English | Suomi
American Express®
Online Privacy Statement
Effective Date: March, 2021
American Express® (American Express Europe S.A. and American Express Payments Europe S.L.), is committed to protecting your privacy.
In this Online Privacy Statement (“Statement”), we outline what information we collect about you online, why we collect it and how we access, use, disclose, and protect it. This Statement applies to information we collect online through:
- services we operate such as our websites and mobile “apps”; and
- services or content we offer on third party platforms, such as our electronic communications, social media pages, voice assistant apps, and digital ads
This Statement also applies to all other services or content that link to or reference this Statement.
Here’s something to keep in mind
We may provide you with more details about how we use information about you, depending on the product or service you use. In this case, we’ll provide additional Terms & Conditions, privacy statements, or notices. For example, your Corporate Cardmember Framework Agreement includes more specific details about how we use information tied to your corporate card.
This Statement doesn’t apply to online services operated by American Express that have their own online privacy statements.
Third-party services, such as social media sites, have terms that explain how they handle information about you. Please take a moment to review the terms of any other online services you use.
Our websites and apps are not intended for children. We don’t knowingly collect information online from, or market online to, children under 16 years of age.
The type of information we collect depends on the product or service you use. We’ll only collect personal information that is reasonably necessary for legitimate business purposes.
In some cases, we collect information if you directly provide it to us. For example, we may collect personal information such as your name, account number, date of birth, address, phone number, and/or email address. When you interact online with American Express, we may also process digital data and other information originating from your online behavior, such as your IP address or whether you have previously visited us online during the application process.
For instance, we collect personal information when you:
- apply for an American Express product or service online;
- access our online account services;
- book a flight through American Express Travel or purchase something on our websites;
- enroll in an American Express offer, participate in a promotion or take one of our surveys.
If you apply for an American Express card account, we may collect more detailed personal information such as your employment details or your income.
Please note that we may also collect special categories of personal information (such as information regarding health or biometric data) in some instances. We’ll use this information only as permitted or required by law, or where provided by you with your explicit consent.
Cookies and similar technologies
We also collect information through cookies and similar technologies when you use our online services or access our content online
A cookie is a small data file that a website transfers to your computer. We place cookies when you visit our website or another company’s website where our ads appear or when you make purchases, request or personalise information, or register for certain services. If you accept the cookies used on our website, websites that are “powered by” another company on our behalf, or websites where our ads appear, you give us access to information about your interests. We use that information to personalise your experience. Similar technologies include clear GIFs, web beacons, and pixel tags, which tend to be transparent images on websites. Our cookies and similar technologies collect information about your device, operating system and web browser. They also collect information about your use of the device, as described in more detail below.
Most cookies and similar technologies will only collect de-identified information such as how you arrive at our website or your general location. However, certain cookies and similar technologies do collect personal information. For example, if you click “remember me” when you log in to our website, a cookie will store your username.
Cookies and similar technologies may collect information that includes:
- the device(s) you use (for example, the operating system or type of device you use to open electronic communications from American Express);
- information related to your IP address, such as your domain information, internet provider and general geographic location;
- how you use our websites and apps, such as what you search for on our websites and apps, the pages you view, how long you stay and how often you visit them;
- how you search for our websites or apps, which website or app you came from, and which of our business or commercial partners’ websites you visit;
- which ads or online content from us and our business or commercial partners you view, access or click on;
- whether you open our electronic communications, which sections you click, or how often you open them
If you use your mobile device to access our products or services, we may collect information related to that device, such as your location to provide location-based content you request.
For more information about cookies and similar technologies, please refer to our policy “About Cookies and Similar Technologies”.
Other Sources of Information
We may obtain information about you from other sources and combine it with information we collect under this Statement. For example, we may obtain information about other American Express products and services you use, in accordance with those privacy notices. In accordance with your Corporate Cardmember Framework Agreement, we may collect information from your paper application form and your card transactions. We may also obtain information from publicly available records or databases or third-party sources, such as credit bureaus or business and commercial partners.
We use information about you either on its own or combined with other information: (i) where it is necessary to administer our contractual relationship with you; (ii) for our own legitimate interests to provide you with better products and services (such as to reduce fraud); (iii) where we have obtained your consent, such as for certain marketing purposes; or (iv) for compliance with laws. Please note that we consider and balance any potential impact on you and your rights before processing your personal information for our legitimate interest.
(i) More specifically, to administer our contractual relationship with you and deliver products and services, including, for instance, to:
- process your applications;
- process and complete transactions;
- manage your accounts;
- update you about new features and benefits;
- provide location-based services you may request;
- better communicate with you;
- provide you with open banking services (see the open banking section for more information).
