Use and Retention of Company Records
Starbucks Information and Records Management Standard states that partners will manage
information in such a way that supports the needs of the business while ensuring efficiency,
security and compliance with any legal or regulatory requirements. This standard applies to
records maintained in all forms at Starbucks, including paper and electronic.
If you are responsible for preparing or maintaining any Starbucks records, please
familiarize yourself with the Starbucks Information Protection Services Handbook, the
Starbucks Records Retention Schedule and specifically the retention periods that apply to
the records you keep. Also remember that there are strict rules relating to the processing
and handling of private and secret information. This includes collecting, storing, using,
amending, disclosing and destroying information.
• Records must always be prepared accurately and reliably, and stored properly in
accordance with the Starbucks Records Management Handbook and the Starbucks
Records Retention Schedule.
• Records must accurately and fairly reflect, within Starbucks normal accounting and
reporting systems, all required transactions and other events.
• There cannot be any unrecorded company funds, assets or any other type of “off
the books” accounts, no matter what the reason for such accounts.
You must not knowingly destroy or discard information that is subject to a legal hold.
Records relevant to a legal action cannot be destroyed or discarded and must be
preserved. If Starbucks receives a subpoena (or other form of legal order), a request
for records or other legal papers, or if we have reason to believe that such a request or
demand is likely, the company policy is to retain all information that is relevant to the
matter.
Protecting Partner and Customer Personal Data
Starbucks maintains many information assets, including personal and sensitive information,
which are critical to doing business, keeping the trust of our customers, and keeping our
future strong. This personal information may reside on digital computing systems, networks
or backup devices, or may be recorded on paper or other recording media.
Starbucks Global Privacy Standard requires that all collection, storage locations, uses,
sharing, transfers, and disclosures of personal data be strictly controlled and protected.
Additionally, reasonable effort must be made to ensure that fundamental privacy and
security principles are followed across the enterprise when managing personal information
of both partners and customers.
Reasonable effort includes:
• Ensuring compliance with all applicable international, federal, state/provincial and
local laws and regulations as well as applicable contractual agreements;
• Protecting the rights of our customers, partners, and business contacts; and
• Protecting Starbucks from the risk of a data breach.
20