Welcome to the Coca‑Cola Consumer Privacy Policy
The Coca‑Cola Company and its affiliates (together, Coca‑Cola or we) take your right to privacy seriously. We appreciate that you trust us with your personal information and respecting your privacy is at the core of our interactions with you.
Coca‑Cola’s handling of personal information is guided by these principles:
Transparency • Respect • Trust • Fairness
Effective Date: May 9, 2024
The Coca‑Cola Consumer Privacy Policy (Privacy Policy) describes the personal information that Coca‑Cola collects from or about users of the websites, mobile applications (Apps), widgets and other online and offline services that Coca‑Cola operates (together, the Services) and how we use and protect that personal information. This Privacy Policy also explains how users can make choices about their personal information.
When we refer to personal information (sometimes referred to as personal data under some laws) in this Privacy Policy, we mean information that identifies or can be used to identify an individual human being. This means that personal information includes direct identifiers (such as name) and indirect identifiers (such as computer or mobile device ID and IP address). When we refer to you or user, we mean someone who uses any of the Services. When we refer to controller, we mean the person or entity that determines what personal information is collected from or about you and how that personal information is used and protected.
How we collect, use and protect your personal information is subject to the laws in the places in which we operate. This means that we may have different practices in different places. For more information, please see Privacy Rights and Choices, which includes additional descriptions of your rights and our obligations in certain key jurisdictions and who to contact.
IF YOU HAVE QUESTIONS ABOUT HOW COCA-COLA PROCESSES YOUR PERSONAL INFORMATION, PLEASE CONTACT PRIVACY@COCA-COLA.COM.
WHAT’S IN THIS PRIVACY POLICY?
This Privacy Policy is divided into the following sections:
1. WHEN DOES THIS PRIVACY POLICY APPLY?
2. WHERE DOES THIS PRIVACY POLICY APPLY?
3. WHAT TYPES OF PERSONAL INFORMATION DOES COCA-COLA COLLECT AND WHY?
4. HOW DOES COCA-COLA USE PERSONAL INFORMATION?
5. DOES COCA-COLA USE COOKIES?
6. HOW DOES COCA-COLA SHARE PERSONAL INFORMATION?
7. HOW DOES COCA-COLA PROTECT PERSONAL INFORMATION?
8. HOW LONG DOES COCA-COLA RETAIN PERSONAL INFORMATION?
9. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?
10. HOW DOES COCA-COLA PROTECT CHILDREN'S PRIVACY?
11. DOES COCA-COLA TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?
12. WHEN IS THIS PRIVACY POLICY CHANGED?
1. WHEN DOES THIS PRIVACY POLICY APPLY?
This Privacy Policy was posted and is effective for new users on May 9, 2024.
The prior versions of Coca‑Cola’s privacy policies apply until May 19, 2024 and are available upon request to privacy@coca-cola.com.
2. WHERE DOES THIS PRIVACY POLICY APPLY?
The Privacy Policy applies to the personal information collected from users of the Services in which the Privacy Policy is posted or linked, when the Privacy Policy is specifically referenced in the Services or when Coca‑Cola asks you to acknowledge it. This Privacy Policy also covers personal information that we collect from consumers who contact us by email, telephone and offline, such as during an in-person event.
This Privacy Policy also may apply to personal information provided to us by consumers who engage with us through social media. Please contact us at Privacy@coca-cola.com if you have questions about whether this Privacy Policy applies to specific personal information connected with social media.
This Privacy Policy does not apply to websites and other online services operated by other organizations. Those other websites and services follow their own privacy policies, not this Privacy Policy. Please make sure to check those privacy policies so you know how your information is handled.
3. WHAT TYPES OF PERSONAL INFORMATION DOES COCA-COLA COLLECT AND WHY?
a. Information you choose to give us
We collect the personal information you choose to share with us.
The personal information that you choose to give to us typically includes the following types of personal information. Please review below to learn more about the categories of personal information that Coca‑Cola collects and why it is collected:
Contact and account information
Coca‑Cola requests your first and last name, email address or mobile telephone number and date of birth to create an account on the Services. We also may collect username and password, age, mailing address, government-issued identifier and similar contact information.
To maintain your online account if you choose to create one
To verify identity and eligibility for certain Services
To customize your experience of the Services
To offer access to exclusive content, discounts and other opportunities
To administer a sweepstakes, contest or other promotion or a loyalty program
To complete a purchase and deliver products
To send information that we think will interest you, which is sometimes personalized based on the information associated with your account
To request your feedback, such as through a survey about a new product
To respond to your questions and provide customer service
For research and innovation
When you attend an in-person event, such as events sponsored or hosted by Coca‑Cola or product sampling
User Generated Content (UGC)
Coca‑Cola collects the posts, comments, opinions, voice recordings, photos and videos that you choose to submit through the Services
To monitor online communities
To record and act on your comments and opinions, such as in surveys, customer service inquiries and other free-form text boxesTo administer your participation in promotions that include submission of UGC
In connection with participation in specific promotions or other Services, such as Coca‑Cola’s smart coolers.
