American Express International, Inc., Hong Kong Branch and its subsidiaries (“Amex”)
July 2023
Notice to Customers relating to the
Personal Data (Privacy) Ordinance (the "Ordinance")
(a) From time to time, it is necessary for customers to supply Amex with data in connection with (i) the opening or continuation of accounts (including merchant accounts), (ii) the establishment or continuation of credit and/or charge Card accounts, and (iii) the provision of travel, concierge, insurance and merchant services (hereinafter collectively the "Services") by Amex. For the purposes of this document, the term “customers” includes individuals holding Cards issued by Amex (“Cardmembers”) and where the context so requires, individuals at establishments accepting Cards issued by Amex for payment (“Merchants”).
(b) Data may also be collected from customers or generated about them in the ordinary course of the continuation and operation of the
account relationship and the provision of other Services, for example, when Cardmembers make purchases using the Card or when Merchants contact us for servicing requests. Amex will also collect data relating to the customers from third parties, including third party service providers with whom the customers interacts in connection with the customer’s application for Amex's products and services (including receiving personal data from credit reference agencies approved for participation in the Multiple Credit Reference Agencies Model (hereinafter referred to as “credit reference agencies”)).
(c) (i) The purposes for which Amex may use a customer’s personal data are divided into obligatory purposes and voluntary purposes (each as set out in the paragraphs below). If personal data are to be used for an obligatory purpose, the customer MUST provide his personal data to Amex if he wants Amex to provide the Services. Failure to supply such data for obligatory purposes may result in Amex being unable to open or continue account relationships, to establish or continue credit facilities, or to provide other Services.
(ii) If personal data are only to be used for a voluntary purpose, the customer can tell Amex not to use his personal data for that purpose and Amex will not do so.
Please also refer to our American Express Hong Kong Internet Privacy Statement, which outlines what information we collect online, why we collect it, and how we access, use, disclose, and protect it.
Obligatory Purposes
(d) The obligatory purposes for which data relating to a customer may be used are as follows:
(i) processing applications for the Services, the daily operation of the Services and credit facilities provided to customers;
(ii) conducting credit checks at the time of application for credit and subsequently at regular intervals for as long as the account(s) remain open;
(iii) creating and maintaining Amex’s credit scoring models:
(iv) assisting other credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model to conduct credit checks and collect debts;
(v) ensuring ongoing creditworthiness of customers;
(vi) designing financial services or related products for customers' use;
(vii) determining amounts owed to or by customers;
(viii) collection of amounts outstanding from customers and those providing security for customers’ obligations;
(ix) meeting or complying with obligations, requirements, recommendations and instructions to make disclosure under: (1) any law or regulation binding on Amex, any of its subsidiaries or associated entities or American Express Company and its subsidiaries and affiliates (Amex, American Express Company and such subsidiaries, associated entities and affiliates, collectively, “Amex Group”); (2) any guidelines or other measures issued by regulatory or other authorities (including industry and self-regulatory bodies) with which Amex, any of its branches or Amex Group companies are obliged or expected to comply; (3) any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement bodies, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the Amex Group (together the "Authorities" and each an "Authority");
(x) enabling an actual or proposed assignee of Amex, or participant or sub-participant of Amex’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(xi) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information with Amex Group companies and/or any other use of data and information in accordance with any Amex Group wide programmes for compliance with sanctions or prevention or detection of crime, money laundering, terrorist financing or other unlawful activities; and
(xii) purposes directly relating to any of the above purposes.
Voluntary Purposes
(e) USE OF DATA IN DIRECT MARKETING
Amex wish to use customers' data for direct marketing and Amex must obtain the consent of its customers (which can include an indication of no objection) for that purpose.
