Job Applicant Privacy Notice
Post Holdings, Inc., a Missouri corporation, together with its subsidiaries (collectively, “Post” or “we” or “our”), wants our job applicants to be familiar with how and why we collect, use and disclose information about you. The privacy and security of the personal data and information that we collect from or about you (“Personal Information”) is important to us. It is equally important that you understand how we handle this information.
By applying for a job with Post, you expressly acknowledge that you have read, understand and agree to all of the terms of this Privacy Notice as outlined below and as it may be modified by us from time to time with or without prior notice. If you are a resident of the State of California, please see our California Job Applicant Privacy Notice section below.
Please note that this Notice does not apply to employees, and if you are hired by us, you will be provided with Post’s Employee Privacy Statement. Please also note that this Notice does not apply to any information collected from you when you are acting as regular consumer of Post’s or any of its subsidiary’s products. Please consult our general Privacy Notice located at www.postholdings.com/privacy-notice for more information on our general privacy practices not related to you seeking employment with us. If you have any questions about any of the information in this Notice, please contact us via email at [email protected].
Collection of Personal Information
In the course of conducting our business and complying with applicable federal, state, and local government regulations we must collect Personal Information from you during the application process. The nature of the Personal Information collected varies somewhat for each applicant, depending on the employment responsibilities for the job you are seeking, your citizenship, the location of the facility where you are applying for work, and other factors. We collect Personal Information from you solely for business purposes, including those related (1) to your job application with Post, (2) required by governmental agencies and (3) necessary for compliance with the law.
Personal Information collected may include, without limitation, such things as:
- Your name
- User ID(s)
- Phone numbers
- Email address (es)
- Mailing addresses
- Government-issued identification numbers (e.g., Social Security or driver’s license)
- Date of birth
- Gender, race, and ethnicity
- Professional and employment history
- Educational history
Post will not knowingly collect or use Personal Information in any manner inconsistent with this statement, as it may be amended from time to time, and applicable law.
Your refusal or failure to provide Personal Information required by law may disqualify you from employment with Post.
Use of the Personal Information We Collect
The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:
- Human Resources Management. Wecollect, store, analyze, and share (internally) Personal Information in order to attract, recruit and hire a highly qualified workforce.
- Legal Compliance. We collect, use and store Personal Information to comply with obligations under federal, state and local laws, regulations and requirements.
- Safety and Security Management. We use such Personal Information as appropriate to ensure the safety and protection of employees, assets, resources, and communities.
- Communication and Identification. We use your Personal Information to identify you and to communicate with you.
Disclosure of Personal Information
Post acts to protect your Personal Information and ensure that unauthorized individuals do not have access to your Personal Information by using reasonable security measures intended to protect your Personal Information from unauthorized disclosure. We do disclose your Personal Information under the following circumstances.
- Legal Requests and Investigations. We may disclose your Personal Information when such disclosure is reasonably necessary (i) to prevent fraud; (ii) to comply with any applicable statute, law, rule or regulation; or (iii) to comply with a court order.
- Third-party Vendors and Service Providers. We do, from time to time, outsource services, functions, or operations of our business to third-party service providers. When engaging in such outsourcing, it may be necessary for us to disclose your Personal Information to those service providers, e.g., a job applicant portal provider. In some cases, the service providers may collect Personal Information directly from you on our behalf. We will work with any such providers to restrict how the providers may access, use and disclose your Personal Information.
- Protection of Post and Others. We may release Personal Information when we believe release is necessary to comply with the law; enforce or apply our policies and other agreements; or protect the rights, property, or safety of Post, our employees, or others. This disclosure will never, however, include selling, renting, sharing or otherwise disclosing your Personal Information for commercial purposes in violation of the commitments set forth herein.
Security of Your Personal Information
We employ commercially reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality and security of your Personal Information. Only authorized employees have access to Personal Information.
Updating and Accessing Your Personal Information
You must promptly inform us when changes occur in the Personal Information you have provided so that we can maintain accurate Information about you. Although you may update or change your Information, we may maintain such Personal Information previously submitted in historical archives.