Photos, voice recordings and videos that you choose to share may constitute biometric data under some laws. Coca‑Cola collects biometric data only with your specific consent.
Information associated with an account on a social media platform
When you connect or log into the Services through your social media account, such as Meta and Twitter, we collect the personal information permitted by the social media platform and your account permissions, such as profile photo, email, like and interest and friends, followers or similar lists.
To personalize your experience of the Services
To respond to your comments and inquiries posted on a social media platform and analyze communications (such as tweets or posts) with or about Coca‑Cola to better understand how consumers view Coca‑Cola
(If you decide later that you do not want to provide us with information from your social media account, then please adjust the privacy settings in your social media account.)
Location Data
We collect precise geolocation ( aka GPS) data when permitted through our Apps when you choose to allow it through your mobile device’s operating system and otherwise with your consent, as required.
Approximate location from an IP address or connections to WiFi, Bluetooth or a wireless network service is automatically collected when you use the Services.
We collect this location data:
To customize your experience of the Services
To let you know when products, promotions or events are available near you or allow other users to see your location when you choose to allow it
To send geographically-relevant advertising
Other Personal information shared through the Services
To administer online communities
To manage promotions and other features of the Services that allow you to share your personal information
b. Information about use of our Apps
When you download and install one of our Apps, the information that we collect depends on your mobile device’s operating system and permissions. Our Apps need to use certain features and data from your mobile device in order to function. For example, if you want a seamless online to App experience we need to collect and link information from your web browser.
To learn more about the specific information collected by an App, please check your device settings or review the permissions information available on the particular platform (e.g., Google Play and the App Store) from which you downloaded the App. Certain Apps also allow you to check or change your status for certain data collection in the App settings. If you change your settings, certain App features may not function properly.
To stop collection of all information through an App, please uninstall the App.
c. Information automatically collected during use of the Services
We automatically collect certain information from and about use of the Services from users’ computers and mobile devices. Some automatically-collected information is personal information under certain laws. This information is automatically collected using cookies, pixel, web beacons and similar data collection technology (collectively, data collection technology).
The information that we automatically collect includes:
information about your computer or mobile device, such as device type and identification number, browser type, internet service provider, mobile network and operating system
IP address and broad geographic location (e.g., country or city-level location)
how a computer or mobile device interacts with the Services, including the date and time the Services are accessed, search requests and results, mouse clicks and movements, specific webpages accessed, links clicked and videos watched
traffic and usage measurements
data about the third-party sites or services accessed before interacting with the Services, which is used to make advertising more relevant for users
interactions with our marketing communications, such as whether and when a Coca‑Cola email is opened
d. Information collected from third parties
From time to time, we receive personal information from third parties that we use to learn more about our users, personalize user experience and more effectively promote and improve the Services.
The types of personal information that we receive from third parties are:
Personal information associated with purchases. Payment card purchases are processed by third-party payment processors. Coca‑Cola does not have access to complete bank account numbers, credit card numbers or debit card numbers.
Personal information that is commercially available from marketing services providers or collected by marketing partners through campaigns and events, which is used to help identify individuals who may be interested in learning more about Coca‑Cola and to supplement personal information we already have. This personal information includes insights from matching our pseudonymized data sets with third parties’ pseudonymized data sets, including though data clean rooms (see also Section 4 below).
- Personal information that we receive from the third-party advertising partners that help us provide more relevant advertising
- Personal information shared with Coca‑Cola by bottler partners
- Personal information from publicly-available sources
- Personal information from law enforcement and other government authorities (but only in rare cases)
We may combine information that Coca‑Cola has about you or combine data from third-party data sources. We require that each third-party data provider confirm that its sharing of personal information with Coca‑Cola is transparent to consumers and otherwise lawful.
e. Other information collected with your consent
We may ask you for your consent to collect specific types of personal information so that you can participate in new activities, receive exclusive content or test new features. Under some privacy laws, Coca‑Cola is required to obtain consent before collecting and using personal information. Please see Section 9 for details.
4. HOW DOES COCA-COLA USE PERSONAL INFORMATION?
Coca‑Cola uses personal information to provide and improve the Services, manage our business, protect users and enforce our legal rights.
We use personal information to provide, personalize and improve the Services (in each case as permitted by applicable law), including:
To create and update users’ accounts and fulfill users’ requests
To centralize consumers’ personal information in a database managed by a third party on our behalf and append information collected from third parties
To send marketing and non-marketing communications to users
To enable communications among users, such as an online community
For targeted advertisements (also sometimes referred to as personalized or interest-based advertising) based on information generated by a user’s online activity, such as visiting websites that contain our advertising partners’ ads or cookies, some of which are based on geo-location.
