P&G Global Consumer Privacy Policy

Updated November 16, 2023

Download a copy of this Privacy Policy (PDF)

You are in control of your personal data. You can exercise your rights and change your preferences anytime.

Advertising Industry Opt-Outs

For the U.S., to exercise choice with respect to interest-based advertising, you can utilize the opt-out mechanism provided by the Digital Advertising Alliance (“DAA”) by clicking here (for browsers) or here (for app-based opt-outs).

The Network Advertising Initiative (“NAI”) has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members' ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/.

For Europe, you may click here to learn more about the DAA-Europe’s opt-out program.

For Canada, you may click here to learn more about the DAA Canada’s opt-out program.

To opt-out of Unified ID 2.0 globally click here.

Please be aware that, even if you opt-out of certain kinds of interest-based ads, you may continue to receive other ads. Further, opting out of one or more NAI or DAA members only means that those selected members should no longer under the DAA / NAI rules deliver certain targeted ads to you. This will affect services provided by the applicable DAA / NAI members but does not mean you will no longer receive any targeted content and/or ads from non-participating parties. Also, if your browsers are configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies, use a different Device or web browser(s), or use a non-browser-based method of access, your DAA / NAI browser-based opt-out may not, or may no longer, be effective. Mobile device opt-outs will not affect browser-based Interest-based ads even on the same device, and you must opt-out separately for each device. We are not responsible for the effectiveness of, or compliance with, any third party opt-out options or programs or the accuracy of their statements regarding their programs.

You can also prevent or reduce getting interest-based ads on websites by declining cookies in your browser(s), or on mobile devices by declining the “access to data” requests that apps usually present when you install them or by adjusting the ad tracking settings on your device.

Please note that you may also receive personalized ads based on your email address or phone number, if you have provided those to us for marketing purposes. To opt out of that usage, please contact us.

You will still see “contextual” ads even if you opt out of interest-based ads. Even if we stop sending you interest-based ads, you will still get ads from our brands on your computer or mobile devices. These ads, however, are based on the context of the sites you visit and are called contextual ads. Unlike interest-based ads which are based on pages you visit on your mobile phone or computer viewing activities over time and across unrelated services, contextual ads are ads shown to you based on the context of the specific site you are visiting. For example, you still may see an ad for one of our baby care brands while looking at nursery products online because these sites traditionally have had mostly new or expecting parents as visitors. You should also know that we may still collect information from your computer or devices and use it for other purposes like evaluating how our websites work, for consumer research, or detecting fraud, pursuant to applicable laws.

Like most brands, we collect personal data as you interact with us or when you share personal data with third parties that in turn can be shared with us. We do this respectfully and carefully to protect your rights. Personal data can help us better understand your interests and preferences as a consumer and a person.

We use your personal data to help us meet our purpose of touching and improving the lives of people like you every day around the world. For example, we use your information for the following Processing Purposes:

This includes performing services for you and sending you products or samples you have requested.
This includes:
- Identifying and authenticating you to our different marketing programs and websites
- Administering and maintaining accounts and preferences, as well as financial incentive, rewards, discounts (e.g., price or service coupons) and loyalty programs (collectively, “Rewards Programs”)
- Helping you manage your P&G site or app preferences
- Allowing you to enter our contests or sweepstakes and leaving ratings and reviews
such as:
- Responding to your questions or requests for information
- Providing customer service
- Sending transactional messages (such as account statements or confirmations)
- Interacting with you on social media
- Sending marketing communications about our products or services (or the products or services of our partners), survey, and invitations
such as:
- Processing your payment for the products you buy from us
- Processing and issuing refunds and collections
This includes serving you with relevant ads and serving others, who, having a profile like yours, may be interested in hearing from us, with relevant ads through custom audiences and look-alike audiences. For example, we may upload your hashed email address into a social media service and ask that social media service to send our ads to you and to people who have similar interests as you, including in other countries, based on data it has about you and about other people
such as measuring and tracking the effectiveness of advertising campaigns and carry out other administrative and accounting activities with respect to ad campaigns
including:
- Quality control, training, and analytics
- Safety maintenance and verification
- System administration and technology management, including optimizing our websites and applications
including detecting threats and protecting against malicious or fraudulent activity
including recordkeeping and auditing interactions with consumers, including logs and records maintained as part of transaction information
including risk management, audit, investigations, reporting and other legal and compliance reasons.
such as
- Internal research
- To design and develop products, services and programs that delight our consumers
Purposes Disclosed at Collection when you provide your personal data
Legitimate Business Purposes that are compatible with the purpose of collecting your personal data and that are not prohibited by law

When you visit our partner sites, we can show you ads or other content we believe you would like to see. For example, you may receive advertisements for Tide® laundry detergent if we notice that you are visiting sites that sell children’s clothing or school supplies. And from that information we may conclude that you have children and therefore could well be interested in a powerful laundry-cleaning product. In this way, we intend to send you relevant information about our products that might be of benefit to you. To learn more about your choices regarding interest-based advertising go

