EFFECTIVE DATE: April 30, 2024
Post Holdings, Inc., a Missouri corporation, together with its subsidiaries (collectively, “Post” or “we” or “our”), wants our job applicants to be familiar with how and why we collect, use and disclose information about you. The privacy and security of the personal data and information that we collect from or about you (“Personal Data”) is important to us. It is equally important that you understand how we handle this information.
By applying for a job with Post, you expressly acknowledge that you have read, understand, and agree to all of the terms of this Privacy Notice as outlined below and as it may be modified by us from time to time with or without prior notice. If you are a resident of the State of California, please see our California Job Applicant Privacy Notice section below.
Please note that this Notice does not apply to employees, and if you are hired by us, you will be provided with Post’s Employee Privacy Statement. Please also note that this Notice does not apply to any information collected from you when you are acting as regular consumer of Post’s or any of its subsidiary’s products. Please consult our general Privacy Notice located at www.postholdings.com/privacy-notice for more information on our general privacy practices not related to you seeking employment with us. If you have any questions about any of the information in this Notice, please contact us by clicking here.
Collection of Personal Data
In the course of conducting our business and complying with applicable federal, state, and local government regulations we must collect Personal Data from you during the application process. The nature of the Personal Data collected varies somewhat for each applicant, depending on the employment responsibilities for the job you are seeking, your citizenship, the location of the facility where you are applying for work, and other factors. We collect Personal Data from you solely for business purposes, including those related (1) to your job application with Post, (2) to requirements from governmental agencies, (3) to compliance with applicable law and (4) to operate our job applicant website.
Personal Data collected may include, without limitation, such things as:
- Your name
- User ID(s)
- Phone numbers
- Email address(es)
- Mailing addresses
- Government-issued identification numbers (e.g., Social Security or driver’s license)
- Date of birth
- Gender, race, and ethnicity
- Professional and employment history
- Educational history
Post will not knowingly collect or use Personal Data in any manner inconsistent with this statement, as it may be amended from time to time, or applicable law.
Your refusal or failure to provide Personal Data required by law may disqualify you from employment with Post.
Use of the Personal Data We Collect
The primary purposes for collection, storage and/or use of your Personal Data include, but are not limited to:
- Recruitment and Hiring. We collect, store, analyze, and share (internally) Personal Data in order to attract, recruit and hire a highly qualified workforce.
- Legal Compliance. We collect, use and store Personal Data to comply with obligations under federal, state, and local laws, regulations, and requirements.
- Safety, Security, and Health. We use such Personal Data as appropriate to ensure the safety and protection of employees, assets, resources, and communities.
- Fraud Prevention, Audits, and Investigations. We use and analyze Personal Data as appropriate to ensure the accuracy of information provided to us by job applicants.
- Travel and Expenses. We collect, store, and use Personal Data as appropriate to facilitate travel and expense reimbursements during the recruitment process.
- Physical and Technical Security. We collect, store, and use Personal Data to ensure the security of our facilities and systems accessed by job applicants during the recruitment process.
Through the operation of our job applicant website, we and our service providers may also use the information collected for the purposes of showing you other job postings that might be of interest to you, both within the Post organization and from other employers.
Disclosure of Personal Data
Post acts to protect your Personal Data and ensure that unauthorized individuals do not have access to your Personal Data by using reasonable security measures intended to protect your Personal Data from unauthorized disclosure. We do disclose your Personal Data under the following circumstances.
- Legal Requests and Investigations. We may disclose your Personal Data when such disclosure is reasonably necessary (i) to prevent fraud; (ii) to comply with any applicable statute, law, rule, or regulation; or (iii) to comply with a court order.
- Third-party Vendors and Service Providers. We do, from time to time, outsource services, functions, or operations of our business to third-party service providers. When engaging in such outsourcing, it may be necessary for us to disclose your Personal Data to those service providers, e.g., a job applicant portal provider. In some cases, the service providers may collect Personal Data directly from you on our behalf.