In this connection:
(i) the name, telephone number, email address, mailing address, financial background, demographic data, products and services portfolio information and transaction pattern and behaviour of customers may be used by Amex for direct marketing;
(ii) the following classes of products, services and subjects may be marketed:
(1) credit/charge Card, insurance and travel related products and services;
(2) reward, referral, loyalty or privilege programmes and related products and services;
(3) Cardmember benefits, promotional offers* and products and services offered by Amex, Amex Group companies and Amex’s merchants, business partners (including third party insurance companies and reward, loyalty, privilege programmes providers), co-brand partners and affinity groups (such merchants, business partners, co-brand partners and affinity groups, collectively, “Amex Partners”); and
(4) Merchant products and services, including incentives and offers; and
(iii) the above products, services and subjects may be provided by Amex, Amex Group companies and/or Amex Partners.
(f) In addition to marketing the above products, services and subjects itself, Amex also provides and/or intends to provide the name, telephone number, email address, mailing address, products and services portfolio information and transaction pattern and behaviour of customers to all or any Amex Group companies and Amex Partners for use by them in marketing those products, services and subjects, and Amex must obtain the written consent of its customers (which can include an indication of no objection) for that purpose.
(g) The provision of a customer's data to the other persons in paragraph (f) above may be for Amex’s gain.
(h) Amex, Amex Group companies and Amex Partners may also, from time to time, engage third parties to provide marketing services on their behalf, and may share the customer's data described in paragraph (e)(i) above with these third parties for such purposes.
(i) Amex, Amex Group companies and Amex Partners may carry out "matching procedures" (as such expression is defined in the Ordinance) in Hong Kong or overseas for the marketing purposes described in paragraphs (e) and (f) above.
* By "Cardmember benefits" and "promotional offers", we mean products, services, reward, referral, loyalty or privilege programmes and other benefits that may be offered by Amex, Amex Group companies and Amex Partners for the purposes of marketing the Amex Card and the Amex Group companies and/or Amex Partners' businesses. It is not possible to be specific about what these products, services, reward, referral, loyalty or privilege programmes and other benefits may be because Amex Partners are involved in a very wide range of commercial enterprises. However, examples of typical Cardmember benefits and promotional offers include discount offers at hotels, airlines, restaurants, retail and online outlets.
If a customer is currently receiving direct marketing from Amex but does not wish Amex to continue to use or provide to other persons his personal data for use for direct marketing, the customer may, without charge, exercise his opt-out right by notifying Amex.
Cardmembers may make the opt-out request by completing the Opt-Out Form at the end of this Notice and returning the duly completed form to Amex. Cardmembers may also manage or change their marketing preferences by contacting Amex at the number printed on the back of their Amex Card (where applicable) or +852-22771010 or logging on to American Express Manage-Your-Card-Account (MYCA) at www.americanexpress.com/hk/en/marketingpreference.
Merchants may make the opt-out request, and manage or change their marketing preferences by contacting Amex at +852 2277 2277.
(j) Data held by Amex relating to a customer will be kept confidential but Amex may provide such information to (1) all the following parties (whether within or outside Hong Kong) - for the purposes set out in paragraph (d) above and (2) if the customer agrees, the parties specified in paragraph (vii) below - for the purposes set out in paragraph (e) above:
(i) any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment clearing or other services to Amex in connection with the operation of its business;
(ii) any other person under a duty of confidentiality to Amex (including without limitation other Amex Group companies) which has undertaken to keep such information confidential;
(iii) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
(iv) credit reference agencies (including the operator of any centralized database used by credit reference agencies) , and, in the event of default, debt collection agencies;
(v) any person to whom there is an obligation, requirement, recommendation or instruction to make disclosure for the purposes set out in, or in connection with, or as otherwise provided by, paragraph (d)(ix) above;
(vi) any actual or proposed assignee of Amex or participant or sub-participant or transferee of Amex's rights in respect of the customer;
(vii) provided the customer has agreed to the use of his personal data for direct marketing, to Amex Group companies and Amex Partners (and also including third parties engaged by Amex, Amex Group companies and Amex Partners to provide marketing services on their behalf), for marketing purposes (including informing customers of services which Amex believes will be of interest to customers); and
(viii) to any other parties whom the customer has expressly or impliedly authorized Amex to make such disclosures as may be reasonably necessary or expedient to procure or fulfill the customers' request(s) for Services.
