ESG Topics A-Z
Data privacy

To PepsiCo:
Our Privacy Principles, which guide our data practices, are a foundational part of our Global Code of Conduct, to which all employees are bound. Stringent data collection, storage and management practices are vital to our business, as they help to build and preserve trust in our brands and our company.
To the World:
With technology advances and widespread data availability, it has become harder for all stakeholders to keep information private. As a result, stakeholders increasingly rely on organizations that collect and use their personal information to help them maintain their privacy.
Approach
In the course of doing business, PepsiCo collects personal data for a variety of reasons, such as gathering consumer information as part of a marketing promotion, job application information in the course of our HR processes, or consumer data collected via engagement with our websites, social media accounts, mobile device applications, etc. Privacy considerations address how this personal data is collected, used, stored, archived and destroyed.
PepsiCo’s Global Compliance and Ethics Department, led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring and enforcing compliance and ethics at PepsiCo, including our privacy practices. PepsiCo has dedicated professionals across each of its sectors who manage personal data in keeping with these practices.
PepsiCo’s Privacy Principles are designed to promote consistency in PepsiCo's personal data collection and use practices. In adopting the Privacy Principles, PepsiCo commits to the following:
- Lawfully and fairly collecting personal data that is relevant for the business purposes for which it will be used;
- Using personal data consistent with PepsiCo’s representations to individuals and to support business needs and legal requirements;
- Maintaining reasonable safeguards to protect personal data from unauthorized access, use, modification, disclosure or destruction; and
- Monitoring compliance to provide transparency and demonstrate accountability.
Our Privacy Principles are incorporated within PepsiCo’s Global Code of Conduct, to which all employees are bound and for which annual training is required. PepsiCo maintains privacy policies providing customers, employees and other third-parties, with clear information about PepsiCo privacy practices. Examples of our privacy policies include:
- PepsiCo’s U.S. Privacy Policy
- PepsiCo’s Global Privacy Notice for Employees
- CCPA Privacy Notice for Employees
PepsiCo complies with applicable privacy laws in the countries where we conduct business, relating to the processing, protection, or privacy of personal information. Our U.S. Privacy Policy discloses data collection and use policies as well as disclosures required by the California “Shine the Light” Law and California Consumer Privacy Act. Our European Privacy and Cookies Policy discloses data collection policies as well as our use of cookies within the European Union. Privacy Policies related to other jurisdictions can be found on the related global site.
We also maintain several other internal policies and standards relevant to managing PepsiCo’s data and information resources. Examples of such policies include:
- PepsiCo’s Global Information Security Policy & Standards
- PepsiCo’s Global Acceptable Use Policy
- PepsiCo’s U.S. Records Management Policy
- PepsiCo’s Data Classification Standards
- Global Information Security Requirements (applicable to Third Party Service Providers)
What's next?
We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, each jurisdiction will prioritize compliance with applicable law, and we consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.
Related topics
Last updated
May 18, 2023