- To learn more about our users so we can recommend content that we think will interest particular users
- In particular, we develop insights about users by participating in ‘data clean rooms.’ Through a data clean room, we run queries and extract outputs and insights from data offered by third parties that also participate. Data used in data clean rooms is shared by other businesses and participants in a format that does not directly reveal or expose personal information; instead, before matching, an identifier is created and used to match the third-party data sets with Coca‑Cola’s pseudonymized personal information. (Using personal information for the purpose of creating pseudonymized data involves prior profiling of data sets.) After the matching process, we receive aggregated information about our audience that does not allow for enrichment of individual data sets unless we inform you or otherwise obtain separate consent. Data sharing in data clean rooms is for the purpose of audience discovery, audience expansion, audience targeting and look-alike audience modelling.
For promotion and loyalty program administration
For customer service
For facilitating payment
To analyze how users interact with the Services and activity trends so that we can develop new features and content that meet our consumers’ expectations
To improve the Services and users’ experience of them
For data analytics, research, product development and machine learning that enable us to better understand our consumers and offer innovations for them
For monitoring and testing the Services, including to troubleshoot operational problems
To create anonymized data, which are not subject to this Privacy Policy, that are used in improving Coca‑Cola’s products and services and similar business purposes and otherwise as permitted by contract and law
To detect and protect against fraud, abusive and unauthorized use of the Services
For risk management and similar administrative purposes, such as to monitor and enforce compliance with user agreements and otherwise comply with laws applicable to Coca‑Cola
What are cookies?
Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer or device, such as settings, browsing history and activities conducted while using the Services.
Coca‑Cola also uses “pixels” (sometimes called web beacons). Pixels are transparent images that can collect information about email opens and website usage across websites and over time.
Cookies that Coca‑Cola sets in the Services are called first-party cookies. Cookies set in the Services by any other party are called third-party cookies. Third-party cookies enable third-party features or functionality on or through the Services, such as analytics and marketing automation. The parties that set third-party cookies can recognize your device both when you use it to access the Services and also when you use it to visit certain other websites. To learn more about cookies generally, visit www.allaboutcookies.org.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser blocks that website from collecting certain information from the browser cache. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Coca‑Cola, do not yet respond to DNT signals.
Why does Coca‑Cola use cookies and other data collection technology?
Some cookies are required for the Services to operate. Other cookies enable us to track the interests of users for targeted advertising and to enhance the experience of the Services.
The types of cookies served on through the Services and why they are used is as follows:
Strictly necessary cookies are required for the Services to operate.
Performance or Analytics cookies collect information about how the Services are used so we can analyze and improve the Services. Performance or analytics cookies typically remain on your computer after you close your browser until you delete them.
Advertising cookies are used to make advertising messages more relevant to you by helping us display advertisements that are based on your inferred interests, prevent the same ad from appearing too often and ensure that ads are properly displayed for advertisers.
Social media cookies allow users to interact more easily with social media platforms. We do not control social media cookies and they do not allow us to gain access to your social media accounts without your permission. Please refer to the relevant social media platform’s privacy policy for information about the cookies used.
Data collection technology enables Coca‑Cola to monitor the traffic patterns from one webpage to another, to deliver or communicate with cookies, to understand whether users visit the Services after seeing our online advertisement displayed on a third-party website, to improve performance of the Services and to measure the success of our email marketing campaigns. Coca‑Cola’s Cookie Policies (available in certain jurisdictions) describe Coca‑Cola’s use of data collection technology.
Google Products
Where permitted by applicable law, the Services use Google Analytics for targeted advertising (which Google sometimes refers to as ‘remarketing’). Google uses cookies that Google recognizes when consumers visit various websites. The data collected through Google’s cookies helps Coca‑Cola analyze how the Services are used and, for some Services and in some jurisdictions, to personalize marketing communications and digital advertising. The Services also embed videos from YouTube (a Google company) by framing. This means that, after you click the button to play a YouTube video through the Services, a connection between the Services and the YouTube servers is established. Then, an HTML link provided by YouTube is inserted into the code of the Services to create a playback frame. The video stored on the YouTube servers is then played by the frame in the Services. YouTube also receives information that informs YouTube that you are currently using the Services: your IP address, browser information, the operating system and settings of the device you are using, the URL of the current web page, previously-visited web pages if you have followed a link, and the videos you watched. If you are logged into your YouTube account, the information may be associated with your YouTube user profile. You can prevent this association by logging out of your YouTube account before using the Services and deleting the corresponding cookies.
For more information about how Google collects, uses and shares your information, please visit Google’s Privacy Policy
For more information about how Google uses cookies in advertising, please visit Google’s Advertising page.
To prevent Google Analytics from using your data, you can install Google’s opt-out browser add-on.
To opt out of ads on Google that are targeted to your interests, use your Google Ads settings.
If you are located in the EEA, Switzerland or UK, please note in particular that, if you allow Google’s cookies in Coca‑Cola’s Privacy Preference Center, the information generated by those cookies about use of the Services is transmitted to and stored by Google on servers in the United States. Coca‑Cola used technology tools, including Google’s IP Anonymization tool, to exclude the last part of your IP address before the data is transferred by Google to the United States, as well as Google’s tools for deactivation of data sharing and Google signals and User-ID settings in Google Analytics for certain jurisdictions. Google will not associate an IP address with any other data held by Google.
