Your Privacy Is Important to Goldman Sachs
In the course of serving you as an individual client or as someone associated with a corporate or institutional client, Goldman Sachs may obtain personal information about you. Obtaining this information is important to our ability to deliver the highest level of service to you, but we also recognize that you expect us to treat this information appropriately.
This policy describes the types of personal information we may collect about you, the purposes for which we use the information, the circumstances in which we may share the information and the steps that we take to safeguard the information to protect your privacy. As used throughout this policy, the term “Goldman Sachs” refers to The Goldman Sachs Group, Inc. and its affiliates worldwide.
The Sources of Information
The personal information we collect about you comes primarily from the account applications or other forms and materials you submit to Goldman Sachs during the course of your relationship with us. We may also collect information about your transactions and experiences with Goldman Sachs relating to the products and services Goldman Sachs provides. In addition, depending on the products or services you require, Goldman Sachs may obtain additional information about you, such as your credit history, from consumer reporting agencies.
Finally, in the provision of financial services to you and subject to strict compliance with all applicable laws and regulations, information may be collected about you indirectly from monitoring or other means (e.g. recording of telephone calls and monitoring e-mails). In these circumstances, the information is not accessed on a continuous or routine basis, but it may be used for compliance or security purposes.
The Information We Have about You
If you deal with Goldman Sachs in your individual capacity (e.g. as a private client), or as a settlor/trustee/beneficiary of a trust, or as an owner or principal of a company or other investment vehicle established to invest on your behalf or on behalf of your family, etc., the typical information we collect about you would include:
- Your name, address and other contact details;
- Your age, occupation and marital status;
- Extensive financial information, including source of wealth, investment experience and objectives, risk tolerance and, in certain jurisdictions, representations required under applicable law or regulation concerning your financial resources;
- A head and shoulders photograph from, as applicable, your passport, national identity card or driver's license, as required by laws and regulations addressing due diligence and related matters; and
- A personal identifier such as, depending on your country of residence, your Social Security Number, National Insurance Number, Tax File Number, etc.
If you are an employee/officer/director/principal, etc. of one of our corporate or institutional clients, the typical information we collect about you personally would include:
- Your name and contact details;
- Your role/position/title and area of responsibility; and
- Certain identifying information (e.g. passport photo, etc.) as required by laws and regulations addressing money laundering and related matters.
Of course, you are not required to supply any of the personal information that we may request. However, failure to do so may result in our being unable to open or maintain your account or to provide services to you. While we make every effort to ensure that all information we hold about you is accurate, complete and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal information.
Our Use of Your Personal Information
We may use your personal information to:
- Administer, operate, facilitate and manage your relationship and/or account with Goldman Sachs. This may include sharing such information internally as well as disclosing it to third parties, as described in the following two sections, respectively;
- Contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, facsimile, etc., in connection with your relationship and/or account;
- Provide you with information (such as investment research), recommendations, or advice concerning products and services offered by Goldman Sachs; and
- Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.
If your relationship with Goldman Sachs ends, Goldman Sachs will continue to treat your personal information, to the extent we retain it, as described in this policy.
Disclosures of Your Personal Information within Goldman Sachs
In order to provide efficient and reliable services and to improve product and service options available to you, more than one entity within Goldman Sachs may be given, or given access to, your personal information. For example, one Goldman Sachs entity might share your information with another in order to facilitate settlement of your transactions or the maintenance of your accounts, or as part of its arranging for the performance of specialized services such as US and international brokerage, asset management and advisory and trust services. When so sharing your personal information, we adhere to applicable legal and industry standards regarding the protection of personal information. Additional information on how your personal information is protected while within Goldman Sachs is provided below, under Information Security: How We Protect Your Privacy.
Disclosures of Your Personal Information to Third Parties
Goldman Sachs does not disclose your personal information to third parties, except as described in this policy. Third party disclosures may include sharing such information with non-affiliated companies that perform support services for your account or facilitate your transactions with Goldman Sachs, including those that provide professional, legal or accounting advice to Goldman Sachs. Non-affiliated companies that assist Goldman Sachs in providing services to you are required to maintain the confidentiality of such information to the extent they receive it and to use your personal information only in the course of providing such services and only for the purposes that Goldman Sachs dictates.
We may also disclose your personal information to fulfill your instructions, to protect our rights and interests and those of our business partners or pursuant to your express consent. Finally, under limited circumstances, your personal information may be disclosed to third parties as permitted by, or to comply with, applicable laws and regulations; for instance, when responding to a subpoena or similar legal process, to protect against fraud and to otherwise cooperate with law enforcement or regulatory authorities or with organizations such as exchanges and clearinghouses.
You should know that Goldman Sachs will not sell your personal information.
Goldman Sachs Bank AG, Switzerland
The treatment and transfer of your personal information in case you are a client of Goldman Sachs Bank AG, Switzerland, is ruled by Swiss laws such as Swiss Banking Secrecy Art. 47 Banking Law, the Swiss Data Protection law, the General Conditions and any further agreement between Goldman Sachs Bank AG and you.
