Privacy Policy

Effective as of November 10, 2020

Online Privacy Policy for Goldman Sachs Bank USA’s Consumer & Small Business Platforms

Table of Contents

1. Introduction

Your privacy is important to us. The purpose of this Online Privacy Policy (as updated from time-to-time, this “Online Privacy Policy”) is to explain the data collection and privacy practices of the following Goldman Sachs Bank USA consumer and small business platforms: the Marcus by Goldman Sachs website (www.marcus.com), the Clarity Money, Inc. website (www.marcus.com/us/en/clarity-money) and any associated websites and mobile applications, including websites, products, services or mobile applications that could replace the ones we’ve listed here. Whenever you see the word “Sites” in this Online Privacy Policy, it refers to these specific websites, associated websites and future websites, services or mobile applications. We want to make sure you understand how we may collect, use, share and keep information about you and the choices you have when you use the Sites.

This Online Privacy Policy includes the following information:

  • A description of the personal information we collect and generate;
  • A description of how we use your personal information;
  • A summary of who we share personal information with and the context in which it is shared;
  • An explanation of how we use online tracking technologies, such as cookies, and our practices relating to interest-based advertising;
  • How we protect your information;
  • How you can communicate your privacy choices;
  • Information for California residents; and
  • Other important information. 

Other Goldman Sachs Relationships

If you have other relationships with Goldman Sachs that are not listed above, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services. 

Important Terms

We want you to understand the following defined terms that we use throughout this Online Privacy Policy:

  • When we use “Goldman Sachs,” “we,” “us” or “our” in this Online Privacy Policy, we mean Goldman Sachs Bank USA and its affiliates, and their respective agents and assigns worldwide.
  • When we use “you” or “your”, we mean any user of the Sites.
  • When we use "Products,” we mean the Online Savings Accounts, Certificate of Deposit Accounts and any other deposit products, Marcus loans and other credit products, the Clarity Money mobile application, the Marcus mobile applications, Marcus Insights, as well as financial education information and materials and any other products, applications or services provided through the Sites.
  • When we use “including” or “includes,” we mean “including but not limited to” or “includes but is not limited to.”

Other Privacy Disclosures

If you have signed up for, applied for, have or previously had one of our consumer Products, the Marcus Consumer Privacy Notice or Clarity Money Privacy Notice will apply to you.  These provide more information about how we collect and share your personal information and outline certain choices you may have.  If there is a conflict between this Online Privacy Policy and any privacy notice, disclosure, policies or terms relating to any Product, the privacy notice, disclosure, policies or terms relating to the Product will govern.

2. What Personal Information We Collect and Generate

We may collect or generate personal information about you in a number of ways and from a number of sources depending on the product or service and the relationship we have with you. For example:

  • Before you begin an application or sign up with us, we collect data sets from affiliates and third parties such as data analytics providers and credit reporting agencies to perform marketing analyses, identify marketing prospects and deliver marketing communications;
  • While applying or signing up with us, and over the course of your relationship with us, you provide information directly to us, we collect information about you from third parties such as data analytics providers, credit reporting agencies, identity verification and fraud prevention services and government entities, and we also may generate new information about you;
  • When you communicate with us through the Sites, over the phone, via social media or other platforms, we collect the content of the communications, information about the channel in which you contacted us and we may also collect personal information about you indirectly through monitoring or other means, such as recording telephone calls and collecting phone metadata and digital information; please note that by communicating with us, you acknowledge your communication may be overheard, monitored, or recorded without further notice or warning;
  • When you interact with the Sites, and in connection with our marketing and communications, we collect digital information using cookies, web beacons, page tags, pixels or similar tools that we and our service providers and other third parties have set; and
  • When you interact with the Sites via a social media platform, we collect a copy of the posts and other information, such as account ID or username.

See below for a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above. In the past 12 months, we have disclosed each category of personal information to one or more of the types of third parties listed in Section 4, below.    

