search icon Back to Synchrony Home
 
 

Online Privacy Policy
Synchrony cares about you and your privacy.

Online Privacy Policy

Effective as of July 1, 2024

Synchrony Bank and each of its affiliate companies (collectively, “Synchrony,” “we” or “us”) is committed to protecting your privacy at all times.

Please read this Online Privacy Policy (the “Policy”) carefully before using the Synchrony Bank (“Bank”) website (the “Site”). The Bank, a federal savings bank headquartered in Utah, is the owner of the Site and the services provided through them (the “Services”), although software, hosting and other functions and content may be provided by the Bank’s service providers, affiliates or business partners. This Site is exclusively directed to, and intended for, legal residents of the United States who are adults of a capacity to contemplate and enter into a lawful contract for banking purposes. The Bank does not knowingly solicit information from, and does not knowingly market any products or services to, minors or non-U.S. residents. If you are under the age of 18, you are not permitted to set up an account through the Site, and do not enter your personal information.

This Policy, together with the Website Usage Agreement which is incorporated herein by reference and attached at the end of this Policy, describes the types of information we may collect from visitors to the Site, what we do with this information, and how visitors can update and control the use of information they provide on the Site. This Policy applies solely to information collected through this Site. This Policy does not apply to other data we collect, including data collected on other websites, such as separate websites operated by our affiliates or business partners, or information visitors may provide to us through unsolicited email or other means.

INFORMATION COLLECTED

Through the use of or access to our Site for online inquiry regarding the products and services we offer (“Services”) or otherwise, we may collect personal information about you, which is information that identifies you as an individual, relates to you as an individual, or that, along with other information, could identify you (“Personal Information”). We do not require you to provide any Personal Information in order to navigate our Site. However, we collect the following types of Personal Information:

Information Provided by You

We collect Personal Information from you when you:

  • Open an account. If you decide to open an account with the Bank, you will need to provide Personal Information, including name, address, phone number, email address, date of birth, Social Security Number, username and password, and financial account information.
  • Interact with our Site or Services. When you send us any feedback, questions, comments, or suggestions, participate in one of our surveys, or interact with the Bank in any way, you may provide us with Personal Information, such as your email address.

 

Information Collected Automatically

We may automatically collect the following Personal Information as you use our Site or Services:

  • Usage Information. Which pages on our Site you access, the frequency of access, what you click on while on the Site, how long you access the Site, and when you accessed the Site. This may also include information regarding the manner in which you use our Services, such as information regarding the purchases made using our offerings.
  • Location Information. Information about your location, which may be determined through your IP address or mobile device.
  • Device Information. Information about the device you are using, such as hardware model, operating system, browser, and IP address.
  • Mobile Device Information. Mobile network information, such as the unique identifier assigned to the device, mobile carrier, operating system, and other device attributes.

Information Obtained from Third Parties

We may obtain Personal Information about you from third parties, such as credit bureaus and demographic firms, when you use our Site or Services.

Cookies and Other Tracking Technologies

Cookies. “Cookies” are small pieces of data stored by your Internet browser on your computer’s hard drive. If you visit our Site, a cookie is used to help us measure the number of visits, average time spent, page views and other statistics relating to our Site. This cookie by itself does not tell us your email address or who you are. If you decide to register online or request information, products or services from us, we may collect additional information to provide tailored offerings or content to you or to deliver such products and services. In this case, we use cookies to allow us to recognize you on subsequent visits, enhance your online experience and make our provision of products and services more efficient. We do not use cookies to get data from your hard drive or to get your email address. Third parties may also place and store Internet cookies on your hard drive for web analytics and analytics advertising services. These third-party cookies collect information about our Site traffic by tracking users across websites and across time and generating reports for us to better understand our Site users and to create audiences for our advertisements based on such understanding.

