Synchrony cares about your privacy
Click below to select from and review our privacy policies.
Synchrony cares about you and your privacy
Online Privacy Policy
Effective as of July 1, 2024
Synchrony Bank and each of its affiliate companies (collectively, “Synchrony,” “we” or “us”) is committed to protecting your privacy. Please read this Privacy Policy (the “Privacy Policy”) carefully before using this website (the “Site”). This site is not directed to or intended for individuals under 18 years of age.
This Privacy Policy describes the types of information we may collect from visitors to the Site, what we do with this information, and how visitors can update and control the use of the information they provide on the Site. This Privacy Policy applies solely to information collected through this Site. The Privacy Policy does not apply to other information we may collect, including data collected on other websites, such as separate sites operated by our affiliates or business partners, or other information visitors may provide to us through other means.
Information collected
Through the use of or access to our Site for online inquiry regarding the products and services we offer (“Services”) or otherwise, we may collect personal information about you, which is information that identifies you as an individual, relates to you as an individual, or that, along with other information, could identify you (“Personal Information”). We collect the following types of Personal Information:
- Create an account. When you create an account with us, you will provide Synchrony your contact information.
- Apply for our Services. When you submit an application to participate in our service offerings, we may request that you provide certain information including your name, date of birth, contact information, business information, financial information, relevant government issued identification numbers such as your Social Security Number or driver’s license number, reference information, and any additional information that you may include in your application.
- Access our Site. For some products, to be able to access the Site, you must provide your telephone number and the last four digits of your social security number.
- Interact with our Site or Services. When you send us any feedback, questions, comments, or suggestions, participate in one of our surveys, or interact with Synchrony in any way, you may provide us with Personal Information, such as your name, telephone number, address, and email address.
We may automatically collect the following Personal Information as you use our Site or Services:
- Usage Information. Which pages on our Site you access, the frequency of access, what you click on while on the Site, how long you access the Site, and when you accessed the Site. This may also include information regarding the manner in which you use our Services, such as information regarding the purchases made using our offerings.
- Location Information. Information about your location, which may be determined through your IP address or mobile device.
- Device Information. Information about the device you are using, such as hardware model, operating system, browser, and IP address.
- Mobile Device Information. Mobile network information, such as the unique identifier assigned to the device, mobile carrier, operating system, and other device attributes.
We may obtain Personal Information about you from third parties, such as credit bureaus and demographic firms, when you use our Site or Services.
We may also obtain information about you from Payfone, the vendor that assists us in verifying and authenticating your identity via mobile device.
Cookies: “Cookies” are small pieces of information that are stored by your web browser software on your computer’s hard drive or temporarily in your computer’s memory. We seek to place and store Internet cookies on our hard drive. Cookies can save any of the types of information noted above. Cookies enable us to personalize your viewing experience and allow us to track statistical information about navigation to and throughout certain areas of the Site and to promotions on other sites. We also utilize third parties that may place and store Internet cookies on your hard drive for web analytics. These third-party cookies collect information about our Site traffic by tracking users across websites and across time and generating reports for us to better understand our Site users and to create audiences for our advertisements based on such understanding. Third-party ad network providers that help us present ads on the Site may also place cookies on your device to service you with ads or other content personalized to your interests.
Adobe Analytics: We use a tool called “Adobe Analytics” for analytics and advertising services. We use the information we get from Adobe Analytics to improve the Services and to improve our ad performance. Adobe’s ability to use and share information collected by Adobe Analytics about your use of the Services or visits to the Site or to another application which partners with Adobe, is restricted by Adobe Analytics Terms of Use and the Adobe Privacy Policy available at: https://www.adobe.com/privacy/marketing-cloud.html .
Google Analytics: We use a tool called “Google Analytics” to collect some information we listed above about your use of the Site and Services. We use the information we get from Google Analytics to improve the Services. In order to collect this information, Google Analytics may set cookies on your browser or mobile device or read cookies that are already there. Google Analytics may also receive information about you from apps you have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your use of the Services or visits to the Site or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy available at: http://www.google.com/policies/privacy.
Social Media Widgets: Our Site includes social media features, such as Facebook, LinkedIn, and Twitter. These features may collect information about your IP address and which page you are visiting on our Site, and they may set a cookie to ensure the feature functions properly. These features may also provide you with personalized ad content. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
How we use collected information
We use the Personal Information we collect to provide the Services to you, to improve our Site and Services, and to protect our legal rights. Specifically, we use the Personal Information we collect to:
- Provide you with the Services.
- Validate cell phone use.
- Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
- Provide customer support. To provide you support or other services you request.
- To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you.
- Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services.
- For analytics and marketing purposes. We analyze how our users interact with our Site and utilize our Services to better understand their needs and conduct marketing and advertising activities to promote our brand.
- Benchmarking. We aggregate your information in order to gain insights into our Services.
- Prevent fraud and abuse.
- Comply with applicable law.
How we share information
We share your Personal Information with our service providers, among our entities, in connection with the provision of the Services, a corporate restructuring, to prevent harm, to comply with the law, and to protect our legal rights. The legal basis for this is our legitimate interest in providing our Services, complying with the law, and protecting our rights and those of others.
- Service Providers. We share Personal Information with service providers that help us perform Site functions and provide you with the Services, such as Adobe and Google Analytics.
- Advertising and Marketing. We may share your Personal Information with third parties so that they may provide you with information about products or services that may be of interest to you. We also share certain Personal Information with LiveRamp, our marketing service provider, to improve our marketing services. Personal Information gathered through the SMS (Short Message Service/Text Message) Program will not be shared with third parties. You may opt-out of the use of LiveRamp at any time by visiting https://liveramp.com/opt_out/.
