Welcome to the Coca‑Cola Consumer Privacy Policy

The Coca‑Cola Company and its affiliates (together, Coca‑Cola or we) take your right to privacy seriously.  We appreciate that you trust us with your personal information and respecting your privacy is at the core of our interactions with you.

Coca‑Cola’s handling of personal information is guided by these principles:

  • Transparency
  • Respect
  • Trust
  • Fairness

Effective Date:  January 10th  2024

The Coca‑Cola Consumer Privacy Policy (Privacy Policy) describes the personal information that Coca‑Cola collects from or about users of the websites, mobile applications (Apps), widgets and other online and offline services that Coca‑Cola operates (together, the Services) and how we use and protect that personal information.  This Privacy Policy also explains how users can make choices about their personal information.  

When we refer to personal information (sometimes referred to as personal data under some laws) in this Privacy Policy, we mean information that identifies or can be used to identify an individual human being.  This means that personal information includes direct identifiers (such as name) and indirect identifiers (such as computer or mobile device ID and IP address).  When we refer to you or user, we mean someone who uses any of the Services.  When we refer to controller, we mean the person or entity that determines what personal information is collected from or about you and how that personal information is used and protected.  

How we collect, use and protect your personal information is subject to the laws in the places in which we operate.  This means that we may have different practices in different places.  For more information, please see Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who to contact.  

IF YOU HAVE QUESTIONS ABOUT HOW COCA-COLA PROCESSES YOUR PERSONAL INFORMATION, PLEASE CONTACT PRIVACY@COCA-COLA.COM.

WHAT’S IN THIS PRIVACY POLICY?

This Privacy Policy is divided into the following sections: 

1. WHEN DOES THIS PRIVACY POLICY APPLY? 

This Privacy Policy was posted and is effective for new users on January 10, 2024.

The prior versions of our Privacy Policies apply until January 20, 2024 and are available upon request to privacy@coca-cola.com.

2. WHERE DOES THIS PRIVACY POLICY APPLY? 

The Privacy Policy applies to the personal information collected from users of the Services in which the Privacy Policy is posted or linked, when the Privacy Policy is specifically referenced in the Services or when Coca‑Cola asks you to acknowledge it.  This Privacy Policy also covers personal information that we collect from consumers who contact us by email, telephone and offline, such as during an in-person event. 

This Privacy Policy also may apply to personal information provided to us by consumers who engage with us through social media.  Please contact us at Privacy@coca-cola.com if you have questions about whether this Privacy Policy applies to specific personal information connected with social media.

This Privacy Policy does not apply to websites and other online services operated by other organizations.  Those other websites and services follow their own privacy policies, not this Privacy Policy.  Please make sure to check those privacy policies so you know how your information is handled.

3. WHAT TYPES OF PERSONAL INFORMATION DOES COCA-COLA COLLECT AND WHY? 

a. Information you choose to give us

We collect the personal information you choose to share with us.

The personal information that you choose to give to us typically includes the following types of personal information.  Please review below to learn more about the categories of personal information that Coca‑Cola collects and why it is collected:

Contact and Account Information

Coca‑Cola requests your first and last name, email address and/or mobile telephone number and date of birth to create an account on the Services.  We also may collect username and password, age, mailing address, government-issued identifier and similar contact information.

  • To maintain your online account if you choose to create one

  • To verify identity and eligibility for certain Services

  • To customize your experience of the Services

  • To offer access to exclusive content, discounts and other opportunities

  • To administer a sweepstakes, contest or other promotion or a loyalty program

  • To complete a purchase and deliver products 

  • To send information that we think will interest you, which is sometimes personalized based on the information associated with your account

  • To request your feedback, such as through a survey about a new product

  • To respond to your questions and provide customer service

  • For research and innovation

  • When you attend an in-person event, such as events  sponsored or hosted by Coca‑Cola or product sampling

User Generated Content (UGC)

Coca‑Cola collects the posts, comments, opinions, voice recordings, photos and videos that you choose to submit through the Services

  •  To monitor online communities 
  • To record and act on your comments and opinions, such as in surveys, customer service inquiries and other free-form text boxes

  • To administer your participation in promotions that include submission of UGC

  • In connection with participation in specific promotions or other Services, such as Coca‑Cola’s smart coolers.

Photos, voice recordings and videos that you choose to share may constitute biometric data under some laws. Coca‑Cola collects biometric data only with your specific consent.

Information associated with an account on a social media platform

When you connect or log into the Services through your social media account, such as Facebook and Twitter, we collect the personal information permitted by the social media platform and your account permissions, such as your profile photo, email, like and interest and friends, followers or similar lists.

  •  To personalize your experience of the Services
  • To respond to your comments and inquiries posted on the social media platform and analyze communications (such as tweets or posts) with or about Coca‑Cola to better understand how consumers view Coca‑Cola

(If you decide later that you do not want to provide us with information from your social media account, then please adjust the privacy settings in your social media account.)

Location Data

We collect precise geolocation ( aka GPS) data when permitted through our Apps when you choose to allow it through your mobile device’s operating system and otherwise with your consent, as required.

Approximate location from an IP address or connections to WiFi, Bluetooth or a wireless network service is automatically collected when you use the Services.

We collect this location data:

  •  To customize your experience of the Services
  • To let you know when products, promotions or events are available near you or allow other users to see your location when you choose to allow it

  • To send geographically-relevant advertising

Other Personal Information shared through the Services

We collect

  •  To administer our online communities 
  • To manage promotions and other features of the Services that allow you to share your personal information

b. Information about use of our Apps

When you download and install one of our Apps, the information that we collect depends on your mobile device’s operating system and permissions.  Our Apps need to use certain features and data from your mobile device in order to function.  For example, if you want a seamless online to App experience we need to collect and link information from your web browser.

To learn more about the specific information collected by an App, please check your device settings or review the permissions information available on the particular platform (e.g., Google Play and the App Store) from which you downloaded the App.  Certain Apps also allow you to check or change your status for certain data collection in the App settings.  If you change your settings, certain App features may not function properly.  

To stop collection of all information through an App, please uninstall the App.

c. Information automatically collected during use of the Services

We automatically collect certain information from and about use of the Services from users’ computers and mobile devices.  Some automatically-collected information is personal information under certain laws.  This information is automatically collected using cookies, pixel, web beacons and similar data collection technology (collectively, data collection technology). 

The information that we automatically collect includes:

  • information about your computer or mobile device, such as device type and identification number, browser type, internet service provider, mobile network and operating system

  • IP address and broad geographic location (e.g., country or city-level location) 

  • how a computer or mobile device interacts with the Services, including the date and time the Services are accessed, search requests and results, mouse clicks and movements, specific webpages accessed, links clicked and videos watched

  • traffic and usage measurements 

  • data about the third-party sites or services accessed before interacting with the Services, which is used to make advertising more relevant for users

  • interactions with our marketing communications, such as whether and when a Coca‑Cola email is opened

d. Information collected from third parties

From time to time, we receive personal information from third parties that we use to learn more about our users, personalize user experience and more effectively promote and improve the Services.

The types of personal information that we receive from third parties are:

  • Personal information associated with purchases.  Payment card purchases are processed by third-party payment processors. Coca‑Cola does not have access to complete bank account numbers, credit card numbers or debit card numbers

  • Personal information that is commercially available from marketing services providers or collected by marketing partners through campaigns and events, which is used to help identify individuals who may be interested in learning more about Coca‑Cola and to supplement personal information we already have.  This personal information includes insights from matching our pseudonymized data sets with third parties’ pseudonymized data sets, including though data clean rooms (see also Section 4 below).

  • Personal information that we receive from the third-party advertising partners that help us provide more relevant advertising 

  • Personal information shared with Coca‑Cola by bottler partners

  • Personal information from publicly-available sources

  • Personal information from law enforcement and other government authorities (but only in rare cases)

We may combine information that Coca‑Cola has about you or combine data from third-party data sources.  We require that each third-party data provider confirm that its sharing of personal information with Coca‑Cola is transparent to consumers and otherwise lawful.

e. Other information collected with your consent

We may ask you for your consent to collect specific types of personal information so that you can participate in new activities, receive exclusive content or test new features.  Under some privacy laws, Coca‑Cola is required to obtain consent before collecting and using personal information.  Please see Section 9 for details.

4.  HOW DOES COCA-COLA USE PERSONAL INFORMATION?

Coca‑Cola uses personal information to provide and improve the Services, manage our business, protect users and enforce our legal rights.

We use personal information to provide, personalize and improve the Services (in each case as permitted by applicable law), including:

  • To create and update users’ accounts and fulfill users’ requests

  • To centralize consumers’ personal information in a database managed by a third party on our behalf and append information collected from third parties

  • To send marketing and non-marketing communications to users

  • To enable communications among users, such as an online community

  • For targeted advertisements (also sometimes referred to as personalized or interest-based advertising) based on information generated by a user’s online activity, such as visiting websites that contain our advertising partners’ ads or cookies, some of which are based on geo-location.  

  • To learn more about our users so we can recommend content that we think will interest particular users

    - In particular, we develop insights about users by participating in ‘data clean rooms.’  Through a data clean room, we run queries and extract outputs and insights from data offered by third parties that also participate.  Data used in data clean rooms is shared by other businesses and participants in a format that does not directly reveal or expose personal information; instead, before matching, an identifier is created and used to match the third-party data sets with Coca‑Cola’s pseudonymized personal information. (Using personal information for the purpose of creating pseudonymized data involves prior profiling of data sets.)   After the matching process, we receive aggregated information about our audience that does not allow for enrichment of individual data sets unless we inform you or otherwise obtain separate consent.  Data sharing in data clean rooms is for the purpose of audience discovery, audience expansion, audience targeting and look-alike audience modelling. 

  • For promotion and loyalty program administration

  • For customer service 

  • For facilitating payment

  • To analyze how users interact with the Services and activity trends so that we can develop new features and content that meet our consumers’ expectations 

  • To improve the Services and users’ experience of them

  • For data analytics, research, product development and machine learning that enable us to better understand our consumers and offer innovations for them

  • For monitoring and testing the Services, including to troubleshoot operational problems

  • To create anonymized data, which are not subject to this Privacy Policy, that are used in improving Coca‑Cola’s products and services and similar business purposes and otherwise as permitted by contract and law 

  • To detect and protect against fraud, abusive and unauthorized use of the Services

  • For risk management and similar administrative purposes, such as to monitor and enforce compliance with user agreements and otherwise comply with laws applicable to Coca‑Cola

5. DOES COCA-COLA USE COOKIES AND OTHER DATA COLLECTION TECHNOLOGY?

We use cookies and other data collection technology to recognize you and/or your device(s) when you use the Services and collect personal information about you.  

In some rare cases, there may be some websites that are part of the Services which have specific notices about cookies and other data collection technology that apply to specific websites and consumers.  If you visit a Coca‑Cola website with a notice about cookies, then that website’s cookie notice applies.

What are cookies?

Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer or device, such as settings, browsing history and activities conducted while using the Services.

Coca‑Cola also uses “pixels” (sometimes called web beacons). Pixels are transparent images that can collect information about email opens and website usage across websites and over time.

