Privacy Notice

EFFECTIVE DATE: April 30, 2024

At Post Holdings, Inc. (“Post” or “we” or “our”), we want you to be familiar with how and why we collect, use and disclose information about you.  This includes information we collect through our website, www.postholdings.com (the “Site”) and in connection with the operation of our business and the offering of our subsidiaries’ products and services.  Some of this information may individually identify you.  This Privacy Notice explains our information practices with respect to the information collected and the choices you can make about the collection, access and use of your information.

This Privacy Notice also applies to our targeted content, including online offers and advertisements for our subsidiaries’ products and services, which we (or a service provider acting on our behalf) may send to you on our subsidiaries’ or third party websites, platforms and applications (collectively, “Third Party Sites”) based on your use of the Internet or your mobile devices.  These Third Party Sites may have their own privacy policies and terms and conditions.  We encourage you to read each such privacy policies and terms and conditions before using those Third Party Sites.  You may also opt out of advertising directly through many of these Third Party Sites.  For example, to opt out of the ads you see through Meta/Facebook products, you may visit Facebook’s “Activity information from ad partners” section of its Ad Choices webpage through this link.  If you wish to opt out of interest-based advertising more generally, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences.  Alternatively, if you are located in a European country, you may visit http://www.youronlinechoices.eu/.  You may also delete your history, clear your cache and delete or manage cookies through your browser and device settings. Please note that you may continue to receive generic ads.

This Privacy Notice does not apply to any personal data collected from or about any of our or our subsidiaries’ employees, contractors, or applicants.  Personal data collected from any such employees will be protected by our employment policies and handbook, our contractors’ personal data will be protected pursuant to our agreements with such parties and our applicants’ personal data will be protected pursuant to our job applicant privacy notice, which can be found here.  

We are committed to safeguarding your privacy, ensuring that your personal data is protected and complying with all United States (“U.S.”) federal and state laws, as well as all international laws, applicable to our processing of personal data.  As part of this commitment, we train our employees about the importance of privacy and how to handle and manage personal data appropriately and securely.

WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE USE IT?

We collect information (i) by which you may be personally identified, such as name, birthdate, age, postal address, e-mail address, telephone number, veteran status, personal preferences, credit card information, including billing address, or any other identifiers by which you may be contacted online or offline; (ii) that is about you but individually does not identify you, such as IP address or other online identifiers; and/or (iii) about your internet connection, the equipment you use to access our Site and usage details (collectively, “Personal Data”).

Post collects and processes Personal Data solely to the extent (i) that it has a legitimate, lawful basis for processing and (ii) that such Personal Data is relevant to the purposes for which it was collected or disclosed.  Post collects and processes Personal Data only to the extent such Personal Data is relevant to the purposes for which it is collected or disclosed.

In particular, we process Personal Data for the specific purposes listed in Subsections A-G below; the following explains which Personal Data we collect for each purpose, the exact nature of the purpose, the length such data is stored, the basis for collection and any further relevant information.  Post will not collect additional categories of Personal Data or use the Personal Data we collected for additional purposes without providing you notice.  We do not retain Personal Data for longer than is reasonably necessary for the purpose for which it was collected.

A. Surfing on our Website – with or without Cookies
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: information about the type of browser you use, the size of the browser window, the screen resolution, the URL of the page that you are viewing, the title and other details of the web pages you have viewed, your location from IP address (not the IP address itself), your device address, your Cookie ID, hyperlinks that you have clicked, whether or not your browser has Java enabled, what version of certain software your browser uses, the language settings from your browser and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook), and the websites you visited before arriving at our relevant Site.  This Personal Data constitutes internet and other similar network activity, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We (and third party service providers acting on our behalf or on their own behalf) use cookies and similar technologies to process data about you when you visit our Site.  Cookies are files that store information on your computer hard drive or browser that mean that we can recognize that you have visited us before.  We use cookies and similar technologies to improve our products and your experience on our Sites by evaluating the use of our Site, products, and services to personalize content and ads to provide social media features and to analyze our traffic.  You can view more information on the cookies used and adjust your cookie preferences via the Cookie Consent Tool on our Site.  

