Biometric Information Privacy Policy
Effective Date: September 29, 2025
Policy Statement
Conagra Brands, Inc., including its subsidiaries and related entities, (collectively, the “Company”) may collect certain data from its employees that is considered “biometric data,” a “biometric identifier,” and/or “biometric information” under applicable privacy laws. As used herein, “employees” shall include Company’s contractors and temporary workers, where applicable. This Biometric Information Privacy Policy (“Policy”) explains what information the Company collects, how this information is used, how it is stored, safeguarded, retained, and disposed of.
In certain Company facilities, the Company utilizes timeclocks with biometric technology to ensure accuracy in recording time entries. Pursuant to the use of the biometric technology, the Company has instituted the following Policy:
Biometric Data Defined
The above terms are defined by applicable privacy laws and can vary depending on which law applies to the employee. However, “biometric data” typically means one or more biometric identifiers that are used or intended to be used for identification purposes, either alone or when combined with other personal information. “Biometric identifier” typically means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or other unique biological, physical, or behavioral patterns or characteristics. “Biometric information” typically means any information (regardless of how it is captured, converted, stored, or shared) based on an individual’s biometric identifier used to identify an individual.
For purposes of this Policy, the Company will collectively refer to this information as “biometric data.”
Purpose for Collection of Biometric Data
The Company, its processors, and/or the licensor of the Company’s time and attendance software collect, store, and use fingerprint data to give employees access to its time and attendance system (via scanners), for employee identification, fraud prevention, and pre-employment hiring purposes. An employee’s biometric data is collected, stored, and used while the individual is employed by the Company, pursuant to the retention schedule provided below.
Disclosure
The Company will disclose employees’ biometric data to the Company’s time and labor, payroll, and other related service providers for purposes of assisting the Company in time and attendance management and processing payroll.
The Company, its processors, and/or the licensor of the Company’s time and attendance software will not sell, lease, trade, or otherwise profit from employees’ biometric data; provided, however, the Company’s processors and the licensor of the Company’s time and attendance software may be paid for products or services used by the Company that utilize such biometric data.
The Company, its processors, and/or the licensor of the Company’s time and attendance software will not disclose, redisclose, or otherwise disseminate any employee biometric data unless permitted by law.
Retention Schedule
The Company shall retain employee biometric data only until, and shall direct its processors and the licensor of the Company’s time and attendance software to permanently destroy such data within forty eight (48) hours of the date upon which the initial purpose for collecting or obtaining such biometric data has been satisfied, such as the end of the employee’s employment with the Company.
Data Storage
Biometric data will be stored, transmitted, and protected using a reasonable standard of care for the Company’s industry, in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information in its possession. This includes, among other things, restricting access to biometric data to authorized Company employees or vendors who have a business need to access the information, and using reasonable technological means to prevent unauthorized access to the information.
Data Security Incident Response Protocol
In the event of a data security incident that may compromise the security of biometric data, the Company will promptly investigate the incident and take appropriate measures to mitigate any potential harm. The Company will notify affected employees in accordance with applicable law.
Policy Distribution and Updates
A copy of this Policy will be made publicly available on the Company’s intranet, and in each Company production facility, where required in accordance with applicable law. This Policy may also be accessed online at Conagra Biometric Information Privacy. Conagra will update this Policy if it begins collecting or using biometric data for any other purposes. Conagra reserves the right to amend this Policy at any time.