Google and Adobe Analytics. We use tools called “Google Analytics” and “Adobe Analytics” to collect some information we listed above about your use of the Services or visits to the Site. We use the information we get from Google Analytics and Adobe Analytics to improve the Services. In order to collect this information, Google Analytics and Adobe Analytics may set cookies on your browser or mobile device, or read cookies that are already there. Google Analytics and Adobe Analytics may also receive information about you from apps you have downloaded, that partner with Google or Adobe, respectively. We do not combine the information collected through the use of Google Analytics or Adobe Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your use of the Services or visits to the Site or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Please review those and see https://www.google.com/policies/privacy/partners/ for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. Adobe’s ability to use and share information collected by Adobe Analytics about your use of the Services or visits to the Site or to another application which partners with Adobe, is restricted by the Adobe Analytics Terms of Use and the Adobe Privacy Policy. Please review those and see https://www.adobe.com/privacy/marketing-cloud.html for information about how Adobe uses the information provided to Adobe Analytics and how you can control the information provided to Adobe.

Social Media Widgets. Our Site includes social media features, such as Facebook, LinkedIn, and Twitter. These features may collect information about your IP address and which page you are visiting on our Site, and they may set a cookie to ensure the feature functions properly. These features may also provide you with personalized ad content. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

HOW WE USE COLLECTED INFORMATION

We use the Personal Information we collect to provide the Services to you, to improve our Site and Services, and to protect our legal rights. Specifically, we use the Personal Information we collect to:

  • Provide you with the products or Services you have requested.
  • Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
  • Provide customer support. To provide you support or other services you request.
  • To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you.
  • Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services.
  • For analytics and marketing purposes. We analyze how our users interact with our Site and utilize our Services to better understand their needs and conduct marketing and advertising activities to promote our brand.
  • Benchmarking. We aggregate your information in order to gain insights into our Services.
  • Comply with applicable law.
  • Defend our legal rights.

 

HOW WE SHARE INFORMATION

We share your Personal Information with our service providers, among our entities, in connection with the provision of the Services, a corporate restructuring, to prevent harm, to comply with the law, and to protect our legal rights. The legal basis for this is our legitimate interest in providing our Services, complying with the law, and protecting our rights and those of others.

  • Service Providers. We share Personal Information with service providers that help us perform Site functions and provide you with the Services, such as Google Analytics and Adobe Analytics.
  • Corporate Restructuring. We may share Personal Information if we are involved or intend to be involved in a merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or in connection with bankruptcy or liquidation proceedings.
  • To Prevent Harm. We may share Personal Information if we believe it is necessary in order to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
  • To Protect Our Rights and As Required by Law. We will share Personal Information where we are legally required to do so, such as in response to court orders or legal process, to exercise our legal rights, to defend against legal claims or demands, or to comply with the requirements of any mandatory applicable law. We will also share Personal Information as necessary to enforce any other terms that you have agreed to, including to protect the rights, property, interest, or safety of the Bank, its users, or any other person, or the copyright-protected content of the Services.
  • With Your Consent. We will request your permission to use or share your Personal Information for a specific purpose that is not compatible with the purposes listed here. We will notify you and request consent before we provide the Personal Information or before the Personal Information you have already provided is shared for such purpose.

 

SECURITY

Our goal is to protect your Personal Information submitted to us through this Site. We maintain reasonable physical, technical, and administrative security measures to protect and limit access to your Personal Information. However, no method of transmission over the Internet or electronic storage technology is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

You are responsible for maintaining the confidentiality of your account username and password. We recommend that you choose a unique password for your account and that you do not use any password that you also use for any other accounts which may contain your Personal Information, such as financial accounts or email accounts. You agree to immediately notify the Bank of any unauthorized use of your password or account or any other breach of security. We will not be responsible or liable for any loss or damage arising from your failure to comply with this provision.

If you access our Site from a public or shared computer, it may be possible for other users to review your online history. For this reason, you should always close your browser window after you finish any online banking session, including visiting our Site. If you access our Site from a shared computer, you should never set the Internet options to remember or store user IDs or passwords. Also, you should never go to websites or follow web links that are unfamiliar or seem suspicious to you.