  • Personal Identifiers:  This includes first and last name, previous name, address, email address, account user name, social media profile, telephone number, unique personal identifier, and signature;
  • Device and Online Identifiers and Related Information:  This includes online identifiers, Internet Protocol (IP) address, mobile / wireless carrier, device identifier (such as the Google Advertising ID or Apple ID for Advertising), and other device information;
  • Financial Information:  This includes credit report information, credit scores, bank account number, transaction information (both from your accounts with us and any accounts you link to a Product), financial account information (including statements and checks) used to validate your identity, account information about externally linked accounts, account login credentials you use to access our Products, household income data, tax documents, and other financial information;
  • Government Identifiers:  This includes social security number, national identification number, other government-issued identification number, driver’s or operator’s license number, passport number, and copies of government IDs;
  • Protected Classification Characteristics:  This includes age, national origin, citizenship, nationality, marital status, sex, and veteran or military status. Please note that we do not collect information regarding gender identity, gender expression, or sexual orientation unless you provide it to us in connection with servicing your account;
  • Purchase History:  This includes customer purchase history or tendencies;
  • Biometric Information:  This refers to a voiceprint, which is a numerical representation of your voice when you call us (we use this to identify fraudulent activity and to enhance security).  We also collect behavioral biometric data regarding how you interact with the Sites;
  • Internet, Application, and Network Activity:  This includes data related to user activity (e.g., when and how you use the Sites and interact with our communications) as well as url referral header information; we may collect this type of information automatically via cookies, browser web storage, web beacons and similar technologies;
  • Location Data:  We may receive information about your geolocation and your mobile device including a unique identifier for your device; in addition, in some instances, location information can be estimated from your IP address or through your wi-fi connection;
  • Sensory Data:  This includes audio data, such as a recording of your voice when you call us;
  • Professional or Employment-Related Information:  This includes occupation, title, employer, employment history, income and education; and
  • Inferences About You:  This includes a profile reflecting a person's preferences, characteristics, predispositions, behavior, attitudes and creditworthiness profile.

Although you don’t have to supply any of the personal information we request, we may not be able to provide Products to you or you may not be able to interact with our Sites if you do not.

3. How We Use Personal Information

We use personal information for the following business purposes:

  • Administering, operating and managing your relationship and/or Products with us;
  • Authenticating identity;
  • Mitigating fraud and enhancing the security of the Sites, our Products and online services;
  • Contacting and communicating with you, including through push notifications and text messages;
  • Conducting marketing activity, such as developing marketing and acquisitions models, identifying marketing recipients, developing marketing collateral and delivering advertisements and marketing communications;
  • Responding to and reviewing social media messages or postings about us or our Products;
  • Presenting third-party products and services we think may be of interest;
  • Complying with contractual obligations, relevant industry standards, and our policies;
  • Performing analytics concerning the use of the Products and Sites, including responses to our emails and the pages and advertisements that are viewed; and
  • Operating, evaluating and improving our business (including assessing and managing risk, fulfilling our legal and regulatory requirements, developing new Products and services, improving existing Products and services, and performing accounting, auditing and other internal functions).

We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law. We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.

If your relationship with us ends, we will continue to treat your personal information, to the extent we continue to maintain use, and share it, as described in this Online Privacy Policy or as set forth in the privacy notice for the applicable Products and Sites.

4. Who We Share Personal Information With

We share personal information as set forth below:

  • Goldman Sachs affiliates. We may share personal information with members of the Goldman Sachs family of companies in order to service accounts, improve products or for other purposes permissible under applicable law and regulations.
  • Third-party service providers: We may share personal information with non-affiliated companies that perform support services for us, such as data analytics, fraud analysis, identity verification, risk management, security services, advertising and marketing, customer support, mail services, email delivery, information technology and payment processing.
  • Legal process and emergency situations: We may disclose to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities. We may also disclose information if we believe it is necessary or appropriate to protect our rights, property or safety, or the rights, property or safety of our employees, customers or others, or to enforce our contractual rights.
  • Corporate transactions: In the event of a corporate transaction, such as a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of any or all of our assets or liabilities, some of the personal information that we hold may be among the assets or liabilities transferred to a buyer or other successor. We may also transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or liabilities or any line of business, change in ownership control or financing transaction.

We also share personal information with others when you provide your consent, such as data aggregators, and with your authorized representatives, agents and beneficiaries.

We are required to identify the categories of personal information we share with third parties for operational purposes. We disclose the categories of personal information listed in Section 2 above for operational purposes.

