Skip to content
Log in

Supplier social media policy

Updated: May 2026

This policy outlines the standards we require our third party suppliers, consultants and contractors (‘Suppliers’) to observe when using social media inside and outside of work, the circumstances in which we will monitor social media and the action we will take in respect of breaches of this policy.

In this policy

  1. Definitions
  2. Policy statement
  3. Who is covered by the policy
  4. The scope of the policy
  5. Accessing social media
  6. FCA requirements
  7. Ownership
  8. Monitoring use of social media websites
  9. Monitoring and review of this policy

1. Definitions

Social media – websites and applications that enable users to create and share content or to participate in social networking. 

Social networking – the use of dedicated websites and applications to interact with other users or to find people with similar interests to one’s own. 

Internal social media – when we refer to ‘internal social media’ in this policy, we are referring to Viva Engage, which is a private, secure social networking site only available to Principality colleagues. 

External social media – when we refer to ‘external social media’ in this policy, we are referring to general social networking sites available to anyone, e.g. Facebook, X, Instagram, LinkedIn, Snapchat and Tiktok.

2. Policy statement

This policy is intended to help Suppliers working with and for Principality Building Society (the Society) make appropriate decisions about the use of social media, which includes but is not limited to: blogs; wikis; external social networking sites such as Facebook, X, Instagram, LinkedIn, Snapchat, YouTube, Threads, TikTok and Bluesky; podcasts; forums; message boards; video websites such as YouTube; comments on web articles; and, where appropriate, internal social networking sites. 

This policy outlines the standards we require Suppliers to observe when using social media, the circumstances in which we will monitor social media and the action we will take in respect of breaches of this policy.

This policy supplements our Supplier Security Control Obligations and our Data Protection Policy and forms part of a Supplier’s contract for the provision of goods and/or services.

3. Who is covered by the policy

This policy applies to all individuals working at all levels and grades for the Supplier on behalf of the Society (other than Society employees), including non-executive directors, directors, senior managers, Supplier employees, consultants, contractors, homeworkers, part-time and fixed-term employees, casual and agency staff and any other individuals working on behalf of a Supplier to Principality (collectively referred to as “Colleagues” in this policy).

4. The scope of the policy

Social media is an important and far-reaching tool in our organisation’s strategy and its immediacy can be a powerful reputational aid, but equally a reputational risk. Therefore, as a condition of the contract for the provision of goods and/or services, all Colleagues are expected to be familiar with and to comply with this policy at all times to protect the privacy, confidentiality, and interests of the Society, our services, Principality colleagues, partners, customers and competitors. 

This policy is intended to advise Suppliers and their applicable Colleagues on the use of social media for both business and personal purposes, whether during office hours or otherwise. The policy applies regardless of whether the social media is accessed using the Society’s IT equipment or equipment belonging to the Supplier, a Colleague or an individual.

5. Accessing social media

Within the Society the flexibility to access social media sites is determined by whether you are using an external social media site like Facebook, X, Instagram, LinkedIn, Snapchat, YouTube, Threads, TikTok and Bluesky etc. or our internal social media network, Viva Engage.

Internal social media

Where appropriate, Viva Engage is made available to access throughout the working day as an aid to help Colleagues do their job. We expect users of internal social media acting on behalf of the Society to balance this against the need to meet your business objectives in a timely manner. As a two-way communication tool, used responsibly and sensibly, it will help Colleagues to collaborate across the business and within teams by:

  1. sharing knowledge and best practice; 
  2. recognising and celebrating one another’s achievements and successes; 
  3. finding solutions and fixing things together; and
  4. getting instant feedback and asking questions.

External social media

Access to external social media sites is restricted on equipment belonging to the Society unless it is part of your role to do so. We recognise that a large number of Colleagues are able to access social media through personal devices such as smart phones or tablet computers. At work, you should only use personal devices at appropriate times and as set out in the Supplier Security Control Obligations.

Social media is an important channel for the Society, and there are responsible ways for all colleagues to support our business’ strategic objectives via social media. 

The Society has a dedicated social media team that executes the social media strategy and its day-to-day operations via our official social media channels.

These channels should be the only channels that facilitate financial promotions, subject to the required approvals process. Our strategy is to support the overall business strategic objectives.

Suppliers and their colleagues are not permitted to represent the Society in social media unless they are an authorised user of the Society’s official social media channels. Any related requests for participation in social media should be made to the Principality Supplier Performance Manager and, in turn, the Senior External Relations Manager. Suppliers are encouraged to support our strategy by ‘liking’ and ‘sharing’ content published via our official social media channels.


Using social media

We recognise that colleagues have a right to a private life and this includes having a personal, private online presence. However the lines between public and private, personal and professional are becoming increasingly blurred and by discussing the Society, your work at the Society or any association you have with the Society, you are creating perceptions about our brand that can have an impact. For this reason, we require Colleagues to engage with social media in a responsible way.

You should remember that information posted online always has the potential to be both public and permanent. Your comments and actions may be accessible to a wider audience than you intended. You should also remember that your colleagues may be able to view what you say and do.

We seek to promote an enjoyable working environment based on trust. We ask that you use your judgement and be professional and respectful of your colleagues and the Society when using social media inside or outside of work.