Do Not Track (“DNT”) and Global Privacy Control (“GPC”) are privacy preferences that users can set in their web browsers.  When our Site receives a DNT/GPC code, except in the case of certain scenarios where a user actively and knowingly provides Personal Data (e.g. contact forms), our Site will not track your use across multiple websites other than the Company’s brand websites, but other websites (including, without limitation, websites of certain of our subsidiaries, affiliates and third party providers, such as our career portal) to which we link, or to which you visit, may continue to track you.  When our Site receives web requests from a user who enables DNT/GPC by actively choosing an opt-out setting in the user’s browser, we will also take reasonable efforts to disable tracking cookies/scripts (e.g. Google Analytics, Google Ads, Facebook, X (f/k/a Twitter) and/or other third party scripts).

  • How long do we store your Personal Data?  Please check our Cookie Policy (which can be found here) to learn about the storage periods for each cookie.
  • What is the Basis for Processing your Personal Data?  Your consent through our Cookie Consent Banner.
  • Additional Comments:  It is always possible for you to visit our Site without disclosing your Personal Data.  This requires that you have disabled cookies.  You can opt out of the processing of such information via the Cookie Consent Banner displayed at the bottom of the relevant Site or through your browser or device settings.  Please note, however, that, without cookies, you may not be able to use all of the features of our Site or online services.  
B. Contact to Deal with Requests, Provide Information about Products, Services or Promotions and Provide News Releases
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names and your email address.  This Personal Data constitutes identifiers and California customer records personal information, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We process your Personal Data whenever you contact us in order to respond to your inquiries and comments.  We process your Personal Data that you enter when registering for our Site or products or that you subsequently update or amend in your user account.  We process Personal Data to provide you with the information that you request from us, including responding to your queries or comments and sending you products or samples that you have requested.  We look at the products you have viewed on our Site.
  3. How long do we store your Personal Data?  We store your Personal Data for forty-five (45) days after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period, in which case we store the Personal Data for the period required by applicable law.
  4. What is the Basis for Processing your Personal Data?  Performance of the contract with, or request by, you; if you provide to us Personal Data that is considered sensitive (e.g. information on your health or ethnic origin), your consent.  If you wish to discontinue our receiving this information, you may update your preferences by using the “Unsubscribe” link found in the emails that we send to you or by contacting us here.
C. Manage and Inform our Shareholders and Coordinate Investor Relations
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names, your mailing address and number of shares of Post stock owned.  We or our processors may also have banking information for the purposes of depositing dividend checks, and this information includes the shareholder’s bank account number, email address, employee identification number, social security number and/or other tax identification number.  This Personal Data constitutes identifiers, California customer records personal information, commercial information, and government identifiers, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We process your Personal Data in order to record and manage our shareholders and to provide you with information about our stock, shareholder meetings, dividends and operation and business of our company and its subsidiaries.  We also use this information for the payment of dividends.
  3. How long do we store your Personal Data?  We store your Personal Data for so long as we or our processors, including, without limitation, our transfer agents, are required by law to store the Personal Data or for such longer period of time that we may be required to keep the Personal Data in order to protect the public interest.
  4. What is the Basis for Processing your Personal Data?  Purchase of our stock and our legal obligations to you as a result of being a shareholder of our company and/or performance of a request by you to receive information about our stock and operation of our company and its subsidiaries.
D. Performance of Relevant Administrative Services Requested or Necessary to Facilitate our Relationship
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names, your address, your email address and your criminal or credit history.  This Personal Data constitutes identifiers, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We will process your Personal Data for the purposes of performing administrative services requested or necessary to facilitate our relationship (e.g., facilitating payments or deliveries of products, services, information, or materials) or to fulfill requests you have made (e.g., registration).
  3. How long do we store your Personal Data?  We store your Personal Data for three years after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period, in which case we store the Personal Data for the period required by applicable law.
  4. What is the Basis for Processing your Personal Data?  Performance of the contract with, or request by, you; if you provide to us sensitive Personal Data (e.g. information on your health or religious affiliation), your consent.
E. Respond to Consumer Complaints and Reports of Business Concerns
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names, your mailing address, your email address and relevant information about (i) the complaint or business concern, (ii) the situation or circumstances giving rise to the complaint or business concern and/or (iii) any other Personal Data that you volunteer in your report or follow up communications.  This Personal Data constitutes identifiers and may include California customer records personal information, commercial information, and other Personal Data, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We will process your Personal Data for the purposes of responding to any consumer complaints or responding to reports from consumers about business concerns related to our businesses and operations.
  3. How long do we store your Personal Data?  We store your Personal Data for no more than three years after you provide the Personal Data to us, unless (i) we are required by law to store the Personal Data for a longer period, in which case we store the Personal Data for the period required by applicable law or (ii) unless we reasonably anticipate litigation with regard to the matter, in which case we would retain relevant Personal Data until such time as the litigation is concluded or is no longer reasonably anticipated.
  4. What is the Basis for Processing your Personal Data?  Our basis for processing is (i) your consent with regard to Personal Data you volunteer with regard to your complaint or business concern or (ii) a legal obligation to which we are subject.
F. Prevention of Harm to Us, Our Products or Services or a Person or Property (e.g., Fraud Prevention) or Process, Dispose of and/or Defend Ourselves against Claims or Potential Claims
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names, your address, your email address, your criminal or credit history and relevant information about (i) the harm or potential harm, (ii) the claim or potential claim or (iii) the situation or circumstances giving rise to harm, potential harm, claim or potential claim.  In addition, we may process your social security number, your driver’s license or state identification card information, information about your health insurance and information about your health and/or life circumstances. This Personal Data constitutes identifiers and may include California customer records personal information, commercial information, government identifiers and health information, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We will process your Personal Data for the purposes of preventing harm to Post or any of its subsidiaries, their products or services or to any person or property (e.g., fraud prevention) and/or in the bringing or prosecution of a claim or potential claim against you.  In addition, we may process your Personal Data for the purposes of processing, disposing of, or defending Post and/or its subsidiaries against claims or potential claims made against one or more of them.  This processing may include disclosing this Personal Data to our legal counsel, insurers and other third parties.
  3. How long do we store your Personal Data?  We store your Personal Data for six years after you provide the Personal Data to us, unless (i) we are required by law to store the Personal Data for a longer period, in which case we store the Personal Data for the period required by applicable law or (ii) unless we reasonably anticipate litigation with regard to the matter, in which case we would retain relevant Personal Data until such time as the litigation is concluded or is no longer reasonably anticipated.
  4. What is the Basis for Processing your Personal Data?  Our basis for processing is (i) a legal obligation to which we are subject or (ii) the processing is necessary for the purposes of our legitimate interests in protecting our business, products, services or a person or property or to defend ourselves against claims or potential claims.
G. Communicate with You Regarding our Site and Privacy Notice
  1. Which Personal Data do we collect about you?  For this purpose, we process the following Personal Data: your first and last names, your email address and your mailing address.  This Personal Data constitutes identifiers, as described in the SPECIAL U.S. PRIVACY INFORMATION Section below.
  2. What is the Purpose of Processing your Personal Data?  We process your Personal Data whenever there are material changes to our Site and Privacy Notice for the purposes of informing you of those material changes and obtaining your consent, if necessary.
  3. How long do we store your Personal Data?  We store your Personal Data for seven years after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period, in which case we store the Personal Data for the period required by applicable law.
  4. What is the Basis for Processing your Personal Data?  Performance of the contract with, or request by, you.  If your consent was initially required, then your consent is the basis for this processing.

