American Express Data Processing Agreement

In addition to a transparent privacy policy, the RGPD requires companies to ensure that individuals understand how their data is used by incorporating data protection requirements into their products and services. To respect the RGPD, it is first important to understand what “personal data” means. Under the new regulation, personal data is all information that a person can identify directly or indirectly. In addition to information traditionally considered to be identifiers (z.B. name, email address or passport number), the RGPD specifies that unique identifiers, such as ip address or mobile device ID, are also personal data. In addition, data protection and data security are the only TMC that are at the heart of our action after Corporate Binding Corporate Rules, a data protection certification programme at the level of European Member States that few companies have reached in the world. Principle 9 – Responsibility: If you feel that we have violated these data protection principles, you have the right to file a complaint with our Data Protection and Complaints Officer (see details below). If we do not file your complaint within one month, you can enforce these data protection principles by forwarding your complaint to your local data protection authority. These principles underscore our commitment to protecting your personal data. They are mandatory for all American Express companies and demonstrate our commitment to data protection. In addition, any American Express Group company holding personal data may maintain its own additional rules and practices for certain products or services that comply with these principles. Any concerns, challenges, discrepancies or claims” regarding the handling of personal data may be referred to the designated data and claims protection officer, as below: Under the terms of the agreement, American Express will continue to retain its contracts with participating dealers, set resellers` prices and receive the same transaction information it has received.

First Data will provide payment services for American Express credit card transactions to merchants on behalf of American Express under the new agreement. Companies need to be confident that other companies to which they transmit personal data, including travel partners who handle sensitive data, are also in compliance with global data protection legislation. The privacy statement should also describe how personal data can be transferred within the company, to third parties and other jurisdictions and how those concerned can exercise their rights. The countdown to the Global Data Protection Regulation (RGPD) website says it all: time is running out for companies to comply with the new EU regulation on the protection of consumers` personal data and their use. The new law, which replaces a data protection directive adopted more than 20 years ago, will come into force on 25 May 2018. Businesses in EU Member States are not the only ones to have to comply with the new rules. Under Article 3 of the RGPD, any company in the world is subject to the new law when it processes the personal data of a person (also known as a “person concerned”) who is in the EU when it accesses the data. This applies to companies that provide goods or services to EU citizens or monitor their behaviour. Once you understand what constitutes personal data, the next step is to establish a complete and accurate inventory of the data, which determines where the personal data is, how it is stored, and whether it is retrieved and used to comply with the RGPD guidelines. Companies must also ensure that they pass on their data processing activities to the people concerned in an efficient and transparent manner. These include a po