Data protection and privacy principles

Collection : We will only collect necessary personal data and will only use legal and fair means.

Notice and processing : In the event that this is not obvious from the nature of the goods or services you have requested, or the nature of our relationship with you, we will inform you about how your personal data will be processed and which companies of the American Express Group will be responsible for such processing. We will process your personal data in good faith and only for the purposes that we have communicated to you, for the purposes permitted by you or applicable law. In addition, you have the right to object to certain types of processing, as expressly permitted by applicable law.

Choice : We provide our customers with the choice to include or delete their personal data in / from lists that are used for marketing purposes, as required by applicable law. This applies to goods and services offered by American Express and produced or provided in conjunction with our business partners. Of course, each of our companies will continue to send their customers information about the goods and services they receive from such a company.

Data quality : We use appropriate technologies and well-defined employee procedures to ensure that your personal data is processed promptly and accurately. We will not store your personal data for longer than necessary, unless otherwise required by applicable law.

Security and confidentiality : We will keep your personal data confidential and restrict access to your personal data, providing it to those persons who directly need such access to carry out their business activities, unless otherwise provided by applicable law. We refer to industry standards and use reasonable administrative, technical and physical security measures to protect your personal information from unauthorized access, destruction, use, alteration or disclosure. We require third parties, to whom we grant the right to process your personal data on our behalf, to use industry-standard data security measures.

Provision of data : We provide your personal data to third parties only in cases where it is necessary to provide you with goods or services, or arises from the nature of our relationship with you, subject to prior notification of you or receipt from you of the appropriate permission for such provision, in in connection with our efforts to reduce fraud or criminal activity, or where permitted by law.

Openness and access to data : If we receive a request from you, we will inform you about how your personal data is processed, as well as about the rights and remedies available to you in accordance with these Principles. You have the right to request information regarding the nature of your personal data stored or processed by American Express. You will be given access as required by the laws of your country, regardless of the place where the data is processed and stored. If any data turns out to be inaccurate or incomplete, you have the right to request changes to such data.

International transfers : In the event that this is not obvious from the nature of the international goods or services you have requested, or the nature of our relationship with you, we will inform you if your personal data may be transferred outside your country, and will ensure that such transfers are made only in accordance with applicable law. Regardless of where your personal data is transferred, your personal data is protected by these Principles.

Responsibility : Each company of the American Express Group and their employees may only process your personal data in accordance with these Principles. We provide appropriate training to employees and assess our compliance with these Principles. Employees who violate these Principles may be subject to disciplinary action, including termination of employment. Employees are expected to report violations of these Principles to their supervisors, HR staff, the organization's compliance officer, the Legal Department, the Privacy Officer, or the Company's Individual Protection Department.

Accountability: You may enforce these Principles in your country against any American Express Group company responsible for your personal data by acting as a third party beneficiary under a contract in relation to these Principles. If you have a claim that we have violated these Principles, and you have tried in good faith to resolve the claim through our customer service process, but the claim has not been resolved by us within a reasonable period of time, you have the right to enforce these Principles. in relation to us. If you file a complaint with a data protection authority in your jurisdiction and that data protection authority determines that we have violated these Principles, we will comply with the decision of the data protection authority, but we reserve the right to contest or appeal such decision. These Principles do not affect any rights that are owned by you under applicable law, the requirements of any competent regulatory authority for the protection of personal data, or any other agreement between us and you.