Third party privacy policy
This applies to anyone who is not directly employed by Principality Building Society (PBS), but enters into a contract or agreement with us.
We’re committed to protecting your privacy and making sure that we keep any personal information you provide secure. This third party privacy notice sets out what information we will collect about you, why we need it, how it is used and what protections are in place to keep it secure. Please read it carefully.
By personal information, we mean information which relates to you and can be used, either alone or with other information we hold, to identify you.
Aims
It is our policy to:
- Process your personal information fairly and in accordance with all applicable laws;
- Only collect personal information that is needed for your agreement or contract with us and legitimate or legal reasons;
- Keep your personal information secure and not keep this longer than we need to;
- Ensure that if we share your information with any 3rd parties we take appropriate steps to protect this; and
- Ensure that processing of your personal information is adequate, relevant and not excessive for the purpose that we collect.
If you want any further information about this notice or have any concerns, then please contact our Data Protection Officer by:
Email: DPO@principality.co.uk
Post: FREEPOST Principality Building Society (no stamp needed)
In this policy
Information we collect about you
We collect personal information about you both before and during the course of your time with PBS which may include:
Type of information | Examples (please note these are not exhaustive) |
|---|---|
Information about you | Name, address, personal contact details, and any disabilities or work restrictions |
Information about your role and previous experience | CVs, references, pre-contract or service checks |
Information required to allow you access to our buildings or systems | Photographs for security passes, building access records, CCTV footage, system access and usage records, passwords and other system security information |
How we use your information
We need to collect this personal information about you for a number of purposes this might include:
Type of information | Examples (please note these are not exhaustive) |
|---|---|
Appointment | A contract to perform a service on our behalf |
Security Purposes | Property Access Controls Personal Security (including CCTV) |
Access to IT systems | Providing access to systems to enable a service and/or execution of a contract or agreement to be performed. |
| Carrying out business processes | Business Continuity processes |
We must always ensure we have a lawful reason for collecting and using this personal information and we will rely on one of the following reasons for this:
- Where it is necessary for the performance of a contract or agreement; and/or
- Where it is necessary for us to comply with our legal obligations; and/or
- When it is necessary for our legitimate interests. Our legitimate interests may include the ability to conduct our business effectively and efficiently and to ensure that we are able to appropriately manage our third party agreements; and/or
- When you consent to us using your information for a particular purpose. We will not normally rely on your consent as a lawful reasoning for using your information; however, we may ask you whether you agree to us using your information in certain circumstances where you have a genuine choice about whether or not to proceed.
Some of the information collected about you will fall within what is known as "special categories of personal data” e.g. racial or ethnic origin, political opinions religious or philosophical beliefs, trade union membership, information concerning health, and information concerning a person's sex life or sexual orientation. Information concerning criminal convictions is placed in a similar category. These are special categories because the information is particularly sensitive and we will therefore only process this information where strictly necessary, we will ensure it is only seen by those who have to see it, and we will hold it securely. Where we need to process "special categories of personal data", we will only process this information where:
- it is necessary for our or your obligations or rights in the field of contract law; and/or
- the personal information has been made public by you; and/or
- it is necessary for medical purposes, including assessing your working capacity; and/or
- it is necessary in relation to legal claims.
There will also be circumstances where we will ask for your specific consent to process certain types of information about you including special categories of personal data. A good example of this is where we would like to obtain further medical information about you if you have been off sick in order to help your return to work.
How we store and protect your personal information
We will keep your information secure and will put in place appropriate measures to ensure that personal information about you is protected from unauthorised or unlawful processing and against accidental loss, destruction or damage.
When we use third parties to store your personal information we will ensure that there are appropriate controls in place to ensure that they comply with the relevant data protection legislation. Occasionally, we may store your information in countries outside of the European Economic Area. Where this is the case we will work with the contractors to ensure that contractual measures are in place to ensure that your information is held securely.
In some cases, where the collection of personal information is part of a statutory or regulatory requirement, or necessary for the third party contract or agreement, and you fail to provide certain information, there may be consequences for you. If that is the case, we will make sure we give you adequate opportunity to provide the information and to tell you what the possible consequences of your failure to provide it are.
How long we keep your information for
We will generally keep personal information about you no longer than is needed for legal or regulatory reasons. We may keep information for a longer period if this is necessary in connection with your or our right to establish, start or defend legal claims, to investigate complaints, or to protect our business.
Details of retention period for different aspects of your personal data are available in our Retention Policy which you can request by contacting the Data Protection Office at DPO@Principality.co.uk.
Your rights relating to your personal information
You have the right to request from us:
- A copy of your personal information;
- Any inaccurate information we hold about you is corrected;
- Information about you is deleted in certain circumstances;
- We stop using your personal information for certain purposes; and
- Your information is provided to you in a portable format.
These requests are free of charge should be made by contacting in the first instance HR Administration at SharedMailbox.HRAdmin@principality.co.uk.
There may be circumstances where we may not be able to comply with these requests and if this is the case we will explain this to you.
If you are unhappy with our response you have the right to contact the Information Commissioner Officer who are the statutory regulator for data protection matters.