Amex GBT

Description Permissions Security & Compliance

Welcome to Amex GBT on Slack: empowering customers of American Express Global Business Travel (GBT) by providing global access to booking, trip information, and live servicing. We focus on the details, so you can focus on the reason you are traveling (and maybe even get some rest). Whether you are a road warrior booking complex international trips with many connections, or simply trying to keep track of flight, hotel, car and rail details without resorting to paper itineraries that are hard to access when you need them – Amex GBT on Slack is your partner in all things travel.

Permissions

Amex GBT will be able to view:

Amex GBT will be able to do:

Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.

General

Privacy & data governance

Data retention policy

Amex GBT has a data retention policy and period of 18 months. GBT’s formal record retention program ensures data is kept no longer than necessary. - We do not archive data - We do not keep data older than 18 months - We redact Personally Identifiable Information (PII) from all data - Data is only used for essential identified business reasons GBT’s formal record retention program ensures data is kept no longer than necessary. We will only collect personal data that is needed and by lawful and fair means. https://privacy.amexgbt.com/principles

Data archiving and removal policy

We do not keep data older than 18 months. All stored data has the PII redacted. How the data that is collected is used: We use appropriate technology and well-defined employee practices to collect and store data. We do not keep data longer than is necessary. How an individual can request to access, transfer, or delete their data, contact the Data Protection Officer and request data deletion email: gbtprivacy@amexgbt.com

Data storage policy

We redact Personally Identifiable Information (PII) from all data. Data is only used for identified business reasons Access to the databases is restricted to staff (including our app developers), unless they have a legitimate business reason to access it. We will keep personal data redacted and confidential and limit access to personal data to those who specifically need it to conduct their business activities. We refer to industry standards and use reasonable administrative, technical and physical security measures to protect data from unauthorised access, destruction, use, modification or disclosure. We require industry standard data security measures. We do not share data with third parties in connection with our efforts to reduce fraud or criminal activity, or as permitted by law. https://www.amexglobalbusinesstravel.com/content/uploads/2018/05/GBT-GDPR-Quick-Reference-1.pdf

Data center location(s)

United States

Data hosting details

We host data encrypted on The Amex GBT USA AWS Cloud Hosting account. Full security manual and automated reviews and scans are regularly undertaken by our DevOps and Amex GBT InfoSec teams to ensure all data is safe and secure.

Data hosting company

AWS. Hosted on the offcial American Express Global Business Travel AWS Account

App/service has sub-processors

Certifications & compliance

Security