Goldman Sachs Privacy Policy

Effective Date: December 22, 2022

The purpose of this Privacy Policy (“Policy”) is to explain our practices with respect to the collection, use, disclosure, and safeguarding of your personal information. This Policy applies to information collected through goldmansachs.com, to the extent that the activity or relationship is not subject to a separately provided privacy policy, (the “Site”); visitors to our premises; individuals who attend or register for events organized by Goldman Sachs; recipients of newsletters or other marketing communications issued by or on behalf of Goldman Sachs; and current and former shareholders in Goldman Sachs entities or officers, directors, employees, advisors, intermediaries, and other representatives of such shareholders, (collectively, the "Services").

If you have a relationship with another business unit of Goldman Sachs, you may be provided with a separate privacy policy with respect to the collection, use, disclosure, and safeguarding of your personal information by that business unit. Please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.

As used throughout this Policy, the term “Goldman Sachs,” “we”, “our” or “us” refers to Goldman Sachs & Co. LLC. (including its affiliates with respect to premise visitors and shareholders as referenced above).

These links will take you to sections of this Policy explaining the following topics and, together with the information contained in the below sections, constitute our Notice At Collection:

The categories of personal information we collect;
The purposes for which personal information are collected and used;
Whether we sell or share, as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), personal information and a description of your right to opt out; and
The criteria we use to determine how long to retain personal information.


WHAT PERSONAL INFORMATION WE COLLECT AND GENERATE

We may collect or generate personal information about you, or a third party acting upon your instruction, in a number of ways and from a number of sources depending on the Services and the relationship we have with you. The following is a list of categories of personal information, along with some descriptions and examples, that we may collect or generate through the Services. Some data elements will fit into multiple categories.

Personal Identifiers
Examples and Description: First and last name, email address, address, telephone number, unique personal identifiers and related information, publicly photographic images, signature
Sources: From you, such as when you register for our newsletter or visit our premises

Device and Online Identifiers and Related Information
Examples and Description: Online identifiers, Internet Protocol (IP) address, mobile/wireless carrier, device identifier, and other device information
Sources: Automatically generated via Cookies or similar tools when you interact with our Site or email communications

Internet, Application, and Network Activity
Examples and Description:  Data related to user activity (e.g., when and how you use the Site and interact with our communications including emails) including emails, browsing history, search and clickstream history, online website tracking information, other data related to user activity, and URL referral header information
Sources:  Automatically generated via Cookies or similar tools when you interact with our Site or email communications

Location Data
Examples and Description: Region, country, city; building access records; information about your geolocation and mobile device including a unique identifier for your device; in some instances, location can be estimated from your IP address or through your Wi-Fi connection.
Sources:  From you, such as when you visit our premises; automatically generated via Cookies or similar tools when you interact with our Site or email communications

Sensory Data
Examples and Description: For United States locations, this includes closed circuit television (CCT) footage; audio data, such as a recording of your voice when you call us; facial photograph to obtain a guest badge at our offices
Sources: From you, such as when you visit our premises

Shareholding Data
Examples and Description: If you are a shareholder of Goldman Sachs, we may collect details of the shares you hold, such as the number of shares, elections, voting and payment instructions.
Sources: From you or from a third party, such as your agent or stockbroker

Sensitive Personal Information
Description: Some of the personal information that we collect and generate, and which is described above is considered sensitive personal information. This may include Social Security, driver’s license, state identification card, and passport numbers; information relating to your health
Sources: From you, such as when you visit our premises

HOW WE USE PERSONAL INFORMATION

We collect and use your personal information for the following business purposes:

• Administering, operating, and managing your relationship with us; to provide the Services to you, which may include disclosing such information internally as well as disclosing it to third parties, as described in this Policy and any other privacy notice that we may provide to you in connection with the Services;

• Understanding your need and offering services to you; managing our relationship with you; meeting our regulatory and compliance obligations; complying with contractual obligations, relevant industry standards, and our policies;

• Contacting and communicating with you, including sending communications you have requested from us, such as our newsletter;

• Performing analytics concerning use of the Services, including responses to our emails and the pages and advertisements that are viewed;

• Enabling Site administration and management;

