This notice is available in other languages: French, Spanish, Italian, Polish.
If you work for or are engaged by a Goldman Sachs entity or branch in Germany, the notice applicable to you is available in German and English.
As part of our commitment to protecting your personal data and processing it in a transparent manner, this fair processing notice (“notice”) provides information on the personal data collected and processed by member(s) of Goldman Sachs Group Inc. in connection with our relationship with you (“you” or “your”). This notice is provided by member(s) of Goldman Sachs Group Inc. by which you are employed or engaged (“GS”, “we”, “our” or “us”). This notice does not form part of your contract of employment or engagement.
Whose data do we process?
We process the personal data of individuals who work for GS, including current and former employees, workers, individual contractors, contingent workers, interns, agency workers, consultants, and directors. We also process the personal data of other individuals whose data is provided to us in connection with this relationship (e.g. next-of-kin, emergency contact information and/or dependents).
This notice describes the personal data that may be collected from you and from others about you, the purposes for which that personal data is collected, stored and used, and our reason for doing so (also referred to as our “legal basis”). In this notice we also outline which internal GS function may use your personal data and when it may be shared with other vendors and advisors, and we summarise your rights in relation to our processing of your personal data, and how you can exercise these rights.
What is personal data?
Personal data is any information relating to an identified or identifiable natural person.
What is identifiable natural person?
An identifiable natural person is a living natural person (rather than a legal entity, such as a company) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
If you would like to contact us regarding the processing of your personal data, please contact your local Human Capital Management (“HCM”) contact or our data protection office at gs-privacy@gs.com.
You can also contact our:
1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
GS will be a data controller of your personal data. In addition, where processing of personal data is undertaken by GS affiliates for their own purposes, these affiliates may also be data controllers of your personal data.
What is a GS affiliate?
In this notice, “GS affiliate” or “our affiliate” means any entity controlled, directly or indirectly by GS, any entity that (directly or indirectly) controls GS, or any entity directly or indirectly under common control with GS.
A list of the Goldman Sachs controllers likely to be relevant to you and, where applicable, their representatives are set out in Appendix 1.
This notice applies in conjunction with any other notices you receive from GS affiliates in connection with the processing of your personal data.
2. WHAT PERSONAL DATA DO WE PROCESS?
2.1. YOUR PERSONAL DATA
GS and GS affiliates will, depending on your role and the terms of your relationship with us, process certain personal data relating to you and people connected to you, including:
A. Personal details: such as your name, gender, nationality, date of birth, home contact details (e.g. address, telephone number, e-mail), immigration data (including passport details and place of birth), eligibility to work data, photograph and languages spoken.
This also includes data such as your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, country of residence and of tax residence, second nationality, civil/marital status, age, national ID number, hobbies, languages spoken, mother’s maiden name, name of spouse, and next-of-kin and dependent contact information.
B. Information relating to your role with us: such as position held, employment status, work contact details (e.g. address, telephone number, e-mail), your work biography and qualifications, your reporting line, your job title and job description and your working hours and patterns.
This also includes data such as your worker ID and any other ID, your performance review information, work location, default hours, default language, time zone and currency for location, various system IDs, your employee/contingent worker type, your hire/contract begin and end dates, your cost centre, whether you are full or part time, the date of expiry or termination of your employment or engagement, the reason for termination, your last day of work, exit interview feedback, references, status (active/inactive/terminated), the reason for any change in role and the date of change and your benefit coverage start date.
C. Information relating to recruitment and selection: such as CV and application, references, and information compiled in undertaking a background check, which may include criminal record data, financial stability checks and reviews of professional and social media.
This also includes data such as professional and academic background (including previous role information), photograph, qualifications, interview and assessment data.
D. Regulatory information: such as your regulated status and any regulatory references.
This also includes data such as records of your registration with any applicable regulatory authority, any relevant certificates, information regarding any issues that may affect professional propriety, compliance approval status and any conflict of interest disclosure.
E. Details of your remuneration and benefits entitlements: such as your remuneration information (including salary/hourly plan/contract pay information as applicable, allowance, bonus and merit plans) and payroll information, including bank account details.
