Privacy Policy

Effective Date: September 1, 2020

At BellRing Brands, Inc. and our subsidiaries, Premier Nutrition Company, LLC, Dymatize Enterprises, LLC and Supreme Protein, LLC (“BellRing,” “we” or “our“), we want you to be familiar with how and why we collect, use, and
disclose information about you. This includes information we collect through our websites including www.bellringbrands.com, www.bellring.com, www.powerbar.com and https://www.supremeprotein.com/ (our “Sites”). Some of this information may individually identify you. This Privacy Policy explains our
information practices with respect to information collected and the choices you can make about the collection, access, and use of your information.

This Privacy Policy also applies to our targeted content, including online offers and advertisements for our subsidiaries’ products and services, which we (or a service provider acting on our behalf) may send to you on our subsidiaries’ or third-party websites, platforms and applications (collectively, “Third-Party Sites“) based on your use of the Internet. These Third-Party Sites may have their own privacy policies and terms and conditions. We encourage you to read each such privacy policy and terms and conditions before using those Third-Party Sites. If you wish to opt out of interest-based advertising, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences. Alternatively, if you are located in the European Union, you may visit http://www.youronlinechoices.eu/. Please note that you may continue to receive generic ads.

We are committed to safeguarding your privacy and ensuring that your personal data is protected. As part of our commitment, we train our employees about the importance of privacy and how to handle and manage personal data appropriately and securely.

WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE USE IT?

We collect information that identifies you or from which you are identifiable (“Personal Data“) from you if you provide it to us.

BellRing certifies that it collects and processes Personal Data, including data covered by the Privacy Shield as defined and discussed below, only to the extent (i) that it has a legitimate, lawful basis for processing and (ii) that such Personal Data is relevant to the purposes for which it was collected or disclosed.

The Personal Data we collect may include your:

  • • name, business name, or on-line handle or username;
  • • physical address, zip code;
  • • phone number;
  • • email address;
  • • date of birth;
  • • gender / pronoun preference;
  • • geographic details;
  • • credit card information;
  • • Internet Protocol (IP) address
  • • product purchase history;
  • • favorite retailer, flavor preferences, and product usage and preferences;
  • • email, comments, and direct message correspondence;
  • • number of BellRing Brands shares owned;
  • • (for our employees only: social security number, driver’s license number, passport number, insurance policy numbers, education and employment history, banking details and charitable organizations you support);
  • • (for callers to our consumer care hotline: relevant current and preexisting health conditions, prognoses, and treatments); and
  • • any other information that might be used to identify you by another person.

We may use this Personal Information to:

  • • communicate with you regarding our products, services, promotions and news releases;
  • • provide you with information that you request;
  • • improve our product and service offerings;
  • • administer a contest, promotion, survey, market research, focus group or other feature to provide you with the relevant products and services;
  • • analyze visits to our websites and learn about the interests of our visitors on a personal level to better understand their interests and needs;
  • • respond to investor-specific inquiries;
  • • to respond to consumer questions, comments, or inquiries regarding us or our products;
  • • facilitate your transactions;
  • • communicate with you regarding our website, Privacy Policy and terms and conditions; and
  • • consider your job application and communicate with you about your job application or your employment and employee benefits.

All of the above uses are considered “Services.” With respect to Personal Data covered by the Privacy Shield, as defined and discussed further below, we certify that we collect and process Personal Data solely to the extent such Personal Data is relevant in providing the Services. For our record keeping purposes, we may retain certain Personal Data that you provide in connection with commercial transactions; however, we will only retain the information for so long as it serves the purpose of providing the Services.

In particular, we process Personal Data for the specific purposes listed in Subsections A-H below; the following explains which Personal Data we may collect for each purpose, the nature of the purpose, the length such data is stored, the basis for collection, and any further relevant information.