- Corporate Restructuring: We may share your Personal Information if we are involved or intend to be involved in a merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or in connection with bankruptcy or liquidation proceedings.
- To Prevent Harm: We may share your Personal Information if we believe it is necessary in order to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
- To Protect Our Rights and As Required by Law: We will share Personal Information where we are legally required to do so, such as in response to court orders or legal process, to exercise our legal rights, to defend against legal claims or demands, or to comply with the requirements of any mandatory applicable law. We will also share Personal Information as necessary to enforce any other terms that you have agreed to, including to protect the rights, property, interest, or safety of Synchrony, its users, or any other person, or the copyright-protected content of the Services.
- With Your Consent: We will request your permission to use or share your Personal Information for a specific purpose that is not compatible with the purposes listed here. We will notify you and request consent before we provide the Personal Information or before the Personal Information you have already provided is shared for such purpose.
Security
At Synchrony, our goal is to protect your Personal Information submitted to us through this Site. We maintain reasonable physical, electronic, and procedural safeguards designed to protect and limit access to your Personal Information. However, no method of transmission over the Internet or electronic storage technology is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
You are responsible for maintaining the confidentiality of your account username and password. We recommend that you choose a unique password for your account and that you do not use any password that you also use for any other accounts which may contain your sensitive information, such as financial accounts or email accounts. You agree to immediately notify Synchrony of any unauthorized use of your password or account or any other breach of security. We will not be responsible or liable for any loss or damage arising from your failure to comply with this provision.
If you access our Site from a public or shared computer, it may be possible for other users to review your online history. For this reason, you should always close your browser window after you finish any online banking session, including visiting our Site. If you access our Site from a shared computer, you should never set the Internet options to remember or store user IDs or passwords. Also, you should never go to websites or follow web links that are unfamiliar or seem suspicious to you.
Choices about your information
- Access, correct, or view your Personal Information: You may use your account to view, access, or correct certain Personal Information you provided to us and which is associated with your account.
- Do Not Track: We take no action in response to “Do Not Track” requests received from user’s web browsing software.
- Cookies: If you would like to opt out of accepting cookies altogether, you can generally set your browser to not accept cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. However, certain features of our Site or other services may not work if you delete or disable certain cookies.
- Google Analytics: To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here: https://tools.google.com/dlpage/gaoptout.
- Adobe Analytics: To prevent your data from being used by Adobe Analytics, you can download the Adobe Analytics opt-out browser add-on for Adobe Analytics, which can be found here: https://www.adobe.com/privacy/opt-out.html#customeruse.
- Third-Party Advertising and Marketing: If you do not wish for us to share your information with third parties for advertising or marketing purposes, you may choose to opt-out at any time by directing such request to 1-844-894-3960
- Online Advertising: To opt out of internet-based advertising or to learn more about the use of this information by our service providers you can visit the Network Advertising Initiative website (http://www.networkadvertising.org/managing/opt_out.asp) or the Digital Advertising Alliance website (http://www.aboutads.info/choices/), or if you are in the EU, the EDAA (http://www.youronlinechoices.eu/). If you choose to opt out, we will place an “opt-out cookie” on your computer. The “opt-out cookie” is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for some cookies that are important to how our websites and mobile apps work. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return to the applicable website to re-select your preferences.
Third party links
This Privacy Policy only applies to the use and disclosure of Personal Information we collect from visitors and customers online through our Site. Once you leave our Site, either by a link or by entering a new Internet address in your browser’s address window, we no longer have control over information security, and we are not responsible for the content, privacy practices or your use of other websites. We encourage you to review the privacy statements of those other sites.
California privacy rights
Residents of California (“California Consumers”) have certain rights with respect to the collection, use, transfer, and processing of Personal Information, as defined by the California Consumer Privacy Act as modified by the California Privacy Rights Act (collectively the “CCPA”).
Please note that the CCPA does not apply to certain information, such as information subject to the Gramm-Leach Bliley Act (“GLBA”). To that end, these disclosures do not apply with respect to information that we collect about California Consumers who apply for or obtain our financial products and services for personal, family, or household purposes. For more information about how we collect, disclosure, and secure information relating to these consumers, please refer to your Privacy Notice received at account opening. Additionally, we reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others.
To exercise any of the rights made available under the CCPA, please contact us via the contact information below. Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. Unless otherwise defined in this Privacy Policy, the terms used in this section shall have the meanings ascribed to them in the CCPA.
When California Consumers access our Site, we collect the following Personal Information:
- Name
- Age
- Address
- Email address
- Telephone number
- Date of birth
- Social Security Number
- Account numbers and related financial information
- Business contact information
- Age (over 40)
- Sex / gender
- Marital status
- Information regarding purchases made using our Services
- Information regarding your interactions with our Partners and Affiliates
- Voicepring identification
- The Internet Protocol address that relates to the machine or device used to access our Site
- The type of browser and operating system used
- The date and time when the Site is visited
- Device ID if you are on a mobile device
- Web pages displayed
- IP or GPS based geolocation information.
- Call and Meeting recordings
- Business Contact Information
- Business Reference Information
- Inferences we develop based on your interactions with our Services
- Social Security Number
- Driver's License Number
- Precise Geolocation
- Financial Account information including log-in, number, and access credentials
Sources from which Personal Information Is Collected
We may collect the following categories of Personal Information directly from you or by logging your interactions with our Services.