CHOICES ABOUT YOUR INFORMATION

  • Access, Correct, or View Your Personal Information. You may use your account to view, access, or correct certain Personal Information you provided to us and which is associated with your account.
  • Do Not Track. We take no action in response to “Do Not Track” requests received from user’s web browsing software.
  • Cookies. If you would like to opt out of accepting cookies altogether, you can generally set your browser to not accept cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. However, certain features of our Site or other services may not work if you delete or disable certain cookies.
  • Adobe Analytics. To prevent your data from being used by Adobe Analytics, you can download the Adobe Analytics opt-out browser add-on for Adobe Analytics which can be found here: https://www.adobe.com/privacy/opt-out.html#customeruse.
  • Google Analytics. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here: https://tools.google.com/dlpage/gaoptout.
  • Online Advertising. To opt out of Internet-based advertising or to learn more about the use of this information by our service providers, you can visit the Network Advertising Initiative website (https://www.networkadvertising.org/managing/opt_out.asp) or the Digital Advertising Alliance website (https://www.aboutads.info/choices/), or if you are in the EU, the EDAA (https://www.youronlinechoices.eu/). If you choose to opt out, we will place an “opt-out cookie” on your computer. The “opt-out cookie” is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for some cookies that are important to how our websites and mobile apps work. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return to the applicable website to re-select your preferences.

 

THIRD-PARTY LINKS

This Privacy Policy only applies to the use and disclosure of Personal Information we collect from visitors and customers online through our Site. Once you leave our Site, either by a link or by entering a new Internet address in your browser’s address window, we no longer have control over information security, and we are not responsible for the content, privacy practices or your use of other websites. We encourage you to review the privacy statements of those other sites.

CALIFORNIA PRIVACY RIGHTS

Residents of California (“California Consumers”) have certain rights with respect to the collection, use, transfer, and processing of Personal Information, as defined by the California Consumer Privacy Act as modified by the California Privacy Rights Act (collectively, the “CCPA”).

Please note that the CCPA does not apply to certain information, such as information subject to the Gramm-Leach Bliley Act (“GLBA”). To that end, these disclosures do not apply with respect to information that we collect about California Consumers who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclose, and secure information relating to these consumers, please refer to our GLBA Privacy Notice. Additionally, we reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others.

To exercise any of the rights made available under the CCPA, please contact us via the contact information below. Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. Unless otherwise defined in this Privacy Policy, the terms used in this section shall have the meanings ascribed to them in the CCPA.

Collection of Personal Information

When California Consumers access our Site, we collect the following Personal Information:

Personal Identifiers

  • Name
  • Age
  • Address
  • Email address
  • Telephone number
  • Date of birth
  • Social Security Number
  • Account numbers and related financial information
  • Business contact information

 

Characteristics of Protect Classifications

  • Age (over 40)
  • Sex / gender
  • Marital status

 

Biometric Information

  • Voiceprint identification

 

Internet or Other Electronic Network Activity Information

  • The Internet Protocol address that relates to the machine or device used to access our Site
  • The type of browser and operating system used
  • The date and time when the Site is visited
  • Device ID if you are on a mobile device
  • Web pages displayed

 

Geolocation Data

  • IP or GPS based geolocation information

 

Sensory Data

  • Call and Meeting recordings

 

Professional or Employment-Related Information

  • Business Contact Information
  • Business Reference Information

 

Inferences

  • Inferences we develop based on your interactions with our Services

 

Sensitive Personal Information

  • Social Security Number
  • Driver’s License Number
  • Precise geolocation information
  • Financial Account information including log-in, number, and access credentials

 

The foregoing pieces of information have been collected about our consumers in the past 12 months.

Sources from which Personal Information Is Collected

We may collect the following categories of Personal Information directly from you or by logging your interactions with our Services.

  •  

Identifiers, Characteristics, Commercial Information, Biometric Information, Internet, Geolocation, Sensory, Professional, Inferences, and Sensitive.