A. SURFING ON OUR WEBSITE – with or without Cookies

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: information about the type of browser you use, the size of the browser window, the screen resolution, the URL of the page that you are viewing, the title and other details of the web pages you have viewed, your location from IP address (not the IP address itself), your device address, your Cookie ID, hyperlinks that you have clicked, whether or not your browser has Java enabled, what version of Flash software your browser uses, the language settings from your browser and any other information you choose to share when using Third-Party Sites (such as when you use the “Like” functionality on Facebook or the +1 functionality on Google+), and the websites you visited before arriving at our relevant Site.
  • 2. What is the Purpose of Processing your Personal Data? We (and third-party service providers acting on our behalf or on their own behalf) use cookies and similar technologies to process data about you when you visit our Sites. Cookies are files that store information on your computer hard drive or browser that mean that we can recognize that you have visited us before. We use cookies and similar technologies to improve our products and your experience on our Sites by evaluating the use of our Sites, products and Services to personalize content and ads, to provide social media features and to analyze our traffic. You can view more information on the cookies used and adjust your cookie preferences via the Cookie Consent Tool on our Sites.
  • • Do Not Track (“DNT“) is a privacy preference that users can set in their web browsers.

Residents of the E.U., U.K., or Switzerland: When any of our Sites receives a DNT code from the E.U., U.K., or Switzerland, except in the case of certain scenarios where a user actively and knowingly provides Personal Data (e.g. contact forms), our Sites will not track your use across multiple websites other than the affiliated websites listed at www.bellringbrands.com/certified, but other websites (including, without limitation, certain of our subsidiaries’, affiliates’ and third party providers’ websites) to which we link may continue to track you. When we receive web requests from a user from the E.U., U.K., or Switzerland who enables DNT by actively choosing an opt-out setting in their browser, we will also take reasonable efforts to disable tracking cookies/scripts (e.g. Google Analytics, Google Adwords, Facebook, Twitter and/or other third-party scripts).

All Other Users: At this time, we do not respond to browser DNT signals from places outside of the EU and Switzerland. We and other third parties, including our Agents (defined below), may collect information about your online activities over time and across different websites, including when you visit our website. You can learn about how to exercise choice regarding the collection of information about your online activities over time and across third-party website or online services by visiting http://www.aboutads.info.

  • 3. How long do we store your Personal Data? Please check our Cookie Policy (https://www.bellring.com/cookie-policy/ ) to learn about the
    storage periods for each cookie.
  • 4. What is the Basis for Processing your Personal Data? Your consent through our Cookie Consent Banner.
  • 5. Additional Comments: It is always possible for you to visit our Sites without disclosing your Personal Data. This requires that you have disabled cookies. You can opt out of the processing of such information via the Cookie Consent Banner displayed at the bottom of the relevant Site. Please note, however, that without cookies you may not be able to use all of the features of our Sites or online services.

B. TO RESPOND TO YOUR REQUESTS, PROVIDE INFORMATION ABOUT PRODUCTS, SERVICES OR PROMOTIONS, AND PROVIDE NEWS RELEASES

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names and your email address.
  • 2. What is the Purpose of Processing your Personal Data? We process your Personal Data whenever you contact us in order to respond to your inquiries and comments. We process your Personal Data that you enter when registering for our Sites or products or that you subsequently update or amend in your user account. We process Personal Data to provide you with the information that you request from us, including responding to your queries or comments and sending you products or samples that you have requested. We look at the products you have viewed on our Sites.
  • 3. How long do we store your Personal Data? We store your Personal Data for forty-five (45) days after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law.
  • 4. What is the Basis for Processing your Personal Data? Performance of the contract with, or request by, you; if you provide to us Personal Data that is considered sensitive, your consent. If you wish to discontinue receiving this information, you may update your preferences by using the “Unsubscribe” link found in the emails that we send to you or by contacting us at privacy@bellringbrands.com.