We Learn from Groups of Consumers Sharing Similar Interests: We may place you into a particular group of consumers who show the same interests. For example, we may put you in the group of “razor aficionados” if we see you frequently purchase razors online or you could be a “bargain-shopper” if we notice you use online coupons or look for discounts or sales. We may infer these things about you based on your activity on certain web pages, links you click on our websites and other websites you visit, mobile applications you use, or our brand emails you view and links you click in the emails, as well based on other information we have collected, such as from retailer partners and other third parties. We group together cookie and device IDs to help us learn about general trends, habits, or characteristics from a group of consumers who all act similarly online and/or offline. By doing this, we can find and serve many others who “look like” those already in the group and thereby send them what we believe will be relevant and beneficial product offers and information.

We Link Other Information to Your Cookie and Device IDs: Your cookie and device IDs may be supplemented with other information, such as information about the products you buy offline or information that you provide directly to us when creating an account on our sites. We generally do this in ways that will not directly personally identify you. For example, we could know that cookie ID ABC12345 belongs to the razor aficionado group based on a person’s web site visits, age, gender, and shopping habits. Should we want to personally identify your cookie or device information (web and app viewing history), we will do so in accordance with applicable laws.

We May Know You Across Your Computers, Tablets, Phones and Devices: We may know that cookie ID ABC12345 is from a computer that that may be connected to the same person or household owning the mobile phone with device ID EFG15647. This means that you may search for diapers on your laptop, click on a Google search result link which we have sponsored, and then later see an ad for our Pampers® brand diapers on your mobile phone. We might assume or deduce that the same person owns the computer and phone because, for example, they sign on to the same Wi-Fi network every day at the same time. Understanding what devices seem to be used by a person or household helps us limit the number of times you see the same ad across your devices. And this is important because that way you don’t get annoyed at us for spamming you with the same ad and we don’t pay for such repetitive ads that we don’t want you to receive.

Addressable Media: When you provide us with your personal data via our sites or apps, we will use an encryption of that data – or a substitute identifier such as The Trade Desk's UID2 -- to serve you with ads we think you may like. We do this generally by uploading a pseudonymized version (replaced with artificial letters or numbers) of your email address, phone number, or your mobile advertising ID to a platform that offers ad space (e.g., Facebook, YouTube, Instagram, TikTok, etc.). We also use that same data to serve you advertising through what is called the open web. This means you may see relevant ads from us on sites like nytimes.com or apps or other places like digital TV that participate in online auctions of their ad inventory.

Advanced Matching: Some of our sites use the Advanced Matching features offered by Social Media Platforms to its advertisers (e.g. Facebook’s Advanced Matching, TikTok’s Advanced Matching, etc.). Through Advanced Matching, we will send some of the personal data you enter on our site form fields (e.g., your name, email address, and phone number – not any sensitive or special category data) in a pseudonymized format to the Social Media Platform, or the Social Media Platform Pixel will pseudonymize and pull that data automatically, for the purpose of helping associate you with your browser cookie or device ID. We do this so that we can better target and measure the effectiveness of our advertising on the respective Social Media platforms. This is how we can know that if we showed you an ad on a given Social Media Platform, you clicked on it, came to our site and bought something – or not – and therefore whether we should continue to buy ads on that Social Media Platform – or not.

Google Analytics Advertising Features: Some of our sites use Google Remarketing Lists for Search Ads with Analytics (“RLSA”), which is a service they offer to advertisers. When individuals visit our sites, Google Analytics collects data about their visits. If a visitor is signed into their Google account, we are able to provide that user with interest-based advertising when they conduct a Google search for terms related to the P&G site they visited. For example, if you are signed into a Google account when visiting our Head & Shoulders website, we may provide you with Head & Shoulders advertising when you search for “dandruff shampoo” on Google. Our ability to use and share information collected by Google Analytics about your visits to our sites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. To understand how Google uses data when you use our partners' sites or apps, visit here. You may opt out of Google Analytics at any time.

Proximity-Based Beacons: Beacons send one-way signals to mobile apps you install on your phone over very short distances to tell you, for example, what products are on-sale as you walk through a store. Beacons only talk to your device when you get close enough and after you have given consent within the mobile application associated with a particular beacon. In turn, apps may provide us location information to help customize advertising and offers to you. For example, when you are near a beacon in the skin care section of a supermarket, we may send you a $4 off coupon.

Pixels: These are small objects embedded into a web page but are not visible. They are also known as "tags,” “web bugs,” or "pixel gifs." We use pixels to deliver cookies to your computer, monitor our website activity, make logging into our sites easier, and for online marketing activities. We also include pixels in our promotional email messages or newsletters to determine whether you open them and click on their links. This helps us understand whether you are an active user (which will prevent your data from being deleted due to inactivity). It also helps us measure the effectiveness of our marketing efforts, and derive insights and analysis, that we will use to personalize the content of our communication and to guide our marketing decisions (for example, if you opened an email but did not click on the links in it, we may decide to retarget you on Facebook).

