Effective Date: September 22, 2023
Last modified: June 28, 2024
1. Introduction
Your privacy is important to us. The Goldman Sachs Office of Alumni Engagement (“OAE”) connects Goldman Sachs and its alumni through its global Alumni Network. The purpose of this privacy policy (as updated from time-to-time, this “Privacy Policy”) is to explain how we use your personal data so that you understand what we do with it, why we use it, who we share it with, the circumstances in which we’ll share it, the steps we’ll take to keep it secure and your rights. When we use “we, “us,” or “our” we mean the OAE.
This Privacy Policy applies to personal data that the OAE collects, including through (i) the Alumni Network website, which is available at via gsalumninetwork.com (the “Website”); and (ii) the OAE’s provision of events, including marketing, networking, business development and charitable events, conferences and seminars (collectively, the “Services”). Goldman Sachs’ global entities and Goldman Sachs offer the Services and is the controller of your personal data.
Members of the Alumni Network (“Members”) may share their professional and biographical information with other Members through the Services. This Privacy Policy does not apply to, and we do not control, Members’ use of information and personal data that you make available through our Services.
This Privacy Policy applies to Members and all users of the Services. When we use “you” or “your” in this Privacy Policy, we mean you as a Member of the Alumni Network or as user of our Services. This Privacy Policy will continue to apply even if you stop using our Services.
California residents have the right under the California Consumer Privacy Act ("CCPA") to receive notice of the collection, use, and disclosure of their personal information. The below links will take you to sections in this Privacy Policy which, together, constitute our Notice at Collection:
We collect and process personal data in many different scenarios - these are described below.
The type of personal data we collect and generate may differ depending on your relationship with us and how you use our Services. The table below provides further details.
| Data we collect, generate and use | When we collect it |
|---|---|
Profile registration, biographical and professional information and contact details |
Profile registration, biographical and professional information and contact details |
| This includes your name, gender, photograph, location, personal and professional contact details (including email address, phone number, address) employer, title, interests, industry sector, and any other information included within your profile. | When your employment with Goldman Sachs ends, when you create or update your profile on our Website, or when your details are provided in connection with our Jobs Marketplace. |
Interactions with the Website |
Interactions with the Website |
| When you use the Website, search and view favorite and share relevant content | This includes information pertaining to your access and interaction with the Services |
Correspondence |
Correspondence |
| This can include recordings of correspondence by email, telephone, letter and via social media. | When you communicate with us by email, phone, post, social media, or any other method. |
Device and location information |
Device and location information |
| This includes your IP address, which may reveal your approximate geographic location, information about the device or software you use to access our Services, and information about your browser. | When you visit the Website and create or update your profile, log into your account, or contact us for help or troubleshooting information. When you create or update your profile or contact us. |
Authentication details |
Authentication details |
| This includes login credentials such as your email address and password, or any other data we need to secure your access to your profile or to verify your identity. | When you create or update your profile or contact us. |
Tracking technology information |
Tracking technology information |
| This includes information from cookies and similar tracking technologies we use. See Section 13 for more information on the tracking technologies we use in connection with the Services. | When you visit the website or login to your profile account. |
Communication preferences |
Communication preferences |
| This includes details of the channels (for example, mail and email) through which you have asked to receive communications from us. | When you create or update your profile on the Website, or contact us directly to ask us to amend your preferences. |
Event preference information |
Event preference information |
| This includes dietary preferences, hotel reservation details, flight and travel information and information relating to meeting requests. | When you register for one of our events on the Website, respond to an event invitation that we send to you, or choose to share this information with us. |
Historical employment information |
Historical employment information |
| This includes information about the dates of your employment with Goldman Sachs including your, title and the divisions in which you worked throughout the course of your employment. | When your employment with Goldman Sachs ends |
Feedback and opinions |
Feedback and opinions |
| This includes feedback you provide to us in phone calls, emails and in surveys. | When you respond to our surveys and requests for feedback about our Services |
News media |
News media |
| This includes articles and news stories about you and your activities. | When you share articles with us for our information, or to be featured on the Services. |
• complying with requests from public authorities, regulators, governmental bodies or law enforcement agencies, and investigating and preventing fraud and other crime; and
• meeting our regulatory record keeping obligations.