- Identifiers, Characteristics, Commercial Information, Biometric Information, Internet, Geolocation, Sensory, Professional, Inferences, and Sensitive.
- Publicly available sources
- Service Providers, Consumer Data Brokers, and Credit Reporting Agencies
- Affiliates
- Your representatives or agents
Your Personal Information is used for the following purposes:
- Provide you with the Services.
- Validate cell phone use.
- Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
- Provide customer support. To provide you support or other services you request.
- To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you.
- Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services.
- Benchmarking. We aggregate your information in order to gain insights into our Services. For analytics and marketing purposes. We analyze how our users interact with our Site and utilize our Services to better understand their needs and conduct marketing and advertising activities to promote our brand.
- Prevent fraud and other illegal activities.
- Comply with applicable law.
- Defend our legal rights.
Synchrony discloses your Personal Information to analytics and service providers, advertisers, business partners and law enforcement (if necessary).
In the preceding 12 months, we have not sold Personal Information about consumers for monetary consideration. Our use of cookies and other tracking technologies may be considered a sale or sharing of Personal Information under the CCPA. Categories of Personal information that we have sold under the CCPA include identifiers and Internet or other similar network activity. Categories of third parties to whom Personal Information is sold under the CCPA include data analytics providers and advertising and marketing providers.
In the preceding 12 months, we have not knowingly sold or shared Personal Information of California Consumers under 16 years of age.
In the preceding 12 months, we have not knowingly sold or shared Sensitive Personal Information of California Consumers for purposes not specifically authorized under the CCPA.
- Identifiers, Other Personal Information (Financial Information), Employment Information, Commercial Information, Geolocation Information, Sensitive Information. We share this information with our service providers to allow them to perform services on behalf of Synchrony. We may also share this information with our business partners so that they may provide you with information about products or services that may be of interest to you.
- Internet or Other Electronic Network Activity information. We share with or allow third parties to utilize cookies for marketing or advertising customized to your apparent interests or needs (more information located in the “Information Collected Automatically” section above).
You have the right to request that Synchrony disclose the Personal Information it collects, uses, and discloses about you to third parties:
Upon receipt of your verifiable Right to Access request, you will receive the following information about you:
- Categories of personal information collected;
- Categories of sources from which personal information are collected;
- Specific pieces of personal information collected about you;
- Business or commercial purpose for collecting, selling, or sharing; and
- Categories of third parties to whom personal information was disclosed.
This information will be provided to you free of charge, unless Synchrony determines that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period. This Right to Access is subject to certain restrictions. We will identify in our response to your request if such a restriction applies. Synchrony employees and employees of Synchrony business partners and service providers may also make a Right to Access request under the CCPA, subject to certain limitations.
Synchrony does not sell any Personal Information of California Consumers for monetary consideration. However, we use certain third-party advertising and analytical cookies that may be considered “sales” or “sharing” of data under California law.
California Consumers have the right to opt out of the sale or sharing of personal information. It also allows you the right to opt out from our processing of your personal data for targeted advertising or analytic purposes. If you wish to opt out of advertising or analytic cookies you can do so via our Cookie Management Options banner. Within the Cookie Setting you can choose your cookie preferences. You may also opt-out of the collection and processing of data by LiveRamp by following the instructions, available here.
Synchrony web properties respond to the Global Privacy Control, (“GPC”) which allows you to opt-out of the sale or sharing of your personal information if enabled. If you have the GPC enabled, we will not sell or share your personal information. To learn more about the GPC, please visit https://globalprivacycontrol.org/.
Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser blocks cookies, or if you visit the site from a different browser or device, your opt-out choices may not be recognized or honored.
You have the right to request that Synchrony and our service providers erase any Personal Information about yourself which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions. We will identify in our response to your request if such a restriction applies.
You have the right to request that Synchrony and our service providers correct any Personal Information about yourself which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions. We will identify in our response to your request if such a restriction applies.
You or your authorized agent can submit your request by calling us at 1-844-894-3960 or visiting our request website at https://www.synchronycredit.com/cpra/.
Synchrony provides California Consumers with an online webform to submit requests. The webform is accessible at https://www.synchronycredit.com/cpra/. As stated in the webform, Synchrony must verify that the person requesting information or deletion is the California Consumer about whom the request relates in order to process the request. To verify a California Consumer’s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity. We may also require your authorized agent to provide proof of authorization, such as requiring you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request on your behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in your request to verify your identity. Synchrony reserves the right to take additional steps as necessary to verify the identity of California Consumers where we have reason to believe a request is fraudulent.
- Denying goods or services to you.
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services to you.
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Retaliating against an employee, applicant for employment, or independent contractor.
The following information is provided in accordance with the requirements of the CCPA: Click here to access the annual metrics
Washington My Health My Data
Effective Date: July 1, 2024
This Washington Privacy Notice supplements the Synchrony Online Privacy Policy (“Synchrony Privacy Policy”) and applies specifically to “Consumers” as defined under Washington’s My Health My Data Act (“MHMDA”).
This Washington Privacy Notice describes Synchrony Bank’s, and each of its affiliated companies’ (collectively, “Synchrony,” “we,” “us,” or “our”) practices regarding the collection, use, sharing and disclosure of Consumer Health Data (as defined below). Any capitalized terms not defined in this Washington Privacy Notice shall have the meanings given to them in the Synchrony Privacy Policy. Importantly, this Washington Privacy Notice does not supersede, replace, or otherwise amend the Synchrony Privacy Policy.