Mobile Device Identifiers and SDKs: We use software code in our mobile apps to collect information as you use our apps which is like what cookies collect on our websites. This will be information like your mobile phone identifiers (iOS IDFAs and Android Advertising IDs) and the way you use our apps.

Precise Geolocation: We may receive information about your exact location from things like global positioning system (GPS) coordinates (longitude and latitude) when you use our mobile apps. You will always get a pop-up notice on your phone or device asking for you to accept or reject allowing us to know exactly where you are in the world. You should understand that we will not always ask for consent to know generally that you are in a broader city, postal code, or province. For example, we do not consider it to be precise location if all we know is that you are somewhere in Manila, Philippines.

As a large company, with many products and businesses in many countries around the world, we collect the following types of personal data to best serve our consumers.

Please be aware that this is a comprehensive list of various types of personal data we collect and that we only collect it when have a lawful basis to do so (for example when we have your consent, or when we need this information for the performance of a contract to which you are party, or when the processing is necessary based on our legitimate interest or for compliance with a legal obligation). Many of these types almost certainly will not apply to you. If you want to know what data we actually have about you, just ask.

Contact Information: Data elements in this category include names (including nicknames and previous names), titles, mailing address, email address, telephone/mobile number and contact information for related persons (such as authorized users of your account).

General Demographics & Psychographics: Data elements in this category include personal characteristics and preferences, such as age range, marital and family status, race and ethnicity (for example, in relation to information you provide in relation to your haircare or skincare purchases or preferences), shopping preferences, languages spoken, loyalty and rewards program data, household demographic data, data from social media platforms, education and professional information, hobbies and interests and propensity scores from third parties (likelihood of purchase, experiencing a life event, etc.).

Transaction and Commercial Information: Data elements in this category include customer account information, qualification data, purchase history and related records (returns, product service records, records of payments, credits etc.), records related to downloads and purchases of products and applications, non-biometric data collected for consumer authentication (passwords, account security questions), customer service records.

Unique IDs & Accounts Details: Data elements in this category include unique ID number (such as customer number, account number, subscription number, rewards program number), system identifiers (including username or online credentials), device advertisers, advertising IDs and IP address.

Online & Technical Information: This includes internet or other electronic network activity information. Data elements in this category include IP addresses, MAC addresses, SSIDs or other device identifiers or persistent identifiers, online user IDs, encrypted passwords, device characteristics (such as browser information), web server logs, application logs, browsing data, viewing data (TV, streaming), website and app usage, first party cookies, third party cookies, web beacons, clear gifs and pixel tags. This also includes information such as your device functionality (browser, operating system, hardware, mobile network information); the URL that referred you to our website; the areas within our website or apps that you visit and your activities there (including emails, such as whether you open them or click on links within); your device characteristics; and device data and the time of day.

Inferred Information: This includes information derived from other personal data listed in this section. We create inferred and derived data elements by analyzing all personal data we may have about you. Data elements in this category include propensities, attributes and/or scores generated by internal analytics programs.

Precise Geolocation: Data elements in this category include precise location (such as latitude/longitude).

Health-Related Information: Data elements based on how it is collected include:

Information collected from consumer programs (such as when you register on our brand sites, participate in our rewards programs, or purchase our products)
- General health and symptom information
- Pregnancy-related information, such as due date
Consumer Research Studies where you have provided your informed consent
- Information about physical or mental health, disease state, medical history or medical treatment or diagnosis, medicines taken and related information
Information collected when you contact us to report a complaint or an adverse event occurring in connection with the use of one of our products

Financial Account Information: Data elements in this category include bank account number and details and payment card information (e.g., when you make a purchase directly with a brand or receive a credit from a brand).

Government-Issued IDs: Data elements in this category include governmental ID and Tax ID (e.g., for winners of a contest in jurisdictions where we are required to collect that information).

Audio Visual Information: Data elements in this category include photographs, video images, CCTV recordings, Call Center recordings and call monitoring records, and voicemails (e.g., for research, when you visit our facilities, or when you call us).

Smart Devices and Sensor Information: Data elements in this category include smart device records, IoT products (e.g., from an Oral B app-connected toothbrush).

Data About Children: Data elements in this category may include the number of children you have, your children’s diaper sizes, their genders, and ages.

Biometric Information: Data elements in this category include facial recognition data, and a mathematical representation of your biometric identifier, such as the template maintained for comparison (e.g., for healthcare research studies).

