Privacy Policy

1. Introduction

Your privacy is important to us. The purpose of this Online Privacy Policy (as updated from time-to-time, this “Online Privacy Policy”) is to explain the data collection and privacy practices of the following Goldman Sachs consumer and small business platforms: the Marcus by Goldman Sachs website, currently located at https://www.marcus.com and https://www.marcus.com/us/en/invest, mobile app, and associated Products; and any other website, mobile app, or email associated with the above that is owned or operated by us, and on which this Online Privacy Policy appears or is linked. Each mobile app referenced in the prior sentence individually may be referred to as an “App”; each website, a “Site”; and the Apps and Sites together, collectively, the “Service”.

This Online Privacy Policy includes the following information:

• A description of the personal information we collect and generate;
• A description of how we use your personal information;
• A summary of who we share personal information with and the context in which it is shared;
• An explanation of how we use online tracking technologies, such as cookies, and our practices relating to interest-based advertising;
• How we protect your information;
• How you can communicate your privacy choices;
• Information for California residents; and
• Other important information. 

Other Goldman Sachs Relationships

If you have other relationships with Goldman Sachs that are not listed above, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services. 

Important Terms

We want you to understand the following defined terms that we use throughout this Online Privacy Policy, when we use:

• “Goldman Sachs,” “we,” “us” or “our”, we mean Goldman Sachs Bank USA (specifically in the context of Marcus by Goldman Sachs) and Goldman Sachs & Co. LLC (specifically in the context of Marcus Invest) and their affiliates, and their respective agents and assigns worldwide. 
• “you” or “your”, we mean any user of the Service.
• "Products,” we mean the Online Savings Accounts, Certificate of Deposit accounts and any other deposit products, Marcus loans, credit cards, and other credit products, Marcus Insights, brokerage and investment advisory products and services through Marcus Invest, and any user account, financial education information and materials and any other products and the Service.
• “including” or “includes,” we mean “including but not limited to” or “includes but is not limited to.”

Other Privacy Disclosures

If you have signed up for, applied for, have or previously had one of our consumer Products, the Marcus Consumer Privacy Notice will apply to you. This provides more information about how we collect and share your personal information and outlines certain choices you may have. If there is a conflict between this Online Privacy Policy and any privacy notice, disclosure, policies or terms relating to any Product, the privacy notice, disclosure, policies or terms relating to the Product will govern.

2. What Personal Information We Collect and Generate

We may collect or generate personal information about you, or a third party acting upon your instruction, in a number of ways and from a number of sources depending on the product or service and the relationship we have with you. For example:

• Before you begin an application, sign up, or open an account, we collect data sets from affiliates and third parties such as data analytics providers and credit reporting agencies to perform marketing analyses, identify marketing prospects and deliver marketing communications;
• While applying, signing up, or opening an account through the Service with us, and over the course of your relationship with us, you provide information directly to us, we collect information about you from third parties such as data analytics providers, the public domain, credit reporting agencies, identity verification and fraud prevention services and government entities, and we also may generate new information about you;
• When you communicate, and interact with us through the Service, over the phone, via social media or other platforms, we may monitor and record the content of the communications, and collect information about your use and interactions with the Service (such as via the mechanisms described in the “Cookies and Other Tracking Technologies” section below); please note that by communicating or interacting with us, you acknowledge your communication or interaction may be overheard, monitored, and recorded without further notice or warning;
• When you interact with the Service, and in connection with our marketing and communications, we collect digital information using cookies, web beacons, page tags, pixels or similar tools that we and our service providers and other third parties have set; and
• When you interact with the Service via a social media platform, we collect a copy of the posts and other information, such as account ID or username.

See below for a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above. In the past 12 months, we have disclosed each category of personal information to one or more of the types of third parties listed in Section 4, below.    