This also includes data such as grade, social security number, tax information, benefit plans and third party benefit recipient information.
F. Information regarding holidays and leave: such as your absence records.
This also includes data such as dates and categories of leave/time-off, holiday dates and information related to family leave.
G. Information regarding HCM processes: such as performance reviews and performance management, disciplinary or grievance processes, flexible working arrangements, restructure and redundancy plans.
This also includes data such as allegations, investigations and proceeding records and outcomes, colleague and manager feedback, talent programmes, consultation records, selection and redeployment data, health and safety audits, risk assessments, incident reports, data relating to training and development needs or training received, as well as background information and context to the applicable HCM processes.
H. Monitoring data: to the extent permitted by applicable laws, this includes closed circuit television footage, call recordings and control function surveillance, data caught by technology security programmes and filters.
This also includes data such as system and building login and access records, internet and system usage records, keystroke, download and print records, email and IM communications and external searches of public sources, if and to the extent permitted by applicable laws. This activity also includes reviews of training metrics, monitoring external personal investments and compliance with policy, and management of conflicts with GS roles.
I. Information relating to legal claims, complaints and disclosures: such as information relating to involvement in claims and legal proceedings or dispute resolution, and employee involvement in incident reporting and disclosures.
This also includes data such as settlement arrangements and payments, subject matter of litigation and complaints.
J. Special categories of personal data and data relating to criminal convictions and offences: such as data relating to your political opinions, sexual orientation, ethnicity and race, your religious or philosophical beliefs or concerning your health, and data relating to actual and alleged criminal convictions and offences, in each case if and to the extent permitted or required by applicable laws.
What are special categories of personal data?
Special categories of personal data are: (i) personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) any genetic data or biometric data processed for the purpose of uniquely identifying a natural person; or (iii) data concerning health or sex life or sexual orientation.
What data relating to criminal convictions and offences are processed?
We process criminal convictions and offences data in the context of background checks and regulatory registrations, as set out in this notice.
K. Details of third parties: such as the names and details of your emergency contact, next of kin, beneficiaries and the family members of our employees and workers.
This also includes data such as the third party’s name, date of birth, age, contact details and any additional information which we process in connection with our regulatory obligations. See section 2.3 of this notice if you provide such data to us.
2.2 HOW DO WE COLLECT YOUR PERSONAL DATA?
We mainly collect your personal data directly from you.
You will usually provide this information directly to us, or enter it into our systems (for example, through your self-service access to our HCM systems, your participation in HCM processes, messages you send or receive that are recorded on our systems, or through verbal information which may be recorded, in each case if and to the extent permitted by applicable laws). In addition, further information about you will come from your colleagues (for example, your managers or HCM).
In some cases we may obtain your personal data from GS affiliates or from third parties. This may include references from a previous employer, medical reports from external professionals, tax authorities, benefit providers or where we employ a third party to carry out background checking (where permitted by applicable law). In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, closed circuit television, telephone logs and recordings and email and Internet access logs), if and to the extent permitted by applicable laws.
2.3 DATA RELATING TO THIRD PARTIES
In certain circumstances we may process personal data of other persons connected to you, such as dependents and family members. The personal data regarding third parties that you provide to us will be processed for the purposes of HCM administration and management, including the administration of benefits and to contact your next-of-kin in an emergency, and by Compliance to establish and meet regulatory requirements and identify any conflicts of interest. Additional information relating to our processing of their personal data is available online here: www.gs.com/privacy-notices. Before you provide data relating to third parties to us, you should ensure you are permitted to do so and make them aware of the information contained in this notice.
3. PURPOSES AND REASONS FOR PROCESSING YOUR PERSONAL DATA
3.1 PURPOSES FOR PROCESSING
Your personal data are collected and processed for various business purposes, in accordance with applicable laws and any applicable collective bargaining agreements. Data may occasionally be used for purposes not anticipated by you where the circumstances warrant such use (e.g., in investigations or disciplinary proceedings).