Cookies that Coca‑Cola sets in the Services are called first-party cookies. Cookies set in the Services by any other party are called third-party cookies. Third-party cookies enable third-party features or functionality on or through the Services, such as analytics and marketing automation. The parties that set third-party cookies can recognize your device both when you use it to access the Services and also when you use it to visit certain other websites.  To learn more about cookies generally, visit www.allaboutcookies.org

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked.  If a website that responds to a particular DNT signal receives the DNT signal, the browser blocks that website from collecting certain information from the browser cache. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Coca‑Cola, do not yet respond to DNT signals.

Why does Coca‑Cola use cookies and other data collection technology?

Some cookies are required for the Services to operate. Other cookies enable us to track the interests of users for targeted advertising and to enhance the experience of the Services.

The types of cookies served on through the Services and why they are used is as follows:

  • Strictly necessary cookies are required for the Services to operate.

  • Performance or Analytics cookies collect information about how the Services are used so we can analyze and improve the Services. Performance or analytics cookies typically remain on your computer after you close your browser until you delete them.

  • Advertising cookies are used to make advertising messages more relevant to you by helping us display advertisements that are based on your inferred interests, prevent the same ad from appearing too often and ensure that ads are properly displayed for advertisers.

  • Social media cookies allow users to interact more easily with social media platforms. We do not control social media cookies and they do not allow us to gain access to your social media accounts without your permission. Please refer to the relevant social media platform’s privacy policy for information about the cookies used.  

Data collection technology enables Coca‑Cola to monitor the traffic patterns from one webpage to another, to deliver or communicate with cookies, to understand whether users visit the Services after seeing our online advertisement displayed on a third-party website, to improve performance of the Services and to measure the success of our email marketing campaigns.  Coca‑Cola’s Cookie Policies (available in certain jurisdictions) describe Coca‑Cola’s use of data collection technology. 

Google Products

Where permitted by applicable law, the Services use Google Analytics for targeted advertising (which Google sometimes refers to as ‘remarketing’).  Google uses cookies that Google recognizes when consumers visit various websites.  The data collected through Google’s cookies helps Coca‑Cola analyze how the Services are used and, for some Services and in some jurisdictions, to personalize marketing communications and digital advertising.

The Services also embed videos from YouTube (a Google company) by framing.  This means that, after you click the button to play a YouTube video through the Services, a connection between the Services and  the YouTube servers is established.  Then, an HTML link provided by YouTube is inserted into the code of the Services to create a playback frame. The video stored on the YouTube servers is then played by the frame in the Services.  YouTube also receives information that informs YouTube that you are currently using the Services: your IP address, browser information, the operating system and settings of the device you are using, the URL of the current web page, previously-visited web pages if you have followed a link, and the videos you watched.  If you are logged into your YouTube account, the information may be associated with your YouTube user profile. You can prevent this association by logging out of your YouTube account before using the Services and deleting the corresponding cookies.

For more information about how Google collects, uses and shares your information, please visit Google’s Privacy Policy.

For more information about how Google uses cookies in advertising, please visit Google’s Advertising page.

To prevent Google Analytics from using your data, you can install Google’s opt-out browser add-on.

To opt out of ads on Google that are targeted to your interests, use your Google Ads settings.

If you are located in the EEA, Switzerland or UK, please note in particular that, if you allow Google’s cookies in Coca‑Cola’s Privacy Preference Center, the information generated by those cookies about use of the Services is transmitted to and stored by Google on servers in the United States. Coca‑Cola used technology tools, including Google’s IP Anonymization tool, to exclude the last part of your IP address before the data is transferred by Google to the United States, as well as Google’s tools for deactivation of data sharing and Google signals and User-ID settings in Google Analytics for certain jurisdictions.  Google will not associate an IP address with any other data held by Google.  

On behalf of Coca‑Cola, Google will use the data described above to compile reports that help Coca‑Cola operate and provide the Services.

Meta Products

Some part of the Services use products and features offered by Facebook, Instagram and Messenger and Facebook apps (Meta Products).  The Meta Products use tags, pixels (the Meta Pixel) and other unique tracking codes and technology that collect user information (including personal information) from the Services.  Facebook tracks user interactions with the Services after a user clicks on an ad placed on Facebook or other services provided by Meta (called a conversion) and enables Coca‑Cola to learn more about how users engage with ads and similar information.    The Meta Products use the collected data for Meta’s own purposes, including to improve the Meta Products.  Meta may transfer data that it collects from the Services to the USA and other countries, where you may have fewer rights to related to your personal information.  To learn more about how the Meta Products collect, use and process personal information and how you can manage or delete personal information about you, please see the Privacy Policy for the Meta Products at https://www.facebook.com/about/privacy.

Your Cookie Choices

You can set your browser to refuse all cookies or to indicate when a cookie is set. (Most browsers accept cookies automatically but allow you to disable them but note that some features of the Services may not work properly without cookies.) 

As noted above, Google has developed an opt-out browser add-on if you want to opt out of the cookies used for Google Analytics.  You can download and install the add-on for your web browser here.  You may refuse the use of these cookies by selecting the appropriate settings on your browser.  To learn more about how to view and manage your information on the Meta Products, please see here.

Certain jurisdictions in which the Services are available also have cookie policies which are separate from and supplement this Privacy Policy and tools to manage cookies.  Please refer to Section 9 for details.

6. HOW DOES COCA-COLA SHARE PERSONAL INFORMATION?

Coca‑Cola shares personal information with people and businesses that help operate the Services and carry out our business and when we are legally permitted or required to do so.  We also share personal information when a user requests that we share it.  We require that recipients of personal information from us comply with this Privacy Policy unless and until users are made aware that a different privacy policy or notice will apply.

Coca‑Cola shares personal information with the following categories of recipients:

  • Professional advisors, such as lawyers, accountants, insurers and information security and forensics experts.

  • Marketing vendors that help promote the Services (such as by email marketing) and from time to time supplement personal information that we already have.  For example, Meta receives and uses certain data related to the use of the Services to help us deliver personalized advertising on its platform and assess the effectiveness of this advertising.  

  • Service providers to enable them to perform services on our behalf, including data analytics, data security, ecommerce operations, surveys, research, administration of promotions, offers and loyalty programs and otherwise to help us carry out our business.  Some of these service providers have global responsibilities.

  • For strategic partnerships, such as with sports leagues and manufacturers and other providers of complementary offerings.

  • Through data clean rooms as described in Section 4.  Data sharing in a data clean room is for the purpose of audience discovery, audience expansion, audience targeting and look-alike audience modelling. 

  • Cloud storage providers.

  • Potential or actual acquirers or investors and their professional advisers in connection with any actual or proposed merger, acquisition or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Privacy Policy apply to personal information after the transaction or that users receive advance notice of changes to personal information processing.

  • Coca‑Cola affiliates and bottler partners.

  • Competent law enforcement, government regulators and courts when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend legal rights, or (iii) to protect the vital interests of users, business partners, service providers or another third party.

  • Other third parties with your permission.

If we share personal information, we require that the recipients handle personal information in compliance with this Privacy Policy and our confidentiality and security requirements.

7. HOW DOES COCA-COLA PROTECT PERSONAL INFORMATION?

Coca‑Cola takes care to secure and safeguard the personal information entrusted to us.  We use a variety of measures to help us protect personal information from unauthorized access and use.

Coca‑Cola uses technical, physical, and administrative safeguards intended to protect the personal information that we process. Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal information and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information.  Coca‑Cola cannot, however, fully eliminate security risks associated with the processing of personal information.  

You are responsible for maintaining the security of your account credentials. Coca‑Cola will treat access to the Services through your account credentials as authorized by you. 

Coca‑Cola may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security.  If you believe that information you provided to Coca‑Cola or your account is no longer secure, please notify us immediately at Privacy@coca-cola.com.

If we become aware of a breach that affects the security of your personal information, we will provide you with notice as required by applicable law. When permitted by applicable law, Coca‑Cola will provide this notice to you using the email address associated with your account or another permitted method associated with your account.

UNAUTHORIZED ACCESS TO PERSONAL INFORMATION THROUGH THE SERVICES – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.

8. HOW LONG DOES COCA-COLA RETAIN PERSONAL INFORMATION?

We retain personal information about a user for as long as user’s account is active and otherwise as long as necessary for the purposes described above.  We also retain personal information as long as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

We intend to keep your personal information accurate and up-to-date.  We retain the personal information that we handle subject to this Privacy Policy in accordance with our data retention policy.   When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law.  At the end of relevant retention period, we either delete or anonymize personal information or, if we cannot delete or anonymize personal information, then we segregate and securely store personal information until deletion or anonymization is possible.  

Once we anonymize personal information, it is no longer personal information. We use anonymized data subject to applicable law and contracts.

9. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?

You can make choices about Coca‑Cola’s handling of your personal information.  You can exercise your privacy rights by contacting Coca‑Cola as described in this Section 9 or using various tools available through your browser or that Coca‑Cola makes available. In some cases, your ability to access or control your personal information is limited by applicable law.

Mobile Device Preferences

Mobile operating systems and app platforms (e.g., Google Play, App Store) have permission settings for specific types of mobile device data and notifications, such as for access to contacts, geo-location services and push notifications.  You can use the settings on your mobile device to consent to or deny certain information collection and/or push notifications.  Certain Apps also may have settings that allow you to change permissions and push notifications.  For some Apps, changing settings may cause certain aspects of the App to not functional properly.

You can stop all information collection from an App by uninstalling the App.  If you uninstall the App, please also consider checking your operating system’s settings to confirm that the unique identifier and other activity associated with your use of the App is deleted from your mobile device. 

Opting out of Coca‑Cola’s Emails and Text Messages

To stop receiving promotional emails from Coca‑Cola, please click the “Unsubscribe” link at the bottom of the email.  After you opt out, we may still send you non-promotional communications, such as receipts for purchases or administrative information about your account.  

Your account settings also may allow you to change your notification preferences, such as push notifications from an App.  

To stop receiving promotional text messages (SMS or MMS), please send a reply text message indicating that you wish to stop receiving promotional text messages from us – such as by testing the word “Stop”.  You also may let us know as directed below in the “Contacting Us” section.  Please specify which types of communications you no longer wish to receive together with the relevant telephone number, address, and/or e-mail address.  If you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages, such as emails about your accounts or purchases

INFORMATION ABOUT PRIVACY RIGHTS AND CHOICES FOR SPECIFIC JURISDICTIONS IS PROVIDED IN SECTION 13 AT THE END OF THIS PRIVACY POLICY.  WE ENCOURAGE YOU TO REVIEW THE RELEVANT SECTIONS.  

IF YOU ARE LOCATED IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT US AT PRIVACY@COCA-COLA.COM. We respect your privacy rights and will do our best to accommodate your requests.

10. HOW DOES COCA-COLA PROTECT CHILDREN'S PRIVACY?

Some of the Services have age restrictions which means that we may ask questions to verify your age before we allow you to use those Services.  

In accordance with our Responsible Marketing Policy, Coca‑Cola does not direct marketing for our products to children under age 13.  If you become aware that a child under age 13 or the age set under local law has provided us with personal information without parental consent or other than as allowed by applicable law, please contact our Privacy Office at privacy@coca-cola.com. Once we become aware, we will take steps to remove the child’s personal information as required by applicable law.