C. CONSIDER YOUR JOB APPLICATION AND COMMUNICATE WITH YOU REGARDING YOUR JOB APPLICATION OR EMPLOYMENT AND EMPLOYMENT BENEFITS

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first, middle, and last names, your mailing address, including city, state, and zip code, your email address, your phone number, including primary and secondary phone numbers, your social security number, drivers’ license number, passport number, insurance policy numbers, banking details, your gender, your ethnic origin, your veteran status, your voluntary self-identification of disability, your work experience, including job titles, company names, and dates of employment, and your education, including the names of the schools you attended, your level of education, your degree, including majors and minors, and the dates of your school attendance.
  • 2. What is the Purpose of Processing your Personal Data? We process your Personal Data in order to make employment decisions, provide our employees with information regarding their employment and their benefits, and to make payments to our employees.
  • 3. How long do we store your Personal Data? We store Personal Data, for unsuccessful applicants, for three (3) years after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law. For employees, we store Personal Data for the duration of your employment and up to eight (8) years thereafter (depending on the data), unless we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law.
  • 4. What is the Basis for Processing your Personal Data? Your consent.

D. MANAGE AND INFORM OUR SHAREHOLDERS AND COORDINATE INVESTOR RELATIONS

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names, your mailing address, and number of shares of BellRing Brands stock owned. We or our processors may also have banking information for the purposes of depositing dividend checks and this information includes the shareholder’s bank account number, email address, employee identification number, social security number and/or other tax identification number.
  • 2. What is the Purpose of Processing your Personal Data? We process your Personal Data in order to record and manage our shareholders and to provide you with information about our stock, shareholder meetings, dividends, and operation and business of our company and its subsidiaries. We also use this information for the payment of dividends.
  • 3. How long do we store your Personal Data? We store your Personal Data for so long as we or our processors, including, without limitation, our transfer agents, are required by law to store the Personal Data or for such longer period of time that we may be required to keep the Personal Data in order to protect the public interest.
  • 4. What is the Basis for Processing your Personal Data Purchase of our stock and our legal obligations to you as a result of being a shareholder of our company and/or performance of a request by you to receive information about our stock and operation of our company and its subsidiaries.

E. PERFORMANCE OF RELEVANT ADMINISTRATIVE SERVICES REQUESTED OR NECESSARY TO FACILITATE OUR RELATIONSHIP

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names, your physical address, your email address and credit history.
  • 2. What is the Purpose of Processing your Personal Data? We will process your Personal Data for the purposes of performing administrative services requested or necessary to facilitate our relationship (e.g., facilitating payments or deliveries of products, services, information or materials) or to fulfill requests you have made (e.g., registration).
  • 3. How long do we store your Personal Data? We store your Personal Data for three years after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law.
  • 4. What is the Basis for Processing your Personal Data? Performance of the contract with, or request by, you; if you provide to us Personal Data that is considered sensitive (e.g. information on your health or religious affiliation), your consent.

F. RESPOND TO CONSUMER COMPLAINTS AND REPORTS OF BUSINESS CONCERNS

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names, your physical address, your email address and relevant information about, the complaint or business concern, the situation or circumstances giving rise to the complaint or business concern, any relevant current and preexisting or existing health conditions, prognoses or treatments, and/or, any other Personal Data that you provide in your report or follow up communications.
  • 2. What is the Purpose of Processing your Personal Data? We will process your Personal Data for the purposes of responding to any consumer complaints or responding to reports from consumers about business concerns related to our businesses, products, and operations.
  • 3. How long do we store your Personal Data? We store your Personal Data for no more than three years after you provide the Personal Data to us, unless (i) we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law or (ii) unless we reasonably anticipate litigation with regard to the matter in which case we would retain relevant Personal Data until such time as the litigation is concluded or is no longer reasonably anticipated.
  • 4. What is the Basis for Processing your Personal Data? Our basis for processing is (i) your consent with regard to Personal Data you provide with regard to your complaint or business concern or (ii) a legal obligation to which we are subject.