For purposes of this Washington Privacy Notice, Consumer Health Data (“CHD”) means “consumer health data” as defined under the MHMDA. Generally, CHD includes personal information that is linked or reasonably linkable to a Consumer and that identifies the Consumer’s past, present, or future physical or mental health status. Importantly, CHD does not include information that does not qualify as CHD under the MHMDA. For example, CHD does not include information subject to the Gramm-Leach Bliley Act (15 U.S.C. 6801 et seq.) and its implementing regulations. This means that any information relating to or derived from your use of or application to our financial products or services is not subject to the terms of this Notice.
With your consent or where necessary to provide the products and services you request, we may collect or receive the categories of CHD listed below. Not all categories will be collected or received for every individual.
- Information suggesting an interest in specific health related products, procedures, or treatments; and
- Information relating to searches for specific healthcare providers through our online tools.
Sources of CHD
We may collect each category of information described above through your use of our Services. For example, we may collect or infer certain information when you enter search terms on, or otherwise use, our websites or Services. Similarly, we may collect or infer certain information about you when you interact with our advertisements on third party websites. Where this information pertains to actual or potential medical treatment or diagnoses, it may qualify as CHD.
We may also collect information which may contain CHD from our business partners, joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, caregivers, third party information providers, service providers with whom we have a contractual relationship and to whom you have provided your personal information, cookies and other tracking technologies, and Third Parties when they share the information with us.
Why Consumer Health Data Is Collected and How It Is Used
We—and our Service Providers—may collect, process and use the CHD described in this Policy for the following purposes:
- Providing the Services as may be reasonably expected by an average consumer who requesting such Services;
- Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
- Ensuring security and integrity of our Site and Services to the extent the use of the consumer's CHD is reasonably necessary and proportionate for these purposes;
- Undertaking activities to verify or maintain the quality or safety of our Services, or to improve, upgrade, or enhance our Services;
- Personalizing, advertising, and marketing our products and services;
- Conducting research, analytics, and data analysis;
- Performing accounting, audit, and other internal functions, such as internal investigations;
- Complying with law, legal process, and internal policies;
- Maintaining business records;
- Exercising and defending legal claims; and
- Otherwise accomplishing our business purposes and objectives.
Our Disclosure and Sharing of CHD
We may disclose or share each of the categories of CHD described above with your consent or where necessary to provide the products and services you request. In particular, we may disclose or share personal data, including CHD to complete transactions, provide products or services you have requested, or for the purposes described in this Notice. We may disclose to or share information with the following categories of parties:
Service Providers. We may disclose CHD to our Service Providers in order to enable them to provide us with products and services, such as web hosting, mobile application hosting, data analysis, payment processing, customer service, infrastructure provisioning, IT services, email and direct mail delivery services, auditing, legal services, and other similar services that are essential to our provision of Services. We may also share information with our Service Providers that enable us to better understand the functionality and effectiveness of our websites and Services, and with business partners that provide advertising and other technology services.
Third Parties. We may disclose your CHD to the following categories of Third Parties:
- Third Party Co-Branding and Co-Marketing Partners. We may share your CHD with our third-party partners with whom we offer a co-branded or co-marketed promotion, such as where we offer special offers related to specifically branded third party products. Any such parties will be identified in the product offering.
- Business Transfers or Assignments. We may disclose your CHD to other entities as reasonably necessary to facilitate a reorganization, merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- Legal and Regulatory. We may disclose your CHD to government authorities, law enforcement, courts, or similarly situated third parties for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
- Other Third Parties at Your Direction. We may disclose your CHD to any Third Party with your consent or at your direction.
Residents of Washington have certain rights under the MHMDA with respect to the collection and use of their CHD. These rights may include:
- The right to confirm whether we collect, share or sell your CHD;
- The right to access such CHD, including a list of the third parties to whom the information may have been shared;
- The right to withdraw consent from our collection and sharing of CHD;
- The right to withdraw consent from our sale of CHD; and
- The right to delete your CHD.
Residents of Washington may exercise any of these rights by calling us at 1-844-894-3960, visiting our request website at https://www.synchronycredit.com/cpra/ or by referring to the “Contact Us” section below.
We reserve the right to amend this Washington Privacy Notice at our discretion and at any time. When we make material changes to this Washington Privacy Notice, we will notify you by posting an updated Washington Privacy Notice on our Services, including the effective date of such updates. We may also provide notice by email or through a pop-up banner on the Services, where appropriate.
If you have any questions or concerns about this Washington Privacy Notice, you can contact the Synchrony Privacy Officer by email at privacyoffice@syf.com.
International Users
This is a United States-based website that is subject to United States law. This Site is controlled, operated and administered by Synchrony from its offices within the United States. This Privacy Policy is provided in accordance with and subject to applicable U.S. law. If you are accessing this Site using a computer that is located outside the United States, you are responsible to ensure that your Internet connection is secure and is not monitored, legally or otherwise, by any third party or jurisdiction. If you are unsure of the security of your international Internet access, you should refrain from accessing this Site until you have confirmed that your access is secure and not monitored. If you decide to continue to access this Site from your location outside the United States, you hereby agree that your use of this Site is subject to this Privacy Policy and U.S. law and that you are responsible for complying with applicable laws in all jurisdictions that govern your use and access of this Site.
