Employee Privacy Statement

Effective Date: February 2026

At Post Holdings, Inc. (together with its subsidiaries, “Post” or “we” or “our”), we want you to be familiar with how and why we collect, use and disclose information about you. The privacy and security of the personal data and information that we collect from or about you (“Personal Information”) is important to us. It is equally important that you understand how we handle this information.

By accepting employment with Post, you expressly acknowledge that you have read, understand and agree to all of the terms of this Privacy Statement as outlined below and as it may be modified by us from time to time with or without prior notice.

Collection of Personal Information

In the course of conducting our business and complying with applicable federal, state, and local government regulations governing such matters as employment, tax, insurance, etc., we must collect Personal Information from you. The nature of the Personal Information collected varies somewhat for each employee, depending on your employment responsibilities, your citizenship, the location of the facility where you work, and other factors. We collect Personal Information from you solely for business purposes, including those (1) related to your employment with Post, (2) required by governmental agencies and benefits providers and (3) necessary for compliance with the law.

Personal Information collected may include, without limitation, such things as:

  • Your name
  • User ID(s)
  • Phone numbers (including mobile phone number)
  • Email address(es)
  • Mailing addresses
  • Banking and other financial data
  • Government-issued identification numbers (e.g., Social Security or driver’s license)
  • Date of birth
  • Gender, race, and ethnicity
  • Health1 and disability data
  • Family-related data, e.g., marital status, Trade union data

Post will also collect Personal Information when you browse our intranet pages. For this purpose, we may process the following Personal Information: information about the type of browser you use, the size of the browser window, the screen resolution, the URL of the page that you are viewing, articles or information that you read while on our intranet pages, videos you watch while on our intranet pages, the title and other details of the web pages you have viewed, your location from IP address (not the IP address itself), your device address, your Cookie ID, hyperlinks that you have clicked, whether or not your browser has Java enabled, what version of certain software your browser uses, the language settings from your browser and any other information you choose to share when using third-party sites, and the websites you visited before arriving at the intranet page.

We also offer certain chat tools, including chatbots, telephone hotlines, and other similar tools that may allow employees to seek information, ask questions, and otherwise communicate about their employment and benefits. If you choose to utilize one of these tools, we will collect the Personal Information you disclose through use of these tools. Your conversations through these tools may be recorded for purposes of quality assurance, recordkeeping, and compliance obligations. If the information that is being collected is protected health information subject to HIPAA, that collection and use is governed by the Post Health Plan’s Notice of Privacy Practices rather than this Employee Privacy Statement.

When we hold certain meetings, whether in-person or via an online platform, such as Microsoft Teams, we may, if approved, record such meetings, including both audio and video of the meetings, and generate a transcript from such meetings, including through the use of artificial intelligence tools. If you attend or otherwise participate in these meetings, we will collect the Personal Information you disclose, which may include your name, title, job position, photo, videos, and voice recordings and any other Personal Information you disclose during the meeting.

All the above categories exclude text messaging originator opt-in data and consent; this information is not, and will not be, disclosed to any third parties.

Post will not knowingly collect or use Personal Information in any manner inconsistent with this statement, as it may be amended from time to time, and applicable law.

Your failure to provide Personal Information required by law may disqualify you from employment with Post. If you choose not to provide certain Personal Information that enables Post to administer some of its benefit plans, you may not be eligible for certain employee benefits sponsored by Post.

Use of the Personal Information We Collect

The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:

  • Human Resources Management. We collect, store, analyze, and share (internally and only as appropriate) Personal Information in order to attract, retain and motivate a highly qualified workforce. This includes, but is not limited to, recruiting, compensation planning, succession planning, reorganization needs, performance assessment, training, employee benefit administrationⁱ, compliance with applicable legal requirements, and communication with employees and/or their representatives.
  • Business Processes and Management. Personal Information is used to run our business operations including, for example, scheduling work assignments, managing company assets, reporting and/releasing public data (e.g., annual reports, etc.), and populating employee directories. Personal Information may also be used to comply with government regulation.
  • Safety and Security Management. We use such Information as appropriate to ensure the safety and protection of employees, assets, resources, and communities.
  • Communication and Identification. We use your Personal Information to identify you and to communicate with you.
  • Improvement of our Intranet Pages. We use and analyze Personal Information collected while you visit our Career websites to improve our products and your experience on our Career websites by evaluating the use of our Career websites, to verify completion of certain trainings and other required actions and to analyze our traffic.