Generally, we keep your personal data for only as long as it is needed to complete the processing purpose for which it was collected or as required by law. We may need to keep your personal data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal or other obligations. This section outlines why the processing purposes comply with the law (legal basis, as required by certain non-U.S. Privacy Laws such as the GDPR), and how long we keep the personal data used for that processing purpose, unless an exception applies (retention period), such as the ones noted above. Some U.S. Privacy Laws (defined below) require us to, on a per-category basis, disclose the retention period applicable to each such category of personal data. See the table set forth in our

for this information.

Legal Basis:

Consent for:

sending you marketing email and text communications
processing your ratings and reviews of our products
collection and analysis of the information contained on the purchase receipts you upload for more personalized advertising
the processing of any special category data and certain sensitive personal data
non-essential tracking technologies on our websites and in our mobile apps in certain countries

Legitimate Interest for:

postal marketing (unless consent is required according to country laws)
delivering requested items to you
processing your personal data within our various marketing systems

Depending on the case, we may rely on our Legitimate Interest or Consent for:

the enrichment and combination of your registration data (including data that you disclose to us when interacting with our services, such as brand preferences, clipped coupons, etc.) with attributes, interests or demographic data obtained from commercially available sources or other third parties

Performance of a Contract for:

contests

Retention Period: Until you request to delete the personal data or withdraw your consent. Otherwise, we will delete your personal data after no longer needed for the processing purpose or after a maximum of 50 months of non-activity unless required by law or contract to retain it further. We define inactivity through several internal criteria that indicate a user’s lack of interaction with our programs and communications. For example, if you do not log in, or do not open or click on our emails, we will consider you “inactive” and delete your data after a maximum of 50 months but sooner for certain countries depending on local legal requirements. We may need to keep some of your personal data to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with other legal obligations. We may also retain certain personal data used in ratings and reviews for as long as the review is used or until the product is discontinued.

P&G has its head offices in the United States, regional offices in Singapore, Dubai, Geneva and Panama and further P&G service centers in other countries, like Costa Rica or Philippines. As a multinational company, P&G undertakes data transfers, either within the P&G group of entities, or when sharing your data with service providers or selected partners that may store, process, or access your data in a country other than the one in which it was collected, including the United States. Personal data collected from Quebec, for example, may be transferred outside of Canada with adequate protections and safeguards in place.

As far as EU citizens are concerned, (but also citizens of Switzerland, UK and Serbia for example) this means that their data may be processed outside of the European Economic Area (EEA), either in countries have been recognized by the European Commission to offer adequate data protection, like the United Kingdom (from where, for example, some of our fulfillment, return and contact center services are managed for the EU region), or Switzerland (where our EU headquarters are located), or in other countries that are not deemed, by the European Commission, as offering such level of data protection. For such transfers of data, because special safeguards need to be foreseen to ensure that the protection travels with the data, we use the EU Standard Contractual Clauses, standardized and pre-approved model data protection clauses. You can find the latest version of the approved EU Standard Contractual Clauses, including the different transfer modules, here. Our transfer agreements also incorporate the standard data protection clauses issued in accordance with UK, Swiss and Serbian data protection law If you have any questions with reference to our data transfer agreements, please contact us.

If you are located in the European Economic Area (EEA), United Kingdom (and Gibraltar) or Switzerland, please note that P&G is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) [collectively, the “Data Privacy Framework”] developed by the U.S. Department of Commerce and the European Commission and Information Commissioner and Swiss Federal Data Protection, respectively, regarding the transfer of personal information from the EEA, United Kingdom (and Gibraltar) or Switzerland to the U.S., Click here to view our Data Privacy Framework: Consumer Privacy Policy.

For non-EEA and UK data, we perform such transfers based on your consent, or on our contracts, where so required by local law.

This U.S. State Privacy Notice applies to “Consumers” as defined under U.S. privacy laws, specifically the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Privacy Act (“VCDPA”),the Colorado Privacy Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, and any other U.S. privacy laws, as each are amended and as and when they become effective, and including any regulations thereunder (collectively, the “U.S. Privacy Laws”). This U.S. State Privacy Notice is a supplement to this Privacy Policy. In the event of a conflict between any other P&G policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to Consumers and their rights under the applicable U.S. Privacy Laws.

This U.S. State Privacy Notice is designed to provide you with notice of our recent personal data practices over the prior 12 months from the “Last Updated” date of this Privacy Policy. This U.S. State Privacy Notice will be updated at least annually. This U.S. State Privacy Notice also applies to our current data practices such that it is also meant to provide you with “notice at collection,” which is notice of personal data (also referred to in some of the U.S. Privacy Laws as “personal information”) we collect online and offline, and the purposes for which we process personal data, among other things required by the U.S. Privacy Laws. For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as required by the U.S. Privacy Laws, including by either notifying you at the time of collecting personal data, or by updating this U.S. State Privacy Notice earlier than required. We reserve the right to amend this U.S. State Privacy Notice at our discretion and at any time. To contact us about this U.S. Privacy Notice, please see the

section below.