G. PREVENTION OF HARM TO US, OUR PRODUCTS OR SERVICES OR A PERSON OR PROPERTY (E.G., FRAUD PREVENTION) OR DEFEND OURSELVES AGAINST CLAIMS OR POTENTIAL CLAIMS

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names, your physical address, your email address, your criminal or credit history and relevant information about (i) the harm or potential harm, (ii) the claim or potential claim or (iii) the situation or circumstances giving rise to harm, potential harm, claim or potential claim, including health information.
  • 2. What is the Purpose of Processing your Personal Data? We will process your Personal Data for the purposes of preventing harm to BellRing or any of its subsidiaries, their products or services or to any person or property (e.g., fraud prevention) and/or in the bringing or prosecution of a claim or potential claim against you. In addition, we may process your Personal Data for the purposes of defending BellRing and/or its subsidiaries against claims or potential claims made against one or more of them.
  • 3. How long do we store your Personal Data? We store your Personal Data for six years after you provide the Personal Data to us, unless (i) we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law or (ii) we reasonably anticipate litigation with regard to the matter in which case we would retain relevant Personal Data until such time as the litigation is concluded or is no longer reasonably anticipated.
  • 4. What is the Basis for Processing your Personal Data? Our basis for processing is (i) a legal obligation to which we are subject or (ii) the processing is necessary for the purposes of our legitimate interests in protecting our business, products, services or a person or property or to defend ourselves against claims or potential claims.

H. COMMUNICATE WITH YOU REGARDING OUR SITE AND PRIVACY POLICY

  • 1. Which Personal Data do we collect about you? For this purpose, we process the following Personal Data: your first and last names, your email address and your physical address.
  • 2. What is the Purpose of Processing your Personal Data? We process your Personal Data whenever there are material changes to our Site and Privacy Policy for the purposes of informing you of those material changes and obtaining your consent, if necessary.
  • 3. How long do we store your Personal Data? We store your Personal Data for seven years after you provide the Personal Data to us, unless we are required by law to store the Personal Data for a longer period in which case we store the Personal Data for the period required by applicable law.
  • 4. What is the Basis for Processing your Personal Data? Our basis for processing is (i) a legal obligation to which we are subject or (ii) the processing is necessary for the purposes of our legitimate interests in protecting our business, products, services or a person or property or to defend ourselves against claims or potential claims.

There are additional disclosures for California residents in the CALIFORNIA PRIVACY RIGHTS Section below.

HOW DO WE SHARE PERSONAL DATA?

We engage other companies, including, without limitation, certain of our affiliates and subsidiaries (“Agents“), to perform certain services on our behalf. Pursuant to written agreements with these Agents, which agreements afford appropriate, and all required, protections of your Personal Data, we use these Agents to provide the following services on our behalf:

  • • provide email services, web site and social media development services;
  • • consumer relations, including consumer complaint response services;
  • • support our Corporate Social Responsibility and philanthropic activities;
  • • gain insights into customer product and retailer preferences;
  • • support employees operating in the field;
  • • employee recruitment services;
  • • legal representation, including with regard to prevention harm to our company, its subsidiaries, our products or services or a person or property (e.g., fraud prevention); and
  • • shareholder record-keeping, notice, transfer agent and other investor relation services.

All of our Agents are bound by contract to refrain from using your Personal Data for any purpose other than providing the applicable service to us. We are liable to you for our Agents appropriate processing of your Personal Data in a manner consistent with this Privacy Policy and applicable data privacy laws and regulations.

As described above, we use Agents to manage our advertising on other websites. These Agents may use cookies or similar technologies in order to provide you with advertising based upon your browsing activities and interests. Any personally identifiable information gathered by these Agents is not provided by the Agents to BellRing Brands. It is only used by the applicable Agent pursuant to its own privacy policies. If you wish to opt out of interest-based advertising, please visit http://preferences-mgr.truste.com/ or http://optout.aboutads.info to manage your preferences. Alternatively, if you are located in the European Union, you may visit http://www.youronlinechoices.eu/. Please note that you may continue to receive generic ads.