Disclosure of Personal Information

Post acts to protect your Personal Information and ensure that unauthorized individuals do not have access to your Personal Information by using reasonable security measures intended to protect your Personal Information from unauthorized disclosure. We do disclose your Personal Information under the following circumstances.

  • Legal Requests and Investigations. We may disclose your Personal Information when such disclosure is reasonably necessary (i) to prevent fraud; (ii) to comply with any applicable statute, law, rule or regulation; or (iii) to comply with a court order or other legal process, including to respond to any government or regulatory request.
  • Third-party Vendors and Service Providers. We do, from time to time, outsource services, functions, or operations of our business to third-party service providers. When engaging in such outsourcing, it may be necessary for us to disclose your Personal Information to those service providers, e.g., a payroll service.. In some cases, the service providers may collect Personal Information directly from you on our behalf. We will work with any such providers to restrict how the providers may access, use and disclose your Personal Information.
  • Business Transfers: During the term of your employment, we may buy other companies, create new subsidiaries or business units or sell part or all of Post or its assets. If applicable, some or all of your Personal Information may be transferred to another entity or entities as part of any such transactions. However, we will take steps intended to protect your Personal Information within these transactions.
  • Protection of Post and Others. We may release Personal Information when we believe release is necessary to comply with the law; enforce or apply our policies and other agreements; or protect the rights, property, or safety of Post, our employees, or others. This disclosure will never, however, include selling, renting, sharing or otherwise disclosing your Personal Information for commercial purposes in violation of the commitments set forth in this Privacy Policy.

None of the above categories include any text messaging originator opt-in data and consent; this information is not, and will not be, disclosed to any third parties.

Security of Your Personal Information

We employ commercially reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality and security of your Personal Information. Only authorized employees have access to Personal Information. If you are an employee with such authorization, it is imperative that you take the appropriate safeguards to protect such Personal Information.

Updating and Accessing Your Personal Information

You must promptly inform us when changes occur in the Personal Information you have provided so that we can maintain accurate Personal Information about you. Although you may update or change your Personal Information, we may maintain such Personal Information previously submitted in historical archives.

SMS or Texting Programs

Any texting programs instituted by Post and used as part of your employment with Post will be governed by our SMS Terms of Service and you should review the SMS Terms of Service before engaging in any SMS or texting with Post.

1 The collection and use of individually identifiable health information by Post in its role as plan administrator of the medical, prescription drug, dental, vision, EAP and health FSA benefits offered under the Post Holdings, Inc. Health Plan (“Health Plan”) is governed not by this Employee Privacy Statement, but by the Health Plan’s HIPAA Notice of Privacy Practices, which is available in the Annual Notices packet sent to you with your open enrollment materials, or by request from the Post Benefits Department at 855-584-3307 or by email at [email protected].

California Employee Privacy Notice

Post Holdings, Inc., a Missouri corporation, together with its subsidiaries, (“Post,” “we” or “us”) wants our employees to be familiar with how and why we collect, use and disclose information about you. This Privacy Notice (this “Notice”) explains our practices regarding the collection, use, and other processing of information that identifies or reasonably could be used to identify an employee in connection with employment with us and to comply with the California Consumer Privacy Act of 2018 (as the same has been amended and may be amended in the future, “CCPA”) and the California Privacy Rights Act (as the same has been amended and may be amended in the future, “CPRA”). Any terms defined in the CCPA or the CPRA shall have the same meaning when used in this Notice.

This Notice applies to each Post employee who is a resident of California in the context of an employee’s employment with us (an “employee” or “you”). As used in this Notice, the term “employee” refers to an individual who is a California resident and who is a current and former employee, owner, director, officer, or independent contractor of Post. The term “employee” includes individuals who work full-time, part-time, variable (short-term) and seasonal schedules, as well as interns and individuals on inactive status such as a maternity or disability leave. This Notice neithe creates nor forms part of any contract of employment or other service agreement and applies only to employees who are California residents. We may update this Notice at any time as necessary. It is important that you read this Notice, so you are aware of how and why we use your Personal Information.

Please note that this Notice does not apply to any information collected from you when you are acting as regular consumer of Post’s or any of its subsidiary’s products. Please consult our general Privacy Notice located at www.postholdings.com/privacy-notice for more information on our general privacy practices not related to your employment with us. If you have any questions about any of the information in this Notice, please contact us via email at [email protected].