11. DOES COCA-COLA TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?

Coca‑Cola may transfer personal information across borders to any of the places where we and our suppliers and business partners operate. These other places may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside. 

If your personal information is transferred across borders by us or on our behalf, we use appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law.  These safeguards include agreeing to standard contractual clauses or model contracts for transfers of personal information among the Coca‑Cola affiliates and among our suppliers and partners.  When in place, these contracts require our affiliates, suppliers and partners to protect personal information in accordance with applicable privacy laws.  

Please also see our Data Privacy Framework Privacy Policy, which describes how Coca‑Cola handles personal data that Coca‑Cola receives in the U.S. from the EU, UK and Switzerland in reliance on the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce (collectively, the DPF Framework).  If the terms in this Privacy Policy and the DPF Privacy Policy conflict, then the DPF Privacy Policy governs with respect to personal information that Coca‑Cola receives in the U.S. under the DPF Framework.  To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov/.

To request information about our standard contractual clauses or other safeguards for cross-border personal information transfers, please contact privacy@coca-cola.com.

12. WHEN IS THIS PRIVACY POLICY CHANGED? 

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments.  The most current version always is available through the Services.

When we update this Privacy Policy, we will post the updated version and change the Effective Date above.  We also will take appropriate measures to inform you in advance of significant changes that we believe affect your privacy rights so that you have an opportunity to review the revised Privacy Policy before it is effective.  If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised Privacy Policy applies to you.  Please regularly check this Privacy Policy to ensure you are aware of the updated version.

13. PRIVACY RIGHTS AND CHOICES FOR SPECIFIC JURISDICTIONS 

  • Residents of South Africa.

Personal information that is collected from you is required for you to have access to the Services.  Failure to provide this personal information may prevent you from accessing or using any or all of the Services.  Under the Protection of Personal Information Act 4 of 2013 (POPIA), personal information of juristic persons also is protected; therefore, in the event that apps or website are accessed on behalf of a juristic person, personal information of such juristic person should be protected.

Direct Marketing
All electronic direct marketing communication will be sent to you (until you opt out) when:

  • you consent to receive direct marketing communication in accordance with POPIA; or

  • we received your personal information in connection with the sale of any of our products or services to you so that we can communicate with you about our other products or services.  You can choose to opt out of receiving these marketing communications at the time by using the “unsubscribe” link or contacting us at using the contact information below.

Your Rights
You have the right to make the following requests about your personal information:

  • to ask whether Coca‑Cola holds personal information about you, free of charge

  • to request a record or a description of your personal information that Coca‑Cola holds about you in accordance with the process set out in the PAIA Manual accessible at coca-cola.co.za

  • to request that Coca‑Cola update or correct inaccurate or incomplete personal information about you

  • to request that Coca‑Cola stops using your personal information for any reason

  • to object to the processing of your personal information

  • to request that Coca‑Cola deletes your personal information

  • to request that Coca‑Cola restrict how your personal information is used, shared and otherwise processed

  • to request that Coca‑Cola transmit a copy of your personal information to you or to a third party selected by you.

We may (and in some cases are required to) verify your identity before we can act on your request to exercise your privacy rights.

How to contact us to exercise your privacy rights
To exercise your privacy rights, please contact Coca‑Cola  using one of these options:

  • email: CCSAINFO@COCA-COLA.COM

  • phone: 0860112526

  • write: Coca‑Cola Africa (Proprietary) Limited, Oxford and Glenhove, 116 Oxford Road, Houghton Estate, Johannesburg, 2198 att: Legal Team.

You have a right to lodge a complaint with the Information Regulator (South Africa) https://inforegulator.org.za/

Email: POPIAComplaints@inforegulator.org.za

Other Processing Details
We also automatically collect the following information:

  • Behavioral Data: Information derived from the combination of the device ID and the system events that may be used to identify behavioral trends and patterns and send you marketing communications related to the events you have participated in, subject to direct marketing requirements in terms of POPIA such as obtaining your prior consent.

  • Participation Data: Personal information pertaining to a data subject’s participation in a promotional competition, prize, poll, instant win promotion, contest and other types of promotions (e.g. type of promotion, date and time of participation to the promotion, outcome of the participation to the promotion, information required for prize fulfillment).

  • Analytics information: We may collect analytics data, or use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Services and to understand more about the demographics and behaviors of our users.

We also permit third-party online advertising networks, social media companies and other third-party services to collect information about the user’s use of the Services over time so that they may play or display ads on the Services used by the user and on other devices the user may use

The Services  may include social media features, such as the Facebook like button, LinkedIn, Snapchat, Instagram, Twitter or other widgets. These social media companies may recognize the user and collect information about the user’s visit to the Services, and they may set a cookie or employ other tracking technologies. The user’s interactions with those features are governed by the privacy policies of those companies which we do not have control over. We display targeted advertising to the user through social media platforms, such as Facebook, Twitter, Google+ and others with the user’s prior consent. Facebook, Twitter, Google have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in the Services while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.

For some of the Services, we use third-party tools to monitor user experience information. These tools automatically collect usage information, including mouse clicks and movements, page scrolling and any text keyed into website forms. The information collected does not include passwords, payment details, or other sensitive personal information. We use this information for site analytics, optimization and to improve website usability. We do not permit this information to be shared with or used by third parties for their own purposes.

Our online and email advertising-related vendors may use pixel tags, web beacons, clear GIFs or other similar technologies in connection with the Services to help manage our online and email advertising campaigns and strengthen the effectiveness of such campaigns. For example, if a vendor has placed a unique cookie on the user’s computer, the vendor may use pixel tags, web beacons, clear GIFs or other similar technologies to recognize the cookie during the user’s visit to the Services and to learn which of our online advertisements may have brought the user to the  Services, and the vendor may provide us with such other information for our use. We may link such other information provided to us by our vendors to Personal information about the user that we have previously collected.

We may use third-party advertising companies to serve advertisements on the Services. These companies may use information (not including the user’s name, address, email address or telephone number) about a user’s visits to the Services to provide advertisements about goods and services of interest to the user.

We may link or combine the user’s activities and information collected from the user through the Services with information we collect automatically through tracking technologies. This allows us to provide the user with a personalized experience regardless of how the user interacts with us through the Services.

 

  • Residents of Kenya

As provided to individuals in Kenya, the Services do not collect, store or read the location data through GPS, Wi-Fi or wireless network triangulation. An anonymized, randomly generated app ID is collected and used to detect user proximity to points of sales and send location-specific promotional messages and discounts offered in nearby locations.

While your personal information is generally stored on a central consumer database on servers located in Australia, Coca‑Cola also may store your personal information on our affiliates’ and suppliers’ systems in other countries, such as the United States of America, New Zealand, Singapore and others, as necessary from time to time.

We require third parties storing personal information to comply with Australian privacy laws and this Privacy Policy, and to only use your personal information for the purposes for which it has supplied.

If you wish to access or correct your personal information or have questions or concerns regarding this Privacy Policy or if you are concerned your privacy may have been breached, please contact us by any of the following means:

Email: privacyofficerau@coca-cola.com
Phone: Call our Consumer Information Centre on 1800 025 123 (within Australia)
Post: Attn: Privacy Officer
Coca Cola South Pacific Pty Limited
GPO Box 388
North Sydney, NSW 2059
Online: Use the “Contact Us” section at http://www.coca-cola.com.au and indicate that your query relates to “privacy”.

We will respond to you as soon as we are able and in any event within 30 days after receipt of your initial request.

If Coca‑Cola has valid reasons not to honor your request relating to your personal information, we will provide you with a written explanation and the mechanisms you can follow if you wish to complain about the refusal.

The controller of your personal information is:

Coca Cola South Pacific Pty Limited
Email: privacyofficerau@coca-cola.com
Phone: Call our Consumer Information Centre on 1800 025 123 (within Australia)
Post: Attn: Privacy Officer
Coca Cola South Pacific Pty Limited
GPO Box 388
North Sydney, NSW 2059   

Data Protection Regulator:
Office of the Australian Information Commissioner
Post: GPO Box 5218 Sydney NSW 2001
Address: 175 Pitt Street Sydney NSW 2000
Tel : 1300 363 992
Fax : 61 2 9284 9666
Email: foi@oaic.gov.au
Website: https://www.oaic.gov.au/

The controller of your personal information is: Representative Office of Coca‑Cola Southeast Asia, Inc., #287, National Road 5, Mittapheap Village,  Russey Keo District, Phnom Penh, Cambodia.

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are age 13 or older.  You also confirm that, if you are between age 13 years and age 18 years, you have obtained consent from your parent or legal guardian according to the terms and conditions of the promotion.

Coca‑Cola collects, uses, and discloses Personal Information for the purposes identified in our Privacy Policy and for any additional purposes, as permitted by law, with notice to you and your express or, where permitted, implied consent.

You have certain rights in respect of your information. To access or correct your Personal Information, please complete the form at the following link. Please note we may verify your identity before we can act on your request. 

For residents of Quebec: The person in charge of the protection of personal information about individuals residing in Quebec is Larissa Barbara Lourenco, who can be contacted by email at privacy@coca-cola.com.

The controller of your personal information is Coca‑Cola Ltd. (CCL). CCL is the indirect, wholly owned subsidiary of TCCC (incorporated under federal Canadian law). 

When you purchase or use products and use the Services (including WeChat official accounts, mini programs/H5 interfaces) provided by Coca‑Cola in mainland China, (collectively "Services"), we may collect and process your personal information in accordance with the following terms.  In addition to these terms, there might be service/product-specific policies.  In case of any conflict, the terms in our service/product-specific policy will prevail for the processing of personal information covered under the relevant service/product-specific policy. 

Types of Personal Information Coca‑Cola Collects in China
Personal information refers to various types of electronic or otherwise recorded information related to identified or identifiable natural persons, excluding anonymized information.

In order to provide services with you, we may collect the following personal information from or about you:

  • Basic personal information, which may include your name, date of birth, gender, address, personal phone number, and email address; and if you use our Services through a third-party account (such as WeChat), we may also collect your nickname, profile picture and other information about you at the third-party platform;

  • Personal identity information, which may include your ID card or other identity documents;

  • Online identity information, which may include your account number used for logging into our system, IP address, email address, and related password, token, password security answer, personal digital certificate for user authentication;

  • Information about frequently used devices, which may include the information describing the general conditions of such frequently used devices, including hardware serial number, device MAC address, software list, unique device identifier (such as IMEI/android ID/IDFA/OPENUDID/GUID, SIM card IMSI information;

  • Personal location information, which may include your whereabouts track, and precise location information;

  • Other personal information, which may include photo, video, voice recording, personal hobbies, consumption habits and order information.

Among these categories of personal information that we collect from you, certain information (e.g., your ID card and precise location information) may be identified as sensitive personal information under the applicable Chinese laws.  We will only process such sensitive personal information for the purposes disclosed in the section “WHAT TYPES OF PERSONAL INFORMATION DOES COCA-COLA COLLECT AND WHY?” above, to the extent permissible under the applicable Chinese laws, and will take strict security protection measures for such sensitive personal information.