Generally, we collect, retain, use, and disclose your personal data for our business purposes and commercial purposes, which are described above in the remainder of this Privacy Policy, including in “

,” “

” (collectively, our “Processing Purposes”). The sources from which we collect personal data are set forth above in the “

.”Some of the Processing Purposes, as we discuss below in the table, implicate “Sale,” “Sharing”, and or “Targeted Advertising.” For more details on the meaning of Sale, Sharing, and Targeted Advertising, see the “

” section below. Please note that the Processing Purposes as shown in the table are categorical descriptions, to aid in readability and clarity. Please reference the “

” section of the Privacy Policy above for the full description of each Processing Purpose.

The table below describes the categories of personal data we collect in the first column (starting on the left). The second column provides examples of data types within the applicable categories, which, in some instances, include the personal data types/categories listed above under “

.” The third column states the categories of recipients that receive such personal data (including sensitive personal data) as part of disclosures for business purposes, as well as disclosures which may be considered a Sale or Share under certain U.S. Privacy Laws. The fourth column provides the Processing Purposes that are applicable to each category of personal data. In the fifth column, we provide, on a per category of personal data basis, the applicable retention period.

Category of Personal Data	Examples of Personal Data Types within Category	Categories of Recipients	Processing Purposes	Retention Period
1. Identifiers and Contact Information	Contact information, Unique IDs & Accounts Details, Online and Technical Information, Financial Account Information, Government-issued IDs	Disclosures for Business Purposes: • Software and other business Vendors (“Business Vendors”) • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses and Retail Partners	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain. Data necessary to suppress communications to opted out consumers may be retained further.
2. Personal Records	Contact information, Unique IDs & Accounts Details, Financial Account Information, Government-issued IDs	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses	• Products / Services • Customer Management • Customer service / communications • Payment / financial • Serving ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal / Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain. Data necessary to suppress communications to opted out consumers may be retained further.
3. Personal Characteristics or Traits	General Demographics & Psychographics, Data About Children, Inferred Information, Health-related information	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses and Retail Partners	• Products / Services • Customer Management • Customer service / communications • Payment / financial • Serving ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity.
4. Customer Account Details / Commercial Information	General Demographics & Psychographics, Transaction and Commercial Information, Online & Technical Information	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses and Retail Partners	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity.
5. Biometric Information	Biometric Information	Disclosures for Business Purposes: • Business Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) unless required to retain for legal or regulatory compliance.
6. Internet/App Usage Information	Transaction and Commercial Information, Online & Technical Information, Smart Devices and Sensor Data	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain.
7. Location Data	Imprecise Location Data, Precise Geolocation Data	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity.
8. Audiovisual and Similar Information	Audio Visual Information, Smart Devices and Sensor Data	Disclosures for Business Purposes: • Business Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain.
9. Professional or Employment Information	General Demographics & Psychographics	Disclosures for Business Purposes: • Business Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) unless required by law or contract to retain.
10. Non-public Education Records	Not applicable in non-HR contexts (which are not within the scope of this notice)	Not applicable in non-HR contexts (which are not within the scope of this notice)	Not applicable in non-HR contexts (which are not within the scope of this notice)	Not applicable in non-HR contexts (which are not within the scope of this notice)
11. Inferences from Collected Information	General Demographics & Psychographics, Inferred Information	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses and Retail Partners	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain.

Sensitive Personal Data

Category of Personal Data	Examples of Personal Data Types within Category	Categories of Recipients	Processing Purposes	Retention Period
Account Information and Credentials	Financial Information. In addition, we may store your P&G account log-ins in combination with a password In our systems.	Disclosures for Business Purposes: • Business Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law or contract to retain or dispose of prior.
Precise Geolocation Data	Precise geolocation data	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purpose	After no longer needed for the processing purpose(s).
Racial or Ethnic Origin	General Demographics & Psychographics	Disclosures for Business Purposes: • Business Vendors • Marketing Vendors • Affiliates and Related Entities Sale/Sharing: N/A	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal/Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law to retain.
Processing of Biometric Information for the purpose of uniquely identifying a consumer	Not applicable	Not applicable	Not applicable	Not applicable
Personal Data Concerning a Consumer’s Health *This personal data would not include health diagnostic information but is related to demographic or purchase data that may help us determine which products you may be interested in.	Health-related Information	Disclosures for Business Purposes: • Business Vendors • Affiliates and Related Entities Sale/Sharing: Third-Party Digital Businesses and Retail Partners	• Products/Services • Customer Management • Customer Service/Communications • Payment/Financial • Serving Ads • Ads Administration • Quality and Safety • Security • Recordkeeping • Legal / Compliance • R&D • Purposes Disclosed at Collection • Legitimate Business Purposes	After no longer needed for the processing purpose(s) or after a maximum of 50 months of non-activity unless required by law to retain.