- Protection of Post and Others. We may release Personal Data when we believe release is necessary to comply with the law; enforce or apply our policies and other agreements; or protect the rights, property, or safety of Post, our employees, or others. This disclosure will never, however, include selling, renting, sharing, or otherwise disclosing your Personal Data for commercial purposes in violation of the commitments set forth in this Privacy Notice.
We and our service providers will also disclose your Personal Data as necessary to show you other job postings that might be of interest to you.
Security of Your Personal Data
We employ commercially reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality and security of your Personal Data. Within our organization, only authorized employees have access to Personal Data.
Updating and Accessing Your Personal Data
You must promptly inform us when changes occur in the Personal Data you have provided so that we can maintain accurate Information about you. Although you may update or change your Personal Data, we may maintain such Personal Data previously submitted in historical archives.
California Job Applicant Privacy Notice
Effective Date: April 30, 2024
Post Holdings, Inc., a Missouri corporation, together with its subsidiaries, (“Post,” “we” or “us”) wants our job applicants to be familiar with how and why we collect, use and disclose information about you. This Privacy Notice (this “Notice”) explains our practices regarding the collection, use, and other processing of information that identifies or reasonably could be used to identify a job applicant in connection with applying for a job with us and to comply with the California Consumer Privacy Act of 2018 (as the same has been amended and may be amended in the future, “CCPA”) and the California Privacy Rights Act (as the same has been amended and may be amended in the future, “CPRA”). Any terms defined in the CCPA or the CPRA shall have the same meaning when used in this Notice.
This Notice applies to each job applicant who applies for a job with Post and who is a resident of California in the context of seeking employment with us (a “job applicant” or “you”). As used in this Notice, the term “job applicant” refers to an individual who is a California resident and who is a current or former prospective employee, owner, director, officer, or independent contractor of Post. The term “job applicant” includes individuals who are seeking positions for full-time, part-time, variable (short-term) and seasonal schedules, as well as internships. This Notice neither creates nor forms part of any contract of employment or other service agreement and applies only to job applicants who are California residents. We may update this Notice at any time as necessary. It is important that you read this Notice, so you are aware of how and why we use your Personal Data.
Please note that this Notice does not apply to employees, and if you are hired by us, you will be provided with Post’s California Employee Privacy Notice. Please also note that this Notice does not apply to any information collected from you when you are acting as regular consumer of Post’s or any of its subsidiary’s products. Please consult our general Privacy Notice located at www.postholdings.com/privacy-notice for more information on our general privacy practices not related to you seeking employment with us. If you have any questions about any of the information in this Notice, please contact us by clicking here.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular job applicant or job applicant’s household (“Personal Data”). Post collects and receives certain Personal Data from and about you during the job application process or otherwise by engaging with you.
Post may also collect and receive certain Sensitive Personal Data from and about you during the job application process. Under the CCPA and CPRA, “Sensitive Personal Data” means a job applicant’s health-related Personal Data or Personal Data that reveals a job applicant’s social security; driver’s license; state identification card; passport number; account log-in, financial account, debit card, or credit card number, in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; mail, email, or text message content, unless Post is the intended recipient of the communication; genetic data; biometric information for unique identification purposes; or sex life or sexual orientation.
We do not, and will not, sell the Personal Data or Sensitive Personal Data we collect or receive from or about you or any other job applicants, including any individuals under the age of 16. We also do not, and will not, share Sensitive Personal Data we collect from you or other job applicants, including any individuals under the age of 16, with third parties for cross-context behavioral advertising. However, we and our service providers may share your Personal Data with third parties for the purposes of showing your other job openings that may be of interest to you. These job openings may be within the Post organization or from other employers. As used herein this Notice, “share” refers to sharing for purposes of cross-context behavioral advertising, as contemplated under the CCPA and CPRA. Applicable law prohibits the third parties who receive the Personal Data from selling or resharing it to others unless you have received explicit notice and an opportunity to opt-out of further sales or sharing.