Data Sharing

We will only share personal information necessary for the purposes disclosed in the section “WHAT TYPES OF PERSONAL INFORMATION DOES COCA-COLA COLLECT AND WHY?” above. The processing methods of these third parties may include collection, use, storage and deletion.

  • Affiliates of Coca‑Cola and bottlers
    In order to provide you with various marketing information, promotion events and interactive games, we may provide affiliates of Coca‑Cola, and our bottlers with your personal information, such as your basic personal information, personal identity information and personal location information.  

  • Business partners
    In order to provide you with various marketing information, promotion events and interactive games, we may share your personal information with business partners that we cooperate with.  The personal information that we may share with business partners may include your member account information, personal identity information, order information, personal location information and device information.

  • Service vendors
    Certain modules or functions in the business functions of the Services are provided by external vendors, and thus we may share your personal information with such service vendors, including our advertisement providers, research and analysis service providers, third-party payment institutions, logistics service providers, short-message service providers, and third-party service providers issuing electronic invoice.  The personal information we may share with these service vendors include your basic personal information, online identity information, and other personal information.  For vendors that we entrust to process your personal information, we will sign strict data protection agreements with them, requiring them to process your personal information in accordance with our requirements, this Privacy Policy and any other relevant confidentiality and security measures. We will record and store the entrusted processing of your personal information.

If Coca‑Cola needs to transfer your personal information due to merger, division, dissolution, declaration of bankruptcy, etc., we will inform you the recipient’s name and contact information and require the recipient to continue performing its duties as a personal information processing entity and continue to be bound by this Privacy Policy, otherwise the recipient will obtain your consent again.

How We Process Personal Information of Minors in China
The Services are mainly for adults. If you are a minor, we ask you to have your parent or guardian carefully read this Privacy Policy.  Please only use the Services or provide information to us if your parent or guardian provides consent.

For the collection of personal information of minors with parental consent, we will only use or publicly disclose such information when permitted by law, based on the parent or guardian’s explicit consent, or where it is necessary to protect minors. We will strictly follow the requirements in the Personal Information Protection Law and the Children’s Personal Information Network Protection Regulations.

If we discover that we collect any minor’s personal information without prior verifiable consent from their parent or guardian, we will try to delete the relevant data as soon as possible.

International Data Transfers
In principle, the personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.

If we need to transfer your personal information outside of China, we will obtain your separate consent before the transfer.  We will use lawful transfer mechanism permitted by laws and regulations before transferring your personal information overseas and will take necessary measures to ensure that the processing of personal information by overseas recipients meets the personal information protection standards stipulated by applicable Chinese laws.

Your Rights

  • Access.  You have the right to access your personal information, unless otherwise provided by laws and regulations.

  • Correct Your Personal Information.  When you find that the personal information we process about you is incorrect, you have the right to request us to make corrections.

  • Delete Your Personal Information.  In the following circumstances, if Coca‑Cola does not actively delete your personal information, you have the right to request us to delete your personal information:

- The purpose of processing has been achieved, is impossible to be achieved, or it is no longer necessary to achieve the purpose of processing;

- We stop providing services, or the retention period ends;

- You have withdrawn your consent;

- Coca‑Cola violates laws, administrative regulations, or agreements while processing your personal information.

When you delete information from our service, we may not be able to delete corresponding information in the backup system immediately due to restrictions of applicable law and security technology. But we will safely retain your personal information and restrict any processing of it until it can be cleared in the backup system.

  • Change the Scope of Your Authorization or Withdraw Your Authorization.  The operation of each business function requires some basic personal information. For collecting and using additional personal information, you may provide or withdraw your authorization and consent at any time. You may also choose to cancel or close certain functions.

  • Cancel Your Account.  You may cancel the registered account at any time. After receiving your application to cancel your account, we cannot guarantee that the corresponding information will be deleted from the backup system immediately. However, such information will be deleted when the backup system is updated unless otherwise provided by laws and regulations.

  • Obtain Copy of Personal Information.  You have the right to obtain a copy of your personal information.  Subject to conditions stipulated by the national cyberspace administration, we can also directly transmit a copy of your personal information to a third party designated by you at your request.

If you want to exercise the rights mentioned above, please send an email to ConsumerSupport-CN@coca-cola.com.  To ensure safety, you may need to prove your identity by providing a written request or other means.  We may ask you to verify your identity before processing your request.

 

 

Controller
The controller for the personal information collected in connection with use of the Services in the European Economic Area, Switzerland and United Kingdom is NV Coca‑Cola Services SA, a company with registered office at Chaussée de Mons 1424, 1070 Brussels.

Processing
Coca‑Cola’s processing of your personal information is described above in this Privacy Policy, including:

  • Personal information collected and why it is collected (Section 2)

  • How Coca‑Cola uses your personal information (Section 4) and shares your personal information (Section 6)

  • How long Coca‑Cola retains your personal information (Section 8

Legal Bases for Coca‑Cola’s Processing
The legal bases for Coca‑Cola’s processing of your personal information depend on the context in which the personal information is collected and processed. Generally, we only collect personal information when

(i) Coca‑Cola needs the personal information to perform a contract with you (such as our terms of use), in which case we will advise you whether providing your personal information is mandatory and the possible consequences if you do not provide your personal information; 

(ii) when we have consent to do so (which consent you can withdraw at any time using the contact information below); or 

(iii) when the processing is in our legitimate business interests and not overridden by the privacy or other fundamental rights and freedoms of users (such as when we process personal information to prevent fraudulent use of the Services).

(iv) if we collect and use personal information in reliance on our legitimate interests (or those of any third party), this interest is to provide the Services and communicate with you about the Services and for responding to queries, improving the Services, advising users about new features or maintenance or undertaking marketing activities and similar commercial interests to make the Services available for you.  We may have other legitimate interests and if appropriate we will make clear our legitimate interests at the relevant time.

In some cases, we also may have a legal obligation to collect personal information from users.  If we ask you to provide personal information to comply with a legal requirement, we will make this clear at the relevant time and advise you whether providing your personal information is mandatory and the possible consequences if you do not provide your personal information.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at privacy@coca-cola.com.

Cookie Policy
In the EEA, Switzerland and UK, Coca‑Cola has a cookie policy separate from this Privacy Policy.  Please check the Coca‑Cola website that you use for more information. 

Data Subjects Rights
To the extent provided under the GDPR, you have the following rights with respect to personal information concerning you:

  • Right of access your personal information

  • Right to rectification (i.e., correction, update)

  • Right to erasure 

  • Right to restrict processing 

  • Right to data portability (i.e., receive an electronic copy of your personal information for purposes of transmitting it to another organization)

  • Right to withdraw consent at any time

If you would like to access, correct, update, suppress, restrict, object to or delete personal information that you have previously provided to Coca‑Cola as or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company (where this right to portability is provided to you by law), please submit your request to us as follows:

  • Complete the One Trust form available here: privacyportal

  • By post at this address: Consumer Interaction Centre, PO Box 73229, London E14 1RP

  • Our EU Data Protection Officer is available at: dpo-europe@coca-cola.com

In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information suppressed from our database or other limitations you would like to put on our use of your personal information.  For your protection, we verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable and within the time periods required by applicable law.

Please also see our Data Privacy Framework Privacy Policy, which describes how Coca‑Cola handles personal data that Coca‑Cola receives in the U.S. from the EU, UK and Switzerland in reliance on the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce (collectively, the DPF Framework).  If the terms in this Privacy Policy and the DPF Privacy Policy conflict, then the DPF Privacy Policy governs with respect to personal information that Coca‑Cola receives in the U.S. under the DPF Framework.  To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov/.

Please note that we often need to retain certain personal information for recordkeeping purposes and/or to complete any transaction that you began prior to submitting your request (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the personal information provided until after the completion of the purchase or promotion). We also may not delete certain personal information for legal reasons.

How to Contact Data Protection Authorities

EU Data Protection Authorities

You have a right to lodge a complaint about how we process your personal information with the appropriate EU data protection authority.  Please click here for more information. 

Switzerland’s Data Protection Regulator

Office of the Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH - 3003 Berne
Tel: 41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Telefax: 41 (0)58 465 99 96
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html

United Kingdom’s Data Protection Regulator

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
https://ico.org.uk/global/contact-us/

Coca‑Cola may transfer personal information across borders to any of the places outside of Hong Kong where Coca‑Cola and our suppliers and partners do business. Other jurisdictions may have data protection laws that are different from (and, in some cases, less protective) than the laws in Hong Kong.

By using the Services (including our  Services and Apps), you consent to the transfer of your personal information to places outside of Hong Kong, and you acknowledge that such places may have data protection laws that are different from (and, in some cases, less protective) than those in Hong Kong.

Data Subjects Rights
To the extent provided under the Personal Data (Privacy) Ordinance (PDPO) in Hong Kong, you have the following rights with respect to personal information concerning you:

  • check whether Coca‑Cola hold information about you and to access such information;

  • require Coca‑Cola to correct any data relating to you which is inaccurate; and

  • ascertain Coca‑Cola policies and practices in relation to information and to be informed of the types of personal information held by Coca‑Cola.

As permitted under the PDPO, Coca‑Cola have the right to charge a reasonable fee for the processing of any data access request. The person at Coca‑Cola to whom requests for access to data or correction of data or for information regarding the policies and practices of and types of data held by us should be addressed to: 

System Administrator

(via mail)
Coca‑Cola China Limited
24/F, Cambridge House,
Taikoo Place,
979 King's Road,
Quarry Bay,
Hong Kong

The applicable law governing this Privacy Policy is Digital Personal Data Protection Act, 2023 (DPDPA), Information Technology Act, 2000 and Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information Rules, 2011, except as respect things done or omitted to be done before such supersession, issued under the Information Technology Act, 2000.

Email Address of the Grievance Officer appointed by Coca Cola India Private Limited (CCIPL): 

gocci@coca-cola.com.  

Registered Office of CCIPL: Plot No. 1109-1110, Village Pirangut, Taluka Mulshi, Distt. Pune

Corporate Office of CCIPL: 1601-1701, One Horizon Center, DLF Golf Course Road, Phase V, Sector 43, Gurgaon, Haryana

Rights of Data Principals
Under the DPDPA, you have the following rights:

  • Right to seek information on the personal data being processed, the processing activities, and identities of all the data fiduciaries and processors that their data has been shared with;

  • Can ask data fiduciaries to correct or erase your personal data;

  • Right to nominate an individual to exercise rights on your behalf in the event of death or incapacitation.

  • Right to avail grievance redressal mechanisms from the Data Fiduciaries.


Obligations of Data Fiduciaries under the DPDPA
We the Data Fiduciaries have the following obligations, including but not limited to these listed herein,  towards you:

  • We are responsible for compliance for any processing undertaken on our behalf by a Data Processor.

  • We will delete personal data, and/or cause our data processor to delete it, if you withdraw your consent or if it is reasonable to assume that the specified purpose is no longer being served. However, we will retain the data, if required by law. 

  • We are responsible for reporting personal data breaches.  Under DPDPA, personal data breach is broadly defined to include any ‘unauthorised processing’ or ‘accidental disclosure’ of personal data that compromises the confidentiality, integrity, or availability of personal data.

Privacy Policy is linked herein https://www.coca-cola.com/in/en/legal/privacy-policy

 

Your representation when participating in a promotion activity.
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 21 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

Coca‑Cola maintains and implements personal information protection policies and procedures.