We also may disclose each category of personal data and sensitive personal data in the table to the following categories of recipients in a manner that does not constitute Sale or Sharing:

• The Consumer or to other parties at your direction or through your intentional action

• Recipients to whom personal data is disclosed for

• In addition, our Vendors and the other recipients listed in the above table may, subject to contractual restrictions imposed by us and/or legal obligations, also use and disclose your personal data for business purposes. For example, our Vendors and the other categories of recipients listed in the table above may engage subcontractors to enable them to perform services for us or process for our business purposes.

As permitted by the U.S. Privacy Laws, certain requests you submit to us are subject to an identity verification process (“Verifiable Consumer Request”) as described below in the “Verifying Your Request” section below. We will not fulfill such requests unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal information.

To make a request, please submit your request to us by one of the methods below. For further instructions on how to submit a Do Not Sell/Share/Target request, for non-cookie PI (as defined below), please go to the “

” section below.

Calling us at (877) 701-0404
Visiting our Preference Center (which can be reached by the “Your Privacy Choices” link in the footer of our websites or via the Settings menu in our mobile applications)

Some personal data we maintain about you is not sufficiently associated with enough of your other personal data for us to be able to verify that it is your particular personal data (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that personal data in response to those requests. If we deny a verified request, we will explain the reasons in our response. You are not required to create a password-protected account with us to make a Verifiable Consumer Request. We will use personal data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses unless you also gave it to us for another purpose.

We will make commercially reasonable efforts to identify personal data that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, we may refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that we may refuse a request, we will give you notice explaining why we made that decision.

To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal data or considering your deletion request. Upon receipt of your request, we will send you a verification form by email or postal mail. To complete your request, please respond to the verification form when you receive it. To verify your identity, we may require you to provide any of the following information: Name, email address, postal address, or date of birth.

We will review the information provided as part of your request and may ask you to provide additional information via e-mail or other means as part of this verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces/Portability), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal data. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of Sensitive Personal Data requests, but we may apply some verification measures if we suspect fraud.

The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal data that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal data is the subject of the request.

If we cannot verify you in respect of certain requests, such as if you do not provide the requested information, we will still take certain actions as required by certain U.S. Privacy Laws. For example:

If we cannot verify your deletion request, we will refer you to this U.S. State Privacy Notice for a general description of our data practices.
If we cannot verify your specific pieces request, we will treat it as a categories request.

Under the various U.S. Privacy Laws, Consumers have the right to opt-out of certain processing activities. Some states have opt-outs specific to Targeted Advertising activities - which California’s law refers to as “cross-context behavioral advertising”, and others simply as Targeted Advertising - which involve the use of personal data from different businesses or services to target advertisements to you. California provides Consumers the right to opt-out of Sharing, which includes providing or making available personal information to third parties for such Targeted Advertising activities, while other states provide Consumers the right to opt-out from processing personal information for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of personal data under the various U.S. Privacy Laws, all of which at a minimum require providing or otherwise making available personal data to a third party.

When you provide us personal data for the following Processing Purposes, we may use certain personal data that you provide for such purposes, to advertise to you. This may include making available your personal data to certain third parties in way that may constitute a Sale and/or Sharing, as well as using your personal data for purposes of Targeted Advertising.

•

• Purposes Disclosed at Collection

Third-Party digital businesses, including online platforms (Google, Amazon, Facebook, etc.) and AdTech companies such as Demand Side Platforms which help us place advertisements (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal data about you on our apps and websites, or otherwise collect and process personal data that we make available about you, including digital activity information. Giving access to personal data on our websites or apps, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate processing for purposes of Targeted Advertising under some U.S. Privacy Laws. Therefore, we will treat such personal data collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the personal data we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on our websites or apps, or our advertisements that are served on third-party sites (which we refer to as “cookie PI”). However, certain personal data which we make available to Third Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as “non-cookie PI”).

When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that our opt-out process is intended to combine all of these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie PI and non-cookie PI, which we explain further, below.

Opt-out for non-cookie PI: If you would like to submit a request to opt-out of our processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale or Sharing of such data, make an opt-out request here.

Opt-out for cookie PI: If you would like to submit a request to opt-out of our processing of your cookie PI for Targeted Advertising or opt-out of the Sale/Sharing of such personal data, you need to exercise a separate opt-out request on our cookie management tool. To do so, visit “Your Privacy Choices” here and click “Do Not Sell or Share My Personal Information / Opt-Out of Targeted Advertising” and follow the instructions for the toggle. This is because we have to use different technologies to apply your opt-outs of cookie PI and of non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device.

A similar tool is available for our mobile applications, which you can access via the “Do Not Sell or Share My Personal Information / Opt-Out of Targeted Advertising” option in the Settings menu.

If you are using the same browser, your opt-out preference will be noted and remembered across our different websites. You must exercise your preferences separately on each of our mobile applications that you use, if you use a different browser than the one on which you originally opted out, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be affective, and you will need to enable them again via our cookie management tool.

