US Privacy Policy

1. Introduction

Your privacy is important to us. The purpose of this Privacy Policy is to explain how Goldman Sachs, its Covered Entities and its Affiliates (defined below), collects, uses, discloses and protects Personal Information (defined below). This Privacy Policy applies to the Personal Information collected from or about you in connection with Goldman Sachs products and services, websites, mobile applications, events, and online and offline communications, as well as any other products or services that link to this Privacy Policy (collectively, the “Services”).

The below sections of this Privacy Policy explain the following topics and constitute our Notice of Collection within the meaning of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”): 

• The categories of Personal Information we collect;
• The purposes for which Personal Information are collected and used;
• Whether we sell or share, as defined under the CCPA, Personal Information and a description of your right to opt out; and
• The criteria we use to determine how long to retain Personal Information.

Other Privacy Notices

If you are an individual and have a Goldman Sachs financial product and service for your personal, family or household purposes, please see the following privacy notices for additional details about how we may use and disclose Personal Information that we collect in connection with those financial products and services:

• Goldman Sachs Asset Management
• Goldman Sachs Custody Solutions
• Goldman Sachs Private Bank Select
• Goldman Sachs Private Wealth Management and Private Bank
• Goldman Sachs Wealth Services
• Marcus by Goldman Sachs
• Goldman Sachs Apple Partnership Products

If there is a conflict between this Privacy Policy and any privacy notice, disclosure, policies or terms relating to any product or service, the privacy notice, disclosure, policies or terms relating to the product or service will govern.

If you apply for a job at Goldman Sachs or are an employee or contractor at Goldman Sachs, a separate privacy policy will apply to you and will be provided to you at or before your Personal Information is collected.

Important Terms

Throughout this Privacy Policy, when we use:

• “Goldman Sachs,” “we,” “us” or “our”, we mean Covered Entities and Affiliates.
• “Covered Entities”, we mean Goldman Sachs Bank USA; Goldman Sachs & Co. LLC, The Goldman Sachs Trust Company, N.A., The Goldman Sachs Trust Company of Delaware, Goldman Sachs Wealth Services, L.P. and Mercer Allied Company, L.P. (a limited purpose broker-dealer) (along with its affiliated insurance agencies, The Ayco Services Agency, L.P., The Ayco Services Insurance Agency, Inc.); Folio Investments, Inc., d/b/a Goldman Sachs Custody Solutions and Folio Financial, Inc., d/b/a Goldman Sachs CS Holding;  Goldman Sachs Asset Management, L.P., Goldman Sachs Asset Management International, Goldman Sachs Asset Management Co., Ltd., Goldman Sachs Asset Management (Hong Kong) Limited, Goldman Sachs Asset Management (Singapore) Pte. Ltd., the family of funds managed by such entities,; and their subsidiaries, agents, and assigns. Covered Entities do not include the products and services offered by Goldman Sachs Transaction Banking. 
• “Affiliates”, we mean companies related by common ownership or control.
• "Personal Information", means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, to you. Personal Information does not include public information (for example, information from federal, state, or local government records and information that was lawfully made available to the general public), aggregated information (information relating to multiple individuals that has been combined and grouped together, resulting in a data set that is not reasonably capable of identifying any individual) or de-identified information (information that is not attributable to an identified or identifiable individual).
• “you” or “your”, we mean any user of the Services.

 

2. What Personal Information We Collect and Process

We may collect or process Personal Information about you in a number of ways, and from a number of sources, depending on the Services and the relationship we have with you.  We collect Personal Information from the following categories of sources:

• Directly from you or individuals acting on your behalf, such as when you provide it to us digitally or physically;
• Indirectly from you, such as when you visit or interact with our digital services including our websites or mobile applications;
• Our Affiliates; such as when they offer or provide you with products or services;
• Your Employer, such as when your employer is a client of ours;
• Third-Party Sources, such as when data is used to provide and support our Services such as fraud prevention, underwriting, and marketing.  