We may collect or receive the following categories of Personal Data and Sensitive Personal Data about job applicants. Not all categories will be collected for every job applicant. Information is collected based on the need. The tables below also lists, for each category, whether we have collected such information in the last twelve (12) months and, if we have, our expected retention period and use purposes for each category of Personal Data and Sensitive Personal Data.
PERSONAL DATA CATEGORY | DESCRIPTION | COLLECTED IN PAST TWELVE (12) MONTHS | RETENTION PERIOD (in absence of a deletion request or legal requirement) | USE PURPOSES | SOLD OR SHARED FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING/ TARGETED ADVERTISING |
Identifiers | includes both direct identifiers like a name or an address, and identifying numbers like an applicant/employee ID number, as well as identifying information about devices you use to connect to Post’s or its subsidiary’s application portal. | Yes | 3 years from the job application date | Recruitment and Hiring Physical and Technical Security Travel and Expenses Fraud Prevention, Audits, and Investigations Safety, Security, and Health Legal Compliance | Yes, shared but not sold |
Legally Protected Information | includes Personal Data protected by California or federal laws such as date of birth, gender, military status, or other. | Yes | 3 years from the job application date | Recruitment and Hiring Travel and Expenses Legal Compliance | No |
Professional or Employment-Related Information | includes information such as organizational position, current or past job history or performance evaluations, salary, hours worked, training, job positions, work communications, etc. | Yes | 3 years from the job application date | Recruitment and Hiring Physical and Technical Security Travel and Expenses Legal Compliance | Yes, shared but not sold |
Commercial Information | includes information about services or products purchased, or consuming history or tendencies. In the case of job applicants this would be focused on travel expenses. | Yes | Up to 7 years | Travel and Expenses Fraud Prevention, Audits, and Investigations Legal Compliance | No |
Internet or Other Similar Network Activity | includes information that we may have collected about browsing history, searches, interaction with our job application website. | Yes | Up to 13 months | Recruitment and Hiring Physical and Technical Security Fraud Prevention, Audits, and Investigations Legal Compliance | Yes, shared but not sold |
Non-Public Education Information | includes information directly related to a student that is maintained by educational institutions provided to us during the job application process. | Yes | 3 years from the job application date | Recruitment and Hiring Legal Compliance | Yes, shared but not sold |
Geolocation Data | includes general geolocation information, but not precise geolocation, which is Sensitive Personal Data. | Yes | 3 years from the job application date | Recruitment and Hiring Travel and Expenses Legal Compliance | Yes, shared but not sold |
Inferences Draw from Other Personal Data | is a profile drawn from other information that reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes | 3 years from the job application date | Recruitment and Hiring | Yes, shared but not sold |
SENSITIVE PERSONAL DATA CATEGORY | DESCRIPTION | COLLECTED IN PAST TWELVE (12) MONTHS | RETENTION PERIOD | USE PURPOSES | SOLD OR SHARED FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING/ TARGETED ADVERTISING |
Government Identifiers | includes a job applicant’s social security, driver’s license, state identification card, or passport number | Yes | 3 years from the job application date | Recruitment and Hiring Fraud Prevention, Audits, and Investigations Legal Compliance | No |
Account Credentials | includes log-in usernames used on our application website | Yes | Collected and maintained via our job application portal service providers. Each service provider sets its own retention period in accordance with its own policies and procedures and users may have the ability to change their account credentials. | Recruitment and Hiring Fraud Prevention, Audits, and Investigations Legal Compliance | No |
Precise Geolocation | includes any data that is derived from a device and that is used or intended to be used to locate a job applicant within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet. | Yes | 1 year from collection | Recruitment and Hiring Physical and Technical Security Fraud Prevention, Audits, and Investigations | No |
Racial or Ethnic Origin | includes a job applicant’s race and ethnic or cultural origins | Yes | 3 years from the job application date | Recruitment and Hiring Legal Compliance | No |
“Personal Data” does not include:
- Publicly available information from government records.
- Deidentified or aggregated Personal Data of a California resident.
- Information excluded from scope by law, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
- Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of Personal Data and Sensitive Personal Data listed above from the following categories of sources:
- Directly from you. For example, from forms you complete in connection with your job application.
