This Privacy Policy sets out how Coca-Cola Europacific Partners API Pty Ltd and its related entities (“we”, “us” and “our”) collect, use, disclose and hold personal information.

YOUR PERSONAL INFORMATION IS IMPORTANT
We are required to comply with all applicable privacy laws and data collection laws, in all countries we operate in, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles, (“Privacy Laws”).

COLLECTING PERSONAL INFORMATION
Privacy Laws generally regulate the collection and use of “personal information”, which includes information or an opinion about an identified individual or an individual who is reasonably identifiable.

We collect personal information by various means (including, but not limited to, when you fill in a form, send us an e-mail, enter a competition, order our products, speak to one of our representatives or deal with one of our affiliates, business partners, advertising partners, customers and other third parties). We generally collect personal information directly from you where this is reasonable and practical, but we may also collect personal information from third parties.

This information may include (but is not limited to) your name, e-mail and mailing addresses, contact numbers, date of birth, bank account and credit card details. We also collect information obtained as a result of reference, criminal or credit checks that you authorise us to carry out.

Other than in relation to people who directly work with or for us, we do not generally collect the following categories of sensitive information: information about your race or ethnic background, religion, trade union membership, political opinion, sexual preference or criminal record. We may collect health information about you from time to time. We will only collect sensitive information (including health information) with your prior consent.

We may also collect more information about how you interact with our websites and mobile applications, including (but not limited to) your web browser and version, device type, connection type, IP address, performance metrics and usage information, in order to help us to develop and improve our websites and mobile applications.

If you provide us with certain services, for example as a contractor or consultant, we may collect your personal information and, in some circumstances, sensitive information. Examples of where we collect this information include carrying out safety inductions, where we require you to provide driving records or medical certificates and if we carry out criminal record checks.

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy and has consented to the collection, use and disclosure of their personal information as described in this Privacy Policy.

USING PERSONAL INFORMATION
We use your personal information for the purpose for which it has been provided, any other purpose you have consented to and any other purpose permitted under the Privacy Laws. This may include using your personal information for the following purposes:
• to provide you with the products or services you requested;
• to assess your application for the provision of credit;
• to assess your application for employment, contracting or consulting services;
• to accept your application to participate in promotions or competitions run by us;
• so that you can provide us with services (such as consulting services or as a contractor);
• for handling of complaints;
• to review, develop and improve the products and services we offer, including to conduct market research, data analytics and statistical analysis in relation to our business; and
• to provide access to, monitor, develop and improve our device-responsive websites and mobile applications, including to make these sites more user-friendly and relevant for your needs.

We may also use your personal information to tell you about the products and services of Coca-Cola Europacific Partners or third parties. From time to time, we and our related entities, affiliates and business partners may contact you by mail, telephone, email or other electronic messaging services (such as text, voice, sound or image messages including using automated calling systems) with information about products and services (including discounts and special offers). If you no longer wish to receive marketing or promotional information from us and our affiliates and partners, you can unsubscribe at any time. Instructions on how to unsubscribe are set out in any marketing communication we send to you, or you can contact us through our Privacy Officer using the contact details below. Please allow a reasonable period of time for us to action any request to unsubscribe. There are certain messages relating to the goods and services we provide to you that cannot be unsubscribed from.

We will not sell any personal information that you give us to any third party.

DISCLOSURE OF INFORMATION
We may disclose your personal information for the purposes for which we may use your information as described above. This may include such disclosures to:
• our related entities and third party organisations such as our affiliates, business partners, advertising partners, mailing and printing houses, IT providers, analytics providers, professional advisors and other service providers; and/or
• a person or organisation that is located outside of Australia, including to our related bodies corporate located overseas and in countries such as New Zealand, Fiji, Samoa, Indonesia and Papua New Guinea.

We will also disclose your personal information where we are required or authorised by law to do so, including to respond to subpoenas, judicial processes or legitimate requests by law enforcement officials or government agencies or departments.
We may disclose your personal information to anyone who is considering acquiring an interest in our assets or businesses (or any part of them) as part of a due diligence or sale process.

COOKIES
Cookies are small pieces of text stored by your web browser. Our websites and mobile sites use cookies to connect you and the information you have provided in order to deliver to you personalised content and a better experience when you return to the website or mobile site. Most internet browsers automatically accept cookies, although you can choose to disable them (but may lose some functionality). For further information about managing and disabling browser cookies, you should refer to your internet browser’s help section or user guide.

ACCURACY AND SECURITY OF PERSONAL INFORMATION
We take reasonable steps to secure any personal information which we hold about you and to keep this information accurate and up-to-date. Personal information is stored either electronically or in hard copy and information security measures are in place to protect this information.

Our website does not provide facilities for the secure transmission of information across the internet. Users should be aware that there are inherent risks transmitting information across the internet.

We will take such steps that are reasonable in the circumstances (if any) to destroy or de-identify personal information when it is no longer required for the purpose(s) it was provided.

DATA BREACH NOTIFICATION
Many countries and their Privacy Laws have or are starting to establish data breach reporting regimes. We acknowledge the introduction of a mandatory data breach notification scheme which commenced in Australia on 22 February 2018. Where the Australian regime applies, in the event of an ‘eligible data breach’, the Office of the Australian Information Commission and any affected or at-risk individuals will be promptly notified when we have reasonable grounds to believe that there has been unauthorised access or disclosure of personal information, or that the information has been lost in a way that is likely to give rise to unauthorised access or disclosure. Generally speaking, we are only required to make a notification where there is a likely risk of serious harm, as a result of the unauthorised access or disclosure or where we have not been able to take sufficient remedial action before any serious harm results.

If we notify you of a breach, where possible we will provide recommendations as to the steps you should take regarding the breach.

ACCESS TO OR CORRECTION OF PERSONAL INFORMATION
You may request access or changes to your personal information held by us. To do this, please contact us through our Privacy Officer by sending an e-mail to us at privacy@ccamatil.com or call us on the numbers below. Any change relating to credit eligibility information or credit information must be submitted in writing to aus.finance.credit.maintenance@ccamatil.com.

There may be situations where we are not required to provide you with access to your personal information, such as where the request relates to an existing or anticipated legal proceeding or if your request is vexatious.

WHAT DO YOU DO IF YOU HAVE A COMPLAINT OR A QUESTION?
If you would like further information about how we manage your personal information, have any queries or feedback relating to our Privacy Policy, or have a problem or wish to lodge a complaint in relation to an alleged breach of any Privacy Laws, please contact the Privacy Officer by:
• calling:
o 1800 203 526 if in Australia;
o 0800 262 226 if in New Zealand & Fiji;
o (675) 473 8452 if in Papua New Guinea; and
o 0800 100 2653 if in Indonesia.
• sending an e-mail to privacy@ccamatil.com; or
• writing to the following address:

Coca-Cola Europacific Partners Australia
Attention: Privacy Officer
L13, 40 Mount Street
North Sydney, NSW, 2060

Our Privacy Officer is responsible for coordinating the investigation of any complaints and resolving any such issues. The Privacy Officer will manage any complaints received in a timely manner and provide you with a response to your complaint. If you are not satisfied with our response, you may take your complaint to your local privacy regulator. In Australia this is the Office of the Australian Information Commissioner contactable by telephone on 1300 363 992 or by email to enquiries@oaic.gov.au.

CHANGES TO THIS PRIVACY POLICY
From time to time it may be necessary for us to review and revise this Privacy Policy. We reserve the right to amend this Privacy Policy at any time and to notify you by posting an updated version of the Privacy Policy on our website and/or by contacting you via email.

X