California law requires that we describe certain disclosures of personal information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell, and have not sold in the preceding 12 months, personal information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16 years of age.

5. Cookies and Other Tracking Technologies

We and our service providers use tracking technologies such as cookies, web beacons, device advertising IDs and similar technologies on the Sites and in our email communications. These technologies collect information about use of the Sites, such as browser, device information and browsing information that includes time spent on the Sites, pages visited, language preferences and other traffic data.  Pixels or similar technologies may also be used in our emails to determine whether you have opened our emails and how you interact with it.

These technologies are used for a number of business purposes, such as to record your preferences, track your use of the Sites across multiple devices, track how you interact with our communications, suggest products tailored to you, measure exposure to our online advertisements, monitor traffic, analyze use of the Sites, for security purposes, to display information more effectively, to personalize a user’s experience, and to improve the Sites and make the Sites easier to use.

You have choices to limit some tracking mechanisms that collect information when you use the Sites. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of the Sites may not function properly or may not remain accessible to you. You may be able to prevent us from determining whether you have opened our emails via pixel technology by configuring your email client to not load images in emails.

For more information about your choices, see Interest-Based Advertising below.

Cookies

Cookies are small text files that may be placed on your device when you visit the Sites or when you view advertisements that we have placed on other websites. Cookies allow your browser to remember some specific information which the web server can later retrieve and use.  When you quit your browser, some cookies are stored in your computer’s memory, while some expire or disappear. 

Tags, Pixels, Web Beacons, Clear GIFs

A web beacon, also known as an Internet tag, pixel tag or clear GIF, is typically a one-pixel, transparent image located on a webpage or in an email.  These may be used when you visit the Sites, are served with advertisements, when you interact with advertisements outside of our online services, or when you interact with our communications.  They are generally used to transmit information back to a web server.    

Interest-Based Advertising

Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising companies which we may permit to track your visits to the Sites. These third parties may use these technologies to collect information about you when you use the Sites and your other online activities. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites and devices in their networks beyond the Sites. They may use this information to provide you with interest-based advertising or other targeted content.

We, and many of the third-party advertisers that place tracking tools on the Sites, are members of the Interactive Advertising Bureau’s Self-Regulatory Program for Online Behavioral Advertising. Some of our ads that are displayed on third-party websites will feature an AdChoices icon inside the ad. Clicking on the AdChoices icon inside the ad will provide you an opportunity to opt out of interest-based advertising by the third parties that participate in the program. In addition, you can learn more about the options available to limit these third parties’ collection and use of your information by visiting our opt-out page and the websites for the Network Advertising Initiative and the Digital Advertising Alliance, as well as the webpages for Facebook’s ad preferences tool and privacy policy.  Users of our mobile applications may install the Digital Advertising Alliance’s AppChoices mobile app, available here, and choose to opt out of participating advertising networks’ use of mobile app activity for interest-based advertising purposes.

If you choose to opt-out via the web-based tools, a cookie will be placed on your browser indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt-out again. Likewise, mobile app opt-outs via AppChoices are based on your mobile device’s advertising identifier, so if you reset it, you will need to opt-out again via AppChoices.

6. Additional Technology

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on the Sites. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Sites, compile reports on the Sites’ activity and provide other services related to Sites activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click https://www.google.com/policies/privacy/partners/.

We may use Google, Inc. (“Google”) Maps API and / or Places API to help auto-complete address information on the Sites.  By using the Sites, you agree to be bound by Google’s Terms of Service. To learn more about Google’s Terms of Service, please visit https://www.google.com/policies/terms.

7. How We Protect Information

We take the security of personal information seriously and work to limit access to personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

8. How to Communicate Your Privacy Choices

You may receive a privacy notice in connection with our Products that describe privacy choices. You can exercise your choices by following any instructions contained in our privacy notices or marketing materials.

