If you have other relationships with Goldman Sachs that are not listed above, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.
We may collect or generate personal information about you, or a third party acting upon your instruction, in a number of ways and from a number of sources depending on the product or service and the relationship we have with you. For example:
See below for a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above. In the past 12 months, we have disclosed each category of personal information to one or more of the types of third parties listed in Section 4, below.
Although you don’t have to supply any of the personal information we request, we may not be able to provide Products to you or you may not be able to interact with our Service if you do not.
Personal information does not include information that has been anonymized or aggregated so that it does not identify an individual.
We use personal information for the following business purposes:
We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law.
We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.
We share personal information as set forth below:
We also share personal information with others when you provide your consent, such as data aggregators, and with your authorized representatives, agents and beneficiaries.
We are required to identify the categories of personal information we share with third parties for business purposes. We disclose the categories of personal information listed in Section 2 above for business purposes.
California law requires that we describe certain disclosures of personal information where we receive monetary or other valuable consideration. We do not sell, and have not sold in the preceding 12 months, personal information to third parties as defined under California law. We do not knowingly sell the personal information of minors under 16 years of age.
We and our service providers use tracking technologies such as cookies, web beacons, session replay, device advertising IDs and similar technologies on the Service and in our email communications. These technologies collect information about use of the Service, such as browser, device information and browsing information that includes time/date of access and time spent on the Service, pages visited, language preferences, how users interact with our Service, and other traffic data. Pixels or similar technologies may also be used in our emails to determine whether you have opened our emails and how you interact with it.
These technologies are used for a number of business purposes, such as to record your preferences, track your use of the Service across multiple devices, track how you interact with our communications, suggest products tailored to you, measure exposure to our online advertisements, monitor traffic, analyze use of the Service, for security purposes, to display information more effectively, to personalize a user’s experience, and to improve the Service and make the Service easier to use.
You have choices to limit some tracking mechanisms that collect information when you use the Service. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of the Service may not function properly or may not remain accessible to you. You may be able to prevent us from determining whether you have opened our emails via pixel technology by configuring your email client to not load images in emails.
For more information about your choices, see Interest-Based Advertising below.
Cookies are small text files that may be placed on your device when you visit the Service or when you view advertisements that we have placed on other websites. Cookies allow your browser to remember some specific information which the web server can later retrieve and use. When you quit your browser, some cookies are stored in your computer’s memory, while some expire or disappear.
A web beacon, also known as an Internet tag, pixel tag or clear GIF, is typically a one-pixel, transparent image located on a webpage or in an email. These may be used when you visit the Service, are served with advertisements, when you interact with advertisements outside of our online services, or when you interact with our communications. They are generally used to transmit information back to a web server.
Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising companies which we may permit to track your visits to the Service. These third parties may use these technologies to collect information about you when you use the Service and your other online activities. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites and devices in their networks beyond the Service. They may use this information to provide you with interest-based advertising or other targeted content.
If you choose to opt-out via the web-based tools, a cookie will be placed on your browser indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt-out again. Likewise, mobile app opt-outs via AppChoices are based on your mobile device’s advertising identifier, so if you reset it, you will need to opt-out again via AppChoices.
We take the security of personal information, including U.S. Social Security numbers, seriously and work to limit access to personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.
You may receive a privacy notice in connection with our Products that describe privacy choices. You may contact us to exercise your choices by following any instructions contained in our privacy notices or marketing materials.
California residents have certain rights in relation to their personal information pursuant to the California Consumer Privacy Act (CCPA). These include the right to:
California residents should be aware that this section does not apply to:
If you would like to discuss or exercise such rights, please contact us through our CCPA Intake Form or at 1-833-971-0826. As part of submitting a request, we will ask for your name, email address, phone number, date of birth, and mailing address.
California law requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.
If you decide at any time that you no longer wish to receive marketing e-mails from one of our lines of business, please follow the “unsubscribe” instructions provided in such e-mails. Please note that even if you unsubscribe, we may continue to send transactional or administrative e-mails, such as legally required, regulatory, billing, or service notifications. Your mobile device settings may provide functionality to control push notifications that we may send.
We do not place marketing telephone calls to numbers appearing on a state or federal do not call list (unless permitted by applicable law) or to the number of a person who has requested not to receive telemarketing calls made by or on behalf of us. If you ask not to receive telemarketing calls from us, you will be placed on our internally-maintained do not call list and will not be called during any future telemarketing campaigns. Any request to be placed on our internally-maintained do not call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internally-maintained do not call list, and how to document, process and honor requests to be placed on our internally-maintained do not call list. It is our policy to honor a “do not call” request for five (5) years from the time the request is made. However, some states have do not call laws that require us to honor such a request for a longer period of time, and it is our policy to comply with those laws when applicable. Subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call. We reserve the right to revise this Do Not Call Policy.
We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered with our Products or on the Service. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at this link: https://hackerone.com/goldmansachs
The Service may contain links and other functionality that connect with certain sites and applications not provided by us, including social media sites and sites hosted by a third party service provider (“Third-Party Sites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Sites. The fact that we have provided a link to a Third-Party Site is not an endorsement of that Third-Party Site (including any information or content made available throughout such site) or its owners, sponsors or operators. We have not tested any information, software or products found on any Third-Party Site and therefore do not make any representations about those sites or any associated products or services.
Marcus by Goldman Sachs® is a brand of Goldman Sachs Bank USA and Goldman Sachs & Co. LLC (“GS&Co.”), which are subsidiaries of The Goldman Sachs Group, Inc. All loans and deposit products are provided by Goldman Sachs Bank USA, Salt Lake City Branch. Member FDIC. Brokerage and investment advisory services offered by Marcus Invest are provided by GS&Co., which is an SEC registered broker-dealer and investment adviser, and member FINRA/SIPC.
© 2021 The Goldman Sachs Group, Inc. All rights reserved.