Personnel Privacy Policy

This Personnel Privacy Policy (this “Privacy Policy”) describes how The Hershey Company, Inc.  (“Hershey,” “we,” “us,” or “our”) collects, uses, discloses, and protects the personal information of Hershey employees, directors, officers, independent contractors, and other temporary workers (collectively, “Personnel”).

In this Privacy Policy, “personal information” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you.  

This Privacy Policy is not a contract and does not create any legal rights or obligations. Additionally, this Privacy Policy is not intended to replace other notices or disclosures we may provide to you in connection with your role. 

Further, this Privacy Policy does not apply to personal information collected online through the websites we own and operate or your interactions with us as a customer (collectively, the “Services”). For information regarding our privacy practices related to the Services and the personal information we collect from and about customers, please review our consumer-facing privacy policy, which is available here.

Please carefully review this Privacy Policy to learn more about our information handling and privacy practices.

If you are a California resident, please click here for more information about our privacy practices and your legal rights.

Information Collection

We may transfer the personal information that we collected from and about you during the recruiting and interview process to your Personnel file.

Additionally, depending on your role, we (and our service providers) collect a variety of information from and about you. Additional details about our collection of personal information (including the sources of such information) can be found below.

• Contact information, such as your name, postal address, email address, and telephone number(s).
• Identification information, such as your photo, passport, immigration status and documentation, visa, Social Security number and/or other government-issued identification numbers, and other information needed to establish your eligibility to work for us.
• Employment details, such as your hire date, employment location, business unit, department, supervisor, job title, position/grade, hours and days worked, working arrangement, work restrictions or accommodations, professional licenses and certifications, attendance records, completed trainings, career goals, performance reviews, and disciplinary records.
• Financial information, such as your tax elections, salary, bonus, benefits, expenses, stock or equity grants, bank account number and routing number, and corporate credit card number.
• Benefits information, such as your eligibility for benefits; information about your marital status and any spouse, children, or other eligible dependents and beneficiaries; and claims relating to your benefits.
• Protected characteristics, such as your age, race, ethnicity, national origin, citizenship, sex, gender identity, sexual orientation, or disability status, if you choose to provide it (note that we will not use this information in employment-related decisions unless specifically permitted by law).
• Health and medical information, such as information about disabilities or illnesses that you voluntarily share with us.
• Biometric information, including biometric identifiers (e.g., fingerprints, palm prints, scans of face geometry, etc.).
• IT and security information, such as your work-related account names and passwords; information about your access to and use of Hershey’s systems and networks and Hershey-managed devices (e.g., internet browsing history, search history, interactions with web-based tools, the content of communications sent through Hershey’s systems and Hershey-managed devices, etc.); information about your personal devices (to the extent that such devices are used in connection with your role and/or to access Hershey’s systems and networks); information about your access to Hershey’s physical offices and facilities; audio/video recordings of meetings or events you attend; and CCTV video footage and other visual images of you captured during your time at Hershey’s physical offices and facilities.
• Other information we request or receive, such as information you choose to share with us (e.g., when you complete a survey, raise a grievance, etc.) or information we receive from a third party in connection with your role, including information collected in connection with background checks.
• Inferences, which refers to inferences drawn about your abilities or aptitudes based on the above-listed categories of information.

Although we collect most of the above-listed categories of personal information directly from you, we may collect certain information by automated means, including when you: (i) access any website or mobile application where this Privacy Policy is posted or linked; (ii) interact with Hershey’s systems and networks and/or Hershey-managed devices; or (iii) enter any of Hershey’s physical offices and facilities.

Additionally, we may collect some of your personal information from other sources, such as other Personnel, our customers, our third-party service providers, and publicly-available sources. We use the personal information that we receive from other sources to help us maintain the accuracy of or supplement the information we collect and fulfill other legitimate business purposes as described in this Privacy Policy.

Please note that we may combine personal information that we collect directly from you with information that we automatically collect and information that we receive from third-party sources. Where applicable, we will use, disclose, and protect the combined information for the purposes described in this Privacy Policy.

Some of the personal information that we receive from you relates to other individuals (e.g., your emergency contact(s); your spouse, children, or other dependents and beneficiaries; etc.) (collectively, “Other Persons”). You are responsible for obtaining all necessary permissions to share the personal information of Other Persons with us. We will use and protect the personal information of Other Persons that we receive as described in this Privacy Policy.

