Synchrony cares about you and your
privacy.
Online Privacy Policy
Effective as of July 1, 2024
Synchrony Bank and each of its affiliate companies (collectively, “Synchrony,” “we” or “us”) is
committed to protecting your privacy at all times.
Please read this Online Privacy Policy (the “Policy”) carefully before using the Synchrony Bank
(“Bank”) website (the “Site”). The Bank, a federal savings bank headquartered in Utah, is the owner of the Site
and
the services provided through them (the “Services”), although software, hosting and other functions and content
may
be provided by the Bank’s service providers, affiliates or business partners. This Site is exclusively directed
to,
and intended for, legal residents of the United States who are adults of a capacity to contemplate and enter
into a
lawful contract for banking purposes. The Bank does not knowingly solicit information from, and does not
knowingly
market any products or services to, minors or non-U.S. residents. If you are under the age of 18, you are not
permitted to set up an account through the Site, and do not enter your personal information.
This Policy, together with the Website Usage Agreement which is incorporated herein by reference
and
attached at the end of this Policy, describes the types of information we may collect from visitors to the Site,
what we do with this information, and how visitors can update and control the use of information they provide on
the
Site. This Policy applies solely to information collected through this Site. This Policy does not apply to other
data we collect, including data collected on other websites, such as separate websites operated by our
affiliates or
business partners, or information visitors may provide to us through unsolicited email or other means.
INFORMATION COLLECTED
Through the use of or access to our Site for online inquiry regarding the products and services
we
offer (“Services”) or otherwise, we may collect personal information about you, which is information that
identifies
you as an individual, relates to you as an individual, or that, along with other information, could identify you
(“Personal Information”). We do not require you to provide any Personal Information in order to navigate our
Site.
However, we collect the following types of Personal Information:
Information Provided by You
We collect Personal Information from you when you:
- Open an
account. If you decide to open an account with the Bank, you will need to provide Personal
Information, including name, address, phone number, email address, date of birth, Social Security Number,
username and password, and financial account information.
- Interact with our
Site or Services. When you send us any feedback, questions, comments, or suggestions, participate
in
one of our surveys, or interact with the Bank in any way, you may provide us with Personal Information, such
as
your email address.
Information Collected Automatically
We may automatically collect the following Personal Information as you use our Site or Services:
- Usage
Information.
Which pages on our Site you access, the frequency of access, what you click on while on the Site, how
long you access the Site, and when you accessed the Site. This may also include information regarding the
manner
in which you use our Services, such as information regarding the purchases made using our offerings.
- Location
Information. Information about your location, which may be determined through your IP address or
mobile device.
- Device
Information. Information about the device you are using, such as hardware model, operating
system,
browser, and IP address.
- Mobile Device
Information. Mobile network information, such as the unique identifier assigned to the device,
mobile
carrier, operating system, and other device attributes.
Information Obtained from Third
Parties
We may obtain Personal Information about you from third parties, such as credit bureaus and
demographic firms, when you use our Site or Services.
Cookies and Other Tracking
Technologies
Cookies. “Cookies” are small pieces of data stored by
your
Internet browser on your computer’s hard drive. If you visit our Site, a cookie is used to help us measure the
number of visits, average time spent, page views and other statistics relating to our Site. This cookie by
itself
does not tell us your email address or who you are. If you decide to register online or request information,
products or services from us, we may collect additional information to provide tailored offerings or content to
you
or to deliver such products and services. In this case, we use cookies to allow us to recognize you on
subsequent
visits, enhance your online experience and make our provision of products and services more efficient. We do not
use
cookies to get data from your hard drive or to get your email address. Third parties may also place and store
Internet cookies on your hard drive for web analytics and analytics advertising services. These third-party
cookies
collect information about our Site traffic by tracking users across websites and across time and generating
reports
for us to better understand our Site users and to create audiences for our advertisements based on such
understanding.
