The countdown clock on the General Data Protection Regulation (GDPR) website says it all: time is running out for companies to comply with the new EU regulation on the protection and use of consumers` personal data. The new law, which replaces a data protection directive adopted more than 20 years ago, will enter into force on 25 May 2018. Companies must also ensure that they communicate their data processing activities to data subjects in an efficient and transparent manner. This includes a comprehensive, concise and easy-to-read privacy policy, so consumers can understand how their data is being used. GBT retains personal data for as long as necessary for the provision of our products and services, the execution of transactions you have requested or for other essential purposes such as the performance of our legal obligations, the resolution of disputes and the enforcement of our agreements. Because these requirements can vary for different types of data in the context of different products, actual retention periods vary widely. Among the criteria we use to set retention periods, we are the only TMC to work according to the Binding Corporate Rules, a certification program at the level of European Member States, which few companies in the world have achieved, that data protection and data security are at the heart of our actions. All regulated companies must keep a written report containing details of all of their processing activities, called a „processing record“. Principle 3 – Data quality: We use appropriate technologies and clearly defined personnel practices to process your data in a timely and accurate manner.

We will not retain your personal data longer than necessary, unless otherwise required by applicable law. The new law also requires mandatory infringement notifications when a person`s data is compromised. The data protection authority of the country concerned must be informed within 72 hours of notification of the infringement. In some cases, data subjects must also be informed. The following privacy principles („Principles“) define how American Express Company and its 100% direct and indirect subsidiaries collect, use, store, share, transmit, delete or process your personal data (together „process“). Personal data is any information relating to an identified or identifiable person. American Express uses the standard for the protection of personal data established in these principles worldwide and offers adequate and consistent protection for the processing of your personal data. In these principles, „you“ and „your“ means each customer or employee of American Express and any other person whose personal data we process and „we“, „us“, „our“ and „American Express Group“ means American Express. In addition to a transparent privacy statement, the GDPR requires companies to ensure that data subjects understand how their data is used by integrating data protection requirements into their products and services. The privacy statement must also describe how personal data may be transmitted within the company, to third parties and other jurisdictions and how data subjects may exercise their rights. Treatment…