European, Swiss and United Kingdom users
This section of our Policy provides certain required information to persons located in the United Kingdom (UK), European Union (“EU”), a European Economic Area (“EEA”) member state, or Switzerland. Before Synchrony collects any Personal Information from you, you are entitled under the EU General Data Protection Regulation (“GDPR”), to the information in this section of our Policy.
Synchrony will only process your Personal Information for lawful purposes under the GDPR related to Synchrony’s business purposes arising from your relationship with Synchrony. Synchrony will ordinarily collect and process your Personal Information because it is necessary for the performance of a contract to which you are a party or because Synchrony has another legitimate interest in doing so. When Synchrony cannot rely on either of such legal grounds, it will seek your prior consent.
If you use the Site and reside in the UK, EU, EEA, or Switzerland, you are entitled by law to access, correct, amend, or delete Personal Information about you that we hold. A list of these rights is below. Please note that these rights are not absolute and certain exemptions apply.
- The right to access. You have the right to ask us for copies of your Personal Information. This right has some exemptions, which means you may not always receive all the Personal Information we collect and process. When making a request, please provide an accurate description of the Personal Information you want access to.
- The right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to erasure. You have the right to ask us to erase your Personal Information in certain circumstances, including: (i) when your Personal Information is no longer necessary for the purposes for which it was collected or processed, or (ii) your Personal Information must be erased to comply with a legal obligation in EU Union or Member State law.
- The right to restrict processing. You have the right to ask us to restrict the processing of your Personal Information in certain circumstances, including: (i) when the accuracy of the Personal Information is brought into question, or (ii) when we no longer need the Personal Information for purposes of the processing but you require such Personal Information for the establishment, exercise, or defense of a legal claim.
- The right to object to processing. You have the right to object to processing of your Personal Information.
- The right to data portability. You have the right to ask that we transfer the Personal Information you gave us from one organization to another or give it to you.
- The right to lodge a complaint with the supervisory authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with the supervisory authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
To exercise these rights please contact us at https://www.synchrony.com/contact-us.html. For your protection, we may need to verify your identity before responding to your request. In the event that we refuse a request under rights of access, we will provide you a reason as to why.
If Synchrony obtains your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further processing of information by contacting us at https://www.synchrony.com/contact-us.html.
Personal Information that you provide while in the UK, EU, an EEA member state, or Switzerland will be transferred to the United States. Applicable European privacy law, such as the UK DPA and the GDPR permits such transfer when necessary for the performance of a contract between you and Synchrony, if Synchrony obtains your explicit consent to such transfer, or if it is in Synchrony’s legitimate interest to transfer the Personal Information. The laws in the United States may not be as protective of your privacy as those in your location. However, when transferring Personal Information to and processing Personal Information in the United States, Synchrony will implement appropriate safeguards and process the Personal Information in accordance with the terms of this Privacy Policy. By using our Site, you agree to the transfer and processing of your Personal Information to the United States.
We will retain your Personal Information until the Personal Information is no longer necessary to accomplish the purpose for which it was provided. We may retain your Personal Information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, and unauthorized access, as necessary to protect our legal rights, or for certain business requirements.
Changes to this online privacy policy
We reserve the right to modify or supplement this Privacy Policy at any time and without prior notice. If we make any material change to the Privacy Policy, we will update our Site to include such changes. We recommend that you review this Privacy Policy regularly for changes.
Contact
If you have any questions or concerns about this Privacy Policy, you can contact us at privacyoffice@syf.com.
Bank Online Privacy Policy
Effective as of January 1, 2023
Synchrony Bank and each of its affiliate companies (collectively, “Synchrony”, “we” or “us”) is committed to protecting your privacy at all times.
Please read this Online Privacy Policy (the “Policy”) carefully before using the Synchrony Bank (“Bank”) website (the “Site”). The Bank, a federal savings bank headquartered in Utah, is the owner of the Site and the services provided through them (the “Services”), although software, hosting and other functions and content may be provided by the Bank’s service providers, affiliates or business partners. This Site is exclusively directed to, and intended for, legal residents of the United States who are adults of a capacity to contemplate and enter into a lawful contract for banking purposes. The Bank does not knowingly solicit information from, and does not knowingly market any products or services to, minors or non-U.S. residents. If you are under the age of 18, you are not permitted to set up an account through the Site, and do not enter your personal information.
This Policy, together with the Website Usage Agreement which is incorporated herein by reference and attached at the end of this Policy, describes the types of information we may collect from visitors to the Site, what we do with this information, and how visitors can update and control the use of information they provide on the Site. This Policy applies solely to information collected through this Site. This Policy does not apply to other data we collect, including data collected on other websites, such as separate websites operated by our affiliates or business partners, or information visitors may provide to us through unsolicited email or other means.
Information Collected
Through the use of or access to our Site for online inquiry regarding the products and services we offer (“Services”) or otherwise, we may collect personal information about you, which is information that identifies you as an individual, relates to you as an individual, or that, along with other information, could identify you (“Personal Information”). We do not require you to provide any Personal Information in order to navigate our Site. However, we collect the following types of Personal Information:
- Open an account. If you decide to open an account with the Bank, you will need to provide Personal Information, including name, address, phone number, email address, date of birth, Social Security number, username and password, and financial account information.
- Interact with our Site or Services. When you send us any feedback, questions, comments, or suggestions, participate in one of our surveys, or interact with the Bank in any way, you may provide us with Personal Information, such as your email address.
We may automatically collect the following Personal Information as you use our Site or Services:
- Usage Information. Which pages on our Site you access, the frequency of access, what you click on while on the Site, how long you access the Site, and when you accessed the Site.