(ii) For our legitimate interests or for the legitimate interests of others, we may use information about you to:
- conduct research and analysis to better understand our online visitors, customers and our business, including to:
- request feedback or reviews about our products and services and those of our commercial and business partners;
- determine the effectiveness of our advertising and marketing campaigns;
- improve our websites or apps and make them easier to use;
- place you in groups with similar customers to make predictions about you, deliver more personalized services and help determine whether you may be interested in new products or services.
- request feedback or reviews about our products and services and those of our commercial and business partners;
- manage our business risks, such as fraud, credit and security risks, including to:
- detect and prevent fraud or criminal activity and safeguard your accounts, including by using the location and other technical attributes of your mobile device or browser;
- review and approve individual transactions you make through digital channels;
- develop and refine our risk management policies, models and procedures for applications and customer accounts;
- inform our collection practices and share information with credit reference agencies and fraud-management agencies.
- detect and prevent fraud or criminal activity and safeguard your accounts, including by using the location and other technical attributes of your mobile device or browser;
- advertise and market our products and services and those of our business and commercial partners, including to present content that is tailored to your interests, including targeted advertising across multiple devices (see the Digital Advertising section for more information).
(iii) With your consent, to:
- promote our products and services;
- send you ads, promotions, and offers about products and services for companies within the American Express group and those of our business and commercial partners;
- recognise you when you return to our websites , receive our emails, or use our apps including across multiple devices (for example, to send you tailored ads, promotions, offers or content, including targeted advertising). Please refer to the “cookies and similar technologies” section above for more information.
(iv) To comply with applicable laws and regulation around the world, we may use information about you:
- to establish, exercise, or defend legal rights or claims and assist in dispute resolution;
- for reasons of substantial public interest (including for instance the use of your biometric information such as your ID voice print) for security verification and fraud prevention purposes;
- as required or permitted by law (such as performing due diligence on you before approving your application).
Open banking
We may use your personal information to provide our open banking services. Those services include:
- providing you with consolidated information on one or more payment account(s) that you hold with one or more bank(s) or payment institution(s); or
- contacting your bank to perform a credit transfer to a merchant, for example, when you use our Pay With Bank Transfer service (which allows you, for instance, to pay for any purchase made on a participating website directly from your bank account, with your money being sent directly to the merchant's bank account).
In this context, we will process your personal information to provide you with the regulated open banking services or as otherwise described in this “Use of Information” section.
Automated decision making
We may use fully automated processes to help us make certain decisions, including to evaluate certain attributes about you to provide our services. For example, we may use such processes to:
- assess security risks, detect and manage fraud;
- process card applications;
- assess credit risks, including to check if you meet our eligibility criteria and decide whether we can issue you a card.
These assessments are based on information that we lawfully obtain, such as information that you provided in your application form (including your reported income), your payment history with American Express, and information we obtain from third parties, such as credit bureaus. We also look at digital data (such as information about your device, browser, or patterns in your online interactions with American Express) to help us detect fraud. These methods are regularly tested to ensure that they remain fair, effective and unbiased.
Some of those decisions that are made solely by automated means have legal effects or similar effects. However, we will only perform such processing if it’s:
- necessary for entering into or performing a contract between you and American Express;
- authorized by a law to which American Express is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
- based on your explicit consent to such processing.
Please see the section “Your Rights” for more information about your rights related to automated decision making.
Digital Advertising
We advertise through our websites and apps, as well as third-party platforms. We may use information about you to display online marketing content tailored to your interests or general geographic location, across multiple devices you use. Here are some ways this works.
- We engage in targeted advertising, which involves the use of personal information, your email address and other information collected through cookies and similar technologies, regarding your browsing behavior over time and across different websites.
- We also use information about you to present advertising content or participate in targeted advertising campaigns on social media platforms. If you follow our social media pages or “like” our content on these platforms, we may use information about you to improve what and how we serve content to you on social media.
Keep in mind, we don’t own these websites and apps, and we are required to use information about you only in ways that are consistent with the privacy policies and terms & conditions of these platforms.
You can choose how we market to you, as specified in the “Your Choices” section below.
In some circumstances, we may disclose information about you, including with:
- service providers, who perform services for us, such as printing, mail, advertising, marketing, etc. We require all of our service providers to protect personal information according to our standards and use it only for the purposes we allow;
- regulatory authorities, courts, governmental agencies and fraud prevention agencies, in order to comply with legal or regulatory requirements, assist in legal or regulatory investigations, and protect the rights of American Express or others;
- with credit reference agencies and similar institutions to report or inquire about your financial circumstances, and to report or collect debts you owe;
- companies or other lines of products and services within the American Express group;
- business or commercial partners such as other financial institutions, loyalty programs, travel partners, and certain advertising partners with whom we offer or develop products and services;
- third parties for the provision of open banking and related services upon your request, for example where you seek to connect your account information to another platform or to initiate payments from other accounts;
- necessary parties involved in the sale of all or part of a company in the American Express group, or its assets;
- other relevant third parties, as required or permitted by law or with your consent.