The following is a list of the categories of Personal Information that we may collect or process. Some data elements will fit into multiple categories.   

• Personal Identifiers: This includes real name, alias, postal address, unique personal identifier, email address, account name, signature, telephone number, social security number, driver’s license number, passport number and other similar identifiers;
• Financial Information: This includes bank account numbers, transaction and financial account information, source of wealth information, life and disability insurance information and other information regarding your financial circumstances;
• Protected Classification Characteristics: This includes date of birth/age, race, ethnicity, religion, national origin, citizenship, marital status, sex or gender, and veteran or military status.
• Commercial Information: This includes records of personal property, products or services purchased, obtained or considered, purchasing or consuming history or tendencies;
• Biometric Information: This includes physiological, biological and behavioral characteristics used to establish individual identity;
• Internet, Application, and Network Activity: This includes browsing history, search and clickstream history, Internet Protocol (IP) address, online identifier, device identifier, online website tracking information, and other data related to user activity;
• Geolocation Data: This includes information used to identify your location;
• Sensory Data: This includes audio recordings, video recordings, and photographs;
• Professional, Employment, and Education-Related Information: This includes occupation, title, employer, employment history, income, industry affiliations, and education;
• Inferences About You: This includes a profile reflecting your preferences, characteristics, predispositions, behavior, attitudes and creditworthiness profile;
• Sensitive Personal Information: Some of the Personal Information that we collect and generate and which is described above is considered Sensitive Personal Information. This includes Social Security, driver’s license, state identification card, and passport numbers; account log-in, financial account, debit card, and credit card numbers in combination with credentials allowing access to an account; racial or ethnic origin; citizenship or immigration status; precise geolocation; information relating to your health and medical history you volunteer or that you provide in connection with an insurance application; and biometric information.

 

3. How We Use Personal Information

We collect and use Personal Information for the following business purposes:

• Administering, operating and managing your relationship with us;
• Understanding your needs and offering services to you;
• Complying with contractual obligations, relevant industry standards, and our policies; 
• Authenticating your identity;
• Mitigating fraud and enhancing the security of our services;
• Contacting and communicating with you;
• Conducting marketing activity, such as delivering advertisements and marketing communications;
• Performing analytics;
• Operating, evaluating, and improving our business and our services (including assessing and managing risk, fulfilling our legal and regulatory requirements, developing new services, improving and personalizing existing services, and performing accounting, auditing and other internal functions); and
• Other purposes permitted by applicable law.

If your relationship with us ends, we will continue to treat your Personal Information as described in this Privacy Policy or as set forth in the applicable privacy notice.

 

4. To Whom We Disclose Personal Information

We may disclose the Personal Information we collect from and about you with our Affiliates and other third parties as described below. In particular, we may disclose your Personal Information as follows:

• Affiliates: We may disclose to members of the Goldman Sachs family of companies to service accounts, improve services, market other products or services, or for other purposes permissible under applicable laws and regulations.
• Cobrand Partners: We may disclose to our cobrand partners to service accounts, improve services, or for other purposes permissible under applicable laws and regulations.
• Third-Party Acquirers: We may disclose to a third-party acquirer in the event of a corporate transaction, such as a proposed or actual sale, consolidation, divestiture, restructuring, reorganization, or merger of any or all of our assets or liabilities. We may also transfer Personal Information to another entity or its affiliates or service providers in connection with, or during negotiations of, any corporate transaction.
• Service Providers: We may disclose to non-affiliated companies and partners that perform services for us, such as data analytics, fraud analysis, identity verification, risk management, security services, advertising and marketing, customer support, mail services, email delivery, information technology, and payment processing.
• Other Third Parties: We may disclose to other third parties as permitted by, or to comply with, applicable laws and regulations or when you specifically direct or expressly consent to us disclosing your personal information. Examples include responding to a subpoena or similar legal process; protecting against fraud, security or technical issues; cooperating with law enforcement or regulatory authorities; or otherwise to protect the rights, property or security of our customers or third parties.

