Privacy Statement
PRIVACY STATEMENT
- Montenegrin |
- Global Sites |
- Site Map |
- Contact Us |
Privacy Statement
THE AMERICAN EXPRESS CUSTOMER PRIVACY PRINCIPLES:
Participants are encouraged to use the American Express Privacy Principles set out below as a framework within which to develop their own privacy guidelines. Laws and regulations relating to privacy and data protection can differ from country to country, and Participants are responsible for being aware of and adhering to privacy and data protection laws in all countries in which they conduct their Card Issuing Business, including, without limitation, specific and adequate disclosures to Cardmembers (customers) of collection, use and processing of personal data.
Participant's privacy policy must be posted on and accessible to visitors of the Participant Site via a hyperlink at the bottom of each page on the Participant Site. The Participant's Privacy Policy must be kept updated to reflect changes in American Express' Privacy Principles and changes in the Participant Site. Please see Section 2.4.10 and Exhibit 1 of the BOP for details.
1. Collect only customer information that is needed to administer customer accounts, provide customer services, offer new products and services, and fulfill any legal and regulatory requirements. Tell your customers about the general uses of the information you collect about them, and be willing to provide additional explanation if the customer requests it.
2. Give customers choices about how their data will be used. Upon becoming a Cardmember and thereafter on a regular basis, give customers the option to decide whether or not they wish to have their names removed from lists used for mail, telephone, and online marketing.
3. Ensure information quality. Ensure that customer data is processed promptly, accurately, and completely. Require high standards of quality from consumer reporting agencies and others who provide information about prospective customers.
4. Use information security safeguards. Limit access to customer data to those who specifically need it to conduct their business responsibilities and use security techniques designed to protect customer data.
5. Limit the release of customer information. In addition to providing customers with the opportunity to "opt-out" of marketing offers, release information only with the customer's consent or request, or when required to do so by law or other regulatory authority. When a court order or subpoena requires release of customer information, notify the customer promptly to give the customer an opportunity to exercise his or her legal rights. The only exceptions are when an Issuer is prohibited by a court order or law from notifying the customer, or cases in which fraud and/or criminal activity is suspected.
6. Be responsive to customers' requests for explanations. If an Issuer denies an application for services or ends a customer's relationship, to the extent permitted by applicable law, provide an explanation. State the reasons for the action taken and the information upon which the decision was based, unless the issue involves potential criminal activity.
7. Extend these customer privacy principles to business relationships. Require that companies selected as business partners and third party vendor(s) abide by these privacy principles in the handling of customer information.
8. Hold employees responsible for complying with these privacy principles. Conduct training and communication programs to educate employees about the meaning and requirements of these customer privacy principles, and audit compliance.