There are additional disclosures in the SPECIAL U.S. PRIVACY INFORMATION Section below.  

HOW DO WE DISCLOSE PERSONAL DATA?

We engage other companies, including, without limitation, certain of our affiliates and subsidiaries (“Agents”), to perform certain services on our behalf.  We may disclose Personal Data with these Agents to perform the services, and, in fulfillment of the services, these Agents may disclose Personal Data collected on our behalf with us.  Pursuant to written agreements with these Agents, which agreements afford appropriate, and all required, protections of your Personal Data, we use these Agents to provide the following services on our behalf:

  • email and other information technology services;
  • consumer relations, including consumer complaint response services;
  • legal representation, including with regard to prevention of harm to our company, its subsidiaries, our products or services or a person or property (e.g., fraud prevention) or the prosecution, processing, defense or disposition of any claims or potential claims; and
  • shareholder record-keeping, notice, transfer agent and other investor relation services.

All of our Agents are bound by contract to refrain from using your Personal Data for any purpose other than providing the applicable service to us.  We are liable to you for our Agents’ appropriate processing of your Personal Data in a manner consistent with this Privacy Notice and applicable data privacy laws and regulations.

As described above, we use Agents to manage our advertising on other websites.  These Agents may use cookies or similar technologies in order to provide you with advertising based upon your browsing activities and interests.  Any Personal Data gathered by these Agents is not provided by the Agents to Post.  It is only used by the applicable Agent pursuant to its own privacy policies. These Agents may provide you with ways to choose not to have your information, including your Personal Data, collected or used in this way. For example, to opt out of ads you see through Meta/Facebook products, you can visit Facebook’s “Activity information from ad partners” section of its Ad Choices webpage through this link. If you wish to opt out of interest-based advertising more generally, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences.  Alternatively, if you are located in a European country, you may visit http://www.youronlinechoices.eu/.  You may also delete your history, clear your cache, and delete or manage cookies through your browser and device settings. Please note that you may continue to receive generic ads. 