On behalf of Coca‑Cola, Google will use the data described above to compile reports that help Coca‑Cola operate and provide the Services.
Meta Products
Some part of the Services use products and features offered by Facebook, Instagram and Messenger and Facebook apps (Meta Products). The Meta Products use tags, pixels (the Meta Pixel) and other unique tracking codes and technology that collect user information (including personal information) from the Services. Facebook tracks user interactions with the Services after a user clicks on an ad placed on Facebook or other services provided by Meta (called a conversion) and enables Coca‑Cola to learn more about how users engage with ads and similar information. The Meta Products use the collected data for Meta’s own purposes, including to improve the Meta Products. Meta may transfer data that it collects from the Services to the USA and other countries, where you may have fewer rights to related to your personal information. To learn more about how the Meta Products collect, use and process personal information and how you can manage or delete personal information about you, please see the Privacy Policy for the Meta Products at https://www.facebook.com/about/privacy.
Your Cookie Choices
You can set your browser to refuse all cookies or to indicate when a cookie is set. (Most browsers accept cookies automatically but allow you to disable them but note that some features of the Services may not work properly without cookies.)
As noted above, Google has developed an opt-out browser add-on if you want to opt out of the cookies used for Google Analytics. You can download and install the add-on for your web browser here. You may refuse the use of these cookies by selecting the appropriate settings on your browser. To learn more about how to view and manage your information on the Meta Products, please see here.
Certain jurisdictions in which the Services are available also have cookie policies which are separate from and supplement this Privacy Policy and tools to manage cookies. Please refer to Section 9 for details.
Coca‑Cola shares personal information with the following categories of recipients:
- Professional advisors, such as lawyers, accountants, insurers and information security and forensics experts.
- Marketing vendors that help promote the Services (such as by email marketing) and from time-to-time supplement personal information that we already have. For example, Meta receives and uses certain data related to the use of the Services to help us deliver personalized advertising on its platform and assess the effectiveness of this advertising.
- Service providers to enable them to perform services on our behalf, including data analytics, data security, ecommerce operations, surveys, research, administration of promotions, offers and loyalty programs and otherwise to help us carry out our business. Some of these service providers have global responsibilities.
- For strategic partnerships, such as with sports leagues and manufacturers and other providers of complementary offerings.
- Through data clean rooms as described in Section 4. Data sharing in a data clean room is for the purpose of audience discovery, audience expansion, audience targeting and look-alike audience modelling.
- Cloud storage providers.
- Potential or actual acquirers or investors and their professional advisers in connection with any actual or proposed merger, acquisition, or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Privacy Policy apply to personal information after the transaction or that users receive advance notice of changes to personal information processing.
- Coca‑Cola affiliates and bottler partners.
- Competent law enforcement, government regulators and courts when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend legal rights, or (iii) to protect the vital interests of users, business partners, service providers or another third party.
- Other third parties with your permission.
If we share personal information, we require that the recipients handle personal information in compliance with this Privacy Policy and our confidentiality and security requirements.
7. HOW DOES COCA-COLA PROTECT PERSONAL INFORMATION?
Coca‑Cola takes care to secure and safeguard the personal information entrusted to us. We use a variety of measures to help us protect personal information from unauthorized access and use.
Coca‑Cola uses technical, physical, and administrative safeguards intended to protect the personal information that we process. Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal information and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal information. Coca‑Cola cannot, however, fully eliminate security risks associated with the processing of personal information.
You are responsible for maintaining the security of your account credentials. Coca‑Cola will treat access to the Services through your account credentials as authorized by you.
Coca‑Cola may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to Coca‑Cola or your account is no longer secure, please notify us immediately at Privacy@coca-cola.com.
If we become aware of a breach that affects the security of your personal information, we will provide you with notice as required by applicable law. When permitted by applicable law, Coca‑Cola will provide this notice to you using the email address associated with your account or another permitted method associated with your account.
UNAUTHORIZED ACCESS TO PERSONAL INFORMATION THROUGH THE SERVICES – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.
8. HOW LONG DOES COCA-COLA RETAIN PERSONAL INFORMATION?
We retain personal information about a user for as long as user’s account is active and otherwise as long as necessary for the purposes described above. We also retain personal information as long as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
We intend to keep your personal information accurate and up-to-date. We retain the personal information that we handle subject to this Privacy Policy in accordance with our data retention policy. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law. At the end of relevant retention period, we either delete or anonymize personal information or, if we cannot delete or anonymize personal information, then we segregate and securely store personal information until deletion or anonymization is possible.
Once we anonymize personal information, it is no longer personal information. We use anonymized data subject to applicable law and contracts.