In addition to disclosures described above, we may disclose or transfer Personal Data in connection with, or during negotiations of, any merger, acquisition, spin-off, sale of company assets, product lines or divisions, any financing or any similar transaction. We may also disclose Personal Data to prevent damage or harm to us, our services or any person or property, if we believe that disclosure is required to meet national security or law enforcement requirements, or in response to a lawful request by public authorities. Except as described in this Privacy Policy, we will not otherwise disclose Personal Data to any third parties unless you have been provided with an opportunity to opt in to such disclosure.

BellRing does not sell or share the Personal Data it collects from you to any unrelated third parties (who are not Agents) so that they may send you commercial promotions or unsolicited offers for unrelated products or services. If you would like more information about our disclosure of your Personal Data to third parties, please contact us at privacy@bellringbrands.com.

When BellRing transfers Personal Data to countries other than the country where it was provided, we do so in compliance with applicable data privacy laws and/or regulations, including, as applicable, the European Union General Data Protection Regulation 2016/679 (the “GDPR”), the E.U.-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, including the Supplemental Principles, as set forth by the U.S. Department of Commerce (collectively, the “Privacy Shield Principles”), and/or the standard contractual clauses for the transfer of personal data to processors (2010/87/EU) and/or the standard contractual clauses for the transfer of personal data to controllers (2001/497/EC or 2004/915/EC), as applicable (collectively, the “E.U. Standard Contractual Clauses”). We may transfer Personal Data from persons outside of the United States (“U.S.”) to affiliates located either in the U.S. or otherwise; provided that such transfers to the U.S. from the European Union (“E.U.”), the United Kingdom (“U.K.”), or Switzerland will comply, as applicable, with the GDPR, the Privacy Shield Principles, and/or the E.U. Standard Contractual Clauses in all respects.

California residents may have additional rights and choices regarding your Personal Data. Please see the CALIFORNIA PRIVACY RIGHTS Section below for more information.

LINKS TO OTHER WEBSITES

Our Site may contain links to the websites of our subsidiaries and affiliates (some of which do not fall under the jurisdiction of the GDPR or have not certified to the Department of Commerce that such entity adheres to the Privacy Shield Principles) and to websites that are owned and operated by third parties. These other websites may have their own privacy policies and are not governed by this Privacy Policy. We are not responsible for the privacy practices or the content of websites owned and operated by any such third parties. Other websites may collect and treat information collected differently.

YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA

You have the following rights with regard to your Personal Data: (i) the right to access; (ii) the right to rectification; (iii) the right to erasure; (iv) the right to restrict processing; (v) the right to object to processing; (vi) the right to data portability; (vii) the right to withdraw consent and (viii) the right to lodge complaints. You may exercise any of these rights by contacting us at privacy@bellringbrands.com. You also have the right to lodge your complaints with the applicable legal authorities, including, without limitation, the U.S. Department of Commerce, U.S. Federal Trade Commission (“FTC”) or the applicable E.U. supervisory authority(ies).

BellRing will respond to your requests in accordance with, and within the appropriate timeframe determined by, the applicable law and/or regulation governing the use of the given Personal Data. In most cases, BellRing will respond to requests within one month; provided, however, if the request is complex, BellRing may extend its response time in accordance with applicable law and regulation.

BellRing will contact users whose Personal Data is within the scope of the GDPR, the Privacy Shield Principles, or the E.U. Standard Contractual Clauses to obtain prior affirmative express consent when the same is required. For example, BellRing will receive your affirmative express consent before any sensitive or special category Personal Data is processed, is disclosed to a third party, or is used for a purpose other than those for which it was originally collected or subsequently authorized by you.