In addition to disclosures described above, we may disclose or transfer Personal Data in connection with, or during negotiations of, any merger, acquisition, spin-off, sale of company assets, product lines or divisions, any financing or any similar transaction.  We may also disclose Personal Data to prevent damage or harm to us, our services or any person or property, if we believe that disclosure is required to meet national security or law enforcement requirements, or in response to a lawful request by public authorities.  Except as described in this Privacy Notice, we will not otherwise disclose Personal Data to any third parties.

If you would like more information about our disclosure of your Personal Data to third parties, please contact us by clicking here.

When Post transfers Personal Data to countries other than the country where it was provided, we do so in compliance with applicable data privacy or data protection laws and/or regulations, including, as applicable, the European Union General Data Protection Regulation 2016/679 (the “GDPR”), the European Union retained law version of the GDPR (as adopted by the United Kingdom (the “U.K.”)) and the U.K. Data Protection Act 2018 (c.12) (collectively, the “U.K. Data Protection Laws”), Switzerland’s Federal Act on Data Protection (“FADP”) and/or the standard contractual clauses for controller to processor transfers and/or for controller to controller transfers, all as set out in the European Commission Decision of 5 February 2010 (2010/87/EU), or any variation thereof that is required, as a result of any change or difference in applicable data protection law(s) or regulation(s) or a change in a decision of a competent authority under any applicable data privacy or data protection law or regulation, to allow such transfers to be made (or continue to be made) without breach of any applicable data privacy or data protection law or regulation, (collectively, the “Standard Contractual Clauses”).  We may transfer Personal Data from persons outside of the U.S. to affiliates or other third parties located either in the U.S. or otherwise, provided that such transfers to the U.S. or other countries from any of the European Economic Area (the “E.E.A.”) member states, the U.K. or Switzerland will comply, as applicable, with the GDPR, U.K. Data Protection Laws, FADP and/or the Standard Contractual Clauses in all respects.

There are additional disclosures in the SPECIAL U.S. PRIVACY INFORMATION Section below.

LINKS TO OTHER WEBSITES

Our Site may contain links to the websites of our subsidiaries and affiliates (some of which do not fall under the jurisdiction of the GDPR, the U.K. Data Protection Laws and/or the FADP) and to websites that are owned and operated by third parties.  These other websites may have their own privacy policies and are not governed by this Privacy Notice.  We are not responsible for the privacy practices, or the content of websites owned and operated by any such third parties.  Other websites may collect and treat information collected differently.

YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA

As provided under applicable data privacy or data protection laws or regulations, you may have the following rights with regard to your Personal Data: (i) the right to access and know; (ii) the right to rectification (i.e., correction); (iii) the right to erasure (i.e., deletion); (iv) the right to restrict processing; (v) the right to object to processing; (vi) the right to opt out of certain processing; (vii) the right to data portability and (viii) the right to withdraw consent.  If you have such rights, you may exercise any of these rights by contacting us by clicking here.  You may also have the right to lodge your complaints with the applicable legal authorities, including, without limitation, the applicable E.U. supervisory authority(ies), the U.K. Information Commissioner, the Swiss Federal Data Protection, and Information Commissioner and/or the California Privacy Protection Agency.  

Post will respond to your requests in accordance with, and within the appropriate timeframe determined by, the applicable law and/or regulation governing the use of the given Personal Data.  In most cases, Post will respond to requests within one month; provided, however, if the request is complex, Post may extend its response time in accordance with applicable law and regulation.

ost will contact users whose Personal Data is within the scope of the GDPR, the U.K. Data Protection Laws, the FADP and/or the Standard Contractual Clauses to obtain prior affirmative express consent when the same is required.  For example, Post will receive your affirmative express consent before any sensitive or special category Personal Data is processed, is disclosed to a third party or is used for a purpose other than those for which it was originally collected or subsequently authorized by you.  

There are additional disclosures in the SPECIAL U.S. PRIVACY INFORMATION Section below.