9. WHAT CHOICES ARE AVAILABLE FOR PERSONAL INFORMATION?
You can make choices about Coca‑Cola’s handling of your personal information. You can exercise your privacy rights by contacting Coca‑Cola as described in this Section 9 or using various tools available through your browser or that Coca‑Cola makes available. In some cases, your ability to access or control your personal information is limited by applicable law.
Mobile Device Preferences
Mobile operating systems and app platforms (e.g., Google Play, App Store) have permission settings for specific types of mobile device data and notifications, such as for access to contacts, geo-location services and push notifications. You can use the settings on your mobile device to consent to or deny certain information collection and/or push notifications. Certain Apps also may have settings that allow you to change permissions and push notifications. For some Apps, changing settings may cause certain aspects of the App to not functional properly.
You can stop all information collection from an App by uninstalling the App. If you uninstall the App, please also consider checking your operating system’s settings to confirm that the unique identifier and other activity associated with your use of the App is deleted from your mobile device.
Opting out of Coca‑Cola’s Emails and Text Messages
To stop receiving promotional emails from Coca‑Cola, please click the “Unsubscribe” link at the bottom of the email. After you opt out, we may still send you non-promotional communications, such as receipts for purchases or administrative information about your account.
Your account settings also may allow you to change your notification preferences, such as push notifications from an App.
To stop receiving promotional text messages (SMS or MMS), please send a reply text message indicating that you wish to stop receiving promotional text messages from us – such as by testing the word “Stop”. You also may let us know as directed below in the “Contacting Us” section. Please specify which types of communications you no longer wish to receive together with the relevant telephone number, address, and/or e-mail address. If you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages, such as emails about your accounts or purchases
INFORMATION ABOUT PRIVACY RIGHTS AND CHOICES FOR SPECIFIC JURISDICTIONS IS PROVIDED IN SECTION 13 AT THE END OF THIS PRIVACY POLICY. WE ENCOURAGE YOU TO REVIEW THE RELEVANT SECTIONS.
IF YOU ARE LOCATED IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT US AT PRIVACY@COCA-COLA.COM. We respect your privacy rights and will do our best to accommodate your requests.
10. HOW DOES COCA-COLA PROTECT CHILDREN'S PRIVACY?
Some of the Services have age restrictions which means that we may ask questions to verify your age before we allow you to use those Services.
In accordance with our Responsible Marketing Policy, Coca‑Cola does not direct marketing for our products to children under age 13. If you become aware that a child under age 13 or the age set under local law has provided us with personal information without parental consent or other than as allowed by applicable law, please contact our Privacy Office at privacy@coca-cola.com. Once we become aware, we will take steps to remove the child’s personal information as required by applicable law.
11. DOES COCA-COLA TRANSFER PERSONAL INFORMATION TO OTHER COUNTRIES?
Coca‑Cola may transfer personal information across borders to any of the places where we and our suppliers and business partners operate. These other places may have data protection laws that are different from (and, in some cases, less protective) than the laws where you reside.
If your personal information is transferred across borders by us or on our behalf, we use appropriate safeguards to protect your personal information in accordance with this Privacy Policy and applicable law. These safeguards include agreeing to standard contractual clauses or model contracts for transfers of personal information among the Coca‑Cola affiliates and among our suppliers and partners. When in place, these contracts require our affiliates, suppliers and partners to protect personal information in accordance with applicable privacy laws.
Please also see our Data Privacy Framework Privacy Policy, which describes how Coca‑Cola handles personal data that Coca‑Cola receives in the U.S. from the EU, UK and Switzerland in reliance on the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce (collectively, the DPF Framework). If the terms in this Privacy Policy and the DPF Privacy Policy conflict, then the DPF Privacy Policy governs with respect to personal information that Coca‑Cola receives in the U.S. under the DPF Framework. To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov/.
To request information about our standard contractual clauses or other safeguards for cross-border personal information transfers, please contact privacy@coca-cola.com.
12. WHEN IS THIS PRIVACY POLICY CHANGED?
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. The most current version always is available through the Services.
When we update this Privacy Policy, we will post the updated version and change the Effective Date above. We also will take appropriate measures to inform you in advance of significant changes that we believe affect your privacy rights so that you have an opportunity to review the revised Privacy Policy before it is effective. If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised Privacy Policy applies to you. Please regularly check this Privacy Policy to ensure you are aware of the updated version.
13. PRIVACY RIGHTS AND CHOICES FOR SPECIFIC JURISDICTIONS
Residents of the United States
Additional disclosures related to collection, use, and disclosure of personal information for residents of certain US states.
Privacy Notice at Collection
For California Consumer Privacy Act of 2018 (CCPA) purposes, Coca‑Cola generally acts as a “Business” with respect to your personal information. A Business is like a Data Controller, which means that Coca‑Cola determines how and why the personal information that Coca‑Cola collects from or about you is handled.
This Notice at Collection of personal information describes our personal information collection practices when we are acting as the Business, including a list of the categories of personal information we collect, the purposes for which we collect personal information and the sources from which we collect personal information.