| We have legitimate business interests to use personal data in connection with the following |
|---|
| Profile maintenance — to maintain a profile for you on our Website which may involve verifying your information. |
| Offering and providing our Services – to ensure the proper provision of the Alumni Network and other Services which support and connect our alumni and to keep appropriate records. |
| Managing our relationship with Members and related or connected parties – to compile and utilize internal reports and notes, manage Member files, allow you to access our Website and any other Services, and, where applicable, manage any agreement or arrangements between us and you. |
| Communicating with you — to communicate with you in person, by telephone, mail and email, keep records of our communications with you, and manage any complaints. |
| Carrying out operational and administrative functions – to carry out any administration, operate information technology systems, archive and back up data. |
| Helping us to improve our Services – to conduct market research and analysis of our Members and their preferences, evaluate potential new services, increase engagement with existing Services, evaluate the effectiveness of our communications, test new systems and upgrade existing systems |
| Prudently managing our business and protecting and enforcing our rights — to assess, monitor and manage financial,reputational and other risk, conduct audits of our Services, liaise with our regulator, protect data we use, establish and enforce our legal rights and defendagainst legal claims. |
| Prevention of crime – to protect you, us and third parties against fraud and crime, and to investigate circumstances of suspected fraud and crime. |
| Training – to help train our staff so that we can maintain the quality of our Services. |
| Risk management – to produce management information and reports to help us identify potential issues, and to ensure we are managing our risk appropriately. This includes assessing, monitoring and managing reputational and other risks, liaising with our regulators. |
| Why we share personal data | Who we share it with |
|---|---|
To provide our Services, including delivering events and fulfilling our obligations to you as set out in our Website terms and conditions. |
Service providers, including cloud service providers who host our Website, caterers, and venue hosts. |
| When we’re required to do so by law, or when we’re asked to respond to requests from law enforcement agencies or regulators | Law enforcement agencies, government, regulators, courts, dispute resolution bodies and tribunals, under applicable laws of any relevant jurisdiction and parties appointed by our regulators to carry out investigations and audits of our activities. |
If our business, or part of it, is sold or reorganized, including any transfer or potential transfer of any of our rights or duties under our agreement with you. |
Prospective or actual purchasers or transferees and their advisors. |
Other extenuating circumstances, such as litigation or asserting or defending our legal rights and interests or if we need to get legal advice. |
Any other person or company we reasonably think we need to, such as our legal advisors. |
To send communications, for research purposes and to identify alumni trends |
Third parties which provide communications and research services on our behalf. |
If you have given us instructions to share your information. |
Anybody else with whom you or your representative has instructed us to share your information. |
Other reasons that we’ll explain at the appropriate time and always with your consent. |
The third parties who ask for your data, who we’ll tell you about when we ask for your consent. |
Data Portability
In certain circumstances, you may have the right to request a copy of the personal data that we hold about you in a commonly used format, so you can pass it to a third party, or, where technically possible, to have us transmit such data directly to a third party. You may have this right if we are using your data based on your consent or our contractual obligations with you and if we are using an automated method to process it.
Object
In certain cases, we use your personal data where it is necessary for our legitimate interests to do so (see section 4 for more information). When this is the case, you have the right to object to us using your personal data in this way. There may be situations where we are entitled to continue processing your personal data and/ or to refuse your request.
Withdrawal of consent
Where we rely upon your consent to use your personal data, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing of your data carried out with your consent before the withdrawal. If you withdraw your consent, we may not be able to provide you with Services. If this applies to you, we will provide you with more information at the relevant time.
Complaints
If for any reason you’re not satisfied with our approach to using your personal data, you have the right to lodge a complaint with a supervisory authority in your country (if that is in the UK or EU Member State). If your complaint relates to Cayman Islands controllers, you may lodge a complaint with the Cayman Islands' data protection Ombudsman.
9. Transfers Outside of the UK and EEA
We may transfer personal data to jurisdictions whose data privacy laws are different than those in your country. For example, we rely on services provided to us by our group companies throughout the United States, United Kingdom, India and elsewhere. Some of our service providers may also process personal data in additional countries. In connection with any such transfer, we will comply with applicable data protection laws.
Where recipients of your personal data are located in countries that do not provide for the same level of data protection as considered adequate in your country, we take appropriate measures to ensure that your data is protected as required by applicable data protection laws.