• Personal Identifiers:  This includes first and last name, previous name, address, email address, account user name, social media profile, telephone number, unique personal identifier and related information, publically available photographic images, and signature;
• Device and Online Identifiers and Related Information:  This includes online identifiers, Internet Protocol (IP) address, mobile/wireless carrier, device identifier (such as the Google Advertising ID or Apple ID for Advertising), and other device information;
• Background Information:  This includes date of birth, family information, information about your personal and professional associates and associations, and any other information we are required to collect by law and regulation;
• Financial Information:  This includes credit report information, credit scores, bank account number, transaction information (both from your accounts with us and any accounts you link to a Product), financial account information (including statements and checks) used to validate your identity, account information about externally linked accounts, account login credentials you use to access our Products, household income data, tax documents, your authority over financial accounts, including trusted contact/beneficial interest in and other information about entities you are associated with, public company affiliations, available account balance information, source of wealth information, investment goals and experience, net worth and liquidity needs, income and other financial information;
• Government Identifiers:  This includes Social Security number, Tax Identification Number, national identification number, other government-issued identification number, driver’s or operator’s license number, passport number, Alien Registration Number and copies of government IDs;
• Protected Classification Characteristics:  This includes age, national origin, citizenship, nationality, marital status, sex, and veteran or military status. Please note that we do not collect information regarding gender identity, gender expression, or sexual orientation unless you provide it to us in connection with servicing your account;
• Purchase History:  This includes customer purchase history or tendencies;
• Biometric Information:  This refers to a voiceprint, which is a numerical representation of your voice when you call us (we use this to identify fraudulent activity and to enhance security).  We also collect behavioral biometric data regarding how you interact with the Service;
• Internet, Application, and Network Activity:  This includes data related to user activity (e.g., when and how you use the Service and interact with our communications including emails) including emails, browsing history, search and clickstream history, online website tracking information, other data related to user activity, and url referral header information; we may collect this type of information automatically via cookies, browser web storage, web beacons and similar technologies;
• Location Data:  We may collect and receive information about your geolocation and your mobile device including a unique identifier for your device; in addition, in some instances, location information can be estimated from your IP address or through your Wi-Fi connection. We may also collect and receive precise geolocation information in certain circumstances (such as to help you find a nearby ATM);
• Sensory Data:  This includes audio data, such as a recording of your voice when you call us;
• Professional or Employment-Related Information:  This includes occupation, title, employer, employment history, income, industry affiliations, and education; and
• Inferences About You:  This includes a profile reflecting your preferences, characteristics, predispositions, behavior, attitudes and creditworthiness profile.

Although you don’t have to supply any of the personal information we request, we may not be able to provide Products to you or you may not be able to interact with our Service if you do not.

Personal information does not include information that has been anonymized or aggregated so that it does not identify an individual. 

3. How We Use Personal Information

We use personal information for the following business purposes:

• Administering, operating and managing your relationship and/or Products with us;
• Understanding your needs and offering services to you; managing our relationship with you; meeting our regulatory and compliance obligations; complying with contractual obligations, relevant industry standards, and our policies; 
• Authenticating identity;
• Mitigating fraud and enhancing the security of the Service, our Products and online services;
• Contacting and communicating with you, including through push notifications and text messages;
• Conducting marketing activity, such as developing marketing and acquisitions models, identifying marketing recipients, developing marketing collateral and delivering advertisements and marketing communications;
• Responding to and reviewing social media messages or postings about us or our Products;
• Presenting third-party products and services we think may be of interest;
• Performing analytics concerning the use of the Products and Service, including responses to our emails and the pages and advertisements that are viewed; and
  
• Operating, evaluating and improving our business, the Service, and our Products (including assessing and managing risk, fulfilling our legal and regulatory requirements, developing new products and services, improving and personalizing existing Products and services, and performing accounting, auditing and other internal functions).

We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law. 

We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.

If your relationship with us ends, we will continue to treat your personal information, to the extent we continue to maintain use, and share it, as described in this Online Privacy Policy or as set forth in the privacy notice for the applicable Products and Service.

4. Who We Share Personal Information With

We share personal information as set forth below:

• Goldman Sachs affiliates. We may share personal information with members of the Goldman Sachs family of companies in order to service accounts, improve products or for other purposes permissible under applicable law and regulations.
  
• Third-party service providers: We may share personal information with non-affiliated companies that perform support services for us, such as data analytics, fraud analysis, identity verification, risk management, security services, advertising and marketing, customer support, mail services, email delivery, information technology, payment processing, and other service providers.
• Cobrand partners: We may share personal information with our cobrand partners in order to service accounts, improve products or for other purposes permissible under applicable law and regulations.
• Legal process and emergency situations: We may disclose to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities. We may also disclose information if we believe it is necessary or appropriate to protect our rights, property or safety, or the rights, property or safety of our employees, customers or others, or to enforce our contractual rights.
• Corporate transactions: In the event of a corporate transaction, such as a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of any or all of our assets or liabilities, some of the personal information that we hold may be among the assets or liabilities transferred to a buyer or other successor. We may also transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or liabilities or any line of business, change in ownership control or financing transaction.

