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. They can also help ensure that ads you see online are more relevant to you and your interests. Some of the functions that cookies perform can also be achieved using alternative technology, which is why we use the term 'Cookies and similar technologies ' in this Statement. More information about cookies.

De-identified Information - data or information used in a way that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.

IP Address - a number assigned to a device when connecting to the Internet.

Online Information - data or information collected on the American Express websites and apps as well as on websites and apps of third parties relating to topics about our business which includes Personal Information, Aggregated Information and De-Identified Information.

Other Information - American Express internal information (for example, transaction data), external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you.

Personal Information- information that can identify a person, such as name, address, telephone number, and email address.

Precise Location Data- data that allows the location of a mobile device to be used for the purposes of delivering Targeted Advertising.

Service Providers - any vendor, third party and/or company that performs business operations on our behalf, such as printing, mailing, fulfillment, communications services (email, direct mail, etc.), marketing, sales, data processing and platforms, servicing, collections, or ad management.

Targeted Advertising - ads we, or our Service Providers or Third-Party Ad-Servers, display on websites outside the American Express Family of Companies based on the preferences or interests inferred from our data, such as transaction data, or data collected from a particular computer or device regarding web viewing behaviours or app use over time and across different websites and mobile apps. Targeted Advertising may occur across browsers or mobile devices that have been associated together. Targeted Advertising includes Interest-Based Advertising. We participate in the Digital Advertising Alliance of Canada (DAAC) self-regulatory program and adhere to the DAAC Principles for Interest-Based Advertising. The DAAC program is designed to provide information about and greater control over online advertisements. It also enables you to opt out from Interest-Based Advertising served by any, or all of the participating companies. Click here to learn more about the DAAC and your choices.

Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.