In most cases, you can communicate with us through the Sites. If you need to contact us by phone or mail for more information about our privacy policy and practices, or because you have questions or concerns, you may do so using the information listed below:

  • For Marcus deposits, Insights and related products, call us toll-free at 1-855-730-SAVE (1-855-730-7283) or write us at Goldman Sachs Bank USA, PO Box 1978, Cranberry Twp, PA 16066.
  • For Marcus lending products, please call us toll-free at 1-844-MARCUS2 (1-844-627-2872) for personal loans and MarcusPay, or 1-833-906-2224 for small business loans, or write us at Goldman Sachs Bank USA, PO Box 45400, Salt Lake City, UT 84145-0400.
  • For Clarity Money, please message us through the Clarity Money app or email us at [email protected]

9. Residents of California

California residents have certain rights in relation to their personal information pursuant to the California Consumer Privacy Act (CCPA). These include the right to:

  • Request information about the personal information that we collect about you and the manner in which we use, process and disclose that information
  • Obtain the specific pieces of personal information that we have collected about you in the 12 months preceding your request
  • Delete certain personal information that we have collected about you
  • Opt-out of disclosures of your personal information to third parties under certain circumstances
  • Not be discriminated against as a result of exercising any of the aforementioned rights

California residents should be aware that this section does not apply to:

  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations, the California Financial Information Privacy Act (CalFIPA), and the Driver’s Privacy Protection Act of 1994; or
  • Other information subject to a CCPA exception.

If you would like to discuss or exercise such rights, please contact us through our CCPA Intake Form or at 1-833-971-0826. As part of submitting a request, we will ask for your name, email address, phone number, date of birth, and mailing address.

California law requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you. 

10. Other Important Information

You must be an individual of at least eighteen (18) years of age and reside in the United States or on a United States military base, or in a United States Territory, in order to use the Sites. If you do use the Sites outside of the United States, your personal information may be transferred to the United States or other locations outside of your state, province, or country, where privacy laws may not be as protective as those in your state, province, or country.  Except as provided in the next sentence, this Online Privacy Policy shall be governed by and construed in accordance with federal law and any applicable laws of the State of Utah without regard to rules concerning conflicts of law or choice of law. If you are a New York resident, this Privacy Policy shall be governed by and construed in accordance with federal law and the laws of the State of New York, without regard to rules concerning conflicts of law or choice of law.

11. Do Not Call Policy

We do not place marketing telephone calls to numbers appearing on a state or federal do not call list (unless permitted by applicable law) or to the number of a person who has requested not to receive telemarketing calls made by or on behalf of us. If you ask not to receive telemarketing calls from us, you will be placed on our internally-maintained do not call list and will not be called during any future telemarketing campaigns. Any request to be placed on our internally-maintained do not call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internally-maintained do not call list, and how to document, process and honor requests to be placed on our internally-maintained do not call list. It is our policy to honor a “do not call” request for five (5) years from the time the request is made. However, some states have do not call laws that require us to honor such a request for a longer period of time, and it is our policy to comply with those laws when applicable. Subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call. We reserve the right to revise this Do Not Call Policy.

12. Do Not Track

Your browser or device may include Do Not Track functionality. The Sites are not built to respond to Do Not Track. That means that, even if your browser is set to “Do Not Track,” our information collection and disclosure practices (including the choices that we provide to customers) will continue to operate as described in this Online Privacy Policy.

13. Reporting Security Vulnerabilities

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered with our Products or on the Sites. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at this link: https://hackerone.com/goldmansachs

14. Updates to this Privacy Policy

We may change this Online Privacy Policy from time-to-time. If we make changes to this statement, we will update the “Last Modified” date at the top of this page. Any changes to this Online Privacy Policy will become effective when posted unless indicated otherwise. Your continued use of the Sites following the posting of any changes will mean that you accept those changes.

15. Links and Third Party Products and Services

The Service may contain links and other functionality that connect with certain sites and applications not provided by us, including social media sites and sites hosted by a third party service provider (“Third-Party Sites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Sites. The fact that we have provided a link to a Third-Party Site is not an endorsement of that Third-Party Site (including any information or content made available throughout such site) or its owners, sponsors or operators. We have not tested any information, software or products found on any Third-Party Site and therefore do not make any representations about those sites or any associated products or services.

Marcus by Goldman Sachs® is a brand of Goldman Sachs Bank USA, which is a wholly-owned subsidiary of The Goldman Sachs Group, Inc., a New York State-chartered bank and a member of the Federal Reserve System and FDIC.  All savings deposit products provided by Goldman Sachs Bank USA.