• Operating, evaluating, and improvement our business and the Services (including assessing and managing risk, fulfilling our legal and regulatory requirements, developing new services, improving and personalizing existing services, and performing accounting, auditing and other internal functions);
• Authenticating identity;

• Mitigating fraud and enhancing the security of the Services;

• Conducting marketing activity, such as developing marketing and acquisitions models, identifying marketing recipients, developing marketing collateral and delivering advertisements and marketing communications;

• Responding to and reviewing social media messages or postings about us or the Services;

• Presenting third-party products and services that may be of interest;

• Performing regulatory compliance checks, account and transaction monitoring, and tax reporting; and

• Making disclosures to, and complying with requests from, public authorities, regulators, tax authorities, governmental bodies, or law enforcement agencies, and investigating and preventing fraud or other crime.

We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information, and other purposes permitted by applicable law.

We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.


TO WHOM WE DISCLOSE PERSONAL INFORMATION

We may disclose personal information as set forth below:

• Goldman Sachs Affiliates: We may disclose personal information with members of the Goldman Sachs family of companies in order to provide the Services, improve products or for other purposes permissible under applicable law and regulations.

• Vendors: We may disclose personal information with non-affiliated companies that perform support services for us, such as data analytics, risk management, security services, advertising and marketing, customer support, mail services, email delivery, information technology, and other service providers and business partners.

• Legal Process and Emergency Situations: We may disclose personal information to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities.  We may also disclose information if we believe it is necessary or appropriate to protect our rights, property or safety, or the rights, property or safety of our employees, customers or others, or to enforce our contractual rights.

• Corporate Transactions: In the event of a corporate transaction, such as a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of any or all of our assets or liabilities, some of the personal information that we hold may be among the assets or liabilities transferred to a buyer or other successor. We may also transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or liabilities or any line of business, change in ownership control or financing transaction.

We may also use and disclose data that we collect on an aggregate, de-identified or anonymous basis for various business purposes, were permissible under applicable laws and regulations.

We also may disclose personal information to others where permissible under applicable laws and regulations or when you provide your consent or direction.

INFORMATION SECURITY: HOW WE PROTECT YOUR PRIVACY

We take the security of personal information, including Social Security numbers, seriously and work to limit access to personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

REPORTING SECURITY VULNERABILITIES

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on the site. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit the vulnerability report at this link: https://hackerone.com/goldmansachs

COOKIES AND OTHER TRACKING TECHNOLOGIES

“Cookies” are small text files that may be placed on your browser when you visit websites. When you quit your browser, some Cookies are stored in your computer's memory, while some expire and disappear. Cookies allow your browser to remember some specific information that the web server can retrieve later on.
“Web Beacons”, also known as an Internet tags, pixel tags or clear GIFs, are a type of technology placed on a webpage or in an email.  Web Beacons are generally used to transmit information back to a web server. 

We and our Vendors use Cookies, Web Beacons, session replay, device advertising IDs and similar technologies on the Site and in our email communications for a number of business purposes, such as to monitor our advertising, remember your preferences, personalize your experience, understand how you use and interact with the Site, suggest products tailored to you, for security purposes, to improve the Site and for marketing campaign performance. These technologies collect information about your browser/device and your use of the Site, such as the time/date of access and time spent on the Site, pages visited, language preferences, whether you open our emails, and other traffic data.

You may be able to configure your web browser to decline Cookies and/or configure your email client to not load Web Beacons in emails. Please note that, if you choose to decline Cookies, certain features of the Site may not function properly or may not be accessible to you.
Please see the "Interest-Based Advertising" and "Do Not Track" sections below for information on the choices we provide you regarding Cookies, Web Beacons, and other tracking technologies.

INTEREST-BASED ADVERTISING

Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising companies which we may permit to track your visits to the Site. These third parties may collect information about your online activities over time and across different websites and other online services.

We, and many of the third-party advertisers that place tracking tools on the Site, are members of the Digital Advertising Alliance's Self-Regulatory Program for Online Behavioral Advertising. You can learn more about the options available to limit these third parties’ collection and use of your information by visiting the websites for the Network Advertising Initiative and the Digital Advertising Alliance.

If you choose to opt-out via the web-based tools, a Cookie will be placed on your browser indicating your decision. This Cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via Cookies, if you clear your Cookies you will need to opt-out again.