CHILDREN’S PRIVACY

Our Site is not intended for children under 16 years of age.  No one under age 16 may provide any information to or on the Site.  We do not knowingly collect Personal Data from children under 16.  If you are under 16, do not use or provide any information on this Site or on or through any of its features, register on the Site, make any purchases through the Site, use any of the interactive or public comment features of this Site or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you may use.  If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information.  If you believe we might have any information from or about a child under 16, please contact us by clicking here or by mail to Post’s Chief Privacy and Data Protection Officer at 2503 S. Hanley Rd., St. Louis, MO 63144.

SPECIAL U.S. PRIVACY INFORMATION 

As described more in this Privacy Notice, some of the Personal Data we collect constitutes “personal information,” “personal data,” “sensitive personal information” or “sensitive data” under these state laws.  Any such “sensitive personal information” or “sensitive data” is referred to as “Sensitive Data” in this Privacy Notice. 

In particular, within the last twelve (12) months, we collected (whether directly, indirectly (e.g., by observing your actions on the Site) or from third parties) the categories of Personal Data and Sensitive Data, which constitute information subject to these state laws, listed in the tables below.  Any such collection has been for of the purposes included in the appropriate section of the WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE USE IT?  Section above.

Personal Data CategoryExamplesCollected in the Past Twelve MonthsDisclosed for a Business PurposeSold or Shared for Cross-Context Behavioral Advertising/ Targeted Advertising
IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers.YesYesYes, some identifiers are shared, but not all. 
California Customer Records personal informationA name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number or any other financial information, medical information, or health insurance information.YesYesNo
Protected classification characteristics under state or federal lawAge (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status or genetic information (including familial genetic information).YesYesNo
Commercial informationRecords of personal property, products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies.YesYesNo
Biometric informationGenetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints and voiceprints, iris or retina scans, keystroke, gait or other physical patterns and sleep, health or exercise data.NoN/AN/A
Internet or other similar network activityBrowsing history, search history or information on a consumer’s interaction with a website, application, or advertisement.YesYesYes
Geolocation dataPhysical location or movements.  Does not include precise geolocation.NoN/AN/A
Sensory dataAudio, electronic, visual, thermal, olfactory or similar information.NoN/AN/A
Professional or employment-related informationCurrent or past job history or performance evaluations.NoN/AN/A
Non-public education informationEducation records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information or student disciplinary records.NoN/AN/A
Inferences drawn from other personal informationProfile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YesYesYes
Sensitive Data CategoryExamplesCollected in the
Past Twelve Months
Disclosed for a
Business Purpose
Sold or Shared for Cross-
Context Behavioral Advertising/ Targeted Advertising
Government identifiers Social security, driver’s license, state identification card, or passport numberYesYesNo
Health informationInformation concerning a consumer’s health collected from a consumer complaintYesYesNo

For the purposes of this Section, “Personal Data” does not include information specifically excluded from the scope of applicable data protection laws, such as certain publicly available information, deidentified or aggregated consumer information or health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Post obtains the categories of Personal Data and Sensitive Data listed above from the following categories of sources:

  • Directly from you.  For example, from forms you complete or inquiries you make.
  • Indirectly from you.  For example, from observing your actions on our Site.
  • From our affiliates and subsidiaries.
  • From third party sources, including information from commercially available sources.

We may disclose Personal Data or Sensitive Data to third parties for business purposes. We have disclosed Personal Data and Sensitive Data for a business purpose to the following categories of third party Agents:

  • our subsidiaries and affiliates;
  • email and other information technology service providers;
  • consumer relations, including consumer complaint response services;
  • legal representation, including with regard to prevention harm to our company, its subsidiaries our products or services or a person or property (e.g., fraud prevention) or the prosecution, processing, defense or disposition of any claims or potential claims; and
  • shareholder record-keeping, notice, transfer agent and other investor relation services.

We may share your Personal Data with third parties. As used in this Privacy Notice, “share” refers to sharing for purposes of cross-context behavioral advertising or targeted advertising, as contemplated under applicable law. Applicable law prohibits third parties who receive the Personal Data from selling or resharing it unless you have received explicit notice and an opportunity to opt-out of further sales or sharing.

  • Social media companies, like Meta and TikTok. 
  • Internet cookie information recipients, like Google. 