Cross-Border Transfers of Personal Information.
Where necessary, we’ll transfer personal information to other countries with different data protection laws to provide you with our products or services (including to countries outside of the European Economic Area, such as to the United States, where our main operational data centers are located), unless it’s restricted by applicable law. Keep in mind, no matter where we process personal information about you, we’ll always protect it in the manner described in our privacy notices and in accordance with applicable laws. For example, when we share personal information with other companies within the American Express group that are outside the European Economic Area, we ensure an adequate level of protection though our Binding Corporate Rules. When we share personal information with third parties outside the European Economic Area, we include appropriate contractual protections in those agreements. In addition, we assess whether other technical and organizational measures are required for those transfers.
We sometimes process personal information so that it no longer identifies any individual. Once processed, this is referred to as aggregated and anonymized information. We use aggregated and anonymized information to:
- analyze patterns among groups of people, such as card members and online users;
- create business insights or statistical research reports;
- improve our advertising and our business.
We sometimes share aggregated and anonymized information with third parties, for many of the same reasons mentioned above.
We use administrative, organizational, technical and physical security measures to protect the confidentiality, integrity, and availability of personal information. Here’s what you should know:
- these measures include technological safeguards and appropriate access controls to data and facilities;
- we require service providers to safeguard personal information and only use it for the purposes we specify;
- we take reasonable steps to securely destroy or de-identify personal information when we no longer need it;
We keep personal information for only as long as necessary to provide you with products or services - unless we’re required or permitted to keep it for longer by law, regulation, or for litigation or regulatory investigations.
In certain cases, you have the right to access, update, restrict, object to and delete your personal information. You also have the right to exercise your right to data portability and / or to withdraw your consent. Such rights include:
- requests for information about the personal information we have stored about you;
- restrictions and / or objections to the use of personal data;
- requests for a manual review of certain automated processing activities that may affect your legal or contractual rights or that may have a similar legal effect;
- receiving your personal information in a structured, commonly used and machine-readable format and / or transferring such information to another data controller;
- withdrawal of your consent to the processing of personal data at any time
If you wish to exercise any of your rights or have any questions about how we process information about you, please contact our Data Protection Officer at DPO-Europe@aexp.com.
If we receive a complaint from you, we strive to process it as soon as possible and within 30 days at the latest. If we are unable to meet this deadline, we will send you a letter explaining the reason for the delay and stating the expected response time. Please note that your request is free of charge, unless it incurs additional costs to our company, in which case you may be charged the rate fee set by the data protection authority.
You can also contact the Office of the Data Protection Officer directly. More information is available on the EDPS website. You also have the option of bringing the case before the court where you live, work or where an infringement may have occurred.
You have the power to make choices about how American Express collects and uses information about you for marketing and advertising purposes. We partner with a variety of advertising partners, including ad networks, ad servers, and social media platforms to help us present our ads online. Your choices may vary depending on whether we show you ads via websites, email or social media.
Choice of the information we collect
- If you do not want us to collect information about you through cookies for marketing and advertising purposes, you can opt out of cookies in the banner that appears the first time you visit our website, by clicking on Cookie Preferences or in your browser settings as specified in the Policy for cookies.
- If you delete cookies, buy a new device, access websites from another device or change browsers, deselect again.
- If you opt out of cookies, we will show you advertisements related to our products or services, but they are not based on information about you.
- You can adjust how we collect information about you in your mobile device's settings - for example, you can disable location-based services and ad tracking on your device
Choices around marketing communication
- If you do not wish to receive direct marketing communications from us, you can opt out via:
- Email: Click "unsubscribe" at the bottom of an email and follow the instructions.
- Email: Click "unsubscribe" at the bottom of an email and follow the instructions.
- Keep in mind that even if you opt out of direct marketing, we will still communicate with you to operate your account, respond to your requests, or manage any campaigns or schemes you have chosen to be a part of. This communication, which is necessary for us to inform you about the service you expect to receive from us, is not considered as direct marketing, but rather as a service message. For example, such communications may be used to inform you of a benefit on your account.
How to access your customer choices
If you are a customer, you can make choices about how we communicate with you. Call the number on the back of your card to discuss your marketing preferences.
Merchants
- By logging in to the Merchant website, you can update marketing preferences in your profile.
If you have any questions about this Statement, feel free to get in touch at the number on the back of your card or visit the “Contact Us” page on our website. You may also contact our DPO at DPO-Europe@aexp.com.
We may change this Statement when necessary. Depending on what we change, we may let you know in advance. Whenever we make any changes, we’ll update the “Effective Date” at the top of this page. Any changes to this Statement will become effective immediately when posted. When you continue to use our products and services following an update, it will indicate that you accept the revised Statement.
AMERICAN EXPRESS
Copyright © 2021 American Express Company