Google and Adobe Analytics. We use tools called “Google
Analytics” and “Adobe Analytics” to collect some information we listed above about your use of the Services or
visits to the Site. We use the information we get from Google Analytics and Adobe Analytics to improve the
Services.
In order to collect this information, Google Analytics and Adobe Analytics may set cookies on your browser or
mobile
device, or read cookies that are already there. Google Analytics and Adobe Analytics may also receive
information
about you from apps you have downloaded, that partner with Google or Adobe, respectively. We do not combine the
information collected through the use of Google Analytics or Adobe Analytics with personally identifiable
information. Google’s ability to use and share information collected by Google Analytics about your use of the
Services or visits to the Site or to another application which partners with Google is restricted by the Google
Analytics Terms of Use and the Google Privacy Policy. Please review those and see https://www.google.com/policies/privacy/partners/ for information about how
Google uses the information provided to Google Analytics and how you can control the information provided to
Google.
Adobe’s ability to use and share information collected by Adobe Analytics about your use of the Services or
visits
to the Site or to another application which partners with Adobe, is restricted by the Adobe Analytics Terms of
Use
and the Adobe Privacy Policy. Please review those and see https://www.adobe.com/privacy/marketing-cloud.html for information about how
Adobe uses the information provided to Adobe Analytics and how you can control the information provided to
Adobe.
Social Media Widgets. Our Site includes social media
features, such as Facebook, LinkedIn, and Twitter. These features may collect information about your IP address
and
which page you are visiting on our Site, and they may set a cookie to ensure the feature functions properly.
These
features may also provide you with personalized ad content. Social media features and widgets are either hosted
by a
third party or hosted directly on our Site. Your interactions with those features and platforms are governed by
the
privacy policies of the companies that provide them.
HOW WE USE COLLECTED INFORMATION
We use the Personal Information we collect to provide the Services to you, to improve our Site
and
Services, and to protect our legal rights. Specifically, we use the Personal Information we collect to:
- Provide you with
the
products or Services you have requested.
- Communicate with
you.
To communicate with you about our Site or Services, to send you updates, or to inform you of any
changes
to the Site or Services.
- Provide customer
support. To provide you support or other services you request.
- To communicate
about
new features. We will send you notifications about new features or information available on our
Services or third-party products that we feel might be of interest to you.
- Maintain and
improve
our Site and Services. We analyze how our users interact with the Site in order to maintain and
improve the Site and Services.
- For analytics and marketing purposes. We
analyze how our users interact with our Site and utilize our Services to better understand their needs and
conduct marketing and advertising activities to promote our brand.
- Benchmarking.
We aggregate your information in order to gain insights into our Services.
- Comply with
applicable law.
- Defend our legal
rights.
HOW WE SHARE INFORMATION
We share your Personal Information with our service providers, among our entities, in connection
with
the provision of the Services, a corporate restructuring, to prevent harm, to comply with the law, and to
protect
our legal rights. The legal basis for this is our legitimate interest in providing our Services, complying with
the
law, and protecting our rights and those of others.
- Service
Providers.
We share Personal Information with service providers that help us perform Site functions and provide
you
with the Services, such as Google Analytics and Adobe Analytics.
- Corporate
Restructuring. We may share Personal Information if we are involved or intend to be involved in a
merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or in
connection with bankruptcy or liquidation proceedings.
- To Prevent Harm.
We may share Personal Information if we believe it is necessary in order to detect, investigate,
prevent,
or take action against illegal activities, fraud, or situations involving potential threats to the rights,
property, or personal safety of any person.
- To Protect Our
Rights
and As Required by Law. We will share Personal Information where we are legally required to do
so,
such as in response to court orders or legal process, to exercise our legal rights, to defend against legal
claims or demands, or to comply with the requirements of any mandatory applicable law. We will also share
Personal Information as necessary to enforce any other terms that you have agreed to, including to protect
the
rights, property, interest, or safety of the Bank, its users, or any other person, or the
copyright-protected
content of the Services.
- With Your
Consent.