You understand and agree that Coca‑Cola may transfer your personal data to a country outside of Indonesia. We will coordinate with the relevant authority before the transfer and where applicable, transfer of information to other jurisdiction will be done to a country with a data protection policy that is equal or stricter to the data protection regulation in Indonesia.

Coca‑Cola will inform you regarding a data breach involving your personal information as required by applicable law.

The controller of your personal information is: PT Coca‑Cola Indonesia South Quarter Tower B, Penthouse Floor, Jl. R. A. Kartini Kav. 8, Cilandak Barat, Jakarta Selatan

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with the Ministry of Communication and Informatics, Jl. Medan Merdeka Barat No.9, RT.2/RW.3, Gambir, Kecamatan Gambir, Kota Jakarta Pusat, Daerah Khusus Ibukota Jakarta 10110 

Phone: (+62-21) 159
https://www.kominfo.go.id/

Please see our separate privacy policy for residents of Japan available at https://www.cocacola.co.jp/privacy-policy if any provisions of this Privacy Policy are inconsistent with the provisions of the privacy policy for residents of Japan, the privacy policy for residents of Japan shall prevail.

  • Residents of Argentina

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Update or Rectification

  • Erasure

You can exercise your privacy rights by submitting a request to privacy@coca-cola.com or Servicios y Productos para Bebidas Refrescantes SRL – Vedia 4090 – C.A.B.A. – Argentina- Attn: Responsible de Bases de Datos. 

In your request, please make clear the personal information to which your request relates. Please also attach a copy of your National Identity Document. For your protection, we may verify your identity and geographic residency before fulfilling your request. Legal Representatives must attach the documentation that proves the validity of the legal representation. We will comply with your request as soon as reasonably practicable. 

The controller of your personal information is: Servicios y Productos para Bebidas Refrescantes SRL, Vedia 4090 – CABA – Argentina.

 

  • Residents of Brazil

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Confirmation of Processing

  • Access

  • Rectification

  • Deletion

  • Data Portability

  • Objection to Processing

  • Restriction of Processing

You can exercise your privacy rights by sending an email to privacy@coca-cola.com, or completing the form at https://privacidade.cocacola.com.br/dsr/index.html. You can also send a request via post to Praia de Botafogo, 374, Botafogo, Rio de Janeiro/RJ, ZIP Code: 22.250-907, attn:  Larissa Lourenço. 

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is: Recofarma Indústria do Amazonas Ltda.

The Data Protection Officer is: Larissa Lourenço

Data Protection Regulator:
Autoridade Nacional de Proteção de Dados 
https://www.gov.br/anpd/pt-br

 

  • Residents of Ecuador 

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Update or Rectification

  • Erasure

  • Restriction of Processing

  • Objection to Processing

  • Not to be subject to Automated Decision-making

  • Data Portability

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is:
Coca‑Cola de Ecuador. S.A.
Republica de El Salvador N36.230 y Naciones Unidas. Edificio Citibank Piso 1. Quito, Ecuador
Tel: 593 2 382 622

 

  • Residents of Colombia

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Update or Rectification

  • Restriction of Processing

  • Erasure

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is: Coca‑Cola Bebidas de Colombia S.A., AK45 #103-60. Piso 8,
Bogotá, Colombia.

Data Protection Regulator:
Superintendencia de Industria y Comercio (SIC)
Carrera 13 No. 27 - 00, Pisos 1 y 3 Línea Gratuita Nacional: 01 8000 910165
https://www.sic.gov.co
Email: contactenos@sic.gov.co

 

  • Residents of Costa Rica

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Access

  • Rectification

  • Erasure

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal infomation is:
Coca‑Cola Industrias SRL, Plaza Tempo, Oficinas Corporativas, Escazú, San José, Costa Rica

Data Protection Regulator:
Agencia de Protección de Datos de los Habitantes (PRODHAB) 
San Pedro de Montes de Oca, Alameda, Avenida 7 y calle 49, edificio Da Vinci.
http://www.prodhab.go.cr/

 

  • Residents of Chile

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Rectification

  • Deletion

  • Restriction to Processing

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is: Recofarma Indústria do Amazonas Ltda.

 

  • Residents of Dominican Republic

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Access

  • Rectification

  • Erasure

  • Objection to Processing

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is:
Distrito La Hispaniola Compañía De Servicios, S.R.L.,
Avenida Núñez de Cáceres esquina Rómulo Betancourt, Downtown Center Bella Vista, Santo Domingo, República Dominicana
Attn:  Santiago Carrasco

 

  • Residents of Mexico

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Rectification

  • Erasure

  • Objection to Processing

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is: 
Servicios Integrados de Administración y Alta Gerencia, S. de R.L de C.V., The Coca‑Cola Export Corporation, Sucursal En México, Rubén Darío 115, Col. Bosque de Chapultepec, CP 11580, CDMX. 
Tel:+5255.5262.200

Data Protection Regulator: 
Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales
https://home.inai.org.mx/

 

  • Residents of Peru

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Rectification

  • Erasure

  • Restriction of Processing

  • Objection to Processing

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

The controller of your personal information is:
Coca‑Cola Servicios de Perú, S.A., República de Panamá 4050. Surquillo. Lima, Perú,
Tel: (511) 411-4200

Data Protection Regulator:
Autoridad Nacional de Protección de Datos Personales
Scipión Llona 350 Miraflores - Lima – Perú
https://www.gob.pe/anpd
Email: protegetusdatos@minjus.gob.pe

 

  • Residents of Uruguay

To the extent provided under the privacy laws applicable to you, you have the following rights with respect to your personal information:

  • Information

  • Access

  • Rectification

  • Erasure

  • Not to be subject to Automated Decision Making

You can exercise your privacy rights by sending an email to privacy@coca-cola.com.

In your request, please make clear the personal information to which your request relates.  For your protection, we may verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable.

Your representation when participating in a promotion activity.
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

Rights of the Data Subject
In addition to the rights mentioned above, applicants also have the right to be notified as required under the applicable laws in the event of data breach.

Data Breach
In the event of a data breach, organisations must take steps to assess if it is notifiable. If the data breach likely results in significant harm to individuals, and/or is of significant scale, organizations are required to notify the Personal Data Protection Commissioner (PDPC) and the affected individuals as soon as practicable.

The controller of your personal information is:  Coca‑Cola Far East Limited (Malaysia Branch) 8/F Menara Shell Kuala Lumpur Sentral, No 211 Jalan Tun Sambanthan 50470, Kuala Lumpur, Malaysia

If you believe that Coca‑Cola’s personal information processing violates the applicable law, you have the right to lodge a complaint with:

Department of Personal Data Protection
Website: https://www.pdp.gov.my/jpdpv2/

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18  years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

The controller of your personal information is: Coca‑Cola Limited. No. 3/A Bogyoke Aung Sain Road, Level 14 Junction City Tower, Suite No. 16 - 19, Pabedan Township, Yangon, Myanmar

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 15 years of age or older.  

The controller of your personal information is: Coca‑Cola Oceania Limited.

Privacy Officer:
Email: privacyofficerau@coca-cola.com
Phone: 0800 505 123
Post: Attn: Privacy Officer
Coca Cola South Pacific Pty Limited
GPO Box 388
North Sydney, NSW 2059, Australia

If you believe that Coca‑Cola’s personal information processing violates the applicable law, you have the right to lodge a complaint with:

Office of the Privacy Commissioner
Address: PO Box 10 094, Wellington 6143
New Zealand
0800 803 909
Website:  https://privacy.org.nz/
Email: investigations@privacy.org.nz

When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

The controller of your personal information is: Coca‑Cola Papua New Guinea Limited. c/o Ashurst PNG, Level 11 MRDC Haus, Cnr of Musgrave Street and Champion Parade, Port Moresby, National Capital District, Papua New Guinea

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with:

National Information & Communications Technology Authority (NICTA)
Phone: (675) 303 3200
Website: https://www.nicta.gov.pg/

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

Coca‑Cola does not collect full date of birth from consumers in the Philippines. Coca‑Cola will obtain parental consent when Coca‑Cola is knowingly processing personal information of consumers under age 18. 

The controllers of your personal information are: Coca‑Cola Far East Ltd. (Philippines Regional Operating Headquarters) 24th Floor, Six/NEO Bldg., 5th Ave cor. 26th Street, Bonifacio Global City, Taguig

The Coca‑Cola Export Corporation (Philippines Branch) 24th Floor Net Lima, Building 5th Avenue corner 26th Street Bonifacio Global City Taguig, Manila, 1634 Philippines

Email: mbernardino@coca-cola.com
Data Privacy Officer

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with:

National Privacy Commission
Address: 5th Floor Delegation Building, PICC Complex, Roxas Boulevard, Manila.
Email: info@privacy.gov.ph
Website: www.privacy.gov.ph

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18 years of age, you have obtained consent from your parent or legal guardian to participate in activities according to the terms and conditions of the promotion and the privacy policy.

Rights of the Data Subject
In addition to the rights as mentioned above, employees also have the right to be notified as required under the applicable laws in the event of data breach.

Data Breach
In the event of a data breach, Coca‑Cola must take steps to assess if it is notifiable. If the data breach likely results in significant harm to individuals, and/or is of significant scale, organizations are required to notify the Personal Data Protection Commission and the affected employees as soon as practicable.

The controllers of your personal information are: Pacific Refreshments Pte Ltd and Coca‑Cola Asia Pacific Pte Ltd. 

Pacific Refreshments Pte Ltd 1 Harbourfront Avenue, 4th floor Keppel Bay Tower, Singapore 098632
Email: pjtan@coca-cola.com
Data Privacy Officer

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with:

Personal Data Protection Commission Singapore
Address: 10 Pasir Panjang Road, #03-01 Mapletree Business City Singapore 117438
Website: https://www.pdpc.gov.sg/

Coca‑Cola may transfer personal information across borders to any of the places outside of Taiwan where Coca‑Cola and our suppliers and partners do business. Other jurisdictions may have data protection laws that are different from (and, in some cases, less protective) than the laws in Taiwan.

By using Coca‑Cola’s Services (including our WebServices and Apps), you consent to the transfer of your personal information to places outside of Taiwan, and you acknowledge that such places may have data protection laws that are different from (and, in some cases, less protective) than those in Taiwan.

Rights of the Data Subject
To the extent provided under the Personal Data Protection Act (PDPA) in Taiwan, you have the following rights with respect to personal information concerning you:

  • check whether Coca‑Cola hold information about you and to access such information;

  • require Coca‑Cola to correct any data relating to you which is inaccurate; 

  • require Coca‑Cola to provide you with the copies of your personal data;

  • require Coca‑Cola to stop collecting, processing and using your personal data;

  • require Coca‑Cola to delete your personal data; and

  • ascertain Coca‑Cola’s policies and practices in relation to information and to be informed of the types of personal information held by Coca‑Cola.

As permitted under the PDPA, we have the right to charge a reasonable fee for the processing of any data access request. Requests for access to your personal data or correction of your personal data or for information regarding the policies and practices of and types of personal data held by us should be addressed to privacy@coca-cola.com or via mail to: 

System Administrator
Coca‑Cola China Limited
24/F, Cambridge House,
Taikoo Place,
979 King's Road,
Quarry Bay,
Hong Kong

The Thailand Personal Data Protection Act of 2019 applies to the processing of personal information of residents of Thailand.

