In the course of doing business, PepsiCo may collect personal data for a variety of reasons, such as gathering consumer information as part of a marketing promotion; job application information in the course of our HR processes; or consumer data collected via engagement with our websites, social media accounts, mobile device applications, etc. Privacy considerations address how this personal data is collected, used, stored, archived, and destroyed.
PepsiCo’s Global Compliance & Ethics Department (GC&E), led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring, and enforcing compliance and ethics at PepsiCo, including our privacy practices. PepsiCo has dedicated professionals across each of the Sectors in which it operates committed to managing personal data in keeping with these practices.
PepsiCo’s Privacy Principles establish the framework that PepsiCo follows with regard to our personal data collection and use practices. Under this framework, PepsiCo commits to the following:
- Lawfully and fairly collecting personal data that is relevant for the business purposes for which it will be used;
- Using personal data consistent with PepsiCo’s representations to individuals and to support business needs and legal requirements;
- Maintaining reasonable safeguards to protect personal data from unauthorized access, use, modification, disclosure, or destruction; and
- Monitoring compliance to provide transparency and demonstrate accountability.
Our Privacy Principles are incorporated within PepsiCo’s Global Code of Conduct, to which all employees are bound, and for which annual training is required. PepsiCo maintains privacy policies providing customers, employees and other third parties, with clear information about PepsiCo privacy practices. Examples of our privacy policies include:
- PepsiCo’s Global Privacy Notice for Employees
- CCPA Privacy Notice for Employees
We also maintain several other policies and standards relevant to managing PepsiCo’s data and information resources. Examples of such policies include:
- PepsiCo’s Global Information Security Policy & Standards
- PepsiCo’s Global Acceptable Use Policy
- PepsiCo’s U.S. Records Management Policy
- PepsiCo’s Data Classification
- Global Information Security Requirements (applicable to Third Party Service Providers)
We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, each jurisdiction will prioritize compliance with applicable law, and we consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.