For more information about how we have shared your personal data with third parties such that it constitutes a “Sale” or “Share” under CCPA during the 12-month period prior to the date this privacy policy was last updated, please refer to the chart above. We do not knowingly Sell or Share personal data of minors older than 13 years of age and under 16 years of age without their consent.

Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in some states as opt-out preference signals and in other states as universal opt-out mechanisms. GPC is a signal sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of personal data, or of processing of personal data for Targeted Advertising. To use GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website and mobile applications, which is explained by our consent management platform here.

Certain of the U.S. Privacy Laws require us to explain how we process GPC signals in detail, specifically how we apply GPC signals and the corresponding Do Not Sell/Share/Target requests to online data (what we refer to above as “cookie PI”) and offline data (what we refer to above as “non-cookie PI”). Below we explain the scenarios in which we apply the Do Not Sell/Share/Target requests communicated by GPC signals to cookie PI and, where applicable, to non-cookie PI:

• When you are visiting our website on a particular internet browser (“browser 1”), we will apply the GPC signal and corresponding Do Not Sell/Share/Target to cookie PI collected on that browser 1.

• When you log in on browser 1: We will be able to apply the GPC signal and corresponding Do Not Sell/Share/Target request to non-cookie PI associated with your user account, but only if and after you have logged into your user account on browser 1.

When you visit our website on a different browser (“browser 2"). If you later visit our website on browser 2 (whether on the same device or a different device) and GPC is not enabled, we are unable to apply the prior GPC signal from browser 1 to cookie PI on browser 2, unless and until you login to your user account on browser 2. We will continue to apply the Do Not Sell/Share/Target opt-outs communicated via the GPC signal on browser 1.

We process GPC signals in a frictionless manner, which means that we do not: (1) charge a fee for use of our service if you have enabled GPC; (2) change your experience with our website if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.

We also collect and use your personal data to administer and maintain Rewards Programs (defined above in “

”), which may be considered a “financial incentive” or a “bona fide loyalty program” under one or more of the U.S. Privacy Laws.

We use all categories of personal data disclosed in the above table, excluding “biometric information,” “professional or employment information, and “non-public education records,” to administer and maintain such Rewards Programs. All categories of personal data we use may also be Sold or processed for Targeted Advertising. We may also use, Sell, and process for Targeted Advertising the categories of sensitive personal data: account information and credentials, precise geolocation data, racial or ethnic origin, and personal data concerning health. While we may collect sensitive personal data in relation to some Rewards Programs, the collection and processing of sensitive personal data is not required to participate in Rewards Programs. We use personal data to verify your identity, offer unique rewards, track your program status, and to facilitate the exchange of program points for products, promotional materials, training workshops, and other items. The categories of third parties that will receive personal data and sensitive personal data are set forth in the table above, some of which may qualify as data brokers under some of the U.S. Privacy Laws. Some U.S. Privacy Laws require us to state whether we provide Rewards Programs benefits through third-party partners; however, while we sometimes will provide you the opportunity to independently engage with third parties through our websites or apps, third parties do not provide Rewards Programs on our behalf.

You can opt-in to a Rewards Program by signing up on the applicable rewards page. If you opt-in to participate in any of our Rewards Programs, you may withdraw from participation at any time by contacting us using the contact details in this Privacy Policy or in accordance with the instructions set forth in the applicable Rewards Program’s terms and conditions.

Under certain U.S. Privacy Laws, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal data that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personal data. Generally, we do not assign monetary or other value to personal data. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal data collected and used as being equal to the value of the discount or benefit provided, and the calculation of the value is based upon a practical and good-faith effort often involving the (i) categories of personal data collected (e.g., names, email addresses), (ii) the use of such personal data for our marketing and business purposes in accordance with this Privacy Policy and our Rewards Programs, (iii) the discounted price offered (if any), (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, applies. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards. We deem the value of the personal data to be reasonably related to the value of the rewards, and by subscribing to these Rewards Programs you indicate you agree. If you do not, do not subscribe to the Rewards Programs.

Non-Discrimination

You have the right not to receive discriminatory treatment for the exercise of your privacy rights described in this U.S. State Privacy Notice. We will not deny, charge different prices for, or provide a different level or quality of goods or services in a manner that is prohibited by the U.S. Privacy Laws if you choose to exercise your rights. Please note, however, that you will no longer be able to participate in Rewards Programs request to delete personal data. This is because we need the personal data collected in relation Rewards Program to carry out the functions described above.

This section includes information that is required to be disclosed in respect of our processing of personal data of EEA country, UK and Serbian residents. It aims to provide increased transparency into our processing, retention, and transfer of EEA, UK and Serbian residents personal data that is in line with the letter and spirit of the General Data Protection Regulation (“GDPR”) and the GDPR as incorporated into UK law by the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019. Certain information, such as the Entities and list of Data Controllers, as well as the legal bases for processing explained under “Processing and Retention” below only apply to processing of personal data of EEA country, UK and Serbia residents. The retention periods described below, however, apply more broadly to personal data of residents of the states described above in the U.S. State Privacy Notice.