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee or household (“Personal Information”). Post collects and receives certain Personal Information from and about you during the course of hiring, contracting, employing or otherwise engaging you, and may continue to receive some Personal Information from you from time to time during and after the course of your work for Post.

Post will also collect Personal Information when you browse our intranet pages. For this purpose, we process the following Personal Information: information about the type of browser you use, the size of the browser window, the screen resolution, the URL of the page that you are viewing, articles or information that you read while on our intranet pages, videos you watch while on our intranet pages, the title and other details of the web pages you have viewed, your location from IP address (not the IP address itself), your device address, your Cookie ID, hyperlinks that you have clicked, whether or not your browser has Java enabled, what version of certain software your browser uses, the language settings from your browser and any other information you choose to share when using third-party sites, and the websites you visited before arriving at the intranet page.

We also offer certain chat tools, including chatbots, telephone hotlines, and other similar tools that may allow employees to seek information, ask questions, and otherwise communicate about their employment and benefits. If you choose to utilize one of these tools, we will collect the Personal Information you disclose through use of these tools. Your conversations through these tools may be recorded for purposes of quality assurance, recordkeeping, and compliance obligations. If the information that is being collected is protected health information subject to HIPAA, that collection and use is governed by the Post Health Plan’s Notice of Privacy Practices rather than this California Employee Privacy Statement.

When we hold certain meetings, whether in-person or via an online platform, such as Microsoft Teams, we may, if approved, record such meetings, including both audio and video of the meetings, and generate a transcript from such meetings, including through the use of artificial intelligence tools. If you attend or otherwise participate in these meetings, we will collect the Personal Information you disclose, which may include your name, title, job position, photo, videos, and voice recordings and any other Personal Information you disclose during the meeting.

All the above categories exclude text messaging originator opt-in data and consent; this information is not, and will not be, disclosed to any third parties.

Post may also collect and receive Sensitive Personal Information from and about you in the ordinary course of business. “Sensitive Personal Information” means an employee’s health-related personal information or datai or personal information or data that reveals an employee’s social security; driver’s license; state identification card; passport number; account log-in, financial account, debit card, or credit card number, in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; mail, email, or text message content, unless Post is the intended recipient of the communication; biometric information for unique identification purposes; or sex life or sexual orientation.

We do not, and will not, sell the Personal Information or Sensitive Personal Information we collect or receive from or about you or any other employees, including any individuals under the age of 16. We also do not, and will not, share any Personal Information or Sensitive Personal Information we collect from you or other employees, including any individuals under the age of 16, with third parties for cross-context behavioral advertising.

We may collect or receive the following categories of Personal Information and Sensitive Personal Information about employees. Not all categories will be collected for every employee. Information is collected based on the need. The tables below also list, for each category, whether we have collected such information in the last twelve (12) months and, if we have, our expected retention period and use purposes for each category of Personal Information and Sensitive Personal Information.