GS and GS affiliates process your personal data for a specific purpose and process only the personal data relevant for achieving that purpose. In particular, we process your personal data for the following purposes and for compatible purposes:
A. Applicant/candidate attraction, assessment and selection: including all activities in connection with recruitment (including vetting and background checks).
If and to the extent permitted by applicable laws, this includes recruitment and appropriate vetting for recruitment including, where relevant and appropriate, credit checks, right to work verification, identity fraud checks, criminal record checks, relevant employment history, relevant regulatory status and professional qualifications.
B. Workforce management and development: including all activities undertaken in managing and administering the relationship between GS and its employees and workers. This includes talent management, assessment and development, employee relations, benefits including Global Mobility Services, GS University, administrative support and location-based processing.
This includes:
• training, development, promotion, career and succession planning;
• allocating and managing duties and responsibilities and the business activities to which they relate, including business travel and tax matters;
• identifying and communicating effectively with staff;
• managing conduct and performance processes, handling complaints and investigations and operating other informal and formal HCM processes and making related management decisions;
• processing information about absence or medical information regarding physical or mental health or condition in order to administer related benefits, determine fitness for work, facilitate a return to work, or to make adjustments to your role or the workplace;
• making management decisions regarding employment or engagement or continued employment or engagement or redeployment and related processes;
• complying with applicable laws and regulation (for example employment, working time, health and safety and tax laws and regulation to which we are subject in the conduct of our business);
• complying with reference requests where GS is asked or required to act as a referee; and
• where relevant, publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances.
C. Managing compensation and administering benefits: including staff compensation and management of benefits and retirement entitlements.
This includes providing and administering remuneration, and benefits and reimbursement of business costs and expenses and making appropriate tax and social security deductions and contributions.
D. Promoting diversity and preventing discrimination: including those activities that we undertake as an Equal Opportunities employer.
This includes managing monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws and to monitor the effectiveness of those programmes.
E. Management and improvement of GS systems and operations: including improvements to HCM systems, management of technology systems and processes and business transformation and changes to GS’s structure and operations.
This includes:
• business contingency planning;
• engagement with employees (and/or employee representatives) for planning, managing and carrying out restructuring or redundancies or other change programmes (including consultation, selection, alternative employment searches and related management decisions);
• conducting surveys for benchmarking and identifying improved ways of working, employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results);
• planning, due diligence and implementation in relation to a commercial transaction or service transfer involving GS that impacts on your relationship with GS (for example a transfer of your employment under applicable automatic transfer laws);
• implementing email, technology, internet, social media, HCM related and other company policies and procedures; and
• providing technical support and maintenance for HCM information systems and to change access permissions.
F. Prudent business management and protecting and enforcing GS rights: including Divisional Vendor Management, management and strategy and management reporting activities.
This includes:
• business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images;
• supporting HCM administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement; and
• operating the relationships with third party customers and suppliers including the disclosure of relevant background checking information in line with the appropriate requirements of regulated customers to those customers, contact or professional CV details or photographic images for identification to clients or disclosure of information to data processors for the provision of services to GS.
G. Protection of business, clients, staff and systems: this includes protecting the private, confidential and proprietary information of GS, GS affiliates and our employees, clients and third parties.
This includes, to the extent permitted by applicable law, carrying out monitoring of our technology systems to protect and maintain the integrity of such systems and infrastructure and to ensure compliance with relevant technology policies. We also locate information through searches where needed for a legitimate business purpose.
H. Meeting our regulatory and compliance obligations and preventing crime: this includes carrying out regulatory compliance checks, making disclosures to, and complying with requests from public authorities, regulators (whether inside or outside of the EEA) or governmental bodies across our global group, and investigating conduct and preventing fraud and other crime.
This includes:
• activities to enforce our legal rights and meet our obligations, and for any purposes in connection with any legal claims made by, against, or otherwise involving you;
• actions we take to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), disclosure requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), in all cases whether within or outside your country of residence; and
• processing activities to satisfy our regulatory obligations to supervise the persons employed or appointed by us to conduct business on our behalf, including preventing, detecting and investigating a wide range of activities and behaviours, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities.