Entities

Different P&G entities may be the controller of your personal data. A data controller is the entity which directs the processing activity and is principally responsible for the data. The chart below identifies our data controllers for EEA country, UK and Serbian data. For example, when you register for email on one of our French websites, the P&G entity listed next to that country name will be the controller of that personal data (e.g., Procter & Gamble France SAS).

Countries	Data Controller
Austria	Procter & Gamble Austria – Zweigniederlassung der Procter & Gamble GmbH, Wiedner Gürtel 13, 100 Wien
Belgium	Procter & Gamble Distribution Company (Europe) BV For P&G Healthcare: P&G Health Belgium BV, Temselaan 100, 1853 Strombeek-Bever
Bulgaria	Procter & Gamble Bulgaria EOOD, Sofia 1404, Bd. Bulgaria nr. 69, Bulgaria
Croatia	Procter & Gamble d.o.o. za trgovinu, Bani 110, Buzin, 10010 Zagreb, Croatia
Czech Republic	Procter & Gamble Czech Republic s.r.o., 269 01 Rakovnik, Ottova 402, Czech Republic
Denmark	Procter & Gamble Danmark ApS Stensmosevej 15, stuen. 2620 Albertslund, Denmark
Estonia	Procter & Gamble International Operations SA, Route de Saint-Georges 47 1213 PETIT-LANCY Geneve
Finland	Procter & Gamble Finland Oy, Lars Sonckin Kaari 10, 02600 ESPOO, Finland
France	Procter & Gamble France SAS For P&G HealthCare: P&G Health France SAS 163/165 quai Aulagnier, 92600 Asnières-sur-Seine
Germany	Procter & Gamble Service GmbH, Sulzbacher Strasse 40, 65824 Schwalbach am Taunus For P&G Health: P&G Health Germany GmbH, Sulzbacher Strasse 40, 65824 Schwalbach am Taunus
Greece	P&G Hellas Ltd. 49 Ag. Konstantinou str., 15124 Maroussi – Athens, Greece
Hungary	Procter & Gamble Magyarország Nagykereskedelmi Kkt, 1082 Budapest, Kisfaludy utca 38., Hungary
Ireland	Procter & Gamble UK, The Heights, Brooklands, Weybridge, Surrey KT13 0XP
Italy	Procter & Gamble Srl, viale Giorgio Ribotta 11, 00144 Roma
Latvia	Procter & Gamble International Operations SA, Route de Saint-Georges 47 1213 PETIT-LANCY Geneve
Lithuania	Procter & Gamble International Operations SA, Route de Saint-Georges 47 1213 PETIT-LANCY Geneve
Netherlands	Procter & Gamble Nederland B.V., Watermanweg 100, 3067-GG Rotterdam New address as of April 27, 2020: Weena 505, 3013 AL Rotterdam
Norway	Procter & Gamble Norge AS Visiting address: Nydalsveien 28, 0484 Oslo Postal address: Postboks 4814, 0422 Oslo
Poland	Procter and Gamble DS Polska sp z o.o., ul. Zabraniecka 20, 03-872 Warszawa, Poland
Portugal	Procter & Gamble Portugal, Productos de Consumo Higiene de Saúde, S.A., S.A. Edificio Alvares Cabral 3º, Quinta da Fonte, 2774-527 Paço D'Arcos, Portugal
Romania	For contests: Procter & Gamble Distribution SRL, 9-9A Dimitrie Pompei Blvd., Building 2A, District 2, Bucharest 020335, Romania For other sites: Procter & Gamble Marketing Romania SR, 9-9A Dimitrie Pompei Blvd., Building 2A, District 2, Bucharest 020335, Romania
Serbia	Procter & Gamble Doo Beograd, Španskih boraca 3, 11070 Novi Beograd, Belgrade, Serbia
Slovakia	Procter & Gamble, spol. s.r.o., Einsteinova 24, 851 01 Bratislava, Slovakia
Spain	Procter & Gamble España, S.A.U., Avenida de Bruselas, 24, 28108 Alcobendas, Madrid, Spain
Sweden	Procter & Gamble Sverige AB Visiting address: Telegrafgatan 4, 169 72 Solna, Sweden Postal address: Box 27303, 102 54 Stockholm
United Kingdom	Procter & Gamble UK Seven Seas Limited, The Heights, Brooklands, Weybridge, Surrey KT13 0XP

Here’s a short introduction to our privacy practices

You are in control of your personal data. You can exercise your rights and change your preferences anytime.

Your privacy is important. That’s why we respect it by taking steps to protect your personal data from loss, misuse, or alteration.

Still have a question or concern? We’re here to help.