PERSONAL INFORMATION CATEGORY DESCRIPTIONCOLLECTED IN PAST TWELVE (12) MONTHSRETENTION PERIOD (in absence of a deletion request or legal requirement)USE PURPOSES
Identifiersinclude both direct identifiers like a name or an address and identifying numbers like an applicant/employee ID number, as well as identifying information about devices you use to connect to Post’s or its subsidiary’s infrastructure and applications.YesGenerally, length of employment plus 5 to 8 years depending on the nature of the record, except for medical records, which may be kept for the length of employment plus 30 years
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Physical and Technical Security
  • Onboarding
  • Timekeeping
  • Compensation and Benefits
  • Travel and Expenses
  • Training and Education
  • Fraud Prevention, Audits, and Investigations
  • Location Offerings and Operations
  • Safety, Security, and Health
  • Legal Compliance
Legally Protected Informationincludes personal information protected by California or federal laws such as date of birth, gender, military status, or other.YesGenerally, length of employment plus 5 to 8 years depending on the nature of the record, except for medical records, which may be kept for the length of employment plus 30 years
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Onboarding
  • Timekeeping
  • Compensation and Benefits
  • Travel and Expenses
  • Training and Education
  • Legal Compliance
Professional or Employment-Related Informationincludes information such as organizational position, current or past job history or performance evaluations, salary, hours worked, training, job positions, work communications, etc.YesLength of employment plus 8 years
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Physical and Technical Security
  • Onboarding
  • Timekeeping
  • Compensation and Benefits
  • Travel and Expenses
  • Training and Education
  • Legal Compliance
Commercial Informationincludes information about services or products purchased, or consuming history or tendencies. In the case of employees this would be focused on business expenses.YesUp to 7 years
  • Post Operations
  • Workforce Management
  • Travel and Expenses
  • Training and Education
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Internet or Other Similar Network Activityincludes information that we may have collected about browsing history, searches, interaction with a website or application, articles or information that you read while on our intranet pages, videos you watch while on our intranet pages and information about the devices and the use of the devices that connect to Post’s or its subsidiary’s infrastructure and applications.YesUp to 13 months
  • Post Operations
  • Workforce Management
  • Physical and Technical Security
  • Fraud Prevention, Audits, and Investigations
  • Improvement of our Intranet Pages
  • Legal Compliance
Non-Public Education Informationincludes information directly related to a student that is maintained by educational institutions. For employees, this is typically related to job applications or tuition reimbursement, if available.YesLength of employment plus 6 years
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Legal Compliance
Sensory Informationincludes audio, visual, or other similar types of information, such as pictures, videos, or voice recordings.Yes14 days to indefinitely depending on the medium in which such sensory information is collected and stored (i.e., meeting transcripts are only retained for 14 days,voicemails are only retained for 30 days, and call recordings are only retained for 3 years, whereas pictures may be retained indefinitely on our website)
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Physical and Technical Security
  • Fraud Prevention, Audits, and Investigations
  • Safety, Security, and Health
  • Legal Compliance
Geolocation Dataincludes general geolocation information, but not precise geolocation, which is Sensitive Personal Information.Yes1 to 7 years depending on the nature of the record, except for geolocation data which may be contained in employment records, which may be kept for the length of employment plus 5 to 8 years depending on the nature of the record
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Compensation and Benefits
  • Travel and Expenses
  • Safety, Security, and Health
  • Legal Compliance
Inferences Drawn from Other Personal Informationis a profile drawn from other information that reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YesLength of employment plus 6 years
  • Post Operations
  • Recruitment and Hiring
  • Workforce Management
  • Physical and Technical Security
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
SENSITIVE PERSONAL INFORMATION CATEGORYDESCRIPTIONCOLLECTED IN PAST TWELVE (12) MONTHSRETENTION PERIOD (in absence of a deletion request or legal requirement)USE PURPOSES
Government Identifiersincludes an employee’s social security, driver’s license, stateidentification card, or passport numberYesGenerally, length of employment plus 5 to 8 years depending on thenature of the record, except for medical records, which may be keptfor the length of employment plus 30 years
  • Post Operations
  • Workforce Management
  • Physical and Technical Security
  • Onboarding
  • Compensation and Benefits
  • Travel and Expenses
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Account Credentialsincludes log-in user names, account numbers, or card numberscombined with required access/security code or passwordYesCollected and maintained via our service providers. Each serviceprovider sets its own retention period in accordance with its ownpolicies and procedures and users may have the ability to change theiraccount credentials.
  • Post Operations
  • Workforce Management
  • Physical and Technical Security
  • Timekeeping
  • Compensation and Benefits
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Precise Geolocationincludes any data that is derived from a device and that is used orintended to be used to locate an employee within a geographic areathat is equal to or less than the area of a circle with a radius of1,850 feet.Yes1 year
  • Post Operations
  • Workforce Management
  • Physical and Technical Security
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Racial or Ethnic Originincludes an employee’s race and ethnic or cultural originsYesGenerally, length of employment plus 5 to 8 years depending on thenature of the record, except for medical records, which may be keptfor the length of employment plus 30 years
  • Workforce Management
  • Training and Education
  • Fraud Prevention,Audits, and Investigations
  • Legal Compliance
Religious or Philosophical Beliefsincludes an employee’s religion, spirituality, and religious orphilosophical beliefsYesLength of employment plus 6 years
  • Workforce Management
  • Training and Education
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Union Membershipincludes an employee’s membership or participation in a union orother collective bargaining groupYesLength of employment plus 6 years
  • Workforce Management
  • Fraud Prevention, Audits, and Investigations
  • Legal Compliance
Mail, Email, or Text Messagesincludes the contents of an employee’s mail, email, or textmessages that may or may not be directed to Post, a Post subsidiaryor any employee of either Post or a Post subsidiaryYesEmail retention policy is set per Business Unit and varies from 1 yearto indefinitely. Chat messages through Microsoft Teams are retainedfor 7 days.
  • Physical and Technical Security
  • Training and Education
  • Fraud Prevention, Audits, and Investigations
  • Safety, Security, and Health
  • Legal Compliance
Health, Sex Life, or Sexual Orientation Informationincludes Personal Information concerning an employee’s health, sexlife, or sexual orientation or preferencesYesGenerally, length of employment plus 5 to 8 years depending on thenature of the record, except for medical records, which may be keptfor the length of employment plus 30 years
  • Post Operations
  • Workforce Management
  • Compensation and Benefits
  • Legal Compliance