We also share personal information with others when you provide your consent, such as to our cobrand partners, data aggregators, and with your authorized representatives, agents and beneficiaries.

We are required to identify the categories of personal information we share with third parties for business purposes. We disclose the categories of personal information listed in Section 2 above for business purposes.

California law requires that we describe certain disclosures of personal information where we receive monetary or other valuable consideration. We do not sell, and have not sold in the preceding 12 months, personal information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16 years of age.

5. Cookies and Other Tracking Technologies

We and our service providers use tracking technologies such as cookies, web beacons, session replay, device advertising IDs and similar technologies on the Service and in our email communications. These technologies collect information about use of the Service, such as browser, device information and browsing information that includes time/date of access and time spent on the Service, pages visited, language preferences, how users interact with our Service, and other traffic data. Pixels or similar technologies may also be used in our emails to determine whether you have opened our emails and how you interact with it.

These technologies are used for a number of business purposes, such as to record your preferences, track your use of the Service across multiple devices, track how you interact with our communications, suggest products tailored to you, measure exposure to our online advertisements, monitor traffic, analyze use of the Service, for security purposes, to display information more effectively, to personalize a user’s experience, and to improve the Service and make the Service easier to use.

You have choices to limit some tracking mechanisms that collect information when you use the Service. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of the Service may not function properly or may not remain accessible to you. You may be able to prevent us from determining whether you have opened our emails via pixel technology by configuring your email client to not load images in emails.

For more information about your choices, see Interest-Based Advertising below.

Cookies

Cookies are small text files that may be placed on your device when you visit the Service or when you view advertisements that we have placed on other websites. Cookies allow your browser to remember some specific information which the web server can later retrieve and use.  When you quit your browser, some cookies are stored in your computer’s memory, while some expire or disappear. 

Tags, Pixels, Web Beacons, Clear GIFs

A web beacon, also known as an Internet tag, pixel tag or clear GIF, is typically a one-pixel, transparent image located on a webpage or in an email.  These may be used when you visit the Service, are served with advertisements, when you interact with advertisements outside of our online services, or when you interact with our communications.  They are generally used to transmit information back to a web server.    

Interest-Based Advertising

Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising companies which we may permit to track your visits to the Service. These third parties may use these technologies to collect information about you when you use the Service and your other online activities. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites and devices in their networks beyond the Service. They may use this information to provide you with interest-based advertising or other targeted content.

We, and many of the third-party advertisers that place tracking tools on the Service, are members of the Interactive Advertising Bureau’s Self-Regulatory Program for Online Behavioral Advertising. Some of our ads that are displayed on third-party websites will feature an AdChoices icon inside the ad. Clicking on the AdChoices icon inside the ad will provide you an opportunity to opt out of interest-based advertising by the third parties that participate in the program. In addition, you can learn more about the options available to limit these third parties’ collection and use of your information by visiting our opt-out page and the websites for the Network Advertising Initiative and the Digital Advertising Alliance, as well as the webpages for Facebook’s ad preferences tool and privacy policy.  Users of our mobile applications may install the Digital Advertising Alliance’s AppChoices mobile app, available here, and choose to opt out of participating advertising networks’ use of mobile app activity for interest-based advertising purposes.

If you choose to opt-out via the web-based tools, a cookie will be placed on your browser indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt-out again. Likewise, mobile app opt-outs via AppChoices are based on your mobile device’s advertising identifier, so if you reset it, you will need to opt-out again via AppChoices.

6. Additional Technology

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on the Service. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Service, compile reports on the Service’s activity and provide other services related to Service activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click https://www.google.com/policies/privacy/partners/.

We may use Google Maps API and Places API features and content, for example to help auto-complete address information on the Service. By using the Service, you agree to be bound by the then-current Google Maps/Google Earth Additional Terms of Service and Google Privacy Policy. To learn more about Google Maps/Google Earth Additional Terms of Service and the Google Privacy Policy, please visit https://maps.google.com/help/terms_maps.html and https://www.google.com/policies/privacy/, respectively.

7. How We Protect Information

We take the security of personal information, including U.S. Social Security numbers, seriously and work to limit access to personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

8. Contact Us

You may receive a privacy notice in connection with our Products that describe privacy choices. You may contact us to exercise your choices by following any instructions contained in our privacy notice or marketing materials.