The privacy notices identified in the Other Privacy Notices section above provide additional information about how we share Personal Information and choices that you may have.

 

5. Cookies and Other Tracking Technologies

"Cookies” are small text files that may be placed on your browser when you visit websites. When you quit your browser, some Cookies are stored in your computer’s memory, while some expire or disappear.

“Web Beacons,” also known as Internet tags, pixel tags or clear GIFs, are a type of technology placed on a webpage or in an email.

We and our tservice providers use Cookies, Web Beacons, session replay, device advertising IDs and similar technologies on the Services for a number of business purposes, such as to monitor our advertising, remember your preferences, personalize your experience, understand how you use and interact with the Services, suggest products tailored to you, for security purposes, to improve the Services and for marketing campaign performance. These technologies collect information about your browser/device and your use of the Services, such as the time/date of access and time spent on the Services, pages visited, language preferences, whether you open our emails, and other traffic data.

You may be able to configure your web browser to decline Cookies and/or configure your email client to not load Web Beacons in emails. Please note that, if you choose to decline Cookies, certain features of the Services may not function properly or may not be accessible to you.

Please see the “Interest-Based Advertising” and “Do Not Track” sections below for information on the choices we provide you regarding Cookies, Web Beacons, and other tracking technologies.

Interest-Based Advertising

Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements based on online activity. We use interest-based advertising to deliver advertisements and other targeted content to you, including through third-party advertising partners which we may permit to track your visits to the Services using the technologies described above. These third parties may collect information about your online activities over time and across different websites and other online services.

If you choose to opt out via the web-based tools, a Cookie will be placed on your browser indicating your decision. This Cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt out on each. In addition, because the opt-out is facilitated via Cookies, if you clear your Cookies you will need to opt out again.

Do Not Track

We do not respond to the “Do Not Track” browser-based signal. However, our websites are designed to support the Global Privacy Control, described at https://globalprivacycontrol.org/, which you can enable by downloading a participating browser or browser extension.

 

6. Additional Technology

We may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) or Adobe Analytics, a web analytics service provided by Adobe (“Adobe”), on the Services. Google and Adobe use Cookies or other tracking technologies to help us analyze how users interact with and use the Services, compile reports on the Services’ activity and provide other services related to Services’ activity and usage. The technologies used by Google and Adobe may collect information such as your IP address, time of visit, whether you are a return visitor and any referring website. The information generated by Google and Adobe will be transmitted to and stored by Google and Adobe and will be subject to Google’s and Adobe’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click https://www.google.com/policies/privacy/partners/. To learn more about Adobe’s services and to learn how to opt out of tracking of analytics by Adobe, visit https://www.adobe.com/privacy/policy.html.

We may use Google Maps API and Places API features and content, for example to help auto-complete address information on the Services. By using the Services, you agree to be bound by the then-current Google Maps/Google Earth Additional Terms of Service and Google Privacy Policy. To learn more about Google Maps/Google Earth Additional Terms of Service  and  the  Google  Privacy  Policy,  please  visit https://maps.google.com/help/terms_maps.html and https://policies.google.com/privacy, respectively.

 

7. How We Protect Information

We take the security of Personal Information seriously. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

 

8. Retention of Personal Information

We retain Personal Information for varying time periods depending on our relationship with you and the status of that relationship. When determining how long to keep Personal Information, we take into account our legal and regulatory obligations and our legitimate business interests (such as, managing the Services, preventing fraud, responding to regulatory or supervisory inquiries, and establishing, exercising, or defending legal claims, disputes or complaints).

 

9. California Residents

California residents should be aware that this section does not apply to:

• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and its implementing regulations, the California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994; or
• Other information subject to a CCPA exception.

In the past 12 months, we may have disclosed each category of Personal Information listed in the “What Personal Information We Collect and Process” section to one or more of the categories of recipients listed in the “To Whom We Disclose Personal Information” section for the business purposes listed in the “How We Use Personal Information” section.

We may create, maintain and use de-identified Personal Information of California residents, and if we do, we will not attempt to reidentify that information unless permitted by California law.