Personal Information” does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated Personal Information of a California resident.
  • Information excluded from scope by law, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and/or the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
    • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of Personal Information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete in connection with your employment.
  • Indirectly from you. For example, from observing your actions on a Post device, articles you read or videos you watch on our intranet pages or through computer or access logs.
  • From third parties, for example, our business partners, service providers, affiliates and subsidiaries that interact with you or your Personal Information. We may allow third parties to control the collection of Personal Information from you. These third parties may have an obligation to provide you with a notice of collection, too. These third parties are not governed by this Notice and may collect and treat information collected differently than us. We are not responsible for the privacy practices, or the content of websites owned and operated by any such third parties. For information about these third parties’ business practices, please contact Human Resources.

Employees have some obligations, under a contract of employment, to provide us with certain information. In particular, employees may be required to provide information about disciplinary or other matters under the implied duty of good faith. Employees may also have to provide us with data in order to exercise statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that employees are unable to exercise these statutory rights.

Disclosing Personal Information

We may disclose your Personal Information, including Sensitive Personal Information, to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We may disclose your Personal Information with the following categories of third parties:

  • To our affiliates and subsidiaries.
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information, including Sensitive Personal Information, confidential and use it only for the purposes for which we disclose it to them.
  • To our external advisors including accountants, legal counsel and other professional advisors with regard to such advisor’s representation of, and provision of services to, Post, its affiliates and subsidiaries.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Post’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Post about our employees is among the assets transferred.

We may also disclose your Personal Information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our policies, terms and conditions, and other agreements.
  • To fulfill the purpose for which you provide it.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Post, our affiliates and subsidiaries, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  • For any other purpose disclosed by us when you provide the information or provided your consent.

None of the above categories include text messaging originator opt-in data and consent; this information is not, and will not be, disclosed to any third parties.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

  • Identifiers;
  • Legally Protected Information;
  • Professional or Employment-Related Information;
  • Commercial Information;
  • Internet or Other Similar Network Activity;
  • Non-Public Education Information;
  • Sensory Information;
  • Geolocation Data; and
  • Inferences Drawn from Other Personal Information.

We have also disclosed the following categories of Sensitive Personal Information for a business purpose:

  • Government Identifiers;
  • Account Credentials;
  • Precise Geolocation;
  • Racial or Ethnic Origin;
  • Religious or Philosophical Beliefs;
  • Union Membership;
  • Mail, Email, or Text Messages; and
  • Health, Sex Life, or Sexual Orientation Information.

We disclosed this Personal Information for a business purpose to the following categories of third parties in the past twelve (12) months:

  • Service providers, including payroll providers, benefits providers, talent management providers, information technology services providers, and software providers.
  • Legal, accounting or other advisors.
  • Our affiliates and subsidiaries.

Your Rights and Choices

The CCPA and CPRA provide California residents with specific rights regarding their Personal Information. This section describes your rights under these laws and explains how to exercise those rights, however you may not exercise those rights unless and until they are effective.

A. Access to Specific Information and Data Portability Rights

You have the right to request that we disclose the categories and specific pieces of information we have collected and certain information to you about our collection and use of your Personal Information, including Sensitive Personal Information, over the past twelve (12) months. Once we receive and confirm your verifiable request (see C. Exercising Access, Data Portability, Correction and Deletion Rights), we will disclose to you:

  • The categories of Personal Information, including Sensitive Personal Information, we collected about you.
  • The categories of sources for the Personal Information, including Sensitive Personal Information, we collected about you.
  • Our business or commercial purpose for collecting or selling that Personal Information, including Sensitive Personal Information.
  • The categories of third parties with whom we share that Personal Information, including Sensitive Personal Information.
  • The specific pieces of Personal Information, including Sensitive Personal Information, we collected about you (also called a data portability request).
  • If we sold or disclosed your Personal Information, including Sensitive Personal Information, for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Information, including Sensitive Personal Information, categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Information, including Sensitive Personal Information, categories that each category of recipient obtained.