- Indirectly from you. For example, from observing your actions on our job application portal.
- From third parties, for example, our business partners, affiliates, and subsidiaries that interact with you or your Personal Data or Sensitive Personal Data. We may allow third parties to control the collection of Personal Data or Sensitive Personal Data from you. These third parties may have an obligation to provide you with a notice of collection, too. These third parties are not governed by this Notice and may collect and treat information collected differently than us. We are not responsible for the privacy practices, or the content of websites owned and operated by any such third parties. For information about these third parties’ business practices, please contact Human Resources.
Disclosing Personal Data
We may disclose your Personal Data, including Sensitive Personal Data, to a third party for a business purpose. When we disclose Personal Data or Sensitive Personal Data for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Data or Sensitive Personal Data confidential and not use it for any purpose except performing the contract.
We may disclose your Personal Data or Sensitive Personal Data with the following categories of third parties:
- Service providers, including payroll providers, talent management providers, information technology services providers, and software providers.
- Legal, accounting, or other advisors.
- Our affiliates and subsidiaries.
Disclosures of Personal Data for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of Personal Data for a business purpose:
- Identifiers;
- Legally Protected Information;
- Professional or Employment-Related Information;
- Commercial Information;
- Internet or Other Similar Network Activity;
- Non-Public Education Information;
- Geolocation Data; and
- Inferences Draw from Other Personal Data.
We have also disclosed the following categories of Sensitive Personal Data for a business purpose:
- Government Identifiers;
- Account Credentials;
- Precise Geolocation;
- Racial or Ethnic Origin; and
We disclosed this Personal Data and Sensitive Personal Data for a business purpose to the following categories of third parties in the past twelve (12) months:
- Service providers, including payroll providers, talent management providers, information technology services providers, and software providers.
- Legal, accounting, or other advisors.
- Our affiliates and subsidiaries.
As disclosed in the tables above, we may share your Personal Data with third parties for showing you other job postings that you might be interested in, which may constitute cross-context behavioral advertising under applicable law.
Your Rights and Choices
The CCPA and CPRA provide California residents with specific rights regarding their Personal Data. This section describes your rights under these laws and explains how to exercise those rights.
A. Access to Specific Information and Data Portability Rights
You have the right to request that we disclose the categories and specific pieces of information we have collected and certain information to you about our collection and use of your Personal Data, including Sensitive Personal Data, over the past twelve (12) months. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will disclose to you:
- The categories of Personal Data, including Sensitive Personal Data, we collected about you.
- The categories of sources for the Personal Data, including Sensitive Personal Data, we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Data, including Sensitive Personal Data.
- The categories of third parties with whom we share that Personal Data, including Sensitive Personal Data.
- The specific pieces of Personal Data, including Sensitive Personal Data, we collected about you (also called a data portability request).
- If we sold, shared, or disclosed your Personal Data, including Sensitive Personal Data, for a business purpose, separate lists disclosing:
- Sales or sharing, identifying the Personal Data, including Sensitive Personal Data, categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the Personal Data, including Sensitive Personal Data, categories that each category of recipient obtained.
B. Correct Specific Information.
You have the right to request that we correct inaccurate Personal Data and Sensitive Data about you. Once we receive and verify your request (please see Exercising Access, Data Portability, Correction, and Deletion Rights below for more information), we will use commercially reasonable efforts to correct the information to comply with your request.
C. Deletion Request Rights
You have the right to request that we delete any of your Personal Data, including Sensitive Personal Data, that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
For example, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Take actions reasonably anticipated within the context of the job application process with you or otherwise perform a contract with you.
- Help to safeguard security and integrity of your Personal Data and Sensitive Data to the extent the use of your Personal Data and Sensitive Data is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another California resident to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with job applicant’s expectations based on your relationship with us.
- Comply with a legal obligation.
D. Exercising Access, Data Portability, Correction and Deletion Rights
To exercise the access, data portability, correction and deletion rights described above, please submit a verifiable request to us through one of the following:
- By telephone at 844-931-2041
- By submitting the form found here
- By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.