For instance, where required, our service providers and Goldman Sachs group entities have entered into appropriate agreements on the basis of the EU and / or UK Standard Contractual Clauses and implemented supplementary safeguards to ensure a level of protection comparable to the protection in the European Union and / or UK (as applicable).
To find out more about our international data transfers and the measures we take to protect your personal data, please contact us using the contact details in Section 11.
10. Security
The OAE takes the security of your personal data seriously and works to limit access to personal data to authorized employees, agents, contractors, or vendors. We also maintain physical, electronic and procedural safeguards designed to protect information while in our possession.
We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on our Website. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit vulnerability reports at this link: https://hackerone.com/goldmansachs.
11. Updates to this Privacy Policy
We may update this Privacy Policy without prior notice to you to reflect changes to our policies and practices. When we do, we will notify you of the changes by updating the date of the Privacy Policy and posting the revised version on our Website and providing such other notice as may be required by law.
12. Contact Us
If you would like to exercise any data subject rights you may have under applicable law, please contact us at gs-privacy@gs.com.
In addition, you may learn more about how Goldman Sachs processes personal data in contexts other than the Alumni Network by viewing www.goldmansachs.com/privacy-and-cookies.
13. Additional information for California residents
California residents should be aware that this section does not apply to:
Collection and Use
In the past 12 months, we have disclosed each category of personal data listed in Section 3 ("What personal data we collect, generate and use") to one or more of the categories of recipients listed in Section 5 ("Who we share personal data with and why") for the business purposes listed in Section 4 ("Why we use personal data").
We may create, maintain, and use deidentified information of California residents, and if we do, we will not attempt to reidentify that information unless permitted by California law.
Your Rights
California residents have certain rights in relation to their personal data pursuant to the CCPA. These include the right to:
Although we collect certain categories of sensitive personal information as described in Section 3 (“What personal data we collect, generate and use"), we do not use sensitive personal information in ways that the CCPA permits you to limit.
Sale and Sharing
The CCPA requires that we describe disclosures of personal information where:
We do not sell or share, and have not sold or shared in the preceding 12 months, personal information to third parties. We do not knowingly sell or share the personal information of minors under 16 years of age. Since we do not sell or share personal information, our Website is not designed to support the Global Privacy Control (GPC).
Exercising Your Rights
If you would like to discuss or exercise such rights to access, delete, or correct your personal information, please contact us via email at here or by phone at 1-844-930-0648.
The CCPA requires us to verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools, as well as verify that any personal information relates to you. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise certain of the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code or by executing other documentation we may require, and the representative may make the request on your behalf by following the instructions above. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.
13. Cookie Notice
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide aggregated reporting information. We use the term ‘cookies’ to include all technologies that work in a similar way.
Cookies set by a website owner (in this case, us) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". On the Website we only use first party cookies.
Why do we use cookies?
We use first party cookies for several reasons. Some cookies are required for technical reasons in order for the Website to operate. For example, if you want to access a secure area of Website we need to check you have authority to do so. Other cookies are required to make the Website function well in the way you would like it to. For example, we measure use of the Website to optimize it and we provide aggregated information about suspicious activity to other departments, to assess fraud and ensure your information is kept safe. We refer to these all as "strictly necessary" cookies.
Do you serve targeted advertising?
We do not currently serve targeted advertising to visitors of our Website.
How can you control cookies?
Because the only cookies we use are strictly necessary to provide the Website to you, you cannot refuse them. We do not use third party cookies, advertising cookies or social media cookies.
You can however set or amend your web browser controls to accept or refuse all cookies. If you choose to reject all cookies, you may still use our Website though your access to some functionality and areas of our Website will be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.
Do Not Track
Our Website does not respond to "Do Not Track" technology.
More Information
If you have other relationships with Goldman Sachs that are not covered by this Notice, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.
14. Contact us
If you would like to contact us regarding the processing of your personal data, please contact the Alumni Network at alumni@gs.com or our data protection officer at gs-privacy@gs.com or at the following addresses:
(i) In the UK: the Office of the Data Protection Officer, Plumtree Court, 25 Shoe Lane, London EC4A 4AU, United Kingdom; or
(ii) In the EU: the Office of the Data Protection Officer, Marienturm, Taunusanlage 9-10, 60329 Frankfurt am Main, Germany.
The firm's Office of Alumni Engagement is focused on supporting and engaging the alumni community. If you have any questions or need assistance, please email alumni@gs.com.