Although we already explain what personal information we collect and why above in this Privacy Policy, the CCPA requires that we make certain disclosures using the categories of personal information used in the definition of personal information in the CCPA.
Certain states, including California, require us to provide additional disclosures with respect to our collection, use, and disclosure of personal information. The information in this section is provided as a supplement to the rest of the information provided in this Privacy Policy. Please read the entire Privacy Policy for a full description of our privacy practices.
The personal information we collect about you includes information within the below categories of data. Note that the “category” of data listed below refers to the category of personal information as defined under California law and represents the categories of personal information that we have collected, and how it has been shared, over the past 12 months. Inclusion of a category in the list below indicates only that we may collect some information within that category. We do not necessarily collect all information listed in a particular category, nor do we necessarily collect all categories of information for all individuals. While the categories are as defined under California law, the disclosures below also apply to residents of other states as well.
We have disclosed personal information in each of the below categories with our affiliates and service providers, including marketing vendors, affiliates and bottler partners, and other third parties, as well as with government entities as necessary, for our business purposes within the last 12 months. We have not necessarily shared all information listed in a category. We have also shared your Internet or other electronic network activity information (as described further below) with our advertising partners.
Category | Source | Purpose of processing |
Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address. | Directly from you or from records we have about you while providing products or Services. |
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Directly from you or from records we have about you while providing products or Services. |
|
Protected classification characteristics under California or federal law (i.e., familial status, disability, sex, national origin, religion, color, race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information). | Directly from you or from records we have about you while providing products or Services. | In limited circumstances, a subset of this data may be processed in connection with our operational functions, including considering your eligibility to enter a sweepstake or competition or purchase certain products. |
Commercial information: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from you or from records we have about you while providing products or Services. |
|
Internet or other electronic network activity: browsing history, search history, and information regarding your interaction with our Services. | Directly from you, automatically collected during use of the Services |
|
Geolocation data | Directly from you or automatically collected during use of the Services |
|
Audio, electronic, visual, thermal, olfactory, or similar information. | Directly from you or your interactions with our Services. |
|
Inferences (defined as “the derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data”) drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | We may make inferences from information obtained directly from you or from third parties. |
We also use this information to advertise our products and Services that might be of interest to you. |
In addition to the categories of information above, we also collect the following categories of sensitive personal information:
Category | Source | Purpose of processing |
Precise geolocation information | Directly from you or your interactions with our Services. | This information is necessary to administer your relationship with us, including meeting our legal obligations, and providing you with products and services, as applicable. It may also be processed in order to help detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and for compliance management. |
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account directly from you and our service providers. | Directly from you or your interactions with our Services. | This information is necessary to administer your relationship with us, including meeting our legal obligations, and providing you with products and services, as applicable. It may also be processed in order to help detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and for compliance management. |
While we have disclosed personal information to third parties, we have no actual knowledge that we have sold or shared such information on anyone under 16 years old.
Your Consumer Privacy Rights
Depending on your residency, the type of Personal Data collected, and subject to certain exemptions, you may have rights with respect to your Personal Data. We may choose to extend these rights to you even if we are not required to under applicable law:
Right to access/know: You may have the right to know and request information about the categories and specific pieces of personal information we have collected about you within the last 12 months, as well as the categories of sources from which such information is collected, the purpose for collecting such information, and the categories of third parties, or specific third parties, depending on your jurisdiction, with whom we share such information. You also have the right to know if we have sold or disclosed your personal information.
Right to data portability: – In some instances, you may have the right to receive the information about you in a portable and readily usable format.
Right to request deletion: You may have the right to request that we delete certain personal information that we have collected from you.
Right to correct: You may have the right to correct inaccurate personal information about you. Note that correction requests are subject to certain limitations, and we may choose to delete rather than correct your personal information in some circumstances.
Right to opt-out of sale, sharing or targeted advertising of personal information to third parties: Our disclosure of your personal information to third party advertising and analytics providers may constitute a sale under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes). To the extent that our use constitutes a sale or sharing of your personal information, you have the right to opt-out by (a) enabling an opt-out preference signal or Global Privacy Control on your browser which is recognized by our U.S.-facing websites, (b) opting-out of cookies in our U.S.-facing websites’ cookie preference center, or (c) submitting an opt-out request here.
Right to opt-out of the processing of sensitive personal data: Certain Personal Data qualifies as “sensitive personal data” under U.S. Privacy Laws. Some U.S Privacy Laws require consent for the processing of sensitive personal data subject to certain exceptions and exemptions. You may have the right to revoke such consent, if applicable, and/or direct us to limit our use and disclosure of sensitive personal data if we use it beyond certain internal business purposes.
Right against discrimination: We will not discriminate against you for exercising any of your rights. We will not deny you goods or services for exercising your rights; charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, because you exercised your rights; provide you a different level or quality of goods or services because you exercised your rights; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services as a result of exercising your rights.