DO NOT TRACK

The Site is not currently configured to respond to “Do Not Track” browser-based technology. However, our Site is designed to support the Global Privacy Control, described at https://globalprivacycontrol.org/, which you can enable by downloading a participating browser or browser extension.

RETENTION OF PERSONAL INFORMATION

We retain personal information for varying time periods depending on our relationship with you and the status of that relationship. When determining how long to keep personal information, we take into account our legal and regulatory obligations and our legitimate business interests (such as, managing the Services, preventing fraud, responding to regulatory or supervisory inquiries, and establishing, exercising or defending legal claims, disputes or complaints).

ADDITIONAL CHOICES

If you decide at any time that you no longer wish to receive marketing emails from us, please follow the “unsubscribe” instructions provided in such emails. Please note that even if you unsubscribe, we may continue to send transactional or administrative emails, such as legally required, regulatory, or service notifications. 

OTHER IMPORTANT INFORMATION

Website Visitors
Any natural person using the Services must be at least 18 years of age.

Third Party Links
For your convenience, Goldman Sachs may make available on the Site third-party applications such as content linking to other websites or sharing facilities. Information collected by providers of such applications is governed by their privacy policies. We are not responsible for, and this Policy does not apply to, the privacy practices of any linked websites or of any companies that we do not own or control.

CHANGES TO THIS POLICY

We may change this Policy from time-to-time. If we make changes to this Policy, we will update the “Effective Date” at the top of this Policy. Any changes will become effective when posted unless indicated otherwise. Your continued use of the Services following these changes will mean that you accept those changes.

CALIFORNIA RESIDENTS

California residents should be aware that this section does not apply to:

• Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations, the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994; or

• Other information subject to a California Consumer Privacy Act (CCPA) exception.

In the past 12 months, we have disclosed each category of personal information listed in the "What Personal Information We Collect and Generate" section to one or more of the categories of recipients listed in the "To Whom We Disclose Personal Information" section for the business purposes listed in the "How We Use Personal Information" section.

We may create, maintain, and use deidentified information of California residents, and if we do, we will not attempt to reidentify that information unless permitted by California law.

Your Rights

California residents have certain rights in relation to their personal information pursuant to the CCPA. These include the right to:

• Information about the personal information that we collect about you and the manner in which we use, process and disclose that information;

• Obtain the specific pieces of personal information that we have collected about you;

• Effective January 1, 2023, correct inaccurate personal information that we maintain about you;

• Delete certain personal information that we have collected about you;

• Opt-out of the sale or sharing of your personal information to third parties under certain circumstances; and

• Not be discriminated against as a result of exercising any of the aforementioned rights.

Although we may collect certain categories of sensitive personal information, as described in the “What Personal Information We Collect and Generate” section, we do not use sensitive personal information in ways that the CCPA permits you to limit.

Sale and Sharing

The CCPA requires that we describe disclosures of personal information where:

• We receive monetary or other valuable consideration (i.e., selling, as defined under the CCPA); or

• Effective January 1, 2023, we disclose personal information about you through our Site to a third party for cross-context behavioral advertising (i.e., sharing, as defined under the CCPA).

We do not sell, and have not sold in the preceding 12 months, personal information to third parties.

Effective January 1, 2023, we may share, and may have shared in the preceding 12 months, personal information from the “Personal Identifiers”, “Device and Online Identifiers and Related Information”, and “Internet, Application, and Network Activity” categories of personal information with advertising and marketing partners to facilitate the delivery and measurement of cross-context behavioral advertising. To opt-out of sharing, please click the "Your Privacy Choices" link on the footer of the website you are visiting. Please see the “Do Not Track” section above to learn how you can use opt-out preference signals and how they are processed.

If you choose to opt out via the web-based tools, a Cookie will be placed on your browser indicating your decision. This Cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt out on each. In addition, because the opt-out is facilitated via Cookies, if you clear your Cookies you will need to opt out again

We do not knowingly sell or share the personal information of minors under 16 years of age.

Exercising Your Rights

If you would like to discuss or exercise such rights to access, delete, or correct your personal information, please contact us at here or at 1-844-930-0648.

The CCPA requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise certain of the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code or by executing other documentation we may require, and the representative may make the request on your behalf by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.