Your Rights and our interests

We want our customers to understand their rights when it comes to their data, and the reasons we may collect it. The below sections cover Your Rights and our ‘Legitimate interests’ in collecting data, in line with the Data Protection legislation.  You can also read our Privacy Policy which covers our commitment to keeping your personal information secure, and explains how we collect and use your personal information.

Your Rights

You have rights over your personal information - set out in the Data Protection legislation. Take a look at details of these rights below.

To exercise a right, please read the details carefully to make sure it’s right for you and your circumstances and then choose a contact option. We have one month to respond to these requests, but we aim to respond sooner and keep you updated on progress.

Can I request that the personal information the Principality holds about me is deleted?

Yes. This right is sometimes called the right of erasure or right to be forgotten. If you chose to exercise this right, we would consider the circumstances first because the right is not always available and we sometimes need to keep your information.

Before making a request, please consider the following:

  • If you have an open, active account or mortgage with us, we need to keep your information because we need to manage your account, provide a service, keep you updated and monitor communications.
  • If you had an open, active account or mortgage with us:
    • In the last 6 years, we generally keep your information to help us investigate any issues that might arise in connection with your relationship with us. This might help us to resolve any concerns you may raise with us or
    • Over 6 years ago, we might keep your information for a longer period if this is necessary in connection with your or our right to establish, start or defend legal claims, to investigate complaints, or to protect our business.
  • If you applied for a mortgage with us we may securely keep information about credit applications for up to four years. This helps us to manage our lending criteria so we can continue to lend responsibly.
  • • If you only enquired about our services and don’t open an account, we may securely keep your information for 12 months to monitor our services and respond to any concerns you may raise with us.

More information about this can be found in our Privacy Policy.

Can I request Principality correct information held about me if I feel it’s inaccurate or add additional information I feel it’s incomplete?

Yes. This is called the right to rectification. If you feel some of the information we hold about you is inaccurate or incomplete, by contacting us you can find out if you can get it corrected or add further information and how to go about it. We might ask you to provide official documentation to show the correct information before we change our records.

Can I see the information Principality holds about me?

Yes. There are two options available 1) the right of access and 2) the right to data portability:

  • The right of access allows you to request Principality provide the information held about you. This is called a subject access request. If you choose this option, please contact us. We will securely send you paper copies of this information in the post.
  • The right to data portability allows you to request your information in a machine readable format. This means the information may not be easy for you to read because it’s designed specifically for computers to read. If you want information displayed in a readable format, you should contact us about a subject access request. If you choose the right to data portability we will send the information you have provided us (only) on a compact disc. This option is sometimes suggested by lenders when you’re considering making an application.   At Principality, we won’t ask for this information when you’re making an application for our services and we do not accept information about you from other lenders in this format. 

Can I ask Principality to change how my information is used or processed?

Yes. These rights are as follows:

  • The right to restrict processing. If you’ve made a request for your information to be corrected, you can ask us to stop using your data or contacting you whilst your request is investigated. It’s important to note that we will still need to contact you with important information such as statements or if we identify unusual activity on your account, but we will endeavour to resolve your request before further using your information wherever possible. If you usually receive direct marketing we’ll stop sending you this. If you want to start receiving this again after we’ve resolved your request, you’ll need to tell us.
  • The right to object. If you feel we’re using or processing your information inappropriately you can ask us to address this. This might be if you want us to stop sending you direct marketing in which case we can meet your request. If your request was about something else, we would consider the circumstances of your request.

Can I find out who you have shared my information with?

Yes. Our privacy policy provides details of who we’re likely to share your information with. Alternatively, you might be interested to know who we’ve told about a recent change you’ve made to your personal information as part of a rectification request. You can exercise this right of notification by contacting us.

Can I ask Principality to stop contacting me or opt out of marketing?

Yes. You have the right to:

  • Restrict processing; if you’ve made a request for your information to be corrected, you can ask us to stop contacting you whilst your request is investigated.
  • You can choose not to receive direct marketing from us at any time. You can do this online through Your Account, at a branch or by contacting us. It can take 6 weeks to update changes so you may continue to receive marketing information during this time.

