About us
Information
Website
Documents
Trading
Products
1. Introduction
Your privacy is important to us. The purpose of this privacy policy is to explain how we use (or ‘process’) personal data (information that is about you or that can be used to identify you) so that you understand what we do with it, why we use it, who we share it with, the circumstances in which we’ll share it, the steps we’ll take to keep it secure, the options available to you and your rights in relation to your personal data.
A list of the personal data that we collect, generate and use is set out in section 3 below.
About Us
When we use 'we', 'us' or 'Goldman Sachs' in this document, we are referring to:
Goldman Sachs Bank Europe SE
Marienturm
Taunusanlage 9-10
60329 Frankfurt am Main
Germany
When we use ‘website’ in this privacy policy, we are referring to markets.goldmansachs.pl. The website is operated by Goldman Sachs, which is responsible for the processing of your personal data as controller.
Who this privacy policy applies to
This privacy policy applies to the people listed below. We collect personal data about all of them:
Visitors to our website
Anyone who corresponds with us by post, email or any other method in connection with the use of our website and related services
If you have a different relationship with Goldman Sachs that isn't listed above, then please visit www.goldmansachs.com/privacy-and-cookies to find out more about how your personal data is processed.
2. How we collect your personal data
We collect personal data when: |
|---|
You communicate with us by email, over the phone, by post or using any other method. |
You visit and interact with our website or use our products or services. We may also collect information when you open or click on links in our email communications. |
You make a complaint or give feedback. This includes any data you share with us or that we receive as part of our investigation into your feedback or complaint. |
3. What personal data we collect, generate and use
You are free to visit our website without actively providing any of your personal data. In this case, we will only receive certain information that is collected automatically when you connect to our site (such as your IP address and other digital identifiers). We will also store and access some cookies for the purposes set out in our cookie notice.
In addition to the passive data collection described above, you may need to actively provide us with personal data depending on the product or service we’re providing and our relationship with you.
The table below provides further details. Please note that some data elements appear in more than one category.
Data we collect, generate and use | When we collect it |
|---|---|
Contact information This includes your name, address and email address. | When you communicate with us by email, post or using any other method. |
Call information and correspondence This can include your telephone number, name, email address and correspondence. | When you communicate with us by email, post or using any other method. |
Complaints information This includes details about your complaint, and the progress and outcome of your complaint. | Whenever you make a complaint by email, post or using any other method. |
IP address, cookie identifiers, device and location This includes your IP address and approximate location, user cookie identifiers, information about the device you use to access our services, and about your browser. | When you visit our website For more details please see our cookie notice |
Website behaviour and interactions This includes details about your usage of our website (e.g. number of visits, page views, searches, download of content, click onlinks). | When you visit our website and in accordance with your cookie preferences. For more details please see our cookie notice |
4. Why we use your personal data
We’ll only use your personal data where we have a lawful reason to do so – we’ve set out the lawful reasons for using your data below.
To meet our legal obligations
We use your personal data to help us comply with the relevant laws and regulations that apply to us and our services.
When using your data is in our legitimate interests
This means that we use or otherwise process your personal data where it is within our legitimate interests to do so. For example, it is in our legitimate interests to monitor website visitor IP addresses to maintain the security of our website.
We won't process your personal data where your own interests, fundamental rights or freedoms override our interests to use it. In certain circumstances when we are relying on our legitimate interests to process your personal data, you have the right to object to us using it - see section 8 for more details.
The table below includes details of our legitimate interests to use your personal data.
We specifically use your personal data to do the following: |
|---|
Maintain the security of our services. |
Maintain the quality of our products and services (this includes staff training). |
Communicate with you, such as to respond to any correspondence and to contact you when we need to provide you with information about our services. |
Protect you and us against misuse of our website and related services, and against other illegal behaviour, including fraud or other crime, and to investigate circumstances of such inappropriate behaviour. |
Understand the performance of our business. |
Meet our regulatory requirements by keeping records of correspondence and our business activities. |
Produce management information and reports to help us identify potential issues, and to ensure we are managing our risk appropriately. |
Establish, exercise or defend our legal claims. |
Conduct market research, analysis and learn about preferences. We do this to test and evaluate our existing products, and research potential new services. |
When you have provided your consent
We will occasionally ask for your specific consent to process your personal data. You can give or withdraw your consent at any time.
If you withdraw your consent, this does not affect the lawfulness of our processing of your data carried out with your consent before the withdrawal. Furthermore, if you withdraw your consent, we may not be able to provide you with certain products and services. If this applies to you, we will provide you with more information at the relevant time.
5. Who we share your personal data with and why
We share your personal data with other members of the Goldman Sachs group and with third party service providers, who act on our behalf to help provide you with our services. Your personal data will only be used for the purposes listed in section 4 above and as described below.