We will request your permission to use or share your Personal Information for a specific purpose that
is
not compatible with the purposes listed here. We will notify you and request consent before we provide the
Personal Information or before the Personal Information you have already provided is shared for such
purpose.
SECURITY
Our goal is to protect your Personal Information submitted to us through this Site. We maintain
reasonable physical, technical, and administrative security measures to protect and limit access to your
Personal
Information. However, no method of transmission over the Internet or electronic storage technology is 100%
secure.
Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot
guarantee its absolute security.
You are responsible for maintaining the confidentiality of your account username and password. We
recommend that you choose a unique password for your account and that you do not use any password that you also
use
for any other accounts which may contain your Personal Information, such as financial accounts or email
accounts.
You agree to immediately notify the Bank of any unauthorized use of your password or account or any other breach
of
security. We will not be responsible or liable for any loss or damage arising from your failure to comply with
this
provision.
If you access our Site from a public or shared computer, it may be possible for other users to
review
your online history. For this reason, you should always close your browser window after you finish any online
banking session, including visiting our Site. If you access our Site from a shared computer, you should never
set
the Internet options to remember or store user IDs or passwords. Also, you should never go to websites or follow
web
links that are unfamiliar or seem suspicious to you.
CHOICES ABOUT YOUR INFORMATION
- Access, Correct,
or
View Your Personal Information. You may use your account to view, access, or correct certain
Personal
Information you provided to us and which is associated with your account.
- Do Not Track.
We take no action in response to “Do Not Track” requests received from user’s web browsing software.
- Cookies.
If
you would like to opt out of accepting cookies altogether, you can generally set your browser to not accept
cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to
accept
it. However, certain features of our Site or other services may not work if you delete or disable certain
cookies.
- Adobe Analytics.
To prevent your data from being used by Adobe Analytics, you can download the Adobe Analytics opt-out
browser add-on for Adobe Analytics which can be found here: https://www.adobe.com/privacy/opt-out.html#customeruse.
- Google Analytics.
To prevent your data from being used by Google Analytics, you can download the Google Analytics
opt-out
browser add-on for Google Analytics which can be found here: https://tools.google.com/dlpage/gaoptout.
- Online
Advertising.
To opt out of Internet-based advertising or to learn more about the use of this information by our
service providers, you can visit the Network Advertising Initiative website (https://www.networkadvertising.org/managing/opt_out.asp) or the Digital
Advertising Alliance website (https://www.aboutads.info/choices/), or if you are in the EU, the EDAA
(https://www.youronlinechoices.eu/). If you choose to opt out, we will place
an
“opt-out cookie” on your computer. The “opt-out cookie” is browser specific and device specific and only
lasts
until cookies are cleared from your browser or device. The opt-out cookie will not work for some cookies
that
are important to how our websites and mobile apps work. If the cookie is removed or deleted, if you upgrade
your
browser or if you visit us from a different computer, you will need to return to the applicable website to
re-select your preferences.
THIRD-PARTY LINKS
This Privacy Policy only applies to the use and disclosure of Personal Information we collect
from
visitors and customers online through our Site. Once you leave our Site, either by a link or by entering a new
Internet address in your browser’s address window, we no longer have control over information security, and we
are
not responsible for the content, privacy practices or your use of other websites. We encourage you to review the
privacy statements of those other sites.
CALIFORNIA PRIVACY RIGHTS
Residents of California (“California Consumers”) have certain rights with respect to the
collection,
use, transfer, and processing of Personal Information, as defined by the California Consumer Privacy Act as
modified
by the California Privacy Rights Act (collectively, the “CCPA”).
Please note that the CCPA does not apply to certain information, such as information subject to
the
Gramm-Leach Bliley Act (“GLBA”). To that end, these disclosures do not apply with respect to information that we
collect about California Consumers who apply for or obtain our financial products and services for personal,
family,
or household purposes. For more information about how we collect, disclose, and secure information relating to
these
consumers, please refer to our GLBA Privacy
Notice.