- Location Information. Information about your location, which may be determined through your IP address or mobile device.
- Device Information. Information about the device you are using, such as hardware model, operating system, browser, and IP address.
- Mobile Device Information. Mobile network information, such as the unique identifier assigned to the device, mobile carrier, operating system, and other device attributes.
We may obtain Personal Information about you from third parties, such as credit bureaus and demographic firms, when you use our Site or Services.
We may also obtain information about you from Payfone, the vendor that assists us in verifying and authenticating your identity via mobile device.
Cookies: “Cookies” are small pieces of data stored by your Internet browser on your computer’s hard drive. If you visit our Site, a cookie is used to help us measure the number of visits, average time spent, page views and other statistics relating to our Site. This cookie by itself does not tell us your email address or who you are. If you decide to register online or request information, products or services from us, we may collect additional information to provide tailored offerings or content to you or to deliver such products and services. In this case, we use cookies to allow us to recognize you on subsequent visits, enhance your online experience and make our provision of products and services more efficient. We do not use cookies to get data from your hard drive or to get your email address. Third parties may also place and store Internet cookies on your hard drive for web analytics and analytics advertising services. These third-party cookies collect information about our Site traffic by tracking users across websites and across time and generating reports for us to better understand our Site users and to create audiences for our advertisements based on such understanding.
Google Analytics: We use tools called “Google Analytics” and “Adobe Analytics” to collect some information we listed above about your use of the Services or visits to the Site. We use the information we get from Google Analytics and Adobe Analytics to improve the Services. In order to collect this information, Google Analytics and Adobe Analytics may set cookies on your browser or mobile device, or read cookies that are already there. Google Analytics and Adobe Analytics may also receive information about you from apps you have downloaded, that partner with Google or Adobe, respectively. We do not combine the information collected through the use of Google Analytics or Adobe Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your use of the Services or visits to the Site or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Please review those and see http://www.google.com/policies/privacy/partners/ for information about how Google uses the information provided to Google Analytics and how you can control the information provided to Google. Adobe’s ability to use and share information collected by Adobe Analytics about your use of the Services or visits to the Site or to another application which partners with Adobe, is restricted by the Adobe Analytics Terms of Use and the Adobe Privacy Policy. Please review those and see https://www.adobe.com/privacy/marketing-cloud.html for information about how Adobe uses the information provided to Adobe Analytics and how you can control the information provided to Adobe.
Social Media Widgets: Our Site includes social media features, such as Facebook, LinkedIn, and Twitter. These features may collect information about your IP address and which page you are visiting on our Site, and they may set a cookie to ensure the feature functions properly. These features may also provide you with personalized ad content. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
How we use collected information
We use the Personal Information we collect to provide the Services to you, to improve our Site and Services, and to protect our legal rights. Specifically, we use the Personal Information we collect to:
- Provide you with the products or Services you have requested.
- Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
- Provide customer support. To provide you support or other services you request.
- To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you.
- Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services. Benchmarking. We aggregate your information in order to gain insights into our Services.
- Comply with applicable law.
- Defend our legal rights.
How we share information
We share your Personal Information with our service providers, among our entities, in connection with the provision of the Services, a corporate restructuring, to prevent harm, to comply with the law, and to protect our legal rights. The legal basis for this is our legitimate interest in providing our Services, complying with the law, and protecting our rights and those of others.
- Service Providers We share Personal Information with service providers that help us perform Site functions and provide you with the Services, such as Google Analytics and Adobe Analytics.
- Corporate Restructuring. We may share Personal Information if we are involved or intend to be involved in a merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or in connection with bankruptcy or liquidation proceedings.
- To Prevent Harm. We may share Personal Information if we believe it is necessary in order to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
- To Protect Our Rights and As Required by Law. We will share Personal Information where we are legally required to do so, such as in response to court orders or legal process, to exercise our legal rights, to defend against legal claims or demands, or to comply with the requirements of any mandatory applicable law. We will also share Personal Information as necessary to enforce any other terms that you have agreed to, including to protect the rights, property, interest, or safety of the Bank, its users, or any other person, or the copyright-protected content of the Services.
- With Your Consent. We will request your permission to use or share your Personal Information for a specific purpose that is not compatible with the purposes listed here. We will notify you and request consent before we provide the Personal Information or before the Personal Information you have already provided is shared for such purpose.
Security
Our goal is to protect your Personal Information submitted to us through this Site. We maintain reasonable physical, technical, and administrative security measures to protect and limit access to your Personal Information. However, no method of transmission over the Internet or electronic storage technology is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
You are responsible for maintaining the confidentiality of your account username and password. We recommend that you choose a unique password for your account and that you do not use any password that you also use for any other accounts, which may contain your Personal Information, such as financial accounts or email accounts. You agree to immediately notify the Bank of any unauthorized use of your password or account or any other breach of security. We will not be responsible or liable for any loss or damage arising from your failure to comply with this provision.
If you access our Site from a public or shared computer, it may be possible for other users to review your online history. For this reason, you should always close your browser window after you finish any online banking session, including visiting our Site. If you access our Site from a shared computer, you should never set the Internet options to remember or store user IDs or passwords. Also, you should never go to websites or follow web links that are unfamiliar or seem suspicious to you.
Choices about your information
- Access, Correct, or View Your Personal Information. You may use your account to view, access, or correct certain Personal Information you provided to us and which is associated with your account.
- Do Not Track. We take no action in response to “Do Not Track” requests received from user’s web browsing software.
