2
• third parties, such as marketing lists which we lawfully obtain from Business Partners (i.e., third parties with whom we conduct business or have
a contractual relationship, such as co-brand partners or merchants), or information we receive from open banking providers (such as account
information that you authorise such providers to collect from your bank, which is subsequently shared with American Express for the purpose of
completing our underwriting verications to issue you with a card).
In some limited instances and in accordance with applicable laws, we may also collect special categories of Personal Information, including information
regarding health (such as food allergies or details of a disability or condition which may aect your ability to travel or the way we manage your account), or
biometric data (such as your voice ID).
In addition, we also collect digital data, such as your IP address or other information about your online interactions, as described in the Online Privacy
Statement.
USE OF INFORMATION
We use your Personal Information either on its own or combined with other information. We need a “lawful reason” under data protection laws to process
your Personal Information, which are as follows: (i) where it is necessary for the performance of a contract (ii) where necessary for our legitimate interests,
such as to prevent fraud, enhance our products or services and for certain marketing communications (including when we give an opt-out opportunity); (iii)
where we have obtained your consent, such as for marketing purposes when you opt-in; or (iv) for compliance with legal obligations, such as for the due
diligence that nancial institutions are required to perform before approving card accounts. Please note that we consider and balance any potential impact
on you and your rights before processing your Personal Information for our legitimate interest.
More specically, we use your Personal Information:
(i) To administer our contractual relationship with you and deliver products and services, including to:
• process applications for our products, including making decisions about whether to approve your application;
• administer and manage your account, such as whether to process, approve and complete individual transactions;
• provide location-based services you may request;
• communicate with you through email, SMS or any other electronic methods, by post and/or phone about your accounts, products, and services;
• update you about new features and benets attached to the products or services that you requested;
• service and manage any benets and insurance programmes provided along with the products or services that you requested;
• answer questions submitted to us by you and respond to your requests; or
• provide you with open banking services (for more information, please see the “Open Banking” section).
(ii) For our legitimate interest or for the legitimate interests of a third party, to:
• market products and services which we think you will be interested in based on your relationship with us (by email, SMS or telephone (for example -
if you call us)), if you are an existing or potential customer. We would do this only where the law allows for this on the basis of opt-out;
• advertise and market products and services for the American Express Group (i.e., any aliate, subsidiary, joint venture, and any company owned or
controlled by American Express) and our Business Partners, including to present content that is personalised and tailored to your preferences and
interests, including targeted advertising across multiple devices or showing you oers in your Manage Your Card Account (MYCA) environment;
• improve your customer experience, for instance:
• when interacting with some of our partners available in your card benets programme, we may connect to your Membership Rewards account
(if applicable) and, depending on your card product, enable you to use Membership Rewards points to pay for products or services;
• when you set up a recurring payment with merchants accepting our cards, we may disclose your Personal Information (such as your card
expiration date, card number, changes, account updates including if your account is cancelled) to those merchants for them to update your
card/account details. This will allow your recurring payments to continue without disruption. If you do not want us to share such Personal
Information, you can contact us – please see the “Query or Complaint” section;
• by providing a more appropriate service and/or protecting your best interests by making reasonable adjustments, such as sending you
information in an appropriate format;
• improve our products and services, including to:
• better understand our customers, their needs, preferences and behaviours; place you in groups with similar customers to make predictions
about you, deliver more personalized services and help determine whether you may be interested in new products or services;
• help us better understand your nancial circumstances and behaviour so that we can make decisions about how we manage your existing
accounts and what other products or services can be extended to you;
• analyse whether our ads, promotions and oers are eective;
• monitor and/or record your telephone calls with us or our Service Providers to ensure consistent servicing levels (including sta training) and
account operations;
• conduct research and analysis, including to:
• allow you to give feedback by rating and reviewing our products and services and those of our Business Partners;
• produce data analytics, statistical research, and reports on an aggregated basis;
• manage our business risks such as fraud, credit, operational, regulatory, reputational and security risks (using automated processes and/or manual
reviews) including to:
• review and approve individual transactions including those you make through digital channels;
• conduct testing (to ensure security and when we update our systems), data processing, website administration and information technology
system support and development;
• detect and prevent fraud or criminal activity and complete Know Your Customer (KYC) screening and monitoring;
• safeguard the security of your information;