The right not to be subject to decisions based solely on automated processing: You may have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
Profiling
This section only applies in case we use automated processing on your personal information to evaluate, analyze, or predict your personal preferences. The consequences of such profiling for you, and the logic involved in such automated processing, may be that you receive targeted ads. You may have the right to access and obtain communication about the decision based on the profiling, including the logic involved and the consequences.
Depending on your residency, you may have the right to object to profiling that has legal consequences or similarly significant effects for you.
Depending on your residency, these rights may not apply to pseudonymous data if the information necessary to identify the consumer is kept separately and is subject to controls that prevent access to the information. Pseudonymous data is personal information that can no longer be attributed to a specific individual without the use of additional information, if the additional information is kept separately and is subject measures to ensure that personal information is not attributed to the specific individual.
Data solely retained for data backup or archive purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
Submitting requests
To submit a request to exercise your privacy rights, please:
call toll-free to 1-800-438-2653
To submit your request, please be prepared with your name, email address and place of residence. You may authorize another person (your agent) to submit a request on your behalf.
We aim to complete requests as soon as reasonably practicable and consistent with any applicable laws. Please note that it may take additional time to verify and fulfill agent-submitted requests. If you have an account with us, you may also make certain changes directly through your account profile page. Please note that changes you make on your account profile page through the Services may not always be reflected on parts of the Services operated by us.
Please note:
We may (and in some cases are required to) verify your identity before we can act on your request to exercise your California privacy rights. After we receive and process your request, we will contact you using the email address provided in your request with instructions on how to verify your identify, after which we will check our records for matching information.
We may not honor part or all your request – for example, certain information we collect may be exempt from this California Privacy Notice, such as public information made available by a government entity or information covered by a different privacy law. In these situations, we will explain why we do not honor your request when we respond to you.
Based on your residency, you may have the right to appeal our decision about your request by contacting us at privacy@coca-cola.com.
In some locations, we are only obligated to respond to personal information requests from the same consumer up to two times in a 12-month period. In addition, under applicable privacy law, and for the protection of your personal information, we may be limited in what personal information we can disclose.
We will maintain all of your privacy requests for at least 2 years. This information will not be used for any other purpose except to review compliance processes; it will not be shared except as necessary to comply with a legal obligation. For residents of Colorado, sensitive personal information which we no longer have consent to process will be deleted or rendered permanently anonymized or inaccessible within a reasonable period of time after withdrawal of consent.
Agent Requests
You may use an authorized agent to make a privacy rights request for you. Before you can authorize an agent, Coca‑Cola requires that you complete our form here. We also may require that you directly confirm that you authorized the agent to submit requests on your behalf. Please note that it may take additional time to verify and fulfill agent-submitted requests. Once confirmed, your authorized agent may exercise privacy rights on your behalf, subject to the requirements of applicable law.
Appeals
You may appeal Coca‑Cola's decision regarding a request by email at privacy@coca-cola.com. Please use the same email address that you used to submit the initial privacy rights request when you submit your Request to Appeal and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, Coca‑Cola cannot link your Request to Appeal to your initial privacy rights request.
Coca‑Cola's Responses
Some personal information that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., data tied only to a pseudonymous browser ID). We do not include that personal information in response to those requests. If we deny a request, in whole or in part, Coca‑Cola will explain the reasons in our response.
Retention of your Personal Information
We retain personal information about a Consumer for as long as the Consumer’s account is active and otherwise as long as necessary for the purposes described above. We also retain personal information as long as necessary to comply with legal obligations, resolve disputes and enforce our agreements. When determining the retention period, we consider various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you and mandatory retention periods under applicable law.
Notice of Financial Incentive
We may offer discounts or other benefits to consumers enrolled in certain rewards or promotional programs, including, but not limited to,: (1) Consumers can opt-in to email promotions from Coca‑Cola by submitting their email address through our website. Additional terms and conditions are posted there. (2) Consumers who participate in promotions may save and redeem rewards. (3) Consumers can create a Coca‑Cola account and receive 15% off their first order at the Coca‑Cola store. (4) Consumers can register for an account and get free or discounted products. (5) Consumers can participate in Coca‑Cola’s social promotions, contests, or sweepstakes for a chance to receive the benefits described in each such promotion.
Coca‑Cola does not generally assign monetary or other value to consumers’ personal information and our promotions activity changes continually. To the extent California law requires that a value be assigned to such programs, or the price or service differences they involve, Coca‑Cola values the personal information collected and used under each program as being equal to the value of the discounts or other financial incentives provided in each such program, based upon a practical and good-faith effort to assess on an aggregate basis for all collected information: (1) the type of personal information collected in each program (e.g., email address), (2) the use of such information by Coca‑Cola in connection with its marketing activities, (3) the range of discounts provided (which can depend on each consumer’s purchases under such offers), (4) the number of individuals enrolled in respective programs, and (5) the products for which the benefits (such as price difference) can apply. These values can change over time. Note that this description is without waiver of any proprietary or business confidential information, including trade secrets, and it does not constitute any representation about generally accepted accounting principles or financial accounting standards.