- Cookies. If you would like to opt out of accepting cookies altogether, you can generally set your browser to not accept cookies or to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. However, certain features of our Site or other services may not work if you delete or disable certain cookies.
- Adobe Analytics. To prevent your data from being used by Adobe Analytics, you can download the Adobe Analytics opt-out browser add-on for Adobe Analytics which can be found here: https://www.adobe.com/privacy/opt-out.html#customeruse.
- Google Analytics. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here: https://tools.google.com/dlpage/gaoptout.
- Online Advertising. To opt out of Internet-based advertising or to learn more about the use of this information by our service providers, you can visit the Network Advertising Initiative website (http://www.networkadvertising.org/managing/opt_out.asp) or the Digital Advertising Alliance website (http://www.aboutads.info/choices/), or if you are in the EU, the EDAA (http://www.youronlinechoices.eu/). If you choose to opt out, we will place an “opt-out cookie” on your computer. The “opt-out cookie” is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for some cookies that are important to how our websites and mobile apps work. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return to the applicable website to re-select your preferences.
Third party links
This Privacy Policy only applies to the use and disclosure of Personal Information we collect from visitors and customers online through our Site. Once you leave our Site, either by a link or by entering a new Internet address in your browser’s address window, we no longer have control over information security, and we are not responsible for the content, privacy practices or your use of other websites. We encourage you to review the privacy statements of those other sites.
California privacy rights
If you are a California user of our Services (“California Consumer”), you have certain rights with respect to the collection, use, transfer, and processing of your Personal Information, as defined by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. To exercise any of the rights below, please contact us via the contact information below. Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. Unless otherwise defined in this Privacy Policy, the terms used in this section shall have the meanings ascribed to them in the CCPA or CPRA.
When California Consumers access our Site, we collect the following Personal Information:
- Name
- Age
- Address
- Email address
- Telephone number
- Date of birth
- Social Security Number
- The Internet Protocol address that relates to the machine or device used to access our Site
- The type of browser and operating system used
- The date and time when the Site is visited
- Device ID if you are on a mobile device
- Web pages displayed
- Provide you with the Services.
- Validate cell phone use.
- Communicate with you. To communicate with you about our Site or Services, to send you updates, or to inform you of any changes to the Site or Services.
- Provide customer support. To provide you support or other services you request.
- To communicate about new features. We will send you notifications about new features or information available on our Services or third-party products that we feel might be of interest to you
- Maintain and improve our Site and Services. We analyze how our users interact with the Site in order to maintain and improve the Site and Services.
- Benchmarking. We aggregate your information in order to gain insights into our Services.
- Prevent fraud and other illegal activities.
- Comply with applicable law.
- Defend our legal rights.
In the preceding 12 months, we have not sold Personal Information about consumers for monetary consideration. Our use of cookies and other tracking technologies may be considered a sale or sharing of Personal Information under the CCPA. Categories of Personal information that we have sold under the CCPA include identifiers and Internet or other similar network activity. Categories of third parties to whom Personal Information is sold under the CCPA include data analytics providers and advertising and marketing providers.
In the preceding 12 months, we have not knowingly sold or shared Personal Information of California Consumers under 16 years of age.
In the preceding 12 months, we have not knowingly sold or shared Sensitive Personal Information of California Consumers for purposes not specifically authorized under the CCPA.
- Identifiers, Other Personal Information (Financial Information), Employment Information, Commercial Information, Geolocation Information, Sensitive Information. We share this information with our service providers to allow them to perform services on behalf of Synchrony. We may also share this information with our business partners so that they may provide you with information about products or services that may be of interest to you.
- Internet or Other Electronic Network Activity information. We share with or allow third parties to utilize cookies for marketing or advertising customized to your apparent interests or needs (more information located in the “Information Collected Automatically” section above).
You have the right to request that Synchrony disclose the Personal Information it collects, uses, and discloses about you to third parties:
Upon receipt of your verifiable Right to Access request, you will receive the following information about you:
- Categories of personal information collected;
- Categories of sources from which personal information are collected;
- Specific pieces of personal information collected about you;
- Business or commercial purpose for collecting, selling, or sharing; and
- Categories of third parties to whom personal information was disclosed.
Synchrony does not sell any Personal Information of California Consumers for monetary consideration. This information will be provided to you free of charge, unless Synchrony determines that your request is manifestly unfounded or excessive. You may request this information twice in a 12-month period. This Right to Access is subject to certain restrictions and is not available to consumers who have requested information about, applied for, or maintain business credit through Synchrony. Synchrony employees and employees of Synchrony business partners and service providers also do not have a Right to Access under the CCPA.
Synchrony does not sell any Personal Information of California Consumers for monetary consideration. However, we use certain third-party advertising and analytical cookies that may be considered “sales” or “sharing” of data under California law.
California Consumers have the right to opt out of the sale or sharing of personal information. It also allows you the right to opt out from our processing of your personal data for targeted advertising or analytic purposes. If you wish to opt out of advertising or analytic cookies, you can do so via our Cookie Management Options banner. Within the Cookie Setting you can choose your cookie preferences.
Synchrony web properties respond to the Global Privacy Control (“GPC”), which allows you to opt out of the sale or sharing of your personal information if enabled. If you have the GPC enabled, we will not sell or share your personal information. To learn more about the GPC, please visit https://globalprivacycontrol.org/.
Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser blocks cookies, or if you visit the site from a different browser or device, your opt-out choices may not be recognized or honored.