We may also process data for other purposes we notify to you from time to time.
Additional information regarding specific processing of personal data may be notified to you locally or as set out in applicable policies.
In particular, additional details of technology monitoring and management of confidential information are set out in GS’s Electronic Message Monitoring Policy, Policies and Procedures Regarding Confidential or Proprietary Information and The Chinese Wall and Policies and Practices for the Use of GS’s Communications Systems.
3.2 OUR REASONS (LEGAL BASES) FOR PROCESSING
The legal bases we rely upon to process your personal data described in this notice vary depending on which laws apply to the processing. The personal data processing described in this notice may be:
A. necessary in order to enter into contracts with you relating to your employment or engagement with us and meet our obligations under such contracts;
This applies to paragraphs A, B, C and F of section 3.1 above.
B. necessary in order to comply with our legal obligations under certain laws;
This applies to paragraphs A to G inclusive of section 3.1 above to the extent that German law applies to the processing of your personal data, to the extent that personal data are processed for employment-related purposes.
C. to the extent German law applies, necessary in order to identify criminal offences. Your personal data may only be processed if: (i) there is a documented reason to believe that you may have committed a criminal offence in the context of the employment relationship(ii) the processing is necessary to investigate the potential offence and is not overridden by your legitimate interest in the exclusion of the processing. In particular, if the type and extent of the processing is not disproportionate with regard to the cause.
This applies to paragraphs F, G, of section 3.1 above as far as personal data relates to criminal offences.
D. to the extent German law applies, necessary to exercise or comply with rights and obligations of employees’ representation stipulated by law or by collective agreements or other agreements between the employer and employees’ representation bodies.
E. necessary in order to comply with our legal obligations under certain laws;
This applies to paragraph G of section 3.1 above to the extent German law applies and to paragraphs A, C, D and G of section 3.1 where any other law applies.
F. necessary for the legitimate interests of GS or others (as described below), where these are not overridden by your interests or fundamental rights and freedoms; or
This applies to paragraph G of section 3.1 above to the extent German law applies, as far as personal data are not processed for employment-related purposes and to paragraphs A to G of section 3.1 where any other law applies.
G. in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we obtain from you from time to time).
The ‘legitimate interests’ referred to in section 3.2 C above are:
What are special categories of personal data?
Special categories of personal data are: (i) personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) any genetic data or biometric data processed for the purpose of uniquely identifying a natural person; or (iii) data concerning health or sex life or sexual orientation.
Special category data is processed for one or more of the following reasons:
A. the processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law in so far as it is authorised by the laws of the Union or Member State, UK, the Dubai International Financial Centre (“DIFC”) or a collective agreement pursuant to Member State, UK or DIFC law providing for appropriate safeguards for the fundamental rights and the interests of the data subject. To the extent that German law applies, this reason for processing will only apply where there is no reason to expect that this purpose is overridden by your legitimate interest in the exclusion of the processing, or on the basis of a collective agreement.
B. to the extent German law applies, the processing is necessary for the purposes of health care, for the assessment of your ability to work, for medical diagnosis, care or treatment in the health or social field, or for the management of systems and services in the health and social field, or on the basis of a contract which you have concluded with a member of a health profession, and these data are processed by medical personnel or by other persons who are subject to a corresponding obligation of secrecy or under their responsibility.
These reasons apply to certain processing activities described under section 3.1 B and D above. This may include the following, although this is not an exhaustive list:
C. the processing is necessary for the establishment, exercise or defence of legal rights and claims;
This applies to processing for the purposes of establishing, exercising and defending legal rights and claims, as described in H of section 3.1 of this notice, to the extent this involves processing any special categories of personal data.
D. the processing is necessary for reasons of substantial public interest;
E. the processing relates to personal data that you have made public; or
F. solely to the extent that the processing is not otherwise justified under one of the above justifications, your explicit consent to the processing (which we obtain from you from time to time).