Additionally, we reserve the right to limit these rights where permitted under applicable law, including where
your
identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of
others.
To exercise any of the rights made available under the CCPA, please contact us via the contact
information below. Only you or your authorized agent may make a verifiable consumer request related to your
Personal
Information. Unless otherwise defined in this Privacy Policy, the terms used in this section shall have the
meanings
ascribed to them in the CCPA.
Collection of Personal Information
When California Consumers access our Site, we collect the following Personal Information:
Personal Identifiers
- Name
- Age
- Address
- Email address
- Telephone number
- Date of birth
- Social Security Number
- Account numbers and related financial information
- Business contact information
Characteristics of Protect Classifications
- Age (over 40)
- Sex / gender
- Marital status
Biometric Information
- Voiceprint identification
Internet or Other Electronic Network Activity Information
- The Internet Protocol address that relates to the
machine or device used to access our Site
- The type of browser and operating system used
- The date and time when the Site is visited
- Device ID if you are on a mobile device
- Web pages displayed
Geolocation Data
- IP or GPS based geolocation information
Sensory Data
- Call and Meeting recordings
Professional or Employment-Related Information
- Business Contact Information
- Business Reference Information
Inferences
- Inferences we develop based on your interactions
with
our Services
Sensitive Personal Information
- Social Security Number
- Driver’s License Number
- Precise geolocation information
- Financial Account information including log-in,
number, and access credentials
The foregoing pieces of information have been collected about our consumers in the past 12
months.
Sources from which Personal Information Is
Collected
We may collect the following categories of Personal Information directly from you or by logging
your
interactions with our Services.
- Identifiers, Characteristics, Commercial Information, Biometric Information, Internet,
Geolocation, Sensory, Professional, Inferences, and Sensitive.
We may also collect these categories of Personal Information from the following sources:
- Publicly available sources
- Service Providers, Consumer Data Brokers, and Credit Reporting Agencies
- Affiliates
- Your representatives or agents
Business or Commercial Purposes for which Personal
Information Is Collected
Your Personal Information is used for the following purposes:
- Provide you with
the
Services.
- Validate cell
phone
use.
- Communicate with
you.
To communicate with you about our Site or Services, to send you updates, or to inform you of any
changes
to the Site or Services.
- Provide customer
support. To provide you support or other services you request.
- To communicate
about
new features. We will send you notifications about new features or information available on our
Services or third-party products that we feel might be of interest to you.
- Maintain and
improve
our Site and Services. We analyze how our users interact with the Site in order to maintain and
improve the Site and Services.
- Benchmarking.
We aggregate your information in order to gain insights into our Services.
- For analytics and marketing purposes. We
analyze how our users interact with our Site and utilize our Services to better understand their needs and
conduct marketing and advertising activities to promote our brand.
- Prevent fraud and
other illegal activities.
- Comply with
applicable law.
- Defend our legal
rights.
Third Parties to Whom Personal Information Is Disclosed,
Shared,
or Sold
Synchrony discloses your Personal Information with analytics and service providers, advertisers,
business partners and law enforcement (if necessary).
In the preceding 12 months, we have not sold Personal
Information about consumers for monetary consideration. Our use of cookies and other tracking
technologies may be considered a sale of Personal Information under the CCPA. Categories of Personal
Information that we have sold under the CCPA include identifiers and Internet or other similar
network
activity. Categories of third parties to whom Personal Information is sold under the CCPA include
data
analytics providers and advertising and marketing providers.
In the preceding 12 months, we have not knowingly sold or
shared Personal Information of California Consumers under 16 years of age.
In the preceding 12 months, we have not knowingly sold or shared Sensitive Personal
Information
of California Consumers for purposes not specifically authorized under the CCPA.
In the preceding 12 months, we have disclosed the following Personal Information about consumers
for
business purposes:
- Identifiers,
Other
Personal Information (Financial Information), Employment Information, and Commercial Information.