As applicable, certain state privacy laws provide their residents, respectively, with specific rights regarding their Personal Data, including the following:

A. Access to Specific Information and Data Portability Rights.  You may have the right to request that we disclose certain information to you about our collection and use of your Personal Data and Sensitive Data.  Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction and Deletion Rights below for more information), we will disclose to you, as applicable:

  • The categories of Personal Data and Sensitive Data we collected about you.
  • The categories of sources for the Personal Data and Sensitive Data we collected about you.
  • Our business or commercial purpose for collecting, selling, or sharing that Personal Data and Sensitive Data, as applicable.
  • The categories of third parties with whom we disclose that Personal Data and Sensitive Data.
  • The specific pieces of Personal Data and Sensitive Data we collected about you (also called a data portability request).
  • If we sold, shared, or disclosed your Personal Data or Sensitive Data for a business purpose, a list disclosing the Personal Data and Sensitive Data categories that we disclosed for a business purpose and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Data.

B. Correct Specific Information.  You may have the right to request that we correct inaccurate Personal Data and Sensitive Data about you.  Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction and Deletion Rights below for more information), we will use commercially reasonable efforts to correct the information to comply with your request.  Not all state privacy laws may afford this right to their residents. 

C. Deletion Request Rights.  You may have the right to request that we delete any of your Personal Data or Sensitive Data that we collected from you and retained, subject to certain exceptions.  Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction and Deletion Rights below for more information), we will delete (and direct our service providers to delete) your Personal Data or Sensitive Data, unless an exception applies.  In responding to your request, we will inform you whether or not we have complied with the request, and, if we have not complied, provide you with an explanation as to why.

A service provider shall not be required to comply with a deletion request submitted by the consumer directly to the service provider.

We may deny your deletion request as permitted by applicable law. For example, we may deny your deletion request if retaining the information is necessary for us, or our service provider(s), to:

  • Complete the transaction for which we collected the Personal Data or Sensitive Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you.
  • Help to safeguard security and integrity of your Personal Data and Sensitive Data to the extent the use of your Personal Data and Sensitive Data is reasonably necessary and proportionate for those purposes.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his/her free speech rights or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.

D. Right to Limit Use and Disclosure of Sensitive Data. You may have the right, at any time, to direct us to limit our use and disclosure of your Sensitive Data to use which is necessary for certain purposes enumerated in applicable law (“Enumerated Purposes”).  To the extent we use or disclose your Sensitive Data for purposes other than the Enumerated Purposes, you may have the right to limit such use or disclosure. To the extent applicable, you may also have the right to withdraw consent you provided for our use and disclosure of your Sensitive Data.

The Enumerated Purposes include the following:

  1. To perform the services or provide the products reasonably expected by an average consumer who requests those products or services. 
  2. To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted Personal Data, including Sensitive Data. 
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions. 
  4. To ensure the physical safety of natural persons. 
  5. For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with us, provided that we will not disclose the Sensitive Personal Data, to another third party and will not use it to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us. 
  6. To perform services on behalf of us, such as maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business. 
  7. To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
  8. For purposes that do not infer characteristics about you.]

Currently, we do not use Sensitive Data for purposes other than the Enumerated Purposes above, and we do not sell or share any Sensitive Data, and we do not sell or share any Sensitive Data.

E. Personal Data Sharing Opt-Out and Opt-In Rights.  Pursuant to applicable law, you have the right to direct us to not share your Personal Data at any time (the “right to opt-out”).

We do not have actual knowledge that we share the Personal Data of consumers under 16 years of age.  We will not share the Personal Data of consumers we actually know are less than 16 years of age unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age.  Consumers who opt-in to Personal Data sharing may opt-out of future sharing at any time.

To exercise the right to opt-out, you (or your authorized agent) may submit your preferences through our cookie consent page by clicking: Do Not Share My Personal Information.

You may also exercise the right to opt-out using an opt-out preference signal in a format commonly used and recognized by businesses, such as through an HTTP header field.  When we receive an opt-out preference signal, we will treat it as a valid request to opt-out of the sharing for that browser or device sending the signal, and, if known, for the consumer.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sharing.  However, you may change your mind and opt back in to Personal Data sharing at any time by indicating opt in on our cookie consent page found here.

We will only use Personal Data provided in an opt-out request to review and comply with the request.

If you wish to opt out of interest-based advertising not provided by us, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences.  Alternatively, if you are located in a European country, you may visit http://www.youronlinechoices.eu/.  You may also delete your delete your history, clear your cache, and delete or manage cookies through the browser and device settings. Finally, you may opt out of advertising directly through the third party provider itself.  For example, to opt out of ads you see through Meta/Facebook products, you can visit Facebook’s “Activity information from ad partners” section of its Ad Choices webpage through this link.

F. Exercising Access, Data Portability, Correction and Deletion Rights.  To exercise the access, data portability, correction and deletion rights described above, please submit a request to us through one of the following:

  • By telephone at 844-931-2041
  • By submitting the form found here.
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.