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older, have Thai nationality, and have a domicile in Thailand. If it is later found that you are younger than 13 years of age, we have the right to revoke any rewards due to non-compliance with terms and conditions of the promotion. You also confirm that if you are between 13 years of age but under 20 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

The controller of your personal information is: Coca‑Cola (Thailand) Ltd.  No. 214, 2nd-3rd Floors, Thai Namthip Building (North Park Project), Mu 5, Vibhavadi-Rangsit Road, Thung Song Hong Sub-district, Lak Si District, Bangkok, Thailand. Please contact privacythailand@coca-cola.com with questions.

Following is a summary of your data protections rights:

Your right of access to personal information
You have the right to obtain confirmation as to whether we process personal information about you, receive a copy of your personal information held by us as a controller and obtain certain other information about how and why we process your personal information.

Your right to rectification/amendment of personal information
You have the right to request your personal information to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal information completed.   When practically possible, once we are informed that any personal information processed by us is no longer accurate, we will make updates as appropriate based on your updated information. 

Your right to erasure/right to be forgotten
You have the right to obtain deletion of your personal information in the following cases: 

  • The personal information is no longer necessary in relation to the purposes for which it was collected and processed. 

  • Our legal grounds for processing is consent, you withdraw consent, and we have no other lawful basis for the processing. 

  • Our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing, and we do not have overriding legitimate grounds. 

  • You object to our processing for direct marketing purposes. 

  • Your personal information has been unlawfully processed. 

  • Your personal information must be erased to comply with a legal obligation to which we are subject.

Your right to restrict processing
You have the right to restrict our processing of your personal information in the following cases: 

  • You contest the accuracy of the personal information we process about you. We must restrict processing the contested information until we can verify the accuracy of your personal information. 

  • The personal information shall be erased or destroyed, but you request the restriction of the use of that personal information instead.  

  • It is no longer necessary to retain the personal information for the purposes of the collection, but you request us to retain that personal information for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims.  

  • The personal information is pending verification of legitimate grounds to process it, of its necessity for legal claims (establishment, compliance, exercise, or defense), or of its necessity for us to perform a task in public interest. 

Your right to object to processing
You have the right to object to our processing of your personal information in the following cases: 

  • the personal information was collected for the necessity of: 

  • the performance of a task carried out in the public interest by us, or the exercising of official authority vested in us, and legitimate interests of Coca‑Cola;

  • the collection, use, or disclosure of such personal information is for the purpose of direct marketing; 

  • the collection, use, or disclosure of the personal information for the purpose of scientific, historical or statistic research. 

We reserve the right to refuse your request if we can prove that (i) there is compelling legitimate grounds for processing this personal information, or it is necessary for the establishment, compliance, exercise or defense of legal claims or (ii) the processing of your personal information for the purpose of scientific, historical or statistic research is necessary to performance of a task carried out for reasons of public interest. 

Your right to information portability
You have a right to receive your personal information you provided us and have the right to send the information to another organization (or ask us to do so if technically feasible) where:  

  • our lawful basis for processing the personal information is consent or necessity for the performance of our contract with you and  

  • the processing is carried out by automated means. 

Your right to withdraw consent
Where we process personal information based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal information based on consent (as we can usually rely on another legal basis).  

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with:

Thailand Personal Data Protection Commission
Ministry of Digital Economy and Society
Address: No. 120, Moo 3, The Government Complex, Tower B, Changwattana Road, Lak Si, Bangkok, Thailand, Bangkok
Tel: 662-142-1033, 662-141-6993
Email: pdpc@mdes.go.th
Website: https://www.mdes.go.th/mission/82

Coca‑Cola provides you with the option to review, correct, update, or modify personal information you have previously provided.  To exercise these rights, please:

In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information suppressed from our database or other limitations you would like to put on our use of your personal information.  For your protection, we may need to verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable and within the time periods required by applicable law. 

Throughout this section for Residents of the United States, we use the following terms with the following meanings:

  • Consumer  (or  you) means an individual acting in a personal or household context who uses the Services and, for California residents, individuals acting in a business-to-business context.

  • U.S. Privacy Laws means the Colorado Privacy Act; Connecticut's Act Concerning Personal Data Privacy and Online Monitoring; Utah Consumer Privacy Act; Virginia Consumer Data Protection Act; and similar laws enacted from time to time in other U.S. states, each as amended, repealed, consolidated or replaced from time to time.

If you have an account with us, you also may make certain requests directly through your account profile page.  Please note that changes you make on your account profile page through the Services may not always be reflected on parts of the Services operated by us.

Residents of California. This California Privacy Notice (California Privacy Notice) applies to Coca‑Cola’s processing of personal information of residents of the U.S. State of California (California Consumers) as required by the California Consumer Privacy Act of 2018, as amended (CCPA).  This "Residents of California" section contains our Notice at Collection under CCPA.  

If you are a California Consumer, this California Privacy Notice is designed to help you understand the categories of personal information that we collect about you, where we get that personal information, why we process it, who we share it with, and the rights you have to know and control your personal information.  If this California Privacy Notice and any provision in the rest of our Privacy Policy conflict, then this California Privacy Notice controls for the processing of personal information of California Consumers.  This California Privacy Notice does not apply to Coca‑Cola’s employees, contractors, contingent workers, or job applicants. 

In this "Residents of California" section, Business Purposes means performing the Services; managing and processing interactions and transactions with California Consumers; securing and debugging the Services; advertising and marketing; quality assurance; research and development; and other business purposes as may be defined in CCPA from time to time; and Service Providers means organizations that process personal information on behalf of Coca‑Cola and contractors and other organizations with which Coca‑Cola shares personal information pursuant to a contract for Business Purposes.

NOTICE AT COLLECTION
For CCPA purposes, Coca‑Cola generally acts as a “Business” with respect to your personal information, which means that Coca‑Cola determines how and why the personal information that Coca‑Cola collects from or about you is handled.  (A “Business” is similar to a “controller” which is defined in the preamble to this Privacy Policy.)

This Notice at Collection of personal information describes our personal information collection practices when we are acting as the Business, including a list of the categories of personal information we collect, the purposes for which we collect personal information and the sources from which we collect personal information.

This Notice at Collection covers the twelve (12) months prior to the "Last Updated" date above. This Notice at Collection is updated at least once per year. If this Notice at Collection conflicts with the Privacy Policy, this Notice at Collection will govern as to California Consumers, unless expressly stated otherwise. If Coca‑Cola’s processing materially changes between updates to this Notice at Collection, Coca‑Cola will provide a supplemental notice when or before the changes apply.

Although we already explain what personal information we collect and why above in this Privacy Policy, the CCPA requires that we make certain disclosures using the categories of personal information used in the definition of personal information in the CCPA.   

In the preceding 12 months, Coca‑Cola has collected the following categories of personal information:

Category: Identifiers
Source: Directly from you
Purpose: Performing the Services of Advertising and Marketing
Third party recipients: service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, other third parties
Sold/Shared: Yes

Category: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Source: Directly from you
Purpose: Performing the Services of Advertising and Marketing
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, other third parties
Sold/Shared: Yes

Category: Protected classification characteristics under California or federal law
Source: Directly from you
Purpose: Performing the Services of Advertising and Marketing
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, Other third parties
Sold/Shared: Yes

Category: Commercial information
Source: Directly from you
Purpose: Performing the Services
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, Other third parties
Sold/Shared: Yes

Category: Biometric information, which is information about your physiological, biological or behavioral characteristics
Source: Coca‑Cola does not collect this information without your prior specific consent
Purpose: Coca‑Cola does not collect this information as of the Effective Date without your prior specific consent
Third party recipients: Service providers
Sold/Shared: No

Category: Internet or other electronic network activity
Source: Directly from you, Automatically collected during use of the Services
Purpose: Performing the Services
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, Other third parties
Sold/Shared: Yes

Category: Geolocation data
Source: Directly from you, Automatically collected during use of the Services
Purpose: Performing the Services
Third party recipients: Service providers, Other third parties
Sold/Shared: Yes

Category: Audio, electronic, visual, or similar information
Source: Directly from you
Purpose: Performing the Services
Third party recipients: Service providers
Sold/Shared: Yes

Category: Professional or employment-related information
Source: Directly from you, From third parties
Purpose: Performing the Services, Advertising and Marketing
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners
Sold/Shared: Yes

Category: Inferences drawn from other categories to create a profile about a California Consumer
Source: Coca‑Cola
Purpose: Advertising and Marketing
Third party recipients: Service providers, including marketing vendors, data clean rooms, Affiliates and bottler partners, other third parties
Sold/Shared: Yes

Generally, when we collect precise geolocation information or other personal information  that is “sensitive” under California law, Our use of this personal information  is to perform a Service you have requested and is consistent with the permitted business purposes in California Civil Code § 1798.100 et seq. and implementing regulations.  We will collect your consent for any other use.  

Coca‑Cola does not collect:

  • Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card or passport number)

  • Non-public Education Records as defined in Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99), i.e., education records directly maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, schedules, identification codes, financial information or disciplinary records

  • Communication Content (e.g., the contents of a California Consumer's mail, email and text messages, other than when Coca‑Cola is the intended recipient of the communication)

  • Health Information (personal information collected and analyzed concerning a California Consumer's health, medical history, mental or physical health, diagnosis/condition and medical treatment)

  • Sex Life / Sexual Orientation (personal information collected and analyzed concerning a California Consumer's sex life or sexual orientation)

When we disclose personal information to third parties, we have no actual knowledge that we have sold or shared personal information collected from or about anyone under 16 years old.

Your California Consumer Privacy Rights
CCPA offers California Consumers the following key privacy rights:

  • Right to Access Information: You have the right to request access to personal information collected about you and information regarding the source of that information, the purposes for which we collect it and the third parties and service providers with whom we share it.

- Categories:  You may request any of the following for the period that is 12 months prior to the request date: (1) categories of personal information we have collected about you; (2) categories of sources from which we collected your personal information; (3) the business or commercial purposes for our collection, sale, sharing of your personal information; (4) the categories of third parties to whom we have disclosed your personal information; (5) a list of the categories of personal information disclosed for a business purpose, and, for each, the categories of recipients, or that no disclosure has occurred; and (6) a list of the categories of PI we have sold or shared about you, and, for each, the categories of recipients, or that no sale or sharing has occurred.

- Specific Pieces:  You may request to confirm if we are processing your personal information and, if we are, to obtain a transportable copy, subject to applicable request limits, of your personal information that we have collected and are maintaining, subject to certain limitations.
 

  • Right to Request Deletion: You have the right to request that we delete certain personal information that we have collected from you.
  • Right to Correct: You have the right to correct inaccurate personal information about you. Note that correction requests are subject to certain limitations, and we may choose to delete rather than correct your personal information in some circumstances

  • Right to Opt-Out of Sale of Personal Information to Third Parties:  Our disclosure of your personal information to third party advertising and analytics providers may constitute a sale under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes). To the extent that our use constitutes a sale or sharing of your personal information, you have the right to opt-out by (a) enabling an opt-out preference signal or Global Privacy Control on your browser which is recognized by our U.S.-facing websites, (b) opting-out of cookies in our cookie preference center, or (c) for non-cookie personal information (e.g., your email address), submitting an opt-out request at https://us.coca-cola.com/dsrform.