We'll also share your personal data with other types of third parties in the following circumstances:
Why we share your data | Who we share it with |
|---|---|
To help detect, investigate and prevent illegal behaviour, including fraud or other crime. | Law enforcement agencies and third party service providers who may share it with others for the same reason. |
When we’re required to do so by law, or when we’re asked to respond to requests from law enforcement agencies or regulators. | Law enforcement agencies, government, regulators, courts, dispute resolution bodies and tribunals, under applicable laws of any relevant jurisdiction and parties appointed by our regulators to carry out investigations and audits of our activities. |
If our business, or part of it, is sold or reorganised, including any transfer or potential transfer of any of our rights or duties under our agreement with you. | Prospective or actual purchasers or transferees and their advisors. |
Other extenuating circumstances, such as litigation or asserting or defending our legal rights and interests or if we need to get legal advice. | Any other person or company we reasonably think we need to. For example, with our legal advisors. |
Other reasons that we’ll explain at the appropriate time and in accordance with applicable data protection law | Third parties we partner with, who provide services on our behalf, or who request access to your data. |
6. How long we keep your personal data
We only keep your data for as long as necessary for the purposes for which your data is collected and processed. When determining how long to keep your data, we take into account:
compliance with our legal and regulatory obligations;
requests made by regulators or other relevant authorities and agencies;
the establishment, exercise and defence of legal rights and claims;
other legitimate business reasons; and/or
other purposes for which we'll ask your permission at the time.
For information on expiry and retention periods relating to our cookies, please see our cookie notice
7. International data transfers
Where recipients of your personal data are located in countries that are outside the UK and EEA and do not provide for the same level of data protection as considered adequate in the UK and European Union, we take appropriate measures to ensure that your data is protected.
For instance, where required, our service providers and Goldman Sachs group entities have entered into appropriate agreements on the basis of the EU and / or UK Standard Contractual Clauses and implemented supplementary safeguards to ensure a level of protection comparable to the protection in the European Union and / or UK (as applicable).
The UK is considered to provide for an adequate level of protection under an adequacy decision by the European Commission.
To find out more about our international data transfers and the measures we take to protect your personal data, please contact us using the contact details set out at the bottom of this policy.
8. Your rights
We've set out your rights about your personal data below. If you have any questions about your rights or you wish to exercise them, please contact us using the contact details set out at the bottom of this policy. You should understand that these rights do not apply in all circumstances and are subject to exceptions.
Access
You have the right to be provided with information about the personal data we have about you and details of how we process it, as well as the right to receive a copy of such personal data.
Rectification
You have the right to obtain from us the rectification of inaccurate data concerning you and, taking into account the purpose of the processing, to have incomplete personal data completed.
Erasure
You have the right to request that your personal data be erased in certain circumstances. We may continue to store your personal data if we are entitled or required to retain it.
Restriction of processing
You can request that we restrict processing of your personal data in certain circumstances. There may be situations where we are entitled to continue using your information and/or to refuse your request.
Data Portability
You can ask us to receive the personal data that we hold on you in a structured, commonly used and machine-readable format, so you can pass it to a third party, or – where technically feasible – to have such data transmitted directly to a third party by us. This right applies if we are using your data based on your consent or on a contract with you and if we are using an automated method to process it.
Object
In certain cases, we use your personal data where it is within our legitimate interests to do so (see section 4 for more information). When this is the case, you have the right to object, on grounds relating to your particular situation, to us using your personal data in this way. There may be situations where we are entitled to continue processing your personal data and/ or to refuse your request.
Withdrawal of consent
Where we rely upon your consent to use your personal data, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on your consent before the withdrawal.
Automated decision-making
You have the right not to be subject to an automated decision in scenarios where the statutory requirements are not fulfilled. We do not carry out any automated decision-making processes.
Complaints
If for any reason you're not satisfied with our approach to using your personal data, you have the right to complain to the competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Our supervisory authority is:
Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden
Phone: +49 611 1408 0
The supervisory authority in Poland is:
Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warszawa
Phone: 22 531-03-00
Website: https://uodo.gov.pl/pl
9. Updates to this policy
We may update this privacy policy without prior notice to reflect changes to our policies and practices. When we make changes, we will update the date at the bottom this privacy policy, post the revised version on our website and provide other notices as may be required by law.
10. Contact us
If you have any questions or concerns about how we use your data, please get in touch with us.
You can call us on 0800 / 674 63 67 or +49 - 69 - 75 32 11 11
You can write to us at:
Goldman Sachs Bank Europe SE
Marienturm
Taunusanlage 9-10
60329 Frankfurt am Main
Germany
You can also contact our Data Protection Officer at zertifikate@gs.com.
Last updated: 2023-04-10