We only process personal data relating to criminal convictions and offences as authorised by applicable law. For example, we process criminal record information as part of our pre-employment and periodic background check procedures (see section 3.1 A above), our annual certification process, in connection with correspondence received from, or reporting to, law enforcement agencies or in the course of the management of our relationship with you, in each case where required or authorised by applicable law. For example, where we have a legal or regulatory requirement to report an offence or applicable laws authorise GS to process information about the offence for the purpose of making decisions regarding your relationship with GS.
4. MANDATORY DATA
Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection. We will also inform you if particular information is required by the contract or statute. Failure to provide any mandatory information will mean that we cannot carry out certain HCM processes. For example, if you do not provide us with your bank details, we will not be able to pay you. In some cases it may mean that we are unable to continue with your employment or engagement as GS will not have the personal data we believe to be necessary for the effective and efficient administration and management of our relationship with you.
5. YOUR CONSENT
We may seek your consent to certain processing which is not otherwise justified on one of the bases set out in section 3.2 of this notice. If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from GS.
To the extent GS is relying on your consent to process your personal data, you have the right to withdraw your consent to such processing at any time. You can do this by contacting your HCM contact or our data protection team at gs-privacy@gs.com.
Please note that any processing of your personal data prior to your withdrawal of consent will remain unaffected by any such withdrawal. Please note also that this notice does not apply to consents you provide for any other reason, such as in connection with access to medical reports or vetting procedures.
6. SHARING PERSONAL DATA
Within GS, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to:
Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other employees. The security measures in place within GS to protect your data are set out in section 7 below.
Your personal data may also be accessed by third parties with whom we work and who provide us with services, such as hosting, supporting and maintaining the framework of our HCM information systems. This includes those vendors that we work with to provide health related services, such as Occupational Health and well-being services.
Personal data may also be shared with certain interconnecting systems such as talent management, performance review, and local payroll and benefits systems. Data contained in such systems may be accessible by providers of those systems, their affiliates and sub-contractors.
Due to the size and complexity of GS’s operations it is not possible to name each of our data recipients in this notice. Examples of third parties with whom your data may be shared include GS’s clients (and client staff, where appropriate), suppliers (and supplier staff), tax authorities, regulatory authorities, GS’s insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of GS’s benefits programs. GS requires such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.
Where these third parties act as a “data processor” (for example a payroll provider) they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes. In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services.
In addition, we may share personal data with national authorities or regulators in order to comply with a legal obligation or regulatory requirement to which we are subject.
7. SECURITY OF DATA
GS uses a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.
GS is committed to protecting the security of the personal data you share with us. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.
A number of the measures that we use to protect information are set out in the Global Privacy Policy and the Information Security Handbook, which sets out the applicable Firm policies including the Technology Risk policies.
We require our vendors and suppliers to keep the personal data that we provide to them secure, both in transit and once received by them. This includes encryption, where appropriate.
8. INTERNATIONAL TRANSFER
GS will ensure that appropriate safeguards are in place to protect your personal data and that transfer of your personal data is in compliance with applicable data protection laws. Where required by applicable data protection laws, GS has ensured that service providers (including other GS affiliates) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter. You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting gs-privacy@gs.com. In exceptional cases, GS may transfer your personal data to countries that do not provide an adequate level of data protection based on an exception, such as if the transfer is necessary for the performance of a contract, in case of legal proceedings abroad or if you have consented to such transfer.
The data sharing listed in this notice may involve the transfer of personal data to any country in which GS or a GS affiliate conducts business or has a service provider or to other countries for law enforcement purposes (including, without limitation, the United States of America and other jurisdictions whose data privacy laws are not as stringent as those in effect in the United Kingdom, Switzerland, the European Union or the DIFC); in principle any country in the world).
9. DATA SUBJECT RIGHTS
You may be entitled under the applicable data protection laws to the following rights in respect of your personal data:
A. Information and access: You have the right to be provided with certain information about GS’s processing of your personal data and access to that data (subject to exceptions).
B. Rectification: If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected.
C. Erasure: You have the right to require that your data be erased in certain circumstances, including where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data, or if we processed this data on the basis of your consent and you have since withdrawn this consent.
D. Data portability: Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to have the data transferred to you or another controller in a structured, commonly used and machine-readable format, where this is technically feasible.