When you use a request method above, we will request certain information for verification purposes, such as your name, address and e-mail address.  We will use this information to verify this is a permitted request, such as by matching your name and address with information in our records.  Depending on the type of request, we may require a certain number of data points to allow for verification.

Only you, or a person properly authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data.  You may also make a verifiable consumer request on behalf of your minor child.

An authorized agent may make a request on your behalf using the request methods designated above.  Additionally, if you use an authorized agent to submit a consumer request, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request.  We may also require you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized agent of such person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.

We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

If we deny your request, you may have the right to appeal our decision.  Further, if you appeal and your appeal is denied, you may have the right to complain to your state’s attorney general.  You may appeal your decision by contacting us here .

For instructions on exercising sharing opt-out rights, see Personal Data Sharing Opt-Out and Opt-In Rights.

G. Response Timing and Format.  In accordance with applicable law, we endeavor to respond to a consumer request within forty-five (45) days of its receipt.  If we require more time (up to forty-five (45) additional days), we will inform you of the reason and extension period in writing.

The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

You may make a consumer request for access or data portability free of charge twice within a 12-month period. Additional requests may be subject to a fee. We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

H. No Personal Data Sales.  We do not sell any Personal Data that we collect or use. 

I. Non-Discrimination.  We will not discriminate against you for exercising any of your rights.  Unless permitted by applicable law, in connection with you exercising your rights, we will not:

  • Deny you products or services.
  • Charge you different prices or rates for products or services, including through granting discounts or other benefits or imposing penalties.
  • Provide you a different level or quality of products or services.
  • Suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.

However, we may offer you certain financial incentives permitted by applicable law that can result in different prices, rates or quality levels.  Any legally permitted financial incentive we offer will reasonably relate to your Personal Data’s value to us and contain written terms that describe the program’s material aspects.  Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

J. Other California Privacy Rights.  California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. 

HOW WE PROTECT PERSONAL DATA

Post maintains reasonable and appropriate technical and organizational security measures designed to help protect against loss, misuse and alteration of Personal Data collected and processed by Post.  However, information transmitted on the Internet and/or stored on systems attached to the Internet is not 100% secure.  As a result, we do not ensure, warrant or guarantee the security or integrity of such information.

PRIVACY COMMITMENT

While we have withdrawn from the E.U. – U.S. Privacy Shield and the Swiss – U.S. Privacy Shield programs, we remain committed to the E.U. – U.S. and Swiss – U.S. Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, enforceability and liability (collectively, including the Supplemental Principles, the “Privacy Shield Principles”) and will continue to follow such Privacy Shield Principles in our processing of Personal Data.

All transfers of Personal Data relating to individuals in any of the E.E.A. member states or the UK shall be governed by data processing agreements incorporating the Standard Contractual Clauses.  If Post transfers Personal Data subject to the Standard Contractual Clauses to a third party, the recipient will have the same level of protection as required of Post under the Standard Contractual Clauses.  Post is responsible and liable under the Standard Contractual Clauses for our third party service providers’ processing Personal Data subject to the Standard Contractual Clauses in a manner consistent with the Standard Contractual Clauses.  We will also process Personal Data submitted relating to individuals in Switzerland via adequate compliance mechanisms as required by the FADP.

DISPUTE RESOLUTION

Post commits to resolve complaints about our collection or use of your Personal Data.  Individuals with inquiries or complaints regarding this Privacy Notice should first contact Post’s Chief Privacy and Data Protection Officer at [email protected].

California Transparency in Supply Chains Act of 2010

To view Post’s disclosure under the California Transparency in Supply Chains Act of 2010, please visit PostCaliforniaSupplyChainsAct2019.pdf (postholdings.com) 

CHANGES IN OUR PRIVACY NOTICE

We may amend this Privacy Notice at any time.  To the extent required by applicable law or regulation, Post will contact individuals whose Personal Data is within the scope of such law or regulation and then currently being processed by Post to obtain prior affirmative express consent to any material changes to how we collect, use, process and/or share such individual’s Personal Data or to this Privacy Notice.  In addition, if we make any material changes to this Privacy Notice, including any material changes to how we collect, use, process and/or share your Personal Data, we will prominently post a notice of such changes on the website(s) covered by this Privacy Notice.  We encourage you to periodically review this page for the latest information on our Privacy Notice.