Your Rights

California residents have certain rights in relation to their Personal Information pursuant to the CCPA. These include the right to:

• Information about the Personal Information that we collect about you and the manner in which we use, process and disclose that information;
• Obtain the specific pieces of Personal Information that we have collected about you;
• Correct inaccurate Personal Information that we maintain about you;
• Delete certain Personal Information that we have collected from you;
• Opt out of the sale and sharing of your Personal Information to third parties under certain circumstances; and
• Not be discriminated or retaliated against as a result of exercising any of the aforementioned rights.

Although we collect certain categories of Sensitive Personal Information as described in the “What Personal Information We Collect and Process” section, we do not use Sensitive Personal Information in ways that the CCPA permits you to limit.

Selling and Sharing

The CCPA requires that we describe disclosures of Personal Information where:

• We receive monetary or other valuable consideration (i.e., selling, as defined under the CCPA); or
• We disclose Personal Information about you through our website to a third party for cross-context behavioral advertising (i.e., sharing, as defined under the CCPA).

We do not sell, and have not sold in the preceding 12 months, Personal Information to third parties, as defined under the CCPA.

We may share, and may have shared in the preceding 12 months, Personal Information from the “Personal Identifiers,” “Device and Online Identifiers and Related Information,” and “Internet, Application, and Network Activity” categories of Personal Information with advertising and marketing partners to facilitate the delivery and measurement of cross-context behavioral advertising.  To opt out of sharing, please click the “Your Privacy Choices” link on the footer of the website you are visiting and follow the instructions to opt out of sharing. Please see the “Do Not Track” section above to learn how you can use opt-out preference signals and how they are processed. We do not knowingly sell or share, as defined under the CCPA, the Personal Information of minors under 16 years of age.

If you choose to opt out via the web-based tools, a Cookie will be placed on your browser indicating your decision. This Cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt out again.

Audience Marketing Choices

We may use certain Personal Information we have about you, such as email address, to deliver ads to you on other websites. To exercise choice regarding that type of advertising by Goldman Sachs, please contact us via email at gs-audience-marketing-choice@gs.com or phone at 1-844-930-0648. Please refer to the “Additional Choices” and “Interest-Based Advertising” sections of this Policy for more information about other advertising choices and preferences.

Exercising Your Rights and Contact Information

If you would like to discuss or exercise your rights to access, delete or correct your Personal Information, please contact us through one of the following methods:

Goldman Sachs Asset Management

• Telephone: 1-844-930-0648
• Email: GSAM-Privacy-Info@gs.com

Goldman Sachs Custody Solutions

• Telephone: 1-888-485-3456
• Email: GS-DSR-CCPA@gs.com

Goldman Sachs Private Bank Select

• Telephone: 1-844-477-1212
• Email: gs-select@gs.com

Goldman Sachs Private Wealth Management and Private Bank

• Private Wealth Management and Private Bank
  Telephone: 1-800-209-0139
  Email your Private Wealth Management team

• Directed Share Program
  Telephone: 1-888-741-7753
  Email: DSP@gs.com

Goldman Sachs Wealth Services / Mercer

• Telephone: 1-800-587-6544
• Web Form: CCPA Intake Form

Marcus by Goldman Sachs

• Telephone: 1-833-971-0826
• Web Form: CCPA Intake Form

Apple Partnership Products by Goldman Sachs

• Telephone: 1-833-971-0826
• Web Form: CCPA Intake Form

All Other Requests

• Telephone: 1-844-930-0648
• Email: GS-DSR-CCPA@gs.com

As part of submitting a request, we may ask for your name, email address, phone number, date of birth, and mailing address.

The CCPA requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third-party identity verification tools, as well as verify that any Personal Information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code or by executing other documentation we may require, and the representative may make the request by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.

For more information about Marcus by Goldman Sachs’ CCPA consumer rights request metrics, please click here.

