WE COLLECT ONLY CUSTOMER INFORMATION THAT IS NEEDED, AND TELL CUSTOMERS HOW WE USE IT. We limit the collection of information about our customers to what we need to know to administer their accounts, to provide customer services, to offer new products and services, and to satisfy any legal and regulatory requirements. We also tell our customers about the general uses of information we collect about them, and we will provide additional explanation if customers request it.

WE GIVE CUSTOMERS CHOICES ABOUT HOW THEIR INFORMATION WILL BE USED. Our businesses give customers “opt out” choices about how information about the customer’s relationship with that business unit may be used to generate marketing offers. These marketing choices include product and service offers from American Express businesses and those made by our business Companies. Of course, each of our businesses will continue to send its customers information relating to products or services they receive from that business.

WE ENSURE INFORMATION QUALITY. We use advanced technology, documented procedures and internal monitoring practices to help ensure that customer information is processed promptly, accurately and completely. We will respond in a timely manner to customers’ requests to correct inaccurate account or transaction information. We also require high standards of quality from the consumer reporting agencies and others that provide us with information about prospective customers.

WE USE PRUDENT INFORMATION SECURITY SAFEGUARDS. We limit access to customer information systems to those who specifically need it to conduct their business responsibilities, and to meet our customer servicing commitments. We employ safeguards designed to protect the confidentiality and security of our customer information.

WE LIMIT THE DISCLOSURE OF CUSTOMER INFORMATION. We do not disclose customer information unless we have previously informed or been authorized by the customer, or we do so in connection with our efforts to reduce fraud or criminal activity and to comply with regulatory requirements and guidelines. When a court order or subpoena requires us to release information, we typically notify the customer to give the customer an opportunity to exercise his or her legal rights. Further, we will not disclose or use health information for marketing purposes or use it as a basis to make credit decisions.

WE ARE RESPONSIVE TO CUSTOMERS’ REQUESTS FOR EXPLANATIONS. If we deny an application for our services or end a customer’s relationship with us, to the extent permitted by applicable law, we will provide an explanation, if requested. We state the reasons for the action taken and the information upon which the decision was based, unless the issue involves potential criminal activity.

WE HOLD OURSELVES RESPONSIBLE FOR OUR PRIVACY PRINCIPLES. Each Travelink, Inc. employee is responsible for maintaining consumer confidence in the company. We provide training and communications programs designed to educate employees about the meaning and requirements of these Customer Privacy Principles. Employees who violate these Principles are subject to disciplinary action, up to and including dismissal.
We also conduct internal assessments of our privacy practices and periodically commission outside expert reviews of our compliance with the Privacy Principles and the specific policies and practices that support these Principles.

WE EXTEND THESE PRIVACY PRINCIPLES TO OUR BUSINESS RELATIONSHIPS. We require companies we select as our business Companies to agree to keep our customer information confidential and secure, to protect the information against unauthorized access, use, or redisclosure by the recipient company, and limit its use to the purposes for which it was provided to them.

We also encourage our business Companies to respect their customers’ information by adopting strong and effective privacy policies and practices, including offering “opt out” choices for marketing offers to their customers.

In addition, we participate actively in industry associations to advocate development of comprehensive privacy policies and implementation strategies.