Goldman Sachs Website Privacy Policy

This Website Privacy Policy (“policy”) describes the types of personal information we may collect about you in the context of your use of goldmansachs.com (the “site”), the purposes for which we use the information, and the circumstances in which we may share such information. As used throughout this policy, the term “Goldman Sachs,” “we”, “our” or “us” refers to Goldman Sachs & Co. LLC.

When you visit the site, we collect certain personal information about you. As used in this policy, “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household.

COLLECTION OF PERSONAL INFORMATION

The categories below describe the personal information we collect about you and the sources from which we collect those categories of personal information.

Personal Identifiers
Description:  email address
Sources:   You

Device and Online Identifiers
Description: IP address; session ID (session start time)
Sources:  You; devices associated with you; third-party information providers

Internet, Browser, and Network Activity
Description:  clickstream/online website tracking information; data related to user activity, e.g., browser visits, page views, visits, and unique visitors data; and cookies or other similar technologies
Sources:  You; devices associated with you; third-party information providers

Location Data
Description: Region, country, and city
Sources:  You; devices associated with you; third-party information providers

USE OF PERSONAL INFORMATION

We may use your information for the following purposes:

  • Providing information to you: We use the e-mail address you provide through the site to deliver our “Briefings” weekly e-mail to you. If you wish to request historical financial documents from within the Investor Relations section of the site, we will use the e-mail address you provide through the site to enable your request to us.
  • Improving the site: We use your device and online identifiers, information about your internet, browser, and network activity, and location data to measure technical site performance.
  • Marketing: We use information about your internet, browser, and network activity for marketing purposes.
  • Operating the site: We use your IP address, location data, and internet, browser, and network activity to enable our site metrics for site administration and management purposes.
     

SHARING OF PERSONAL INFORMATION WITH OTHER ENTITIES

We may share personal information about you with other entities, including entities that provide services to us. We do not disclose your personal information collected through the site to other entities, except as described in this policy.

We may share your information with the following types of entities:

  • Service providers: We engage service providers to assist us with operating the site. These service providers analyze information about our site and your use of the site. Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.
  • Other entities related to legal process and emergency situations: We may disclose personal information to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities.  Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.

Applicable law requires that we identify the categories of personal information we share for business purposes. We disclose the following categories of personal information for business purposes: Personal identifiers, device and online identifiers, information about your internet, browser, and network activity, and location data.

INFORMATION SECURITY: HOW WE PROTECT YOUR PRIVACY

Goldman Sachs is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information to authorized Goldman Sachs employees or agents and the third parties described above in Sharing of Personal Information With Other Entities. We also maintain physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

  • A dedicated group – the Information Security Department – that designs, implements and provides oversight to our information security program;
  • The use of specialized technology such as firewalls;
  • Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
  • Internal and external reviews of our Internet sites and services;
  • Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
  • Implementing controls to identify, authenticate and authorize access to various systems or sites;
  • Protecting information during transmission through various means including, where appropriate, encryption; and
  • Providing Goldman Sachs personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

Reporting Security Vulnerabilities

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on the site. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit the vulnerability report at this link:  https://hackerone.com/goldmansachs

PRIVACY AND THE INTERNET

The following additional information will be of interest to you as a visitor to this site:

“Cookies” are small text files that may be placed on your Web browser when you visit our Web sites or when you view advertisements we have placed on other Web sites. For more information about cookies, how our Web sites use them, and your options with respect to their use, please see our cookies policy.

“Clickstream” data (e.g., information regarding which of our Web pages you access, the frequency of such access, and your product and service preferences) may be collected by Goldman Sachs itself, or by our service providers, using cookies, Web beacons, page tags, or similar tools that are set when you visit the site or when you view an advertisement we have placed on another Web site. Clickstream data and similar information may be shared internally within Goldman Sachs and used: for administrative purposes; to assess the usage, value and performance of our online products and services; to improve your experience with the site; and as otherwise permitted by applicable law or regulation. This information may be processed by us for the purposes described above, or on our behalf by other entities, solely in accordance with our instructions.

Goldman Sachs may make available on this Web site third party applications such as content linking or sharing facilities. Information collected by providers of such applications is governed by their privacy policies.

The site is not currently configured to respond to “do not track” signals or similar mechanisms.

OUR OTHER PRIVACY POLICIES OR NOTICES; CHANGES TO POLICY

This policy provides a general statement of the ways in which Goldman Sachs protects your personal information when you access and use the site. You may, however, in connection with specific products or services offered by Goldman Sachs, be provided with separate privacy policies or notices that describe the privacy practices associated with your use of those products or services. This policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information related to your use of the site. If we make material changes to this policy, we will let you know by appropriate means, such as posting the revised copy on this page with a new effective date. The revised policy will be effective immediately upon posting to our Web site. This version of the policy is effective January 1, 2020.

CALIFORNIA RESIDENTS

California residents should be aware that this section does not apply to: Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations, the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994; or other information subject to a California Consumer Privacy Act (CCPA) exception.

If you are a resident of California, you have certain rights in relation to your personal information pursuant to the California Consumer Privacy Act (CCPA). These include your right to:

  • Request information about the personal information that we collect about you and the manner in which we process and disclose that information;
  • Obtain the specific pieces of personal information that we have collected about in the 12 months preceding your request;
  • Delete certain personal information that we have collected about you;
  • Opt-out of disclosures of your personal information to third parties under certain circumstances; and
  • Not be discriminated against as a result of exercising any of the aforementioned rights.

If you would like to discuss or exercise such rights, please contact us at GS-DSR-CCPA@gs.com or at 1-844-930-0648.

California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized agent to exercise certain of the rights listed above on your behalf by providing the authorized agent with power of attorney pursuant to the California Probate Code. If an authorized agent submits a request on your behalf, we will contact you to verify that they represent you. 

California law requires that we describe certain disclosures of personal information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell information to third parties as defined under California law. We do not sell the personal information of minors under 16 years of age.