 

10. Additional Choices

If you decide that you no longer wish to receive marketing emails from one of our lines of business, please follow the “unsubscribe” instructions provided in such emails. Please note, even if you unsubscribe, we may continue to send transactional or administrative emails, such as legally required, regulatory, billing, or service notifications. Your mobile device settings may provide functionality to control push notifications that we may send.

Other privacy notices we provide you with may offer additional privacy choices. You may contact us to exercise your choices by following any instructions contained in those privacy notices.

Do-Not-Call Policy

We do not place telemarketing calls to numbers appearing on a state or federal do-not-call list or to a number a person has requested not to receive telemarketing calls made by or on behalf of us (unless permitted by applicable law, such as when you request a call). If you ask not to receive telemarketing calls from us, you will be placed on our internal do-not-call list. Any request to be placed on our internal do-not-call list will be processed within a reasonable amount of time, not to exceed 30 days. Unless otherwise required by applicable law, we honor a do-not-call request for five (5) years from the time the request is made unless applicable law requires we honor it for a longer period of time. 

 

11. Links and Third-Party Products and Services

The Services may contain links, QR Codes, and other functionality that connect with certain websites and applications not provided by us, including social media websites (“Third-Party Websites”). We provide these links and functionality as a convenience to you and to facilitate the customer experience. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Websites.

 

12. Use of Artificial Intelligence

We may use technologies, such as machine learning, artificial intelligence, and generative artificial intelligence, which enable computer systems to automate or perform tasks that have traditionally required human intelligence (“AI Systems”) to process Personal Information in connection with the purposes described in the “How We Use Personal Information” section.  

Our use of AI Systems does not generally result in automated decisions with any material legal or similar effects. Where required under applicable law, we provide a specific notice and/or obtain consent. Our personnel involved in the development or deployment of AI Systems are trained to recognize bias and are required to take reasonable steps to mitigate bias decisions and to help prevent bias from occurring.

How we use AI Systems

AI Systems are used to assist and enhance activities as well as to automate repetitive tasks, generate outputs, and provide insights and analytics to support our work. For example:

• Search: To enhance our search capabilities. AI Systems are used to extract relevant information using specific questions, commands, and statements (“Prompts”) from our databases as well as other documents, data, and records.
• Summarize: To classify, summarize, and digest content. AI Systems are used to condense documents, information, and text into summaries.
• Analyze: To assist with research, analysis, and problem-solving. Through techniques like natural language processing, AI Systems interpret, evaluate, and draw conclusions from data.
• Generate Content: To assist with drafting and generating content based on inputs or Prompts. Content can be reviewed and amended by an individual for accuracy and completeness.
• Translate: To translate text between languages.
• Transcribe: To create a written transcription of spoken communication, for example meeting notes, interviews, and podcasts.

 

13. Contact Us

In most cases, you can communicate with us through the Services. If you need to contact us for more information about this Privacy Policy or a privacy notice, you may do so by contacting us using the methods provided in the applicable privacy notice or through one of the methods described in the “California Residents” section.  Also, subject to applicable law, if you communicate with us by telephone, we may monitor and may record the call. 

 

14. Other Important Information

Our Services are not intended for children under 13 without parental consent. We do not knowingly collect Personal Information from children under 13 without parental consent.  The Services are intended for use by US residents and persons authorized or able to do business in the US, including its territories, or on a US military base. If you use or access the Services outside of the US, your Personal Information may be transferred to the US or other locations outside of your state, province, or country. If you have other relationships with Goldman Sachs that are not covered by this Privacy Policy, please visit the Goldman Sachs Privacy Information and Resources Website for more information about how your Personal Information is processed and to understand your rights and choices for those services. 

 

15. Updates to this Privacy Policy

We may change this Privacy Policy from time-to-time. If we make changes to this Privacy Policy, we will update the “Effective Date” at the top of this policy. Any changes to this Privacy Policy will become effective when posted online at www.goldmansachs.com/privacy-and-cookies unless indicated otherwise. Your continued use of the Services following the posting of any changes will mean that you accept those changes.