(k) Further to paragraph (j)(iv) above, Amex may check consumer credit data about its Cardmembers or their guarantor(s) held by credit reference agency(ies) as applicable for the purpose of considering whether to grant Cardmembers credit and/or reviews or renewals of existing credit facilities to Cardmembers. The matters Amex will be considering if accessing these consumer credit data for the purpose of reviews will be an increase in the credit amount, cancellation of credit or a decrease in the amount of credit available or putting in place a scheme of arrangement with relevant Cardmembers and/or their guarantor(s). Amex may also access and collect such consumer credit data about Cardmembers and/or their guarantor(s) for the purpose of reasonable monitoring of indebtedness whilst relevant Cardmembers and/or their guarantor(s) are in default.
(l) Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any customer has the right.
(i) to check whether Amex holds data about him and of access to such data;
(ii) to require Amex to correct any data relating to him which are inaccurate;
(iii) to ascertain Amex's policies and practices in relation to data and to be informed of the kind of personal data held by Amex;
(iv) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency(ies) or debt collection agency(ies); and
(v) in relation to data which have been provided by Amex
to a credit reference agency, to instruct Amex upon termination of an account by full repayment to make a request to the credit reference agency to delete from its database any account data relating to the terminated account, as long as the instruction is given within five years of termination and at no time did the account have a default of payment lasting in excess of 60 days within 5 years immediately before account termination. If the account has had a default of payment, unless the amount in default is fully
repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the customer's relevant account repayment data shall be retained by the credit reference agencies until the expiry of five years from the date of final settlement of the amount in default. If any amount is written off due to a bankruptcy order being made against the individual customer, his/her account repayment data shall be retained by the credit reference agencies, regardless of whether the account repayment data reveal any material default, until the earlier of the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of the customer's discharge from bankruptcy as notified to the credit reference agency(ies) by such customer with evidence.
(m) In accordance with the terms of the Ordinance, Amex has the right to charge a reasonable fee for the processing of any data access request.
(n) The person to whom opt-out requests or consents in relation to the use of personal data for direct marketing, requests for access to data or correction of data and for information regarding policies and practices and kinds of data held are to be addressed is as follows:
The Data Protection Officer
American Express International, Inc., Hong Kong Branch
18/F, 12 Taikoo Wan Road, Hong Kong
(o) As mentioned in paragraph (k) above, Amex may have obtained credit report(s) on the Cardmember from credit reference agency(ies) in considering any application for credit. If the Cardmember wishes to access the credit report(s), Amex will advise the contact details of the relevant credit reference agency(ies).
(p) Nothing in this Notice shall limit the rights of customers under the Personal Data (Privacy) Ordinance.
(q) If you would like to change or amend any of your personal data held by Amex (for example, if you have moved and would like to update your address), please contact the number at the back of your Card (if you are a Cardmember) or +852 2277 2277 (if you are a Merchant).
___________________________________________________________________________
(For use by Cardmembers – Please complete this form in English and block letters. If you are a merchant and wish to submit an opt-out request, please contact Amex at +852 2277 2277)
OPT-OUT FORM
To: American Express International, Inc., Hong Kong Branch and its subsidiaries (“Amex”)
I do not wish to receive any marketing communications from Amex in future, and I do not consent to Amex providing my personal data to third parties for direct marketing purposes. I agree that this instruction overrides all my previous instructions to Amex on marketing in respect of all my existing relationships with Amex (if any).
________________________
My full name:
Card Account Number*:
Date:
* Please provide the Card Account Number of one of your Card Account(s) with Amex in order for us to verify your identity. Please note that this opt-out instruction will be applied to marketing in respect of ALL your existing relationships with Amex.
Notes:
1. Please provide the above information to enable Amex to verify your identity and process your request.
2. In order to make this opt-out request effective, Amex will need to share this opt-out request with third-party business partners. By submitting this opt-out request to Amex, you shall be deemed to have consented to Amex sharing this opt-out request with such parties. Please allow some time for this opt-out request to become effective.