Last updated on June 28, 2024
Your privacy is important to us. The purpose of this Privacy Policy (as updated from time-to-time, this “Privacy Policy”) is to explain how we collect, use, disclose and protect personal information. This Privacy Policy applies to (i) the Marcus by Goldman Sachs website, currently located at https://www.marcus.com, the Marcus by Goldman Sachs mobile app, and any other website, mobile app, or email associated with the above that is owned or operated by us, and on which this Privacy Policy appears or is linked, (ii) the Products, and (iii) any other Goldman Sachs consumer, small business, and digital advisory solutions businesses that link to this Privacy Policy, collectively, the “Services.” This Privacy Policy also covers the personal information we collect from social media sites or pages associated with our Services and your interactions with our digital advertising campaigns.
These links will take you to sections of this Privacy Policy explaining the following topics and, together with the information contained in the below sections, constitute our Notice of Collection:
This Privacy Policy includes the following information:
If you have signed up for, applied for, have or previously had one of our consumer Products with a Marcus brand, the Marcus Consumer Privacy Notice will apply to you. This provides more information about how we collect and share your personal information and outlines certain choices you may have. If there is a conflict between this Privacy Policy and any privacy notice, disclosure, policies or terms relating to any Product, the privacy notice, disclosure, policies or terms relating to the Product will govern.
If you have other relationships with Goldman Sachs that are not covered by this Privacy Policy, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.
We want you to understand the following defined terms that we use throughout this Privacy Policy, when we use:
We may collect or generate personal information about you, or a third party acting upon your instruction, in a number of ways and from a number of sources depending on the Services and the relationship we have with you. For example:
The following is a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above. Some data elements will fit into multiple categories.
Although you don’t have to supply any of the personal information we request, we may not be able to provide Services to you if you do not.
Personal information does not include information that has been anonymized or aggregated so that it does not identify an individual.
We collect and use personal information for the following business purposes:
We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law.
We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.
If your relationship with us ends, we will continue to treat your personal information as described in this Privacy Policy or as set forth in the privacy notice for the applicable Product.
We disclose personal information as set forth below:
The Marcus Consumer Privacy Notice provides additional information about how we share personal information and choices that you may have.
We also may disclose personal information to others where permissible under applicable laws and regulations or when you provide your consent or direction.
"Cookies” are small text files that may be placed on your browser when you visit websites. When you quit your browser, some Cookies are stored in your computer’s memory, while some expire or disappear.
“Web Beacons,” also known as Internet tags, pixel tags or clear GIFs, are a type of technology placed on a webpage or in an email.
We and our Vendors use Cookies, Web Beacons, session replay, device advertising IDs and similar technologies on the Services for a number of business purposes, such as to monitor our advertising, remember your preferences, personalize your experience, understand how you use and interact with the Services, suggest products tailored to you, for security purposes, to improve the Services and for marketing campaign performance. These technologies collect information about your browser/device and your use of the Services, such as the time/date of access and time spent on the Services, pages visited, language preferences, whether you open our emails, and other traffic data.
You may be able to configure your web browser to decline Cookies and/or configure your email client to not load Web Beacons in emails. Please note that, if you choose to decline Cookies, certain features of the Services may not function properly or may not be accessible to you.
Please see the “Interest-Based Advertising” and “Do Not Track” sections below for information on the choices we provide you regarding Cookies, Web Beacons, and other tracking technologies.
Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising partners which we may permit to track your visits to the Services using the technologies described above. These third parties may collect information about your online activities over time and across different websites and other online services.
We, and many of the third-party advertising partners that place tracking tools on the Services, are members of the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising. You can learn more about the options available to limit these third parties’ collection and use of your information on our websites by visiting our opt-out page and the websites for the Network Advertising Initiative and the Digital Advertising Alliance. Users of our mobile applications may install the Digital Advertising Alliance’s AppChoices mobile app, available here, and choose to opt out of participating advertising networks’ use of mobile app activity for interest-based advertising purposes.
If you choose to opt out via the web-based tools, a Cookie will be placed on your browser indicating your decision. This Cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt out on each. In addition, because the opt-out is facilitated via Cookies, if you clear your Cookies you will need to opt out again. Likewise, mobile app opt-outs via AppChoices are based on your mobile device’s advertising identifier, so if you reset it, you will need to opt out again via AppChoices.
We do not respond to the “Do Not Track” browser-based signal. However, our websites are designed to support the Global Privacy Control, described at https://globalprivacycontrol.org/, which you can enable by downloading a participating browser or browser extension.
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on the Services. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with and use the Services, compile reports on the Services’ activity and provide other services related to Services’ activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click https://www.google.com/policies/privacy/partners/.
We take the security of personal information, including U.S. Social Security numbers, seriously and work to limit access to personal information to authorized employees, agents, contractors, or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.