Effective Date: January 1, 2023
Last Reviewed on: June 13, 2023
Post Holdings, Inc., a Missouri corporation, together with its subsidiaries, (“Post,” “we” or “us”) wants our job applicants to be familiar with how and why we collect, use and disclose information about you. This Privacy Notice (this “Notice”) explains our practices regarding the collection, use, and other processing of information that identifies or reasonably could be used to identify a job applicant in connection with applying for a job with us and to comply with the California Consumer Privacy Act of 2018 (as the same has been amended and may be amended in the future, “CCPA”) and the California Privacy Rights Act (as the same has been amended and may be amended in the future, “CPRA”). Any terms defined in the CCPA or the CPRA shall have the same meaning when used in this Notice.
This Notice applies to each job applicant who applies for a job with Post who is a resident of California in the context of seeking employment with us (a “job applicant” or “you”). As used in this Notice, the term “job applicant” refers to an individual who is a California resident and who is a current or former prospective employee, owner, director, officer, or independent contractor of Post. The term “job applicant” includes individuals who are seeking positions for full-time, part-time, variable (short-term) and seasonal schedules, as well as internships. This Notice neither creates nor forms part of any contract of employment or other service agreement and applies only to job applicants who are California residents. We may update this Notice at any time as necessary. It is important that you read this Notice, so you are aware of how and why we use your Personal Data.
Please note that this Notice does not apply to employees, and if you are hired by us, you will be provided with Post’s California Employee Privacy Notice. Please also note that this Notice does not apply to any information collected from you when you are acting as regular consumer of Post’s or any of its subsidiary’s products. Please consult our general Privacy Notice located at www.postholdings.com/privacy-notice for more information on our general privacy practices not related to you seeking employment with us. If you have any questions about any of the information in this Notice, please contact us via email at [email protected].
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular job applicant or household (“Personal Data”). Post collects and receives certain Personal Data from and about you during the job application process or otherwise by engaging with you.
Post may also collect and receive Sensitive Personal Data from and about you during the job application process. “Sensitive Personal Data” means a job applicant’s health-related Personal Data or Personal Data that reveals a job applicant’s social security; driver’s license; state identification card; passport number; account log-in, financial account, debit card, or credit card number, in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; mail, email, or text message content, unless Post is the intended recipient of the communication; genetic data; biometric information for unique identification purposes; or sex life or sexual orientation.
We do not, and will not, sell the Personal Data or Sensitive Personal Data we collect or receive from or about you or any other job applicants, including any individuals under the age of 16. We also do not, and will not, share any Personal Data or Sensitive Personal Data we collect from you or other job applicants, including any individuals under the age of 16, with third parties for cross-context behavioral advertising.
We may collect or receive the following categories of Personal Data and Sensitive Personal Data about job applicants. Not all categories will be collected for every job applicant. Information is collected based on the need. The tables below also lists, for each category, whether we have collected such information in the last twelve (12) months and, if we have, our expected retention period and use purposes for each category of Personal Data and Sensitive Personal Data.