In most cases, you can communicate with us through the Service. If you need to contact us for more information about our privacy policy and practices, or because you have questions or concerns, you may do so using the information listed below:

• For Marcus deposits, Insights and related products, call us toll-free at 1-855-730-7283 or write us at Goldman Sachs Bank USA, PO Box 1978, Cranberry Twp, PA 16066.
• For Marcus Invest, email us at [email protected] or call us toll-free at 1-833-720-MINV (1-833-720-6468).
• For Marcus lending products, please call us toll-free at 1-844-MARCUS2 (1-844-627-2872) for personal loans and MarcusPay, or 1-833-906-2224 for small business loans, or write us at Goldman Sachs Bank USA, PO Box 45400, Salt Lake City, UT 84145-0400.
• For GM Rewards Cards, call toll-free at 1-833-773-0988, or write us at Goldman Sachs Bank USA, PO Box 70321, Philadelphia, PA 19176-0321.

9. Residents of California

California residents have certain rights in relation to their personal information pursuant to the California Consumer Privacy Act (CCPA). These include the right to:

• Request information about the personal information that we collect about you and the manner in which we use, process and disclose that information
• Obtain the specific pieces of personal information that we have collected about you in the 12 months preceding your request
• Delete certain personal information that we have collected about you
• Opt-out of disclosures of your personal information to third parties under certain circumstances
• Not be discriminated against as a result of exercising any of the aforementioned rights

California residents should be aware that this section does not apply to:

• Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and its implementing regulations, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994; or
• Other information subject to a CCPA exception

If you would like to discuss or exercise such rights, please contact us through our CCPA Intake Form or at 1-833-971-0826. As part of submitting a request, we will ask for your name, email address, phone number, date of birth, and mailing address.

California law requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you. 

For more information about our CCPA consumer rights request metrics please click here.

10. Other Important Information

Any natural person using the Service must be at least 18 years of age. The Service may only be used in the United States, including its territories, or on a United States military base.  If you do use the Service outside of the United States, your personal information may be transferred to the United States or other locations outside of your state, province, or country, where privacy laws may not be as protective as those in your state, province, or country.  Except as provided in the next sentence, this Online Privacy Policy shall be governed by and construed in accordance with federal law and any applicable laws of the State of Utah without regard to rules concerning conflicts of law or choice of law. If you are a New York resident, this Online Privacy Policy shall be governed by and construed in accordance with federal law and the laws of the State of New York, without regard to rules concerning conflicts of law or choice of law.

If you decide at any time that you no longer wish to receive marketing emails from one of our lines of business, please follow the “unsubscribe” instructions provided in such emails. Please note that even if you unsubscribe, we may continue to send transactional or administrative emails, such as legally required, regulatory, billing, or service notifications.  Your mobile device settings may provide functionality to control push notifications that we may send.

11. Do Not Call Policy

We do not place marketing telephone calls to numbers appearing on a state or federal do not call list (unless permitted by applicable law) or to the number of a person who has requested not to receive telemarketing calls made by or on behalf of us. If you ask not to receive telemarketing calls from us, you will be placed on our internally-maintained do not call list and will not be called during any future telemarketing campaigns. Any request to be placed on our internally-maintained do not call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internally-maintained do not call list, and how to document, process and honor requests to be placed on our internally-maintained do not call list. It is our policy to honor a “do not call” request for five (5) years from the time the request is made. However, some states have do not call laws that require us to honor such a request for a longer period of time, and it is our policy to comply with those laws when applicable. Subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call. We reserve the right to revise this Do Not Call Policy.

12. Do Not Track

Your browser or device may include Do Not Track functionality. The Sites are not built to respond to Do Not Track. That means that, even if your browser is set to “Do Not Track,” our information collection and disclosure practices (including the choices that we provide to customers) will continue to operate as described in this Online Privacy Policy.

13. Reporting Security Vulnerabilities

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered with our Products or on the Service. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at https://hackerone.com/goldmansachs

14. Links and Third Party Products and Services

The Service may contain links and other functionality that connect with certain sites and applications not provided by us, including social media sites and sites hosted by a third party service provider (“Third-Party Sites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Sites. The fact that we have provided a link to a Third-Party Site is not an endorsement of that Third-Party Site (including any information or content made available throughout such site) or its owners, sponsors or operators. We have not tested any information, software or products found on any Third-Party Site and therefore do not make any representations about those sites or any associated products or services.

15. Updates to this Privacy Policy

We may change this Online Privacy Policy from time-to-time. If we make changes to this Online Privacy Policy, we will update the “Effective as of” date at the top of this page. Any changes to this Online Privacy Policy will become effective when posted unless indicated otherwise. Your continued use of the Service following the posting of any changes will mean that you accept those changes.