We
share this information with our service providers to allow them to perform services on behalf of Synchrony.
We
may also share this information with our business partners so that they may provide you with information
about
products or services that may be of interest to you.
- Internet or Other
Electronic Network Activity Information. We share with or allow third parties to utilize cookies
for
marketing or advertising customized to your apparent interests or needs (more information located in the
“Information Collected Automatically” section above).
Individual Rights
Right for You to Access Personal Information Collected,
Disclosed,
or Sold
You have the right to request that Synchrony disclose the Personal Information it collects, uses,
and
discloses about you to third parties:
Upon receipt of your verifiable Right to Access request, you will receive the following
information
about you:
- Categories of personal information collected;
- Categories of sources from which personal information are collected;
- Specific pieces of personal information collected about you;
- Business or commercial purpose for collecting,
selling, or sharing; and
- Categories of third parties to whom personal information was disclosed.
This information will be provided to you free of charge, unless Synchrony determines that your
request is manifestly unfounded or excessive. You may request this information twice in a 12-month period. This
Right to Access is subject to certain restrictions. We will identify in our response to your request if such a
restriction applies. Synchrony employees and employees of Synchrony business partners and service providers may
also
make a Right to Access request under the CCPA, subject to certain limitations.
Right to Opt Out of Targeted Advertising and the Sale or Sharing of Personal Information
Synchrony does not sell any Personal Information of California Consumers for monetary
consideration.
However, we use certain third-party advertising and analytical cookies that may be considered “sales” or
“sharing”
of data under California law.
California Consumers have the right to opt out of the sale or sharing of personal information. It
also allows you the right to opt out from our processing of your personal data for targeted advertising or
analytic
purposes. If you wish to opt out of advertising or analytic cookies, you can do so via our Cookie Management
Options
banner. Within the Cookie Setting you can choose your cookie preferences.
Synchrony web properties respond to the Global Privacy Control (“GPC”), which allows you to opt
out
of the sale or sharing of your personal information if enabled. If you have the GPC enabled, we will not sell or
share your personal information. To learn more about the GPC, please visit https://globalprivacycontrol.org/.
Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser
blocks cookies, or if you visit the site from a different browser or device, your opt-out choices may not be
recognized or honored.
Right of Erasure
You have the right to request that Synchrony and our service providers erase any Personal
Information
about yourself, which Synchrony has collected from you upon receipt of a verifiable request. This right is
subject
to certain restrictions. We will identify in our response to your request if such a restriction applies.
Right of Correction
You have the right to request that Synchrony and our service providers correct any Personal
Information about yourself, which Synchrony has collected from you upon receipt of a verifiable request. This
right
is subject to certain restrictions. We will identify in our response to your request if such a restriction
applies.
Submitting Requests
You or your authorized agent can submit your request by calling us at 1-844-894-3960 or visiting
our
request website at https://www.synchronycredit.com/cpra/.
Verifying Requests
Synchrony provides California Consumers with an online webform to submit requests. The webform is
accessible at https://www.synchronycredit.com/cpra/. As stated in the webform, Synchrony must
verify that the person requesting information or deletion is the California Consumer about whom the request
relates
in order to process the request. To verify a California Consumer’s identity, we may request up to three pieces
of
Personal Information about you when you make a request to compare against our records. We cannot respond to your
request or provide you with Personal Information if we cannot verify your identity.
We may also require your authorized agent to provide proof of authorization, such as requiring
you to
verify your own identity directly with us or directly confirm with us that you provided the authorized agent
permission to submit the request on your behalf. Making a verifiable consumer request does not require you to
create
an account with us. We will only use Personal Information provided in your request to verify your identity.
Synchrony reserves the right to take additional steps as necessary to verify the identity of California
Consumers
where we have reason to believe a request is fraudulent.
Right of No Retaliation
Synchrony will not discriminate against you because you exercised any of your rights, including,
but
not limited to, by:
- Denying goods or services to you.