B. Deletion Request Rights

You have the right to request that we delete any of your Personal Information, including Sensitive Personal Information, that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see C. Exercising Access, Data Portability, Correction and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

For example, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Take actions reasonably anticipated within the context of an ongoing employment relationship with you or otherwise perform a contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law.
  4. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  6. Enable solely internal uses that are reasonably aligned with employee expectations based on your relationship with us.
  7. Comply with a legal obligation.

C. Exercising Access, Data Portability, Correction and Deletion Rights

To exercise the access, data portability, correction and deletion rights described above, please submit a verifiable request to us through one of the following:

  • By telephone at 844-931-2041
  • By email at [email protected]
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.

When you use one of the request methods above, we will request certain information for verification purposes, such as your name, address, and e-mail address. We will use this information to verify this is a permitted request, such as by matching your name and address with information in our records. Depending on the type of request, we may require a certain number of data points to allow for verification.

Only you, or a person properly authorized to act on your behalf, may make a verifiable request related to your Personal Information. You may also make a verifiable request on behalf of your minor child, to the extent we have Personal Information of such child (e.g., for dependents covered under your health benefits).

An authorized agent may make a request on your behalf using the request methods designated above. Additionally, if you use an authorized agent to submit a request, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.

You may only make a request for access or data portability twice within a 12-month period. The verifiable request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized agent of such person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable request does not require you to create an account with us.

We will only use Personal Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.

D. Right to Limit Use and Disclosure of Sensitive Personal Information.

You may have the right, at any time, to direct Post to limit our use and disclosure of your Sensitive Personal Information to use which is necessary for certain purposes enumerated in applicable law (“Enumerated Purposes”). To the extent we use or disclose your Sensitive Personal Information for purposes other than the Enumerated Purposes, you have the right to limit such use or disclosure. To the extent applicable, you may also have the right to withdraw consent you provided for our use and disclosure of your Sensitive Personal Information.

The Enumerated Purposes include the following:

  1. To perform the services or provide the goods reasonably expected by an average employee who requests those goods or services.
  2. To help to safeguard security and integrity of your Personal Information to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
  4. To ensure the physical safety of natural persons.
  5. For short-term, transient use.
  6. To perform services on behalf of us.
  7. To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
  8. To collect or process Sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about an employee.

Currently, we do not use Sensitive Personal Information for purposes other than the Enumerated Purposes above.

E. Response Timing and Format

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable request.

F. No Personal Information Sales or Sharing

We do not sell or share (as defined in the CRPA) any Personal Information or Sensitive Personal Information that we collect or use, including any Personal Information or Sensitive Personal Information from individuals under the age of 16.

Non-Discrimination

We will not discriminate or retaliate against you for exercising any of your rights.

SMS or Texting Programs

Any texting programs instituted by Post and used as part of your employment with Post will be governed by our [SMS Terms of Service] and you should review the [SMS Terms of Service] before engaging in any SMS or texting with Post.

Changes to this Notice

We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will provide you with the updated Notice and update the Notice’s effective date. This Notice will be posted with other employee policies and notices, will be made available electronically, and may be updated periodically to reflect any changes in our privacy practices. We encourage you to check this Notice periodically to be aware of the most recent version.

Contact Information

If you have any questions or comments about this Notice, the ways in which Post collects and uses your information described in this Notice, your choices and rights regarding such use, or wish to exercise your rights under California law after they are effective, please contact your supervisor or contact Post through one of the following:

  • By telephone at 844-931-2041
  • By email at [email protected]
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.

i The collection and use of individually identifiable health information by Post in its role as plan administrator of the medical, prescription drug, dental, vision, EAP and health FSA benefits offered under the Post Holdings, Inc. Health Plan (“Health Plan”) is governed not by this California Employee Privacy Statement, but by the Health Plan’s HIPAA Notice of Privacy Practices, which is available in the Annual Notices packet sent to you with your open enrollment materials, or by request from the Post Benefits Department at 855-584-3307 or by email at [email protected].