California residents may have additional rights and choices with regard to your Personal Data. Please see the CALIFORNIA PRIVACY RIGHTS Section below for more information.

CHILDREN’S PRIVACY

This website is not directed to children under age 16, and we have no intention of collecting information from children under age 16, via this website or otherwise.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section § 1798.83 permits users of this website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@bellringbrands.com or by mail to BellRing’s Privacy Officer at 1222 67th Street, Suite 210, Emeryville, CA 94608.

Through our Site, we collect information that constitutes “personal information” under the California Consumer Privacy Protection Act (the “CCPA“) as we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. In particular, our Site has collected the following categories of personal information from its users (whether directly, indirectly (e.g., by observing your actions on the Site) or from third parties) within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES

 

For the purposes of this Section and our compliance with the CCPA, “personal information” does not include publicly available information from government records, deidentified or aggregated consumer information or information specifically excluded from the CCPA’s scope, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data or personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In the preceding twelve (12) months, BellRing has disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category G: Geolocation data.

Category I: Professional or employment-related information.

Category J: Non-public education information.

Category K: Inferences drawn from other personal information.

We disclosed this personal information for a business purpose to the following categories of Agents:

  • • provide email services, web site and social media development services;
  • • consumer relations, including consumer complaint response services;
  • • support our Corporate Social Responsibility and philanthropic activities;
  • • gain insights into customer product and retailer preferences;
  • • employee recruitment services;
  • • legal representation, including with regard to prevention harm to our company, its subsidiaries, our products or services or a person or property (e.g., fraud prevention); and
  • • shareholder record-keeping, notice, transfer agent and other investor relation services.

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (please see Subsection Exercising Access, Data Portability, and Deletion Rights below for more information), we will disclose to you:

  • • The categories of personal information we collected about you;
  • • The categories of sources for the personal information we collected about you;
  • • Our business or commercial purpose for collecting or selling that personal information;
  • • The categories of third parties with whom we share that personal information;
  • • The specific pieces of personal information we collected about you (also called a data portability request);
  • • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing;
  • • sales, identifying the personal information categories that each category of recipient purchased; and
  • • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (please see Subsection Exercising Access, Data Portability, and Deletion Rights below for more information), we will delete (and direct our service providers, Agents to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us, or our service provider(s), to:

  • • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • • Debug products to identify and repair errors that impair existing intended functionality;
  • • Exercise free speech, ensure the right of another consumer to exercise his/her free speech rights, or exercise another right provided for by law;
  • • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
  • • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • • Comply with a legal obligation; and
  • • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us through one of the following:

  • • By telephone at (833) 644-7601
  • • By email at privacy@bellringbrands.com
  • • By mail at 1222 67th Street, Suite 210, Emeryville, CA 94608

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  • • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

No Personal Information Sales. We do not sell any personal information that we collect or use.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • • Deny you goods or services;
  • • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • • Provide you a different level or quality of goods or services; or
  • • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value to us and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

HOW WE PROTECT PERSONAL DATA

BellRing maintains reasonable and appropriate technical and organizational security measures designed to help protect against loss, misuse, and alteration of Personal Data collected and processed by BellRing. However, information transmitted on the Internet and/or stored on systems attached to the Internet is not 100% secure. As a result, we do not ensure, warrant or guarantee the security or integrity of such information.

PRIVACY SHIELD COMPLIANCE

BellRing complies with the E.U.-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, including the Supplemental Principles (collectively, the “Privacy Shield Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the E.U. to the U.S., from the U.K. to the U.S., or from Switzerland to the U.S., respectively, in reliance on the Privacy Shield (the programs being described herein as the “Privacy Shield”). BellRing has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in the Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. A list of companies that are currently certified under the Privacy Shield is available by visiting https://www.privacyshield.gov/list.