We may also collect these categories of Personal Information from the following sources:

  •  

Publicly available sources
  •  

Service Providers, Consumer Data Brokers, and Credit Reporting Agencies
  •  

Affiliates
  •  

Your representatives or agents

Business or Commercial Purposes for which Personal Information Is Collected

Your Personal Information is used for the following purposes:

  • Provide you with the Services.
  • Validate cell phone use.
  • Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
  • Provide customer support. To provide you support or other services you request.
  • To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you.
  • Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services.
  • Benchmarking. We aggregate your information in order to gain insights into our Services.
  • For analytics and marketing purposes. We analyze how our users interact with our Site and utilize our Services to better understand their needs and conduct marketing and advertising activities to promote our brand.
  • Prevent fraud and other illegal activities.
  • Comply with applicable law.
  • Defend our legal rights.

 

Third Parties to Whom Personal Information Is Disclosed, Shared, or Sold

Synchrony discloses your Personal Information with analytics and service providers, advertisers, business partners and law enforcement (if necessary).

In the preceding 12 months, we have not sold Personal Information about consumers for monetary consideration. Our use of cookies and other tracking technologies may be considered a sale of Personal Information under the CCPA. Categories of Personal Information that we have sold under the CCPA include identifiers and Internet or other similar network activity. Categories of third parties to whom Personal Information is sold under the CCPA include data analytics providers and advertising and marketing providers.

In the preceding 12 months, we have not knowingly sold or shared Personal Information of California Consumers under 16 years of age.

In the preceding 12 months, we have not knowingly sold or shared Sensitive Personal Information of California Consumers for purposes not specifically authorized under the CCPA.

In the preceding 12 months, we have disclosed the following Personal Information about consumers for business purposes:

  • Identifiers, Other Personal Information (Financial Information), Employment Information, and Commercial Information. We share this information with our service providers to allow them to perform services on behalf of Synchrony. We may also share this information with our business partners so that they may provide you with information about products or services that may be of interest to you.
  • Internet or Other Electronic Network Activity Information. We share with or allow third parties to utilize cookies for marketing or advertising customized to your apparent interests or needs (more information located in the “Information Collected Automatically” section above).

 

Individual Rights

Right for You to Access Personal Information Collected, Disclosed, or Sold

You have the right to request that Synchrony disclose the Personal Information it collects, uses, and discloses about you to third parties:

 

Upon receipt of your verifiable Right to Access request, you will receive the following information about you:
  • Categories of personal information collected;
  • Categories of sources from which personal information are collected;
  • Specific pieces of personal information collected about you;
  • Business or commercial purpose for collecting, selling, or sharing; and
  • Categories of third parties to whom personal information was disclosed.

 

This information will be provided to you free of charge, unless Synchrony determines that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period. This Right to Access is subject to certain restrictions. We will identify in our response to your request if such a restriction applies. Synchrony employees and employees of Synchrony business partners and service providers may also make a Right to Access request under the CCPA, subject to certain limitations.

Right to Opt Out of Targeted Advertising and the Sale or Sharing of Personal Information

Synchrony does not sell any Personal Information of California Consumers for monetary consideration. However, we use certain third-party advertising and analytical cookies that may be considered “sales” or “sharing” of data under California law.

California Consumers have the right to opt out of the sale or sharing of personal information. It also allows you the right to opt out from our processing of your personal data for targeted advertising or analytic purposes. If you wish to opt out of advertising or analytic cookies, you can do so via our Cookie Management Options banner. Within the Cookie Setting you can choose your cookie preferences.

Synchrony web properties respond to the Global Privacy Control (“GPC”), which allows you to opt out of the sale or sharing of your personal information if enabled. If you have the GPC enabled, we will not sell or share your personal information. To learn more about the GPC, please visit https://globalprivacycontrol.org/.

Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser blocks cookies, or if you visit the site from a different browser or device, your opt-out choices may not be recognized or honored.

