Approach

In the course of doing business, PepsiCo may collect personal data for a variety of reasons, such as gathering consumer information as part of a marketing promotion; job application information in the course of our HR processes; or consumer data collected via engagement with our websites, social media accounts, mobile device applications, etc. Privacy considerations address how this personal data is collected, used, stored, archived, and destroyed.

PepsiCo’s Global Compliance & Ethics Department (GC&E), led by the Global Chief Compliance & Ethics Officer, has primary responsibility for promoting, monitoring, and enforcing compliance and ethics at PepsiCo, including our privacy practices. PepsiCo has dedicated professionals across each of the Sectors in which it operates committed to managing personal data in keeping with these practices.

PepsiCo’s Privacy Principles establish the framework that PepsiCo follows with regard to our personal data collection and use practices. Under this framework, PepsiCo commits to the following:

• Lawfully and fairly collecting personal data that is relevant for the business purposes for which it will be used;
• Using personal data consistent with PepsiCo’s representations to individuals and to support business needs and legal requirements;
• Maintaining reasonable safeguards to protect personal data from unauthorized access, use, modification, disclosure, or destruction; and
• Monitoring compliance to provide transparency and demonstrate accountability.

Our Privacy Principles are incorporated within PepsiCo’s Global Code of Conduct, to which all employees are bound, and for which annual training is required. PepsiCo maintains privacy policies providing customers, employees and other third parties, with clear information about PepsiCo privacy practices. Examples of our privacy policies include:

• PepsiCo’s U.S. Privacy Policy
• PepsiCo’s Global Privacy Notice for Employees
• CCPA Privacy Notice for Employees

We also maintain several other policies and standards relevant to managing PepsiCo’s data and information resources. Examples of such policies include:

• PepsiCo’s Global Information Security Policy & Standards
• PepsiCo’s Global Acceptable Use Policy
• PepsiCo’s U.S. Records Management Policy
• PepsiCo’s Data Classification
• Global Information Security Requirements (applicable to Third Party Service Providers)

What's Next?

PepsiCo strives to comply with applicable privacy laws in the countries where we conduct business, including laws regarding the cross-border transfer of certain personal information. Our U.S. Privacy Policy discloses data collection and use policies as well as disclosures required by the California “Shine the Light” Law and California Consumer Privacy Act. Our European Privacy and Cookies Policy discloses data collection policies as well as our use of cookies within the European Union. Privacy Policies related to other jurisdictions can be found on the related global site.

We are mindful that the privacy legal landscape is rapidly evolving throughout the world. As such, each jurisdiction will prioritize compliance with applicable law, and we consider adjusting PepsiCo’s practices, as needed, in response to new legislative developments.