If you have an active account or mortgage with us, we will still need to contact you to manage your account, provide a service, to keep you updated and to meet your regulatory obligations such as send you statements.

More information about this can be found in our Privacy Policy.

Legitimate Interests

Under Data Protection legislation, we must have a lawful basis before using your personal data. There are six bases available. One basis is referred to as "legitimate Interest."  This means we have a genuine and legitimate reason to use your information and it is necessary for our business, provided we are not unjustifiably harming your rights nor interests. For example, we have a legitimate interest to retain images gathered by CCTV when you visit one of our branches or when you’ve attended a Principality event, like the Annual General Meeting.

Rest assured, all your personal information is kept safe, secure and won’t be shared with anyone it shouldn’t be.

Our legitimate interests

To help us provide a stand out service through audits, identifying training needs, enhancing processes, or collecting data of authorised people who you want to help operate your accounts

We take measures to provide a first class, service. These measures include performing quality assurance and audits using our customers’ information. This helps us identify training needs, risks or enhancements to our processes, procedures and website. Our regulators might ask us to demonstrate how we meet their rules and this sometimes means sharing customer information.

We may contact customers when a special deal period is coming to an end to let them know about other products available even if they‘ve chosen not to receive direct marketing. We do this because we believe it’s a service expected from us.

Where our customers can no longer deal with us through no fault of their own, or wish to set up arrangements for us to deal with representatives for them, we may collect the personal data of someone else who is authorised to deal with the accounts.

More information can be found in the How we use your information section of our Privacy Policy.

To conduct research and analyse behaviours, helping us remain competitive.

Remaining competitive means we’re continually developing products and services that will interest customers, both current and new. To do this we need to understand our customers and the market. One of the ways we do this is by analysing customers’ information, behaviour and feedback. Because we’re continually evolving, changes we make are recorded and this can sometimes include retaining customer information for this purpose.

For further information about customer research at Principality, please visit our page, Customer Research.

You can choose to opt out of research communications at any time by contacting us or by emailing

More information can be found in our Privacy Policy, especially in the How we use your information section.

To support our charity partners through volunteers, running events and promotional images

We love opening up possibilities to everybody in our community and are proud to support our three charity partners. More information can be found on our Charity page. One of the ways we help is by arranging volunteers and events to raise awareness for these important causes. Those choosing to get involved might provide personal information to help organise or run the event, or be involved in promotional images to support our charity partners.

To prevent financial crime including money laundering, and to protect our business

We know that protecting our Members and business from the impact of financial crime is vital. Amongst other means, we achieve this by prudently identifying risks and monitoring threats within legal and regulatory expectations.

More information can be found in our Privacy Policy, especially in the How we use your information and the Who we share your information with sections.

To investigate complaints, to defend or issue legal claims and to manage accounts with special circumstances

We always aim to do the right thing for our customers, including those who have left the Principality. Part of this involves being fully informed by way of record keeping and by taking legal advice. Sometimes this means keeping hold of information for longer periods than usual.

More information can be found in our Privacy Policy, especially in the How we use your information and the Who we share your information with sections.

Keeping our systems and our premises safe and secure

In a world of advancing technology we actively examine the systems we use to store customer information so we can identify threats and emerging problems. We must also actively monitor our premises to keep our data, our premises and most importantly our customers and colleagues safe.

More information can be found in the How we use your information section of our Privacy Policy.


  • Telephone: 0330 333 4000
  • E-mail:
    If you have a query for our Data Protection Officer responsible for our Privacy Policy, please address the letter to the DPO.
  • If you feel the need, you have the right to complain by contacting us so we can investigate your concerns. Alternatively you can contact the Information Commissioner (ICO) which is the regulator for data protection legislation. The ICO’s contact details can be found at or by calling 0303 123 1113.
  • If you have any questions or comments, or want more information, you can Contact Us or you can contact our Data Protection Officer as follows. Email: or Post: Principality Data Protection Officer, Principality Building Society, Principality House, The Friary, Cardiff, CF10 3FA.

Connect with us
x logo Instagram logo Facebook logo LinkedIn logo YouTube logo