    - You need to exercise a separate opt-out request on our cookie preference center by clicking on the "Cookies" link in the footer of https://www.coca-cola.com/us/en. This is because we use different technologies to apply preferences for opting out of cookie personal information vs. non-cookie personal information. Our cookie preference center enables you to exercise an opt-out request and enable certain cookie preferences on your browser / device. You must  exercise your preferences from each browser you use and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences are no longer effective and you must enable them again by clicking on the "Cookies" link in the footer of . If you use ad blocking software, our cookie preference center may not appear when you visit the Services and you may need to use the link above to access the cookie preference center.

  • Right to Limit Sensitive Personal Information Processing:  Coca‑Cola will ask for your consent if we sensitive personal information for any purpose that is not exempt from consumer choice under the CCPA (e.g., to perform the services/provide the goods that you requested).

  • Right Against Discrimination: We will not discriminate against you for exercising your rights under the CCPA. We will not deny you goods or services for exercising your rights; charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, because you exercised your rights; provide you a different level or quality of goods or services because you exercised your rights; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services as a result of exercising your rights.

  • Automated Decision Making / Profiling:  We may engage in processing that may constitute automated decision making or profiling under the CCPA.  You have the right to opt-out of certain types of automated decision making or profiling processing.

To submit a request to exercise your California privacy rights, please:

  • call toll-free to 1-800-438-2653

Please note:

  • We may (and in some cases are required to) verify your identity before we can act on your request to exercise your California privacy rights.  After we receive and process your request, we will contact you using the email address provided in your request with instructions on how to verify your identify, after which we will check our records for matching information.  

  • We may not honor part or all your request – for example, certain information we collect may be exempt from this California Privacy Notice, such as public information made available by a government entity or information covered by a different privacy law.  In these situations, we will explain why we do not honor your request when we respond to you.

Notice of Financial Incentive
We may offer discounts or other benefits to California Consumers enrolled in certain rewards or promotional programs, including but not limited to: (1) California Consumers can opt-in to email promotions from CocaCola by submitting their email address through the Site. Additional terms and conditions are posted there. (2) California Consumers can snap and upload sip & scan codes to access rewards, sweepstakes and other experiences. California Consumers who are logged into their Coke.com account while participating in sip & scan may save and redeem such rewards. (3) California Consumers can create a CocaCola account and receive 15% off their first order at the CocaCola store.  (4) California Consumers can register for an account and get free or discounted products. (5) California Consumers can participate in Coca‑Cola’s social promotions, contests or sweepstakes for a chance to receive the benefits described in each such promotion.  

Coca‑Cola does not generally assign monetary or other value to consumers’ personal information and our promotions activity changes continually. To the extent California law requires that a value be assigned to such programs, or the price or service differences they involve, Coca‑Cola values the personal information collected and used under each program as being equal to the value of the discounts or other financial incentives provided in each such program, based upon a practical and good-faith effort to assess on an aggregate basis for all collected information: (1) the type of personal information collected in each program (e.g., email address), (2) the use of such information by CocaCola in connection with its marketing activities, (3) the range of discounts provided (which can depend on each consumer’s purchases under such offers), (4) the number of individuals enrolled in respective programs, and (5) the products for which the benefits (such as price difference) can apply. These values can change over time. Note that this description is without waiver of any proprietary or business confidential information, including trade secrets, and it does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.

A different California law permits California residents to request a notice disclosing the categories of Personal Information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. At this time, Coca‑Cola does not share Personal Information with third parties for their direct marketing purposes.

Residents of Other U.S. States.
The U.S. Privacy Laws offer Consumers certain rights with respect to their personal information. Coca‑Cola will honor these rights for any U.S. resident. They include:

  • Right to Access Information: You have the right to access and obtain a copy of your personal information.

  • Right to Request Deletion: You have the right to request that we delete personal information provided by or obtained about you.

  • Right to Correct: You have the right to correct inaccuracies in your personal information

  • Right to Opt-Out: Our disclosure of your personal information to third party advertising and analytics providers may constitute a sale under certain state laws. In addition, we use cookies to serve targeted ads. You have the right to opt-out of these activities by (a) enabling an opt-out preference signal or Global Privacy Control on your browser which is recognized by our U.S.-facing websites, (b) opting-out of cookies in our U.S.-facing websites’ cookie preference center, or (c) for non-cookie personal information, submitting an opt-out request at https://us.coca-cola.com/dsrform.

To protect Consumers, if we are unable to verify a privacy rights request, we are unable to honor the request. We will use personal information provided in a verified privacy rights request only to verify identity or agent authority to make the privacy rights request and to track and document responses unless Coca‑Cola also received the personal information for another purpose.

Agent Requests
You may use an authorized agent to make a privacy rights request for you. Before you can authorize an agent, Coca‑Cola requires that you complete our form here. We also may require that you directly confirm that you authorized the agent to submit requests on your behalf. Please note that it may take additional time to verify and fulfill agent-submitted requests. Once confirmed, your authorized agent may exercise privacy rights on your behalf, subject to the requirements of applicable law.  

Appeals
You may appeal Coca‑Cola's decision regarding a request by email at privacy@coca-cola.com. Please use the same email address that you used to submit the initial privacy rights request when you submit your Request to Appeal and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, Coca‑Cola cannot link your Request to Appeal to your initial privacy rights request.

Coca‑Cola's Responses
Some personal information that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., data tied only to a pseudonymous browser ID). We do not include that personal information in response to those requests. If we deny a request, in whole or in part, Coca‑Cola will explain the reasons in our response.

Coca‑Cola will make commercially reasonable efforts to identify personal information that we process to respond to a privacy rights request. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your personal information and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive personal information yourself. We will typically do not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Retention of your Personal Information
We retain personal information about a Consumer for as long as the Consumer’s account is active and otherwise as long as necessary for the purposes described above.  We also retain personal information as long as necessary to comply with legal obligations, resolve disputes and enforce our agreements. When determining the retention period, we consider various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law.  

Your representation when participating in a promotion activity
When you participate in sales or marketing promotion activities, you confirm that you are 13 years of age or older. You also confirm that if you are between 13 years of age but under 18 years of age, you have obtained consent from your parents or legal guardian to participate in such activities according to the terms and conditions of the promotion and the privacy policy.

If you believe that Coca‑Cola’s personal information processing violates applicable law, you have the right to lodge a complaint with:

The Ministry of Public Security (MPS)
Address: No. 44 Yet Kieu Street, Hoan Kiem District, Hanoi City, Vietnam.
Tel: (+84) 069 234 3647 - 069 234 1165
Website: bocongan.gov.vn

The controllers of your personal information are: Pacific Refreshments Pte Ltd and The Representative Office of Coca‑Cola Southeast Asia, Inc.235 Dong Khoi Street, District 1, Ho Chi Minh City.

* * * * *

Following is additional information about the Coca‑Cola entity that acts as controller of your personal information in jurisdictions not described above:

Bangladesh
Coca‑Cola Bangladesh Beverages Limited
Crystal Palace (11th Floor), Rd 140, Dhaka 1212, Bangladesh

Kingdom of Bhutan
TASHI BEVERAGES LIMITED
POST BOX # 267, PASAKHA BHUTAN.
00975-77190300 (O)

Republic of Maldives
Male Aerated Water Company
5GH7+CG8, Boduthakurufaanu Magu, Malé, Maldives

Nepal
Bottlers Nepal Limited and Bottlers Nepal
Bottlers Nepal Limited,
Balaju Industrial District, Balaju,
Kathmandu, Nepal, P.O. Box: 2253
+977-01-4352986, +977-01-4352988

Bottlers Nepal (Terai) Limited, 
Gondrang, Bharatpur-9, Chitwan, 
Nepal, P.O. Box: 20
+977-056420216

Sri Lanka
Coca‑Cola Beverages Sri Lanka Limited
B214, Biyagama Road, Colombo, Sri Lanka

Ukraine
Coca‑Cola Ukraine Limited LLC
139 Velyka Vasylkivska Street, 13 floor
Velyka Vasylkivska Kyiv, 03150
Ukraine

 

14. The DPF

THE EU-US DATA PRIVACY FRAMEWORK POLICY
The Coca‑Cola Company (“Coca‑Cola” or “we”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 

Coca‑Cola has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the Processing of Personal Information received from the European Union (EU) in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Coca‑Cola has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) about the Processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov.

(Note: the Swiss-U.S. DPF is awaiting finalization as of the date of this DPF Policy. Please visit here for more information.)

DEFINITIONS

In this Coca‑Cola Company Data Privacy Framework Privacy Policy (DPF Policy), the following terms have the following meanings:

  • Agent means any third party that collects or uses Personal Information under the instructions of, and solely for, Coca‑Cola or to which Coca‑Cola discloses Personal Information for use on Coca‑Cola's behalf.

  • Data Subject  (or you) means a natural person whose Personal Information is covered by this DPF Policy.

  • Controller means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.

  • DPF Principles means the EU-U.S. DPF Principles (defined above) and Swiss-U.S. DPF Principles (defined above), as set forth by the U.S. Department of Commerce here.

  • DPF Program means, collectively, EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

  • Personal Information means any information, including Sensitive Personal Information, relating to an identified or identifiable natural person that is received by Coca‑Cola in the U.S. from the EEA, Switzerland or UK/Gibraltar, and recorded in any form.

- An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Processing means any operation or set of operations performed on Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

  • Sensitive Personal Information means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying an individual’s sex life, and any Personal Information received by Coca‑Cola from a third party that the third party identifies and treats as sensitive.

WHEN THIS DPF POLICY APPLIES

This DPF Policy applies to Personal Information transferred from member countries of the European Economic Area (EEA, which is the member states of the EU plus Iceland, Liechtenstein and Norway), the United Kingdom (UK), and Switzerland to Coca‑Cola in the U.S. in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF.  

Personal Information that Coca‑Cola Processes in compliance with the DPF Program is covered by Coca‑Cola’s other privacy-related requirements and policies (collectively, the Coca‑Cola Privacy Policies), such as:

  • Personal Information Processed about users of Coca‑Cola’s websites, mobile applications, widgets and other online and offline services (together, the Services) is subject to the Coca‑Cola Privacy Policy (available at https://www.coca-cola.com/gb/en/legal/privacy-policy for the UK, and, for the EEA and Switzerland, by selecting the relevant country here) or, for some Services, the privacy policy, notice or statement linked or posted in those Services. 

  • Personal Information regarding external job applicants is described in The Coca‑Cola Applicant Privacy Notice applies to Personal Information collected from or about applicants.

  • Personal Information regarding Coca‑Cola’s current or past employees, interns, contractors and contingent workers is subject to Coca‑Cola’s Employee Privacy Notices and to Coca‑Cola’s DPF Policy for HR Data, which are available on KO Connect (Coca‑Cola’s intranet). 