- Charging different prices or rates for goods or
services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or
services to you.
- Suggesting that you will receive a different price
or
rate for goods or services or a different level or quality of goods or services.
- Retaliating against an employee, applicant for
employment, or independent contractor.
Annual Metrics
The following information is provided in accordance with the requirements of the CCPA: Click here
to
access the Annual Metrics: https://www.syf.com/ccpametrics.
WASHINGTON CONSUMER HEALTH DATA NOTICE (“Washington Privacy Notice”)
Effective Date: July 1, 2024
This Washington Privacy Notice supplements the Synchrony Online Privacy Policy
(“Synchrony
Privacy Policy”) and applies specifically to “Consumers” as defined under Washington’s My Health My Data Act
(“MHMDA”).
This Washington Privacy Notice describes Synchrony Bank’s, and each of its affiliated companies’
(collectively, “Synchrony,” “we,” “us,” or “our”) practices regarding the
collection,
use, sharing and disclosure of Consumer Health Data (as defined below). Any capitalized terms not defined in
this
Washington Privacy Notice shall have the meanings given to them in the Synchrony Privacy Policy. Importantly,
this
Washington Privacy Notice does not supersede, replace, or otherwise amend the Synchrony Privacy Policy.
Consumer Health Data Collected
For purposes of this Washington Privacy Notice, Consumer Health Data (“CHD”) means
“consumer
health data” as defined under the MHMDA. Generally, CHD includes personal information that is linked or
reasonably
linkable to a Consumer and that identifies the Consumer’s past, present, or future physical or mental health
status.
Importantly, CHD does not include information that does not qualify as CHD under the MHMDA. For example,
CHD
does not include information subject to the Gramm-Leach Bliley Act (15 U.S.C. 6801 et seq.) and its implementing
regulations. This means that any information relating to or derived from your use of or application to our
financial
products or services is not subject to the terms of this Notice.
With your consent or where necessary to provide the products and services you request, we may
collect
or receive the categories of CHD listed below. Not all categories will be collected or received for every
individual.
- Information suggesting an interest in specific
health
related products, procedures, or treatments; and
- Information relating to searches for specific
healthcare providers through our online tools.
Sources of CHD
We may collect each category of information described above through your use of our Services. For
example, we may collect or infer certain information when you enter search terms on, or otherwise use, our
websites
or Services. Similarly, we may collect or infer certain information about you when you interact with our
advertisements on third party websites. Where this information pertains to actual or potential medical treatment
or
diagnoses, it may qualify as CHD.
We may also collect information which may contain CHD from our business partners, joint marketing
partners, public databases, providers of demographic data, publications, professional organizations, social
media
platforms, caregivers, third party information providers, service providers with whom we have a contractual
relationship and to whom you have provided your personal information, cookies and other tracking technologies,
and
Third Parties when they share the information with us.
Why Consumer Health Data Is Collected and How It Is Used
We—and our Service Providers—may collect, process and use the CHD described in this Policy for
the
following purposes:
- Providing the Services as may be reasonably
expected
by an average consumer who requesting such Services;
- Maintaining or servicing accounts, providing
customer
service, processing or fulfilling orders and transactions, verifying customer information, processing
payments,
providing financing, providing analytic services, providing storage, or providing similar services on our
behalf;
- Ensuring security and integrity of our Site and
Services to the extent the use of the consumer's CHD is reasonably necessary and proportionate for these
purposes;
- Undertaking activities to verify or maintain the
quality or safety of our Services, or to improve, upgrade, or enhance our Services;
- Personalizing, advertising, and marketing our
products
and services;
- Conducting research, analytics, and data analysis;
- Performing accounting, audit, and other internal
functions, such as internal investigations;
- Complying with law, legal process, and internal
policies;
- Maintaining business records;
- Exercising and defending legal claims; and
- Otherwise accomplishing our business purposes and
objectives.