Information Use

We use your personal information to manage our relationship with you and as otherwise necessary or appropriate in connection with the fulfillment of other legitimate business purposes. While the manner in which we use your personal information may depend on your specific role, we generally use the personal information of Personnel to:

• administer onboarding, staffing, leaves of absence, performance management, training, discipline, and participation in work-related activities or programs;
• authorize, grant, administer, monitor (including by video surveillance), and terminate access to or use of our systems, facilitates, records, property, and infrastructure;
• communicate with and between Personnel as well as with Other Persons and respond to requests;
• support and manage Personnel, including by providing resources needed for Personnel to perform their roles and providing resources for Personnel to attend company-sponsored or informational/educational events;
• facilitate compensation, payroll, claims, and benefits planning and administration (e.g., salary, tax withholding, insurance, etc.);
• conduct and manage performance reviews and evaluations and make decisions about promotions and job mobility;
• manage business travel (e.g., car service/rentals, flights, hotels, etc.) and expenses (e.g., reimbursements, corporate credit card expenses, etc.);
• conduct organizational planning and development, including budget planning and administration;
• operate and improve our business, including to facilitate the work of Personnel and provide the products and services made available to our customers and partners;
• investigate, respond to, document, and report work-related injuries, illnesses, or grievances;
• help monitor and maintain the security and integrity of our business, network, and systems and detect, prevent, investigate, and protect you, our business, and others against fraud, unlawful or unsafe activity, and other wrongdoing;
• analyze and monitor compliance with our policies and procedures (and for any other purpose included in such policies and procedures);
• conduct internal investigations and audits and carry out compliance, risk management, problem resolution, and security operations;
• fulfill our contractual obligations;
• comply with applicable laws, rules, regulations, legal proceedings, and government investigations, including those relating to tax reporting and immigration;
• carry out sales and business transactions in which personal information held by us is among the assets transferred or is otherwise relevant to the evaluation, negotiation, or completion of the transaction; and
• protect our rights, safety, property, or operations and/or those of others.

We will also use your personal information as described to you at the point of information collection or, where appropriate, with your consent.

Information Disclosure

In connection with one or more of the purposes outlined above, we may disclose your personal information to the categories of recipients listed below.

• Our affiliates and subsidiaries. We disclose your personal information to our affiliates and subsidiaries for internal administrative purposes and uses that are consistent with this Privacy Policy and/or other business and operational purposes.
• Our service providers. We disclose your personal information to third parties that provide business, professional, or technical support services to us (e.g., data hosting, analytics, etc.) or administer activities on our behalf (e.g., employee benefits, payroll, claims, etc.). Our service providers may also include professional advisors (e.g., lawyers, accountants, auditors, etc.).  
• Other Personnel. We disclose your personal information to other Personnel who need it to perform their tasks and duties and as otherwise necessary or appropriate.
• Our customers and partners. We disclose your personal information to our customers and other partners with whom we do business or are exploring a business relationship.
• Government and public authorities. We disclose your personal information to government and public authorities as necessary or permitted by the laws of any jurisdiction in which we operate, including in response to a valid warrant or subpoena.
• Third parties in connection with a sale or business transaction. We may sell or purchase assets during the normal course of business. If another entity acquires us or any of our assets, information that we have collected may be transferred to such entity and its advisors leading up to and/or following the transaction. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, information that we hold may be considered an asset of ours and may be sold or transferred to third parties.
• Other third parties. We disclose your personal information to other parties at your direction or, where appropriate, with your consent. We will also disclose your personal information as we believe necessary or appropriate either: (a) under applicable law; (b) to protect our operations and those of any of our affiliates; (c) to protect our rights, privacy, safety, or property (and/or those of others); or (d) to allow us to pursue available remedies or limit damages that we may sustain.

We may disclose your personal information for other reasons that we will describe at the time of information collection or prior to disclosing your information.

Additionally, we may de-identify, anonymize, or aggregate information and disclose such information to third parties for various purposes as permitted by law.

Information Security

We employ and maintain reasonable administrative, physical, and technical measures designed to safeguard and protect the personal information under our control from unauthorized access, use, and disclosure.

Information Retention

We will retain your personal information as long as necessary to fulfill the purposes for which we have collected it, including to satisfy our legal or reporting requirements, unless a longer retention period is required or allowed under law.

To determine the appropriate retention period for personal information, we consider: (i) the amount, nature, and sensitivity of the information; (ii) the potential risk of harm from unauthorized use or disclosure of the information; (iii) the purposes for which we use the information; (iv) whether we can achieve those purposes through other means; and (v) the applicable legal requirements.

Once retention of your personal information is no longer necessary for the purposes outlined in this Privacy Policy, we will either delete or de-identify it (such that it cannot reasonably be used to infer information about, or otherwise be linked to, you). If deletion or de-identification is not possible (for example, because the information has been stored in backup archives), we will securely store the personal information and isolate it from further processing until deletion or de-identification is possible.

If we de-identify information, we will maintain and use the information in de-identified form and not attempt to re-identify the information except as required or permitted by law.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. Any changes will become effective when we post a revised version of this Privacy Policy unless otherwise stated. We encourage you to review this Privacy Policy periodically to remain informed about our information handling and privacy practices.

Contact Us

If you have any questions or concerns about this Privacy Policy or our information handling and privacy practices, please contact us at privacy@hersheys.com.