|PERSONAL INFORMATION CATEGORY||DESCRIPTION||COLLECTED IN PAST TWELVE (12) MONTHS||RETENTION PERIOD (in absence of a deletion request or legal requirement)||USE PURPOSES|
|Identifiers||include both direct identifiers like a name or an address, and identifying numbers like an applicant ID number, as well as identifying information about devices you use to connect to Post’s or its subsidiary’s job application portal.||Yes||3 years from the job application date||Recruitment and HiringPhysical and Technical SecurityTravel and Expenses Fraud Prevention, Audits, and InvestigationsSafety, Security, and HealthLegal Compliance|
|Legally-Protected Information||includes personal information protected by California or federal laws such as date of birth, gender, military status, or other.||Yes||3 years from the job application date||Recruitment and HiringTravel and Expenses Legal Compliance|
|Professional or Employment-Related Information||includes information such as organizational position, current or past job history or performance evaluations, salary, hours worked, training, job positions, work communications, etc.||Yes||3 years from the job application date||Recruitment and HiringPhysical and Technical SecurityTravel and Expenses Legal Compliance|
|Commercial Information||includes information about services or products purchased, or consuming history or tendencies. In the case of job applicants this would be focused on travel expenses.||Yes||Up to 7 years||Travel and Expenses Fraud Prevention, Audits, and InvestigationsLegal Compliance|
|Internet or Other Similar Network Activity||includes information that we may have collected about searches on and interaction with our job application website||Yes||Up to 13 months||Recruitment and HiringPhysical and Technical SecurityFraud Prevention, Audits, and InvestigationsLegal Compliance|
|Non-Public Education Information||includes information directly related to a student that is maintained by educational institutions provided to us during the job application process.||Yes||3 years from the job application date||Recruitment and HiringLegal Compliance|
|Geolocation Data||includes general geolocation information, but not precise geolocation, which is Sensitive Personal Data.||Yes||3 years from the job application date||Recruitment and HiringTravel and Expenses Legal Compliance|
|Inferences Draw from Other Personal Data||is a profile drawn from other information that reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes||3 years from the job application date||Recruitment and Hiring|
|SENSITIVE PERSONAL INFORMATION CATEGORY||DESCRIPTION||COLLECTED IN PAST TWELVE (12) MONTHS||RETENTION PERIOD (in absence of a deletion request or legal requirement)||USE PURPOSES|
|Government Identifiers||includes a job applicant’s social security, driver’s license, state identification card, or passport number||Yes||3 years from the job application date||Recruitment and HiringFraud Prevention, Audits, and InvestigationsLegal Compliance|
|Account Credentials||includes log-in user names, used on our job application portal||Yes||Collected and maintained via our job application portal service providers. Each service provider sets its own retention period in accordance with its own policies and procedures and users may have the ability to change their account credentials.||Recruitment and HiringFraud Prevention, Audits, and InvestigationsLegal Compliance|
|Precise Geolocation||includes any data that is derived from a device and that is used or intended to be used to locate a job applicant within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet in the event such job applicant visits one of Post’s facilities during the hiring process.||Yes||1 year||Recruitment and HiringPhysical and Technical SecurityFraud Prevention, Audits, and Investigations|
|Racial or Ethnic Origin||includes a job applicant’s race and ethnic or cultural origins||Yes||3 years from the job application date||Recruitment and HiringLegal Compliance|
|Mail, Email, or Text Messages||includes the contents of a job applicant’s mail, email, or text messages that may be directed to Post, a Post subsidiary or any employee of either Post or a Post subsidiary during the application process||Yes||Email retention policy is set per division and varies from 1 year to indefinitely. Text messages through Microsoft Teams are retained for 7 days.||Recruitment and HiringFraud Prevention, Audits, and InvestigationsLegal Compliance|
“Personal Data” does not include:
- Publicly available information from government records.
- Deidentified or aggregated Personal Data of a California resident.
- Information excluded from scope by law, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
- Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of Personal Data listed above from the following categories of sources:
- Directly from you. For example, from forms you complete in connection with your job application.
- Indirectly from you. For example, from observing your actions on our job application portal.
- From third parties, for example, our business partners, affiliates and subsidiaries that interact with you or your Personal Data. We may allow third parties to control the collection of Personal Data from you. These third parties may have an obligation to provide you with a notice of collection, too. These third parties are not governed by this Notice and may collect and treat information collected differently than us. We are not responsible for the privacy practices or the content of websites owned and operated by any such third parties. For information about these third parties’ business practices, please contact Human Resources.
We may disclose your Personal Data, including Sensitive Personal Data, to a third party for a business purpose. When we disclose Personal Data for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.
We may disclose your Personal Data with the following categories of third parties:
We may also disclose your Personal Data:
Disclosures of Personal Data for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:
- Legally-Protected Information;
- Professional or Employment-Related Information;
- Commercial Information;
- Internet or Other Similar Network Activity;
- Non-Public Education Information;
- Geolocation Data; and
- Inferences Draw from Other Personal Data.
We have also disclosed the following categories of Sensitive Personal Data for a business purpose:
- Government Identifiers;
- Account Credentials;
- Precise Geolocation;
- Racial or Ethnic Origin; and
- Mail, Email, or Text Messages.
We disclosed this Personal Data for a business purpose to the following categories of third parties in the past twelve (12) months:
- Service providers, including payroll providers, talent management providers, information technology services providers, and software providers.