Our Disclosure and Sharing of CHD
We may disclose or share each of the categories of CHD described above with your consent or where
necessary to provide the products and services you request. In particular, we may disclose or share personal
data,
including CHD to complete transactions, provide products or services you have requested, or for the purposes
described in this Notice. We may disclose to or share information with the following categories of parties:
Service Providers. We may disclose CHD to our Service Providers in order to enable them to
provide us with products and services, such as web hosting, mobile application hosting, data analysis, payment
processing, customer service, infrastructure provisioning, IT services, email and direct mail delivery services,
auditing, legal services, and other similar services that are essential to our provision of Services. We may
also
share information with our Service Providers that enable us to better understand the functionality and
effectiveness
of our websites and Services, and with business partners that provide advertising and other technology services.
Third Parties. We may disclose your CHD to the following categories of Third Parties:
- Third Party Co-Branding and Co-Marketing
Partners. We may share your CHD with our third-party partners with whom we offer a co-branded or
co-marketed promotion, such as where we offer special offers related to specifically branded third party
products. Any such parties will be identified in the product offering.
- Business Transfers or Assignments. We may
disclose your CHD to other entities as reasonably necessary to facilitate a reorganization, merger, sale,
joint
venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business,
assets, or stock (including in connection with any bankruptcy or similar proceedings).
- Legal and Regulatory. We may disclose your
CHD
to government authorities, law enforcement, courts, or similarly situated third parties for our business
operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
- Other Third Parties at Your Direction. We
may
disclose your CHD to any Third Party with your consent or at your direction.
Exercising Consumer Data Rights
Residents of Washington have certain rights under the MHMDA with respect to the collection and
use of
their CHD. These rights may include:
- The right to confirm whether we collect, share or
sell
your CHD;
- The right to access such CHD, including a list of
the
third parties to whom the information may have been shared;
- The right to withdraw consent from our collection
and
sharing of CHD;
- The right to withdraw consent from our sale of
CHD;
and
- The right to delete your CHD.
Residents of Washington may exercise any of these rights by calling us at 1-844-894-3960,
visiting
our request website at https://www.synchronycredit.com/cpra/ or by referring to the “Contact Us”
section
below.
Changes to This Washington Privacy Notice
We reserve the right to amend this Washington Privacy Notice at our discretion and at any time.
When
we make material changes to this Washington Privacy Notice, we will notify you by posting an updated Washington
Privacy Notice on our Services, including the effective date of such updates. We may also provide notice by
email or
through a pop-up banner on the Services, where appropriate.
Contact Us
If you have any questions or concerns about this Washington Privacy Notice, you can contact the
Synchrony Privacy Officer by email at privacyoffice@syf.com.
INTERNATIONAL USERS
This is a United States-based website that is subject to United States law. This Site is
controlled,
operated and administered by the Bank from its offices within the United States. This Policy is provided in
accordance with and subject to applicable U.S. law. If you are accessing this Site using a computer that is
located
outside the United States, you are responsible to ensure that your Internet connection is secure and is not
monitored, legally or otherwise, by any third party or jurisdiction. If you are unsure of the security of your
international Internet access, you should refrain from accessing this Site until you have confirmed that your
access
is secure and not monitored. If you decide to continue to access this Site from your location outside the United
States, you hereby agree that your use of this Site is subject to this Policy and U.S. law and that you are
responsible for complying with applicable laws in all jurisdictions that govern your use and access of this
Site.
EUROPEAN, SWISS, AND UNITED KINGDOM USERS
This section of our Policy provides certain required information to persons located in the United
Kingdom (“UK”), European Union (“EU”), a European Economic Area (“EEA”) member state, or Switzerland. Before the
Bank collects any Personal Information from you, you are entitled under the EU General Data Protection
Regulation
(“GDPR”) to the information in this section of our Policy.