California “Shine the Light” Law permits California residents to request a notice disclosing the categories of personal information about you that we have shared with third parties for their direct marketing purposes during the preceding calendar year. At this time, Coca‑Cola does not share personal information with third parties for their direct marketing purposes.
14. THE DPF
THE EU-US DATA PRIVACY FRAMEWORK POLICY
The Coca‑Cola Company (“Coca‑Cola” or “we”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Coca‑Cola has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the Processing of Personal Information received from the European Union (EU) in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Coca‑Cola has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) about the Processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov.
(Note: the Swiss-U.S. DPF is awaiting finalization as of the date of this DPF Policy. Please visit here for more information.)
In this Coca‑Cola Company Data Privacy Framework Privacy Policy (DPF Policy), the following terms have the following meanings:
- Agent means any third party that collects or uses Personal Information under the instructions of, and solely for, Coca‑Cola or to which Coca‑Cola discloses Personal Information for use on Coca‑Cola's behalf.
- Data Subject (or you) means a natural person whose Personal Information is covered by this DPF Policy.
- Controller means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
- DPF Principles means the EU-U.S. DPF Principles (defined above) and Swiss-U.S. DPF Principles (defined above), as set forth by the U.S. Department of Commerce here.
- DPF Program means, collectively, EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
- Personal Information means any information, including Sensitive Personal Information, relating to an identified or identifiable natural person that is received by Coca‑Cola in the U.S. from the EEA, Switzerland or UK/Gibraltar, and recorded in any form.
- An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing means any operation or set of operations performed on Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
- Sensitive Personal Information means Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information specifying an individual’s sex life, and any Personal Information received by Coca‑Cola from a third party that the third party identifies and treats as sensitive.
WHEN THIS DPF POLICY APPLIES
This DPF Policy applies to Personal Information transferred from member countries of the European Economic Area (EEA, which is the member states of the EU plus Iceland, Liechtenstein and Norway), the United Kingdom (UK), and Switzerland to Coca‑Cola in the U.S. in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF.
Personal Information that Coca‑Cola Processes in compliance with the DPF Program is covered by Coca‑Cola’s other privacy-related requirements and policies (collectively, the Coca‑Cola Privacy Policies), such as:
Personal Information Processed about users of Coca‑Cola’s websites, mobile applications, widgets and other online and offline services (together, the Services) is subject to the Coca‑Cola Privacy Policy (available at https://www.coca-cola.com/gb/en/legal/privacy-policy for the UK, and, for the EEA and Switzerland, by selecting the relevant country here or, for some Services, the privacy policy, notice or statement linked or posted in those Services.
Personal Information regarding external job applicants is described in The Coca‑Cola Applicant Privacy Notice applies to Personal Information collected from or about applicants.
Personal Information regarding Coca‑Cola’s current or past employees, interns, contractors, and contingent workers is subject to Coca‑Cola’s Employee Privacy Notices and to Coca‑Cola’s DPF Policy for HR (human resources) Data, which are available on KO Connect (Coca‑Cola’s intranet).
- This DPF Policy does not apply to Personal Information transferred under Standard Contractual Clauses or any approved derogation from the EU General Data Protection Regulation, the UK General Data Protection Regulation or the Swiss Federal Data Protection Act. While the DPF Program is an authorized international transfer mechanism to enable Coca‑Cola to receive Data Subjects’ Personal Information in the U.S., Coca‑Cola’s obligations and Data Subject rights under the DPF Program are separate from those under EU General Data Protection Regulation, the UK General Data Protection Regulation and the Swiss Federal Data Protection Act.
COCA-COLA’S COMMITMENT TO THE DPF PRINCIPLES
Coca‑Cola commits to applying the DPF Principles to all Personal Information that Coca‑Cola in the U.S. receives from the EEA, UK and Switzerland in reliance on the DPF Program. Coca‑Cola’s adherence to this DPF Policy may be limited to the extent required to meet Coca‑Cola’s legal, regulatory, governmental or national security obligations.
The DPF Principles
The DPF Principles are: 1. Notice; 2. Choice; 3. Accountability for Onward Transfer; 4. Security; 5. Data Integrity and Purpose Limitation; 6. Access; and 7. Recourse, Enforcement and Liability.
CHANGES TO THIS DATA PRIVACY FRAMEWORK POLICY
This DPF Policy may be amended from time to time consistent with the requirements of the DPF. When we make changes to this DPF Policy, we will revise the “Last Updated” date at the beginning of this DPF Policy. We also will take appropriate measures to inform you in advance of changes we feel are significant so that you have an opportunity to review the revised DPF Policy before it is effective. If your consent is required by the DPF Principles, we will obtain your consent. We encourage you to regularly check this DPF Policy to ensure you are aware of the updated version.
QUESTIONS?
Coca‑Cola is committed to protecting the privacy of your Personal Information. If you have any questions or comments about this DPF Policy, please contact privacy@coca-cola.com.