Right of Erasure

You have the right to request that Synchrony and our service providers erase any Personal Information about yourself, which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions. We will identify in our response to your request if such a restriction applies.

Right of Correction

You have the right to request that Synchrony and our service providers correct any Personal Information about yourself, which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions. We will identify in our response to your request if such a restriction applies.

Submitting Requests

You or your authorized agent can submit your request by calling us at 1-844-894-3960 or visiting our request website at https://www.synchronycredit.com/cpra/.

Verifying Requests

Synchrony provides California Consumers with an online webform to submit requests. The webform is accessible at https://www.synchronycredit.com/cpra/. As stated in the webform, Synchrony must verify that the person requesting information or deletion is the California Consumer about whom the request relates in order to process the request. To verify a California Consumer’s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity.

We may also require your authorized agent to provide proof of authorization, such as requiring you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request on your behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in your request to verify your identity. Synchrony reserves the right to take additional steps as necessary to verify the identity of California Consumers where we have reason to believe a request is fraudulent.

Right of No Retaliation

Synchrony will not discriminate against you because you exercised any of your rights, including, but not limited to, by:

  • Denying goods or services to you.
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
  • Providing a different level or quality of goods or services to you.
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Retaliating against an employee, applicant for employment, or independent contractor.

 

Annual Metrics

The following information is provided in accordance with the requirements of the CCPA: Click here to access the Annual Metrics: https://www.syf.com/ccpametrics.

WASHINGTON CONSUMER HEALTH DATA NOTICE (“Washington Privacy Notice”)

Effective Date: July 1, 2024

This Washington Privacy Notice supplements the Synchrony Online Privacy Policy (“Synchrony Privacy Policy”) and applies specifically to “Consumers” as defined under Washington’s My Health My Data Act (“MHMDA”).

This Washington Privacy Notice describes Synchrony Bank’s, and each of its affiliated companies’ (collectively, “Synchrony,” “we,” “us,” or “our”) practices regarding the collection, use, sharing and disclosure of Consumer Health Data (as defined below). Any capitalized terms not defined in this Washington Privacy Notice shall have the meanings given to them in the Synchrony Privacy Policy. Importantly, this Washington Privacy Notice does not supersede, replace, or otherwise amend the Synchrony Privacy Policy.

Consumer Health Data Collected

For purposes of this Washington Privacy Notice, Consumer Health Data (“CHD”) means “consumer health data” as defined under the MHMDA. Generally, CHD includes personal information that is linked or reasonably linkable to a Consumer and that identifies the Consumer’s past, present, or future physical or mental health status. Importantly, CHD does not include information that does not qualify as CHD under the MHMDA. For example, CHD does not include information subject to the Gramm-Leach Bliley Act (15 U.S.C. 6801 et seq.) and its implementing regulations. This means that any information relating to or derived from your use of or application to our financial products or services is not subject to the terms of this Notice.

With your consent or where necessary to provide the products and services you request, we may collect or receive the categories of CHD listed below. Not all categories will be collected or received for every individual.

  • Information suggesting an interest in specific health related products, procedures, or treatments; and
  • Information relating to searches for specific healthcare providers through our online tools.

 

Sources of CHD

We may collect each category of information described above through your use of our Services. For example, we may collect or infer certain information when you enter search terms on, or otherwise use, our websites or Services. Similarly, we may collect or infer certain information about you when you interact with our advertisements on third party websites. Where this information pertains to actual or potential medical treatment or diagnoses, it may qualify as CHD.

We may also collect information which may contain CHD from our business partners, joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, caregivers, third party information providers, service providers with whom we have a contractual relationship and to whom you have provided your personal information, cookies and other tracking technologies, and Third Parties when they share the information with us.

