Privacy Statement

Respecting individual privacy and safeguarding personal data are fundamental to the way Newell Brands conducts business. Across its products, services, websites, and mobile applications, the company is dedicated to handling personal information in a transparent and responsible manner. When determining the purposes and methods of processing personal data, the company and its affiliated entities act as data controllers under applicable privacy regulations, including the GDPR, UK GDPR, CCPA, and other relevant legal frameworks. This statement outlines how personal information is gathered, used, disclosed, retained, protected, and what rights individuals may have regarding their data.

Personal information may be collected through a variety of interactions. Individuals may provide data when purchasing products, registering online accounts, contacting customer service, subscribing to communications, applying for employment, or engaging with digital platforms. The types of data collected can include names, mailing and email addresses, telephone numbers, employment details, company affiliations, and payment information. In addition, technical information such as IP addresses, device identifiers, browser characteristics, geolocation data, and cookie-related details may be automatically captured when users access online services. In certain circumstances, demographic information like age range or gender may also be obtained. Information may be supplied directly by users or indirectly through third-party platforms when individuals connect social media accounts or interact with the company via external services.

Processing activities are carried out to support legitimate business operations. These purposes include fulfilling orders, managing supplier and customer relationships, processing transactions, providing support services, maintaining security, detecting and preventing fraud, complying with legal obligations, conducting marketing initiatives, and improving products and digital experiences. Depending on the context, the legal basis for processing may include contractual necessity, compliance with legal requirements, legitimate business interests, or explicit consent where mandated by law. Personal data is retained only as long as necessary to achieve the intended purposes, taking into consideration regulatory, contractual, and operational needs. Once data is no longer required, it is securely deleted or anonymized.

To operate effectively, personal information may be shared with affiliated entities and selected third-party partners. These partners can include payment processors, logistics providers, analytics firms, marketing agencies, insurers, professional advisors, and technology service providers. Data sharing is limited to what is reasonably necessary to complete transactions, deliver services, enhance marketing efforts, assess risk, or meet legal obligations. Information may also be disclosed to authorities or other entities when required by law, to defend legal rights, or during corporate transactions such as mergers or asset transfers.

As an international organization headquartered in the United States, the company may transfer personal information to affiliates or service providers located in other countries. When such cross-border transfers occur, appropriate safeguards are implemented to ensure compliance with applicable data protection laws and to maintain adequate levels of protection.

Individuals may have specific rights concerning their personal data, depending on local legislation. These rights can include requesting access to information, correcting inaccuracies, seeking deletion, limiting or objecting to certain processing activities, requesting data portability, withdrawing previously granted consent, and submitting complaints to supervisory authorities. Identity verification may be required before fulfilling such requests.

Sensitive categories of personal data are handled with particular caution. Unless specifically requested or legally required, individuals are discouraged from providing information such as health records, biometric data, or political affiliations. Where sensitive data is processed, strict legal standards are followed.

The company does not knowingly collect personal information from children without appropriate authorization. Where services are directed toward younger users, suitable consent mechanisms are implemented in accordance with regional requirements.

Digital tools such as cookies and similar technologies are used to support website functionality, analyze usage patterns, and provide relevant content. Users may adjust their preferences through browser settings or other available controls.

Reasonable technical and organizational safeguards are maintained to protect personal data, though no system can eliminate all risks. Individuals are encouraged to protect login credentials and report suspicious activity promptly.

Marketing communications may be delivered in compliance with applicable laws, and recipients can opt out at any time through designated methods. Service-related communications will continue where necessary. Privacy practices may be updated periodically, and revised statements will be made available through official channels.