When you use one of the request methods above, we will request certain information for verification purposes, such as your name, address, and e-mail address. We will use this information to verify this is a permitted request, such as by matching your name and address with information in our records. Depending on the type of request, we may require a certain number of data points to allow for verification.
Only you, or a person properly authorized to act on your behalf, may make a verifiable request related to your Personal Data.
An authorized agent may make a request on your behalf using the request methods designated above. Additionally, if you use an authorized agent to submit a request, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.
The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized agent of such person.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
Making a verifiable request does not require you to create an account with us.
We will only use Personal Data provided in a verifiable request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sharing opt-out rights, see Personal Data Sharing Opt-Out and Opt-In Rights.
E. Right to Limit Use and Disclosure of Sensitive Personal Data.
You may have the right, at any time, to direct Post to limit our use and disclosure of your Sensitive Personal Data to use which is necessary for certain purposes enumerated in applicable law (“Enumerated Purposes”). To the extent we use or disclose your Sensitive Personal Data for purposes other than the Enumerated Purposes, you have the right to limit such use or disclosure. To the extent applicable, you may also have the right to withdraw consent you provided for our use and disclosure of your Sensitive Personal Data.
The Enumerated Purposes include the following:
(1) To help to safeguard security and integrity of your Personal Data to the extent the use of your Personal Data is reasonably necessary and proportionate for those purposes.
(2) To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
(3) To ensure the physical safety of natural persons.
(4) For short-term, transient use.
(5) To perform services on behalf of us.
(6) To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
(7) To collect or process Sensitive Personal Data where such collection or processing is not for the purpose of inferring characteristics about a job applicant.
Currently, we do not use Sensitive Personal Data for purposes other than the Enumerated Purposes above, and we do not sell or share any Sensitive Data.
F. Personal Data Sharing Opt-Out and Opt-In Rights.
Pursuant to applicable law, you have the right to direct us to not share your Personal Data at any time (the “right to opt-out”).
We do not have actual knowledge that we share the Personal Data of consumers under 16 years of age. We will not share the Personal Data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Persons who opt-in to Personal Data sharing may opt-out of future sharing at any time.
To exercise the right to opt-out, you (or your authorized agent) may submit a request to us by visiting the following Internet Web page link: Do Not Share My Personal Information
You may also exercise the right to opt-out using an opt-out preference signal in a format commonly used and recognized by businesses, such as through an HTTP header field. When we receive an opt-out preference signal, we will treat it as a valid request to opt-out of the sharing for that browser or device sending the signal, and, if known, for the consumer.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sharing. However, you may change your mind and opt back in to Personal Data sharing at any time by indicating to opt in on our cookie consent page found here.
You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.
If you wish to opt out of interest-based advertising not provided by us, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences. You may also delete your delete your history, clear your cache, and delete or manage cookies through the browser and device settings. Finally, you may opt out of advertising directly through the third party provider itself. Please note that you may continue to receive generic ads.
G. Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
You may make a request for access or data portability free of charge twice within a 12-month period. Additional requests may be subject to a fee. We may charge a fee to process or respond to your request if it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
H. No Personal Data Sales
We do not sell any Personal Data or Sensitive Personal Data that we collect or use, including any Personal Data or Sensitive Personal Data from individuals under the age of 16.
Non-Discrimination
We will not discriminate or retaliate against you for exercising any of your rights.
Changes to this Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will provide you with the updated Notice and update the Notice’s effective date. This Notice will be posted on our job application portal, will be made available electronically, and may be updated periodically to reflect any changes in our privacy practices. We encourage you to check this Privacy Notice periodically to be aware of the most recent version.
Contact Information
If you have any questions or comments about this Notice, the ways in which Post collects and uses your information described in this Notice, your choices, and rights regarding such use, or wish to exercise your rights under California law after they are effective, please contact your supervisor or contact Post through one of the following:
- By telephone at 844-931-2041
- By email at [email protected]
- By mail at 2503 S. Hanley Rd., St. Louis, MO 63144.