- Legal, accounting or other advisors.
- Our affiliates and subsidiaries.
The CCPA and CPRA provide California residents with specific rights regarding their Personal Data. This section describes your rights under these laws and explains how to exercise those rights, however you may not exercise those rights unless and until they are effective.
A. Access to Specific Information and Data Portability Rights
You have the right to request that we disclose the categories and specific pieces of information we have collected and certain information to you about our collection and use of your Personal Data, including Sensitive Personal Data, over the past twelve (12) months. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will disclose to you:
- The categories of Personal Data, including Sensitive Personal Data, we collected about you.
- The categories of sources for the Personal Data, including Sensitive Personal Data, we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Data, including Sensitive Personal Data.
- The categories of third parties with whom we share that Personal Data, including Sensitive Personal Data.
- The specific pieces of Personal Data, including Sensitive Personal Data, we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Data, including Sensitive Personal Data, for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Data, including Sensitive Personal Data, categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Data, including Sensitive Personal Data, categories that each category of recipient obtained.
B. Deletion Request Rights
You have the right to request that we delete any of your Personal Data, including Sensitive Personal Data, that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
For example, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Take actions reasonably anticipated within the context of the job application process with you or otherwise perform a contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with prospective employee expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
C. Exercising Access, Data Portability, Correction and Deletion Rights
To exercise the access, data portability, correction and deletion rights described above, please submit a verifiable request to us through one of the following:
- By telephone at 844-931-2041
- By email at [email protected]
- By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.
When you use one of the request methods above, we will request certain information for verification purposes, such as your name, address, and e-mail address. We will use this information to verify this is a permitted request, such as by matching your name and address with information in our records. Depending on the type of request, we may require a certain number of data points to allow for verification.
Only you, or a person properly authorized to act on your behalf, may make a verifiable request related to your Personal Data.
An authorized agent may make a request on your behalf using the request methods designated above. Additionally, if you use an authorized agent to submit a request, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.
You may only make a request for access or data portability twice within a 12-month period. The verifiable request must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized agent of such person.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
Making a verifiable request does not require you to create an account with us.
We will only use Personal Data provided in a verifiable request to verify the requestor’s identity or authority to make the request.
D. Right to Limit Use and Disclosure of Sensitive Personal Data.
You may have the right, at any time, to direct Post to limit our use and disclosure of your Sensitive Personal Data to use which is necessary for certain purposes enumerated in applicable law (“Enumerated Purposes”). To the extent we use or disclose your Sensitive Personal Data for purposes other than the Enumerated Purposes, you have the right to limit such use or disclosure. To the extent applicable, you may also have the right to withdraw consent you provided for our use and disclosure of your Sensitive Personal Data.
The Enumerated Purposes include the following:
(1) To help to safeguard security and integrity of your Personal Data to the extent the use of your Personal Data is reasonably necessary and proportionate for those purposes.
(2) To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
(3) To ensure the physical safety of natural persons.
(4) For short-term, transient use.
(5) To perform services on behalf of us.
(6) To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
(7) To collect or process Sensitive Personal Data where such collection or processing is not for the purpose of inferring characteristics about a job applicant.
Currently, we do not use Sensitive Personal Data for purposes other than the Enumerated Purposes above.
E. Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request.
F. No Personal Data Sales or Sharing
We do not sell or share (as defined in the CRPA) any Personal Data or Sensitive Personal Data that we collect or use, including any Personal Data or Sensitive Personal Data from individuals under the age of 16.
We will not discriminate or retaliate against you for exercising any of your rights.
Changes to this Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will provide you with the updated Notice and update the Notice’s effective date. This Notice will be posted on our job application portal, will be made available electronically, and may be updated periodically to reflect any changes in our privacy practices. We encourage you to check this Privacy Notice periodically to be aware of the most recent version.
If you have any questions or comments about this Notice, the ways in which Post collects and uses your information described in this Notice, your choices and rights regarding such use, or wish to exercise your rights under California law after they are effective, please contact your supervisor or contact Post through one of the following:
- By telephone at 844-931-2041
- By email at [email protected]
- By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.