Why Consumer Health Data Is Collected and How It Is Used

We—and our Service Providers—may collect, process and use the CHD described in this Policy for the following purposes:

  • Providing the Services as may be reasonably expected by an average consumer who requesting such Services;
  • Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
  • Ensuring security and integrity of our Site and Services to the extent the use of the consumer's CHD is reasonably necessary and proportionate for these purposes;
  • Undertaking activities to verify or maintain the quality or safety of our Services, or to improve, upgrade, or enhance our Services;
  • Personalizing, advertising, and marketing our products and services;
  • Conducting research, analytics, and data analysis;
  • Performing accounting, audit, and other internal functions, such as internal investigations;
  • Complying with law, legal process, and internal policies;
  • Maintaining business records;
  • Exercising and defending legal claims; and
  • Otherwise accomplishing our business purposes and objectives.

 

Our Disclosure and Sharing of CHD

We may disclose or share each of the categories of CHD described above with your consent or where necessary to provide the products and services you request. In particular, we may disclose or share personal data, including CHD to complete transactions, provide products or services you have requested, or for the purposes described in this Notice. We may disclose to or share information with the following categories of parties:

Service Providers. We may disclose CHD to our Service Providers in order to enable them to provide us with products and services, such as web hosting, mobile application hosting, data analysis, payment processing, customer service, infrastructure provisioning, IT services, email and direct mail delivery services, auditing, legal services, and other similar services that are essential to our provision of Services. We may also share information with our Service Providers that enable us to better understand the functionality and effectiveness of our websites and Services, and with business partners that provide advertising and other technology services.

Third Parties. We may disclose your CHD to the following categories of Third Parties:

  • Third Party Co-Branding and Co-Marketing Partners. We may share your CHD with our third-party partners with whom we offer a co-branded or co-marketed promotion, such as where we offer special offers related to specifically branded third party products. Any such parties will be identified in the product offering.
  • Business Transfers or Assignments. We may disclose your CHD to other entities as reasonably necessary to facilitate a reorganization, merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
  • Legal and Regulatory. We may disclose your CHD to government authorities, law enforcement, courts, or similarly situated third parties for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
  • Other Third Parties at Your Direction. We may disclose your CHD to any Third Party with your consent or at your direction.

 

Exercising Consumer Data Rights

Residents of Washington have certain rights under the MHMDA with respect to the collection and use of their CHD. These rights may include:

  • The right to confirm whether we collect, share or sell your CHD;
  • The right to access such CHD, including a list of the third parties to whom the information may have been shared;
  • The right to withdraw consent from our collection and sharing of CHD;
  • The right to withdraw consent from our sale of CHD; and
  • The right to delete your CHD.

 

Residents of Washington may exercise any of these rights by calling us at 1-844-894-3960, visiting our request website at https://www.synchronycredit.com/cpra/ or by referring to the “Contact Us” section below.

Changes to This Washington Privacy Notice

We reserve the right to amend this Washington Privacy Notice at our discretion and at any time. When we make material changes to this Washington Privacy Notice, we will notify you by posting an updated Washington Privacy Notice on our Services, including the effective date of such updates. We may also provide notice by email or through a pop-up banner on the Services, where appropriate.

Contact Us

If you have any questions or concerns about this Washington Privacy Notice, you can contact the Synchrony Privacy Officer by email at privacyoffice@syf.com.

INTERNATIONAL USERS

This is a United States-based website that is subject to United States law. This Site is controlled, operated and administered by the Bank from its offices within the United States. This Policy is provided in accordance with and subject to applicable U.S. law. If you are accessing this Site using a computer that is located outside the United States, you are responsible to ensure that your Internet connection is secure and is not monitored, legally or otherwise, by any third party or jurisdiction. If you are unsure of the security of your international Internet access, you should refrain from accessing this Site until you have confirmed that your access is secure and not monitored. If you decide to continue to access this Site from your location outside the United States, you hereby agree that your use of this Site is subject to this Policy and U.S. law and that you are responsible for complying with applicable laws in all jurisdictions that govern your use and access of this Site.