YOUR ACKNOWLEDGEMENT OF THIS PRIVACY NOTICE AND WHEN WE ASK FOR YOUR CONSENT

By using our Site, providing Personal Data or otherwise interacting with Post, you acknowledge that we are processing your Personal Data in accordance with this Privacy Notice.  If you do not wish that we process your Personal Data in this way, please do not use our Site, provide us with your Personal Data or otherwise interact with Post.

We process your Personal Data as described above.  In certain instances, we only process your Personal Data if you have consented (for example, in cases where we process your Personal Data for job applications or seeking employment).  Where we process your Personal Data on the basis of your consent, we will ask for your consent explicitly but, in some cases and only where permitted by applicable law, we may infer in a transparent manner consent from your actions.  We may also ask you to provide additional consent if we need to use your Personal Data for purposes not covered by this Privacy Notice.

CONTACT US
  • By telephone at 844-931-2041
  • By email at [email protected]
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.
  • Chief Privacy and Data Protection Officer
  • By email at [email protected]
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.

We are committed and required to respond to any of your inquiries on this issue within one month of receiving the inquiry.

Post Holdings, Inc. Cookie Policy:

Post Holdings, Inc. (“Post” or “we”) (and third party service providers acting on our behalf or on their own behalf) use cookies and similar technologies to collect and process data about you when you visit our website,  www.postholdings.com, (collectively, our “Site”).  Cookies are files that store information on your computer hard drive or browser that mean that we can recognize that you have visited us before.  We use cookies and similar technologies to improve our products and your experience on our Sites by evaluating the use of our Sites, products and services to personalize content and ads, to provide social media features and to analyze our traffic.  By agreeing to the use of our cookies on our Sites, you agree to our collection, disclosure and sharing (as such term is defined in the California Privacy Rights Act of 2020) of your information and direct us to provide your information to third parties for these purposes. 

  • Specifically, the information that we collect through the cookies on our Site is as follows: Page Information, which is retained by Post for metrics:
  • URL – the URL of the page you are viewing and
  • Title – the title of the page you are viewing.

Browser Information, which is retained by Post for metrics:

  • Browser name – the type of browser you are using;
  • Viewport or Viewing pane – the size of the browser window you are using;
  • Screen resolution – the resolution of your screen;
  • Java enabled – whether or not you have Java enabled; and 
  • Other Software versions – what version of software that you are using.

User Information, which is retained by Post for metrics:

  • Location – this is derived from the IP address where the hit originated (please note that the IP address itself is not available or retained by Post); and
  • Language – derived from the language settings of your browser.

How long we retain the information we collect from you via cookies varies by cookie. The retention period may range from one minute to two years from your visit to our Website and may also vary depending on your browser or device settings.

Do Not Track (“DNT”) and Global Privacy Control (“GPC”) are privacy preferences that users can set in their web browsers.  When our Site receives a DNT/GPC code, except in the case of certain scenarios where a user actively and knowingly provides Personal Data (e.g. contact forms), our Site will not track your use across multiple websites other than the Company’s brand websites, but other websites (including, without limitation, websites of certain of our subsidiaries, affiliates and third party providers, such as our career portal provider) to which we link may continue to track you.  When our Site receives web requests from a user who enables DNT/GPC by actively choosing an opt-out setting in the user’s browser, we will also take reasonable efforts to disable tracking cookies/scripts (e.g. Google Analytics, Google Ads, Facebook, X (f/k/a Twitter) and/or other third party scripts). 

We and other third-parties, including our Agents, may collect information about your online activities over time and across different websites, including when you visit our Site.  You can learn about how to exercise choice regarding the collection of information about your online activities by visiting http://www.aboutads.info

We are committed to safeguarding your privacy and ensuring that your personal data is protected.  Any personal information and data collected through the cookies on our Site will be protected by us pursuant to our Privacy Notice, including the Special U.S. Privacy Information section of the Privacy Notice.

It is always possible for you to visit our Site without disclosing your Personal Data.  This requires that you have disabled cookies.  You can opt out of the processing of such Personal Data via the Cookie Consent Banner displayed at the bottom of the relevant Site or on our Do Not Share My Personal Information page.

Please note, however, that, when you disable the cookies or opt out of the sharing of your information, you may not be able to use all of the features of our Site or online services.

If you have any questions about the cookies on our Site or any of the information, including, without limitation, personal data, collected, used or shared by the cookies, please contact our Chief Privacy and Data Protection Officer, whose contact information is below:

  • By telephone at 844-931-2041
  • By email at [email protected]
  • By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.