Approach

In the course of doing business, PepsiCo collects personal data for a variety of reasons, such as gathering consumer information as part of a marketing promotion, job application information in the course of our HR processes, or consumer data collected via engagement with our websites, social media accounts, mobile device applications, etc. Privacy considerations address how this personal data is collected, used, stored, archived and destroyed.

PepsiCo’s Global Compliance and Ethics Department, led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring and enforcing compliance and ethics at PepsiCo, including our privacy practices. PepsiCo has dedicated professionals across each of its sectors who manage personal data in keeping with these practices.

PepsiCo’s Privacy Principles are designed to promote consistency in PepsiCo's personal data collection and use practices. In adopting the Privacy Principles, PepsiCo commits to the following:

• Lawfully and fairly collecting personal data that is relevant for the business purposes for which it will be used;
• Using personal data consistent with PepsiCo’s representations to individuals and to support business needs and legal requirements;
• Maintaining reasonable safeguards to protect personal data from unauthorized access, use, modification, disclosure or destruction; and
• Monitoring compliance to provide transparency and demonstrate accountability.

Our Privacy Principles are incorporated within PepsiCo’s Global Code of Conduct, to which all employees are bound and for which annual training is required. PepsiCo maintains privacy policies providing customers, employees and other third-parties, with clear information about PepsiCo privacy practices. Examples of our privacy policies include:

• PepsiCo’s U.S. Privacy Policy
• PepsiCo’s Global Privacy Notice for Employees
• CCPA Privacy Notice for Employees

PepsiCo complies with applicable privacy laws in the countries where we conduct business, relating to the processing, protection, or privacy of personal information. Our U.S. Privacy Policy discloses data collection and use policies as well as disclosures required by the California “Shine the Light” Law and California Consumer Privacy Act. Our European Privacy and Cookies Policy discloses data collection policies as well as our use of cookies within the European Union. Privacy Policies related to other jurisdictions can be found on the related global site.

We also maintain several other internal policies and standards relevant to managing PepsiCo’s data and information resources. Examples of such policies include:

• PepsiCo’s Global Information Security Policy & Standards
• PepsiCo’s Global Acceptable Use Policy
• PepsiCo’s U.S. Records Management Policy
• PepsiCo’s Data Classification Standards
• Global Information Security Requirements (applicable to Third Party Service Providers)

What's next?

We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, each jurisdiction will prioritize compliance with applicable law, and we consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.