Purposes and Legal Basis for Processing Personal
Information
The Bank will only process your Personal Information for lawful purposes under the GDPR related
to
the Bank's business purposes arising from your relationship with the Bank. The Bank will ordinarily collect and
process your Personal Information because it is necessary for the performance of a contract to which you are a
party
or because the Bank has another legitimate interest in doing so. When the Bank cannot rely on either of such
legal
grounds, it will seek your prior consent.
Rights of Residents of the European Union (EU), Switzerland, and
the
UK
If you use the Site and reside in the UK, EU, EEA, or Switzerland, you are entitled by law to
access,
correct, amend, or delete Personal Information about you that we hold. A list of these rights is below. Please
note
that these rights are not absolute and certain exemptions apply.
- The right to
access.
You have the right to ask us for copies of your Personal Information. This right has some exemptions,
which means you may not always receive all the Personal Information we collect and process. When making a
request, please provide an accurate description of the Personal Information you want access to.
- The right to
rectification. You have the right to ask us to rectify information you think is inaccurate. You
also
have the right to ask us to complete information you think is incomplete.
- The right to
erasure. You have the right to ask us to erase your Personal Information in certain
circumstances,
including: (i) when your Personal Information is no longer necessary for the purposes for which it was
collected
or processed, or (ii) your Personal Information must be erased to comply with a legal obligation in EU Union
or
Member State law.
- The right to
restrict
processing. You have the right to ask us to restrict the processing of your Personal Information
in
certain circumstances, including: (i) when the accuracy of the Personal Information is brought into
question, or
(ii) when we no longer need the Personal Information for purposes of the processing, but you require such
Personal Information for the establishment, exercise, or defense of a legal claim.
- The right to
object
to processing. You have the right to object to processing of your Personal Information.
- The right to data
portability. You have the right to ask that we transfer the Personal Information you gave us from
one
organization to another, or give it to you.
- The right to
lodge a
complaint with the supervisory authority. If you believe your rights under the GDPR have been
violated, the GDPR gives you the right to file a complaint with the supervisory authority. A list of
Supervisory
Authorities is available here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
To exercise these rights, please contact us at https://www.synchrony.com/contact-us.html. For your protection, we may need to
verify your identity before responding to your request. In the event that we refuse a request under rights of
access, we will provide you a reason as to why.
Right to Withdraw Consent
If Bank obtains your written consent to collect and process your Personal Information, you can
subsequently withdraw such consent as to any further processing of information by contacting us at https://www.synchrony.com/contact-us.html.
Cross-Border Transfers of Personal Information
Personal Information that you provide while in the UK, EU, an EEA member state, or Switzerland
will
be transferred to the United States. Applicable European privacy law, such as the UK DPA and the GDPR permits
such
transfer when necessary for the performance of a contract between you and Synchrony, if Synchrony obtains your
explicit consent to such transfer, or if it is in Synchrony’s legitimate interest to transfer the Personal
Information. The laws in the United States may not be as protective of your privacy as those in your location.
However, when transferring Personal Information to and processing Personal Information in the United States,
Bank
will implement appropriate safeguards and process the Personal Information in accordance with the terms of this
Privacy Policy. By using our Site, you agree to the transfer and processing of your Personal Information to the
United States.
Retention of Your Personal Information
We will retain your Personal Information until the Personal Information is no longer necessary to
accomplish the purpose for which it was provided. We may retain your Personal Information for longer periods for
specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations,
to
protect you, other people, and us from fraud, abuse, and unauthorized access, as necessary to protect our legal
rights, or for certain business requirements.
CHANGES TO THIS ONLINE PRIVACY POLICY
We reserve the right to modify or supplement this Privacy Policy at any time and without prior
notice. If we make any material change to the Privacy Policy, we will update our Site to include such changes.
We
recommend that you review this Privacy Policy regularly for changes.
CONTACT
If you have any questions or concerns about this Policy, you can contact us by phone at
1-866-226-5638 or by email to privacyoffice@syf.com.
[WF11384542E]
(11/19) BANKING ONLINE PRIVACY POLICY (REV 4/2025)
ONLINE PDF