If you have other relationships with Goldman Sachs that are not listed above, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.
We may collect or generate personal information about you in a number of ways and from a number of sources depending on the product or service and the relationship we have with you. For example:
See below for a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above. In the past 12 months, we have disclosed each category of personal information to one or more of the types of third parties listed in Section 4, below.
Although you don’t have to supply any of the personal information we request, we may not be able to provide Products to you or you may not be able to interact with our Sites if you do not.
We use personal information for the following business purposes:
We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law. We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.
We share personal information as set forth below:
We also share personal information with others when you provide your consent, such as data aggregators, and with your authorized representatives, agents and beneficiaries.
We are required to identify the categories of personal information we share with third parties for operational purposes. We disclose the categories of personal information listed in Section 2 above for operational purposes.
California law requires that we describe certain disclosures of personal information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell, and have not sold in the preceding 12 months, personal information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16 years of age.
We and our service providers use tracking technologies such as cookies, web beacons, device advertising IDs and similar technologies on the Sites and in our email communications. These technologies collect information about use of the Sites, such as browser, device information and browsing information that includes time spent on the Sites, pages visited, language preferences and other traffic data. Pixels or similar technologies may also be used in our emails to determine whether you have opened our emails and how you interact with it.
These technologies are used for a number of business purposes, such as to record your preferences, track your use of the Sites across multiple devices, track how you interact with our communications, suggest products tailored to you, measure exposure to our online advertisements, monitor traffic, analyze use of the Sites, for security purposes, to display information more effectively, to personalize a user’s experience, and to improve the Sites and make the Sites easier to use.
You have choices to limit some tracking mechanisms that collect information when you use the Sites. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of the Sites may not function properly or may not remain accessible to you. You may be able to prevent us from determining whether you have opened our emails via pixel technology by configuring your email client to not load images in emails.
For more information about your choices, see Interest-Based Advertising below.
Cookies are small text files that may be placed on your device when you visit the Sites or when you view advertisements that we have placed on other websites. Cookies allow your browser to remember some specific information which the web server can later retrieve and use. When you quit your browser, some cookies are stored in your computer’s memory, while some expire or disappear.
A web beacon, also known as an Internet tag, pixel tag or clear GIF, is typically a one-pixel, transparent image located on a webpage or in an email. These may be used when you visit the Sites, are served with advertisements, when you interact with advertisements outside of our online services, or when you interact with our communications. They are generally used to transmit information back to a web server.
Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising companies which we may permit to track your visits to the Sites. These third parties may use these technologies to collect information about you when you use the Sites and your other online activities. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites and devices in their networks beyond the Sites. They may use this information to provide you with interest-based advertising or other targeted content.
If you choose to opt-out via the web-based tools, a cookie will be placed on your browser indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt-out again. Likewise, mobile app opt-outs via AppChoices are based on your mobile device’s advertising identifier, so if you reset it, you will need to opt-out again via AppChoices.
We may use Google, Inc. (“Google”) Maps API and / or Places API to help auto-complete address information on the Sites. By using the Sites, you agree to be bound by Google’s Terms of Service. To learn more about Google’s Terms of Service, please visit https://www.google.com/policies/terms.
We take the security of personal information seriously and work to limit access to personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.
You may receive a privacy notice in connection with our Products that describe privacy choices. You can exercise your choices by following any instructions contained in our privacy notices or marketing materials.
California residents have certain rights in relation to their personal information pursuant to the California Consumer Privacy Act (CCPA). These include the right to:
California residents should be aware that this section does not apply to:
If you would like to discuss or exercise such rights, please contact us through our CCPA Intake Form or at 1-833-971-0826. As part of submitting a request, we will ask for your name, email address, phone number, date of birth, and mailing address.
California law requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.
We do not place marketing telephone calls to numbers appearing on a state or federal do not call list (unless permitted by applicable law) or to the number of a person who has requested not to receive telemarketing calls made by or on behalf of us. If you ask not to receive telemarketing calls from us, you will be placed on our internally-maintained do not call list and will not be called during any future telemarketing campaigns. Any request to be placed on our internally-maintained do not call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internally-maintained do not call list, and how to document, process and honor requests to be placed on our internally-maintained do not call list. It is our policy to honor a “do not call” request for five (5) years from the time the request is made. However, some states have do not call laws that require us to honor such a request for a longer period of time, and it is our policy to comply with those laws when applicable. Subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call. We reserve the right to revise this Do Not Call Policy.
We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered with our Products or on the Sites. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at this link: https://hackerone.com/goldmansachs
The Service may contain links and other functionality that connect with certain sites and applications not provided by us, including social media sites and sites hosted by a third party service provider (“Third-Party Sites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Sites. The fact that we have provided a link to a Third-Party Site is not an endorsement of that Third-Party Site (including any information or content made available throughout such site) or its owners, sponsors or operators. We have not tested any information, software or products found on any Third-Party Site and therefore do not make any representations about those sites or any associated products or services.
Marcus by Goldman Sachs® is a brand of Goldman Sachs Bank USA, which is a wholly-owned subsidiary of The Goldman Sachs Group, Inc., a New York State-chartered bank and a member of the Federal Reserve System and FDIC. All savings deposit products provided by Goldman Sachs Bank USA.