EUROPEAN, SWISS, AND UNITED KINGDOM USERS

This section of our Policy provides certain required information to persons located in the United Kingdom (“UK”), European Union (“EU”), a European Economic Area (“EEA”) member state, or Switzerland. Before the Bank collects any Personal Information from you, you are entitled under the EU General Data Protection Regulation (“GDPR”) to the information in this section of our Policy.

Purposes and Legal Basis for Processing Personal Information

The Bank will only process your Personal Information for lawful purposes under the GDPR related to the Bank's business purposes arising from your relationship with the Bank. The Bank will ordinarily collect and process your Personal Information because it is necessary for the performance of a contract to which you are a party or because the Bank has another legitimate interest in doing so. When the Bank cannot rely on either of such legal grounds, it will seek your prior consent.

Rights of Residents of the European Union (EU), Switzerland, and the UK

If you use the Site and reside in the UK, EU, EEA, or Switzerland, you are entitled by law to access, correct, amend, or delete Personal Information about you that we hold. A list of these rights is below. Please note that these rights are not absolute and certain exemptions apply.

  • The right to access. You have the right to ask us for copies of your Personal Information. This right has some exemptions, which means you may not always receive all the Personal Information we collect and process. When making a request, please provide an accurate description of the Personal Information you want access to.
  • The right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • The right to erasure. You have the right to ask us to erase your Personal Information in certain circumstances, including: (i) when your Personal Information is no longer necessary for the purposes for which it was collected or processed, or (ii) your Personal Information must be erased to comply with a legal obligation in EU Union or Member State law.
  • The right to restrict processing. You have the right to ask us to restrict the processing of your Personal Information in certain circumstances, including: (i) when the accuracy of the Personal Information is brought into question, or (ii) when we no longer need the Personal Information for purposes of the processing, but you require such Personal Information for the establishment, exercise, or defense of a legal claim.
  • The right to object to processing. You have the right to object to processing of your Personal Information.
  • The right to data portability. You have the right to ask that we transfer the Personal Information you gave us from one organization to another, or give it to you.
  • The right to lodge a complaint with the supervisory authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with the supervisory authority. A list of Supervisory Authorities is available here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

 

To exercise these rights, please contact us at https://www.synchrony.com/contact-us.html. For your protection, we may need to verify your identity before responding to your request. In the event that we refuse a request under rights of access, we will provide you a reason as to why.

Right to Withdraw Consent

If Bank obtains your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further processing of information by contacting us at https://www.synchrony.com/contact-us.html.

Cross-Border Transfers of Personal Information

Personal Information that you provide while in the UK, EU, an EEA member state, or Switzerland will be transferred to the United States. Applicable European privacy law, such as the UK DPA and the GDPR permits such transfer when necessary for the performance of a contract between you and Synchrony, if Synchrony obtains your explicit consent to such transfer, or if it is in Synchrony’s legitimate interest to transfer the Personal Information. The laws in the United States may not be as protective of your privacy as those in your location. However, when transferring Personal Information to and processing Personal Information in the United States, Bank will implement appropriate safeguards and process the Personal Information in accordance with the terms of this Privacy Policy. By using our Site, you agree to the transfer and processing of your Personal Information to the United States.

Retention of Your Personal Information

We will retain your Personal Information until the Personal Information is no longer necessary to accomplish the purpose for which it was provided. We may retain your Personal Information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, and unauthorized access, as necessary to protect our legal rights, or for certain business requirements.

CHANGES TO THIS ONLINE PRIVACY POLICY

We reserve the right to modify or supplement this Privacy Policy at any time and without prior notice. If we make any material change to the Privacy Policy, we will update our Site to include such changes. We recommend that you review this Privacy Policy regularly for changes.

CONTACT

If you have any questions or concerns about this Policy, you can contact us by phone at 1-866-226-5638 or by email to privacyoffice@syf.com.

[WF11384542E]

(11/19) BANKING ONLINE PRIVACY POLICY (REV 4/2025)

ONLINE PDF