The following rules should be observed:

  1. Suppliers and their Colleagues should not upload, post, forward or link to any of the following types of material on a social media website, whether in a professional or personal capacity: Commercially sensitive, anti-competitive, private or confidential information about the Society or any Society colleagues or customers (which you do not have express authority to disseminate). If you are unsure whether the information you wish to share falls within one of these categories, you should discuss this with the External Comms Lead - Social Media or, with regard to posting on Internal Social Media, the Internal Communications team. 
  2. Unlike informal conversations, comments made online can be permanent and you should not defame or bring the Society, colleagues within the Society, your Colleagues, members or customers into disrepute. Additionally, as part of our relationship with the WRU, you should not defame or bring into disrepute: the WRU, the Welsh Rugby Team or any of its players, Principality Stadium, or any organisations associated with the WRU. Further, you should not defame any third party with whom the Society has a relationship be it contractual or otherwise (e.g. suppliers, service providers, consultancies, contractors, charity partners, agencies). If you are unsure whether the information you wish to share falls within one of these categories, you should discuss this with the Society’s Senior Manager. 
  3. When you use external social media sites you should not make statements on behalf of the Society. There is a big difference between speaking ‘on behalf of’ the Society and speaking ‘about’ the Society. We have dedicated spokespeople who are trained to speak on behalf of the Society and manage our reputation. 
  4. You should not create any new external social media profiles or groups relating to the Society unless you are an official social media spokesperson and it has been approved in writing by the Society’s External Comms Lead - Social Media.
  5. If you disclose that you work with the Society on external social media sites, or indicate in your posts that you work for the Society, then what you say or any other groups you associate with may also be linked to our brand. Please ensure that your comments are attributed to you and cannot be interpreted as the views of the Society. The best advice is to use a disclaimer, e.g.: “The views expressed are my own and don’t reflect the views of Principality Building Society”.
  6. You should ensure that your social media profiles and any content you post is consistent with the professional image you present to customers, colleagues and third parties.
  7. You may build relationships with customers and colleagues at work but you should consider carefully to whom you allow access to your external social media profiles. Under no circumstances is it acceptable to use data held on the Society’s systems to find contacts; this may constitute a criminal offence under data protection legislation.
  8. You must not breach any of the FCA requirements set out in Section 6 below. 
  9. Social media should be used in a way that always complies with the law, the Society’s Supplier Code of Conduct and our other policies, including but not limited to:
    1.  Information Security Supplier Standard
    2. Data Protection Policy (e.g. never use social media to disclose personal information about a colleague or customer online) 
Breach of this policy

Failure to observe this policy may be investigated and may result in breach of your contractual obligations to the Society.

6. FCA requirements

The FCA has strict requirements regarding the promotion of financial services, including on social media. The FCA rules apply to all communications made by persons authorised by the Society which in any way relate to the Society’s services and products.

All communications we make using social media which promote our services or any products can only be made by official social media spokespeople for the Society and must have been considered through the Society’s formal approval process.

Otherwise, you must not make any communication using social media which promotes the Society’s products and services. This means that broadly:

  1. you must not recommend, advise, discuss, promote or mention any specific products;
  2. you must not discuss or recommend our products or services; and
  3. you must not invite or encourage any customer or potential customer to contact you in order to do either of the above.  

7. Ownership

The Society retains control and ownership of all official corporate social media sites, and related intellectual property, e.g. logos.

8. Monitoring use of social media websites

Suppliers and their Colleagues should be aware that the Society monitors social media websites for business purposes and, where breaches of this policy are found, action may be taken.

Monitoring of social media websites may involve collecting and reviewing personal data about you or your Colleagues in order to ensure that you are complying with this policy. We will only process such personal data about individuals where we are required to do so in order to comply with our regulatory responsibilities, or where it is in our legitimate interests to do so.

The Society has a legitimate interest in monitoring social media to ensure Suppliers and Colleagues do not bring the Society into disrepute, put us in breach of our regulatory responsibilities or impose unexpected liabilities on the Society. However, we understand that monitoring, particularly of external social media, may be intrusive and so we will ensure that it is only carried out when we consider it is necessary and justifiable to do so for lawful business purposes.

We will only process personal data in accordance with our Third Party Privacy Notice. Suppliers are required to provide this privacy notice to any Colleagues or individuals who will be carrying out services for the Society.

Personal data collected and processed via our monitoring of social media websites will be retained in accordance with our Third Party Privacy Notice.

We reserve the right to restrict or prevent access to certain social media websites via the Society’s IT equipment. Misuse of social media websites can, in certain circumstances, constitute a criminal offence or otherwise give rise to legal liability against you and us. It may also cause embarrassment to us and to our partners or customers. Any such action is likely to be a breach of this policy and may place you in breach of your contractual obligations to the Society.

Any Colleague who feels that they have been harassed or bullied, or are offended by material posted or uploaded onto a social media website in or outside of the workplace should raise the matter with the relevant Supplier Performance Manager, the Society’s Senior Manager - Procurement or, if applicable their supervisor or a member of the Society’s Human Resources department.

9. Monitoring and review of this policy

The External Comms Lead - Social Media is responsible for reviewing this policy on an annual basis to ensure that it meets legal requirements and reflects best practice.