We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered with our Services. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at https://hackerone.com/goldmansachs.
We retain personal information for varying time periods depending on our relationship with you and the status of that relationship. When determining how long to keep personal information, we take into account our legal and regulatory obligations and our legitimate business interests (such as, managing the Services, preventing fraud, responding to regulatory or supervisory inquiries, and establishing, exercising, or defending legal claims, disputes or complaints).
California residents should be aware that this section does not apply to:
In the past 12 months, we may have disclosed each category of personal information listed in the “What Personal Information We Collect and Generate” section to one or more of the categories of recipients listed in the “To Whom We Disclose Personal Information” section for the business purposes listed in the “How We Use Personal Information” section.
We may create, maintain and use deidentified information of California residents, and if we do, we will not attempt to reidentify that information unless permitted by California law.
California residents have certain rights in relation to their personal information pursuant to the CCPA. These include the right to:
Although we collect certain categories of sensitive personal information as described in the “What Personal Information We Collect and Generate” section, we do not use sensitive personal information in ways that the CCPA permits you to limit.
The CCPA requires that we describe disclosures of personal information where:
We do not sell, and have not sold in the preceding 12 months, personal information to third parties.
Marcus may share, and may have shared in the preceding 12 months, personal information from the “Personal Identifiers,” “Device and Online Identifiers and Related Information,” and “Internet, Application, and Network Activity” categories of personal information with advertising and marketing partners to facilitate the delivery and measurement of cross-context behavioral advertising. To opt-out of sharing, please click the “Your Privacy Choices” link on the footer of the website you are visiting. Please see the “Do Not Track” section above to learn how you can use opt-out preference signals and how they are processed.
If you choose to opt out via the web-based tools, a cookie will be placed on your browser indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt out again.
We do not knowingly sell or share the personal information of minors under 16 years of age.
If you would like to discuss or exercise your rights to access, delete or correct your personal information, please contact us through our CCPA Intake Form or at 1-833-971-0826. As part of submitting a request, we will ask for your name, email address, phone number, date of birth, and mailing address.
The CCPA requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third-party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code or by executing other documentation we may require, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.
For more information about our CCPA consumer rights request metrics please click here.
You may receive a privacy notice in connection with our Products that describes privacy choices. You may contact us to exercise your choices by following any instructions contained in our privacy notice or marketing materials.
If you decide at any time that you no longer wish to receive marketing emails from one of our lines of business, please follow the “unsubscribe” instructions provided in such emails. Please note that even if you unsubscribe, we may continue to send transactional or administrative emails, such as legally required, regulatory, billing, or service notifications. Your mobile device settings may provide functionality to control push notifications that we may send.
We do not place telemarketing calls to numbers appearing on a state or federal do-not-call list or to a number a person has requested not receive telemarketing calls made by or on behalf of us (unless permitted by applicable law, such as when you request a call). If you ask not to receive telemarketing calls from us, you will be placed on our internal do-not-call list. Any request to be placed on our internal do-not-call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internal do-not-call list, and how to document, process and honor requests to be placed on our internal do-not-call list. It is our policy to honor a do-not-call request for five (5) years from the time the request is made unless applicable law requires we honor it for a longer period of time. Subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call.
The Services may contain links, QR Codes, and other functionality that connect with certain websites and applications not provided by us, including social media websites (“Third-Party Websites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Websites. The fact that we have provided a link to a Third-Party Website is not an endorsement of that Third-Party Website (including any information or content made available throughout such website) or its owners, sponsors, or operators. We have not tested any information, software or products found on any Third-Party Website and therefore do not make any representations about those websites or any associated products or services.
In most cases, you can communicate with us through the Product. If you need to contact us for more information about this Privacy Policy or a privacy notice for a particular Product, or because you have other questions or concerns, you may do so using the information listed below:
Any natural person using the Services must be at least 18 years of age. The Services may only be used in the United States, including its territories, or on a United States military base. If you do use the Services outside of the United States, your personal information may be transferred to the United States or other locations outside of your state, province, or country, where privacy laws may not be as protective as those in your state, province, or country. Except as provided in the next sentence, this Privacy Policy shall be governed by and construed in accordance with federal law and any applicable laws of the State of Utah without regard to rules concerning conflicts of law or choice of law. If you are a New York resident, this Privacy Policy shall be governed by and construed in accordance with federal law and the laws of the State of New York, without regard to rules concerning conflicts of law or choice of law.
We may change this Privacy Policy from time-to-time. If we make changes to this Privacy Policy, we will update the “Last updated on” date at the top of this page. Any changes to this Privacy Policy will become effective when posted unless indicated otherwise. Your continued use of the Services following the posting of any changes will mean that you accept those changes.