Although BellRing is certified to the E.U. – U.S. Privacy Shield Principles, it does not rely on the E.U. – U.S. Privacy Shield Principles as a legal basis for transfers of personal data submitted relating to individuals in the E.U. or U.K. in light of the judgment of the Court of Justice of the E.U. in Case C-311/18. All transfers of Personal Data relating to individuals in the E.U. or U.K. shall be governed by data processing agreements incorporating the standard contractual clauses for the transfer of personal data to processors (2010/87/EU) and/or the standard contractual clauses for the transfer of personal data to controllers (2001/497/EC or 2004/915/EC), as applicable (collectively, the “E.U. Standard Contractual Clauses”). We may, but shall not be required to, also process Personal Data submitted related to individuals in Switzerland via adequate compliance mechanisms other than the Swiss-U.S. Privacy Shield Principles. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC“), and we are committed to responding promptly to inquiries and requests by the United States Department of Commerce for information relating to the Privacy Shield Principles.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

PRIVACY SHIELD DISPUTE RESOLUTION

In compliance with the Privacy Shield Principles, BellRing commits to resolve complaints about our collection or use of your Personal Data. E.U. and/or Swiss individuals with inquiries or complaints regarding this policy should first contact BellRing’s Privacy Officer at privacy@bellringbrands.com.

BellRing has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the U.S. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the dispute resolution provider free of charge at https://feedback-form.truste.com/watchdog/request. Under certain limited circumstances, E.U. or Swiss individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.

The FTC has committed to reviewing, on a priority basis, referrals alleging non-compliance with the Privacy Shield Principles received from independent dispute resolution bodies, among others. If the FTC concludes that it has reason to believe Section 5 of the Privacy Shield Principles has been violated, it may resolve the matter by seeking an administrative cease and desist order prohibiting the challenged practices or by filing a complaint in a federal district court, which if successful could result in a federal court order to same effect.

CHANGES IN OUR PRIVACY POLICY

We may amend this Privacy Policy at any time. To the extent required by the GDPR, the Privacy Shield Principles, the E.U. Standard Contractual Clauses, or as required by applicable law, BellRing will contact users whose Personal Data is within the scope of the GDPR, the Privacy Shield Principles, or the E.U. Standard Contractual Clauses and then currently being processed by BellRing to obtain prior affirmative express consent to any material changes to how we collect, use, process, and/or share such user’s Personal Data or to this Privacy Policy. In addition, if we make any material changes to this Privacy Policy, including, any material changes to how we collect, use, process, and/or share your Personal Data, we will prominently post a notice of such changes on the website(s) covered by this Privacy Policy. We encourage you to periodically review this page for the latest information on our Privacy Policy.

YOUR ACKNOWLEDGEMENT OF THIS PRIVACY POLICY AND WHEN WE ASK FOR YOUR CONSENT

By using our Site, you acknowledge that we are processing your Personal Data in accordance with this Privacy Policy. If you do not wish that we process your Personal Data in this way, please do not use our Site or otherwise provide us with your Personal Data.

We process your Personal Data as described above. In certain instances, we only process your Personal Data if you have consented (for example, in cases where we process your Personal Data for job applications or seeking employment). Where we process your Personal Data on the basis of your consent, we will ask for your consent explicitly but, in some cases and only where permitted by applicable law, we may infer in a transparent manner consent from your actions. We may also ask you to provide additional consent if we need to use your Personal Data for purposes not covered by this Privacy Policy..

CONTACT US

If you are a resident of a European country and you believe we maintain your Personal Data within the scope of our Privacy Shield certification, you may direct any questions or complaints to BellRing’s Privacy Officer, whose contact details are as follows:

Privacy Officer

By email at privacy@bellringbrands.com

By mail at 1222 67th Street, Suite 210, Emeryville, CA 94608

We are committed and required to respond to any of your inquiries on this issue within one month of receiving the inquiry.

A letter from our parent company, Bellring Brands, CEO.