This DPF Policy does not apply to Personal Information transferred under Standard Contractual Clauses or any approved derogation from the EU General Data Protection Regulation, the UK General Data Protection Regulation or the Swiss Federal Data Protection Act.   While the DPF Program is an authorized international transfer mechanism to enable Coca‑Cola to receive Data Subjects’ Personal Information in the U.S., Coca‑Cola’s obligations and Data Subject rights under the DPF Program are separate from those under EU General Data Protection Regulation, the UK General Data Protection Regulation and the Swiss Federal Data Protection Act. 

COCA-COLA’S COMMITMENT TO THE DPF PRINCIPLES

Coca‑Cola commits to applying the DPF Principles to all Personal Information that Coca‑Cola in the U.S. receives from the EEA, UK and Switzerland in reliance on the DPF Program.  Coca‑Cola’s adherence to this DPF Policy may be limited to the extent required to meet Coca‑Cola’s legal, regulatory, governmental or national security obligations.

The DPF Principles
The DPF Principles are: 1. Notice; 2. Choice; 3. Accountability for Onward Transfer; 4. Security; 5. Data Integrity and Purpose Limitation; 6. Access; and 7. Recourse, Enforcement and Liability.

1. Notice Principle
Coca‑Cola provides notice to Data Subjects about its Processing Practices for Personal Information received by Coca‑Cola in the U.S. from the EEA, UK and Switzerland in reliance on the DPF Program through the Coca‑Cola Privacy Policies and this DPF Policy, including: 

  • the types of Personal Information it collects about them

  • the purposes for which it Processes the Personal Information (see also 5. below)

  • the types of Agents and other third parties to which Coca‑Cola discloses Personal Information and the purposes for doing so (see also 3. below)

  • the rights of Data Subjects to access their Personal Information (see 6 below)

  • the choices that Coca‑Cola offers Data Subjects for limiting use and disclosure of their Personal Information (see also 2. below)

  • how Coca‑Cola’s obligations under the DPF Program are enforced, including Coca‑Cola’s designated independent dispute resolution mechanism to address complaints and provide appropriate recourse free of charge, the possibility, under certain conditions, to invoke binding arbitration (see also 7. below)

  • Coca‑Cola’s liability in cases of onward transfers to third parties (see also 3. below)

  • how Data Subjects can contact Coca‑Cola with questions or complaints.

Coca‑Cola is not required to apply the Notice Principle or the Choice or Accountability for Onward Transfer Principles (see 2. and 3. below)  to public record information  (i.e., records kept by government agencies or entities at any level that are open to consultation by the public in general) or information that is already publicly available to the public at large as long as this information  is not combined with non-public record information and, for public record information, any conditions for consultation established by the relevant jurisdiction are respected.  

2. Choice Principle

Coca‑Cola provides Data Subjects with choices about their Personal Information before Coca‑Cola uses Personal Information covered by this DPF Policy for a new purpose that is materially different from the purpose for which the Personal Information was originally collected or subsequently authorized or before disclosure to a non-Agent third party that was not already authorized. 

Coca‑Cola will obtain affirmative consent (i.e., opt-in) from Data Subjects before Sensitive Personal Information is disclosed to a third party.  

Coca‑Cola will obtain the Data Subject’s affirmative express consent (i.e., opt in) before Sensitive Personal Information covered by this DPF Policy is (i) disclosed to a third party or (ii) used for a new purpose that is different from that for which the Personal Information was originally collected or subsequently authorized by the Data Subject. Under the DPF Principles, Coca‑Cola is not required to provide choice when disclosure is made to a third party that is acting as an Agent if Coca‑Cola enters into a written contract with the Agent (see 3. below). 

To opt out of these uses or disclosures of Personal Information or Sensitive Personal Information, please contact Coca‑Cola as follows:

  • Send an email to privacy@coca-cola.com 

  • Complete the form available here

  • Send mail to Consumer Interaction Centre, PO Box 73229, London E14 1RP

Coca‑Cola may engage with a Data Subject to request sufficient information to allow Coca‑Cola to confirm the identity of the Data Subject making an opt-out request.   Coca‑Cola may use information for certain direct marketing purposes when it is impracticable for Coca‑Cola to provide a Data Subject with an opportunity to opt out before using the Personal Information but only when Coca‑Cola promptly offers the Data Subject the opportunity at the same time (and upon request at any time) to decline (at no cost) to receive any further direct marketing communications and Coca‑Cola complies with the individual’s wishes.

3. Accountability for Onward Transfer Principle

Coca‑Cola offers Data Subjects the opportunity to choose (i.e., opt out) whether their Personal Information is (i) disclosed to a third party or (ii) used for a purpose that is materially different from the purpose(s) for which the Persona Information was originally collected or subsequently authorized.  

Transfers to Controllers: Coca‑Cola will transfer Personal Information covered by this DPF Policy to a third party acting as a Controller consistent with the relevant Coca‑Cola Privacy Policies provided to each affected Data Subject and the Data Subject’s consent given to Coca‑Cola.  

Coca‑Cola also will make these transfers only if the Controller has agreed in a written contract that it will (i) Process the Personal Information for limited and specified purposes consistent with the consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease Processing of the Personal Information or take other reasonable and appropriate steps to remediate the Processing if it makes such a determination. 

Coca‑Cola will take reasonable and appropriate steps to prevent, stop or remediate the Processing if Coca‑Cola becomes aware that a Controller is Processing Personal Information covered by this DPF Policy contrary to the DPF Principles. 

Transfers to Agents: Coca‑Cola will transfer to each Agent only the Personal Information needed for the Agent to provide the services or products as Coca‑Cola has instructed.  

Coca‑Cola will require that each Agent:

  • Process the Personal Information only for limited and specified purposes as instructed by Coca‑Cola; 

  • Provide at least the same level of privacy protection as is required by the DPF Principles; 

  • Take reasonable and appropriate steps to ensure that the Agent effectively Processes the Personal Information transferred in a manner compliant with Coca‑Cola’s obligations under the DPF Principles; and 

  • Notify Coca‑Cola if the Agent determines that it can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles. 

Upon receiving notification from an Agent that the Agent can no longer meet its obligation to provide the same level of protection as is required by the DPF Principles, Coca‑Cola will take reasonable and appropriate steps to stop and remediate the unauthorized Processing.  Coca‑Cola also provides summaries of the relevant privacy provisions of its contracts with Agents to the Department of Commerce upon request.

In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

Coca‑Cola remains liable under the DPF Principles if an Agent Processes Personal Information covered by this DPF Policy in a manner inconsistent with the DPF Principles unless Coca‑Cola proves that Coca‑Cola is not responsible for the event giving rise to the damages.

4. Security Principle

Coca‑Cola takes reasonable and appropriate measures to protect Personal Information covered by this DPF Policy from loss, misuse and unauthorized access, disclosure, alteration, and destruction, considering the risks involved in the Processing and the nature of the Personal Information.

5. Data Integrity and Purpose Limitation Principle

Coca‑Cola limits its collection of Personal Information to information that is relevant for the purposes of Processing. Coca‑Cola does not Process Personal Information in a way that is incompatible with the purposes for which it was collected or subsequently authorized by the Data Subject.

Coca‑Cola takes reasonable steps to ensure that such Personal Information is reliable for its intended use, accurate, complete, and current. Coca‑Cola takes reasonable and appropriate measures to comply with the requirement under the DPF Program to retain Personal Information in identifiable form only for as long as it serves a purpose of Processing. Specifically, Coca‑Cola will retain Personal Information in accordance with Coca‑Cola’s legitimate business purposes and legal obligations, unless a longer retention period is required or permitted by law.

Coca‑Cola will adhere to the DPF Principles for as long as it retains Personal Information covered by this DPF Policy.

6. Access Principle

Data Subjects whose Personal Information is covered by this DPF Policy have the right (i) to obtain from Coca‑Cola confirmation of whether or not Coca‑Cola is Processing Personal Information relating to them and to access that Personal Information and (ii) to correct, amend, or delete their Personal Information if it is inaccurate or if Coca‑Cola Processes it in violation of the DPF Principles - except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, when the rights of persons other than the Data Subject would be violated or disclosure is likely to interfere with the safeguarding of important countervailing public interests, such as national security, defense or public security.  

Coca‑Cola will make good-faith, reasonable and practical efforts to comply with requests, so long as our doing so would be consistent with applicable law, Coca‑Cola’s contractual requirements, and/or the laws applicable to Coca‑Cola.   

Coca‑Cola may engage with a Data Subject to request sufficient information to allow Coca‑Cola to confirm the Data Subject’s identity or if an access request is vague or broad in scope or to better understand the motivation for the request and to locate responsive information.  Coca‑Cola also may inquire about how the Data Subject interacted with Coca‑Cola or about the nature of the Personal Information or its use that is the subject of the request. Coca‑Cola may deny or limit access to the extent that granting full access would reveal Coca‑Cola’s own confidential commercial information, such as the confidential commercial information of another that is subject to a contractual obligation of confidentiality.  Coca‑Cola may set reasonable limits on the number of times within a given period that access requests from a particular Data Subject will be met.  

To make a data access request, Data Subjects may contact Coca‑Cola by:

  • Sending an email to privacy@coca-cola.com 

  • Completing the form available here

  • Sending mail to Consumer Interaction Centre, PO Box 73229, London E14 1RP

Coca‑Cola will respond to access requests within a reasonable time period.

7. Recourse, Enforcement, and Liability

The Federal Trade Commission (FTC) has jurisdiction over Coca‑Cola’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Coca‑Cola commits to resolve complaints about our collection or use of Personal Information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.   

EU, UK and Swiss individuals with inquiries or complaints should first contact Coca‑Cola by email to privacy@coca-cola.com or Coca‑Cola’s EU Data Protection Officer is available at dpo-europe@coca-cola.com.

Coca‑Cola has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS.  If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. The service of BBB NATIONAL PROGRAMS is provided free or charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may be able to invoke binding arbitration for some residual claims not resolved by other redress mechanisms. 

* * * * *

Coca‑Cola agrees to periodically review and verify its compliance with the DPF Principles and to remedy any issues arising out of Coca‑Cola’s failure to comply with the DPF Principles. Coca‑Cola acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants.

All Coca‑Cola personnel who have access in the U.S. to Personal Information covered by this DPF Policy are responsible for ensuring that Personal Information Processing complies with this DPF Policy.  Coca‑Cola personnel also are responsible for ensuring that Agents or other unaffiliated third parties that Process Personal Information subject to this DPF Policy comply with this DPF Policy and Process Personal Information in accordance with the DPF Principles, including contracts required by the DPF Program.

CHANGES TO THIS DATA PRIVACY FRAMEWORK POLICY

This DPF Policy may be amended from time to time consistent with the requirements of the DPF. When we make changes to this DPF Policy, we will revise the “Last Updated” date at the beginning of this DPF Policy.   We also will take appropriate measures to inform you in advance of changes we feel are significant so that you have an opportunity to review the revised DPF Policy before it is effective.  If your consent is required by the DPF Principles, we will obtain your consent.  We encourage you to regularly check this DPF Policy to ensure you are aware of the updated version. 

QUESTIONS?

Coca‑Cola is committed to protecting the privacy of your Personal Information. If you have any questions or comments about this DPF Policy, please contact privacy@coca-cola.com.