You have the right to request that Synchrony and our service providers erase any Personal Information about yourself which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions and is not available to consumers who have requested information about, applied for, or maintain business credit through Synchrony.
You have the right to request that Synchrony and our service providers correct any Personal Information about yourself which Synchrony has collected from you upon receipt of a verifiable request. This right is subject to certain restrictions and is not available to consumers who have requested information about, applied for, or maintain business credit through Synchrony.
You or your authorized agent can submit your request by calling us at 1-844-894-3960 or visiting our request website at https://www.synchronycredit.com/cpra/.
Synchrony provides California Consumers with an online webform to submit requests. The webform is accessible at https://www.synchronycredit.com/cpra/. As stated in the webform, Synchrony must verify that the person requesting information or deletion is the California Consumer about whom the request relates in order to process the request. To verify a California Consumer’s identity, we may request up to three pieces of Personal Information about you when you make a request to compare against our records. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity. We may also require your authorized agent to provide proof of authorization, such as requiring you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request on your behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in your request to verify your identity. Synchrony reserves the right to take additional steps as necessary to verify the identity of California Consumers where we have reason to believe a request is fraudulent.
- Denying goods or services to you.
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services to you.
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Retaliating against an employee, applicant for employment, or independent contractor.
The following information is provided in accordance with the requirements of the CCPA: Click here to access the annual metrics
International Users
This is a United States-based website that is subject to United States law. This Site is controlled, operated and administered by the Bank from its offices within the United States. This Policy is provided in accordance with and subject to applicable U.S. law. If you are accessing this Site using a computer that is located outside the United States, you are responsible to ensure that your Internet connection is secure and is not monitored, legally or otherwise, by any third party or jurisdiction. If you are unsure of the security of your international Internet access, you should refrain from accessing this Site until you have confirmed that your access is secure and not monitored. If you decide to continue to access this Site from your location outside the United States, you hereby agree that your use of this Site is subject to this Policy and U.S. law and that you are responsible for complying with applicable laws in all jurisdictions that govern your use and access of this Site.
European, Swiss and United Kingdom users
This section of our Policy provides certain required information to persons located in the United Kingdom (“UK”), European Union (“EU”), a European Economic Area (“EEA”) member state, or Switzerland. Before the Bank collects any Personal Information from you, you are entitled under the EU General Data Protection Regulation (“GDPR”), to the information in this section of our Policy.
The Bank will only process your Personal Information for lawful purposes under the GDPR related to the Bank's business purposes arising from your relationship with the Bank. The Bank will ordinarily collect and process your Personal Information because it is necessary for the performance of a contract to which you are a party or because the Bank has another legitimate interest in doing so. When the Bank cannot rely on either of such legal grounds, it will seek your prior consent.
If you use the Site and reside in the UK, EU, EEA, or Switzerland, you are entitled by law to access, correct, amend, or delete Personal Information about you that we hold. A list of these rights is below. Please note that these rights are not absolute and certain exemptions apply.
- The right to access. You have the right to ask us for copies of your Personal Information. This right has some exemptions, which means you may not always receive all the Personal Information we collect and process. When making a request, please provide an accurate description of the Personal Information you want access to.
- The right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to erasure. You have the right to ask us to erase your Personal Information in certain circumstances, including: (i) when your Personal Information is no longer necessary for the purposes for which it was collected or processed, or (ii) your Personal Information must be erased to comply with a legal obligation in EU Union or Member State law.
- The right to restrict processing. You have the right to ask us to restrict the processing of your Personal Information in certain circumstances, including: (i) when the accuracy of the Personal Information is brought into question, or (ii) when we no longer need the Personal Information for purposes of the processing but you require such Personal Information for the establishment, exercise, or defense of a legal claim.
- The right to object to processing. You have the right to object to processing of your Personal Information.
- The right to data portability. You have the right to ask that we transfer the Personal Information you gave us from one organization to another or give it to you.
- The right to lodge a complaint with the supervisory authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with the supervisory authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
You have the right to ask us to erase your Personal Information in certain circumstances, including: (i) when your Personal Information is no longer necessary for the purposes for which it was collected or processed, or (ii) your Personal Information must be erased to comply with a legal obligation in EU Union or Member State law.
If Bank obtains your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further processing of information by emailing us at privacyoffice@syf.com.
Personal Information that you provide while in the UK, EU, an EEA member state, or Switzerland will be transferred to the United States. Applicable European privacy law, such as the UK DPA and the GDPR permits such transfer when necessary for the performance of a contract between you and Synchrony, if Synchrony obtains your explicit consent to such transfer, or if it is in Synchrony’s legitimate interest to transfer the Personal Information. The laws in the United States may not be as protective of your privacy as those in your location. However, when transferring Personal Information to and processing Personal Information in the United States, Bank will implement appropriate safeguards and process the Personal Information in accordance with the terms of this Privacy Policy. By using our Site, you agree to the transfer and processing of your Personal Information to the United States.
We will retain your Personal Information until the Personal Information is no longer necessary to accomplish the purpose for which it was provided. We may retain your Personal Information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, and unauthorized access, as necessary to protect our legal rights, or for certain business requirements
Changes to this online privacy policy
We reserve the right to modify or supplement this Privacy Policy at any time and without prior notice. If we make any material change to the Privacy Policy, we will update our Site to include such changes. We recommend that you review this Privacy Policy regularly for changes.
Contact
If you have any questions or concerns about this Policy, you can contact us by phone at 1-866-226-5638 or by email to privacyoffice@syf.com.