E. Right to object to certain data processing: To the extent that GS is relying upon the legal basis of legitimate interest to process your personal data, then you have the right to object to such processing, and GS must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where GS needs to process the data for the establishment, exercise or defence of legal rights and claims. Where GS relies upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
F. Right to restriction of processing: You have the right to restrict GS’s processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment and exercise of legal rights or defence of legal claims, to protect the rights of another person, or for reasons of important public interest.
G. Right to withdraw consent: To the extent that GS is relying upon your consent to process personal data, you have the right to withdraw such consent at any time. Please see section 5 of this notice.
H. Complaint: You also have the right to lodge a complaint with a supervisory authority.
If you wish to exercise any of these rights you may do so by sending an email to gs-privacy@gs.com.
You can also contact our European and UK data protection officers using the contact details provided above.
We may provide additional ways for you to exercise your rights from time to time.
10. RETENTION OF PERSONAL DATA
GS and GS affiliates retain personal data for varying time periods in order to assist us in complying with legal and regulatory obligations, to enable compliance with any requests made by regulators or other relevant authorities and agencies, to enable us to establish, exercise and defend legal rights and claims, and for other legitimate business reasons.
GS and GS affiliates retain your personal data for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, any new purposes to which you subsequently consent, or to comply with legal, regulatory and GS policy requirements.
To the extent Goldman Sachs Bank Europe SE, Goldman Sachs Europe SE or Goldman Sachs Realty Management GmbH (together, ‘GS Germany’) is the controller of your personal data processed within the scope of this notice, the following additional information also applies. GS Germany is subject to various retention and documentation requirements pursuant to inter alia, the German Commercial Code (Handelsgesetzbuch, “HGB”) and the German Tax Code (Abgabenordnung, “AO”). The retention and documentation periods specified therein last up to ten years. The storage period is also governed by the statute of limitation periods, which can be up to thirty years, for example, pursuant to secs. 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, “BGB”) whereby the general limitations period is three years.
11. UPDATES TO THIS NOTICE
The information in this notice may change from time to time – for example, the categories of personal data that GS collects, the purposes for which it is used and the ways in which it is shared may change. This notice may be updated from time to time.
APPENDIX 1: GS CONTROLLER ENTITIES
GS ENTITY |
HEAD OFFICE OR BRANCH OF GS ENTITY (IF APPLICABLE) |
CONTACT DETAILS |
Goldman Sachs International |
London (Head Office) |
Plumtree Court |
Goldman Sachs International Bank |
London (Head Office) |
Plumtree Court |
Goldman Sachs (UK) Services Limited |
London (Head Office) |
Plumtree Court |
Goldman Sachs Bank Europe, SE |
Frankfurt (Head Office) |
Marienturm, |
Goldman Sachs Bank AG |
Switzerland (Head Office) |
Claridenstrasse 25 |
Goldman Sachs (Monaco) S.A.M |
|
1 Place du Casino One Monte Carlo - 6 Floor 98000 Monaco MC Principaute de Monaco |
Goldman Sachs & Co. LLC – in respect of services provided to natural person clients, beneficial owners, partners or settlors habitually resident in the European Union, the United Kingdom or Switzerland |
|
200 West Street |
GS Bank USA, London Branch |
London (Branch) |
|
GS Paris, Inc. Et Cie |
Paris (Head Office) |
|
GS POL Svs spolka z ograniczon |
Warsaw (Head Office) |
|
GSAM Fund Services Limited |
Ireland (Head Office) |
|
GS Realty Management EUR GmbH |
Frankfurt (Head Office) |
|
Local Representatives: the local representative of Goldman Sachs International, Goldman Sachs International Bank, Goldman Sachs Bank AG and Goldman Sachs & Co LLC within the European Union is Goldman Sachs Bank Europe SE. The contact details of Goldman Sachs Bank Europe SE are as set out above. The local representative of Goldman Sachs Bank AG and Goldman Sachs & Co. LLC within the UK is Goldman Sachs International. The contact details of Goldman Sachs International are set out above.