Information Security: How We Protect Your Privacy
Goldman Sachs is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information to authorized Goldman Sachs employees or agents and, as described above in Disclosures of Your Personal Information to Third Parties, our service providers are held to stringent standards of privacy. We also maintain physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:
- A dedicated group – the Information Security Department – that designs, implements and provides oversight to our information security program;
- The use of specialized technology such as firewalls;
- Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
- Internal and external reviews of our Internet sites and services;
- Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
- Implementing controls to identify, authenticate and authorize access to various systems or sites;
- Protecting information during transmission through various means including, where appropriate, encryption; and
- Providing Goldman Sachs personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.
Reporting Security Vulnerabilities
We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on a GS product or application. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit the vulnerability report at this link: https://hackerone.com/goldmansachs
Privacy and the Internet
The following additional information will be of interest to you as a visitor to this site:
- Users of private Goldman Sachs Web sites are required to identify and authenticate themselves prior to accessing our services. Generally, identification and authentication take place through the use of your user name and a password, or with an RSA SecurID* Card and a Personal Identification Number (PIN).
- The private Goldman Sachs Web sites are built upon a secure infrastructure with multiple layers of protection, including measures ranging from proper physical security of our machines to system intrusion detection capabilities. Within such private sites, Goldman Sachs uses industry standard encryption technologies to protect your information from external compromise.
- Security is a cooperative effort between Goldman Sachs and the users of the Goldman Sachs Web sites. Please remember that your password, RSA SecurID Card and PIN are personal to you and should not be made available to any other person. Also, you should discontinue their use and notify us if you have any reason to suspect that someone else may be using them.
- “Cookies” are small text files that may be placed on your Web browser when you visit our Web sites or when you view advertisements we have placed on other Web sites. For more information about cookies, how our Web sites use them, and your options with respect to their use, please see our cookies policy.
- “Clickstream” data (e.g., information regarding which of our Web pages you access, the frequency of such access, and your product and service preferences) may be collected by Goldman Sachs itself, or by our service providers, using cookies, Web beacons, page tags, or similar tools that are set when you visit our Web site or when you view an advertisement we have placed on another Web site. Clickstream data and similar information may be shared internally within Goldman Sachs and used: for administrative purposes; to assess the usage, value and performance of our online products and services; to improve your experience with our Web sites; and as otherwise permitted by applicable law or regulation. If you are a Goldman Sachs client, this information helps us suggest products or service offerings that may be of interest to you. This information may be processed by us for the purposes described above, or on our behalf by third parties, solely in accordance with our instructions.
- When you visit this site, your browser may be momentarily directed to the Web site of an ad server or other third party service provider. This re-direction process will not be apparent to you. These third party Web sites automatically receive your IP address when this happens, and they may also collect information from your interaction with our Web sites including computer and connection information, standard Web log information, and ad information. Such information does not identify you individually.
- Goldman Sachs may make available on this Web site third party applications such as content linking or sharing facilities. Information collected by providers of such applications is governed by their privacy policies.
- Our Web sites are not currently configured to respond to “do not track” signals or similar mechanisms.
Other Privacy Policies or Statements; Changes to Policy
This policy provides a general statement of the ways in which Goldman Sachs protects your personal information. You may, however, in connection with specific products or services offered by Goldman Sachs, be provided with privacy policies or statements that supplement this policy. This policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. The revised policy will be effective immediately upon posting to our Web site. This version of the Policy is effective May 23, 2018.
Additional Information: The European Economic Area – Singapore, Switzerland, Hong Kong, Japan, Australia and New Zealand
(This section applies only if your information is processed by Goldman Sachs in a Member State of the European Economic Area (EEA), Singapore, Switzerland, Hong Kong, Japan, Australia or New Zealand).
You are entitled to access any personal data about you held by Goldman Sachs by sending a written request to the applicable individual identified below. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal information. We will process your request within the time provided by applicable law. You are also entitled to have Goldman Sachs modify or delete any information that you believe is incorrect or out of date.
Goldman Sachs may occasionally contact you by post, telephone, electronic mail, facsimile, etc., with details of products and services that we believe may be of interest to you. If you do not wish to be contacted in this way, if you wish to exercise your rights of correction and access, or if you require further information regarding our privacy policies and practices in the above-referenced regions, please contact:
|For Australia and New Zealand:||
The Privacy Officer
Goldman Sachs Australia Group Holdings Pty Ltd
GPO Box 2050
|For Hong Kong:||
Winnie Tam, Vice President
Goldman Sachs (Asia) L.L.C.
60/F, Cheung Kong Center
2 Queens Road, Central Hong Kong
|For the EEA:||
The Office of the Data Protection Officer
133 Fleet Street
London EC4A 2BB
Goldman Sachs Bank AG
Postfach 8022, Zurich
Hiroki Inaba, Vice President
Goldman Sachs Japan, Co., Ltd.
Roppongi Hills Mori Tower
10-1, Roppongi 6-chome Minato-ku, Tokyo 106-6147
Data Protection Officer
Goldman Sachs (Singapore) Pte
1 Raffles Link
#07-01 South Lobby
If you require further information regarding our privacy policies and practices in the United States please contact:
Goldman, Sachs & Co.
30 Hudson Street
Jersey City, NJ 07302
* RSA SecurID is a trademark owned by RSA Security Inc.