Principality Building Society Community Panel Privacy Notice

Last updated: March 2021

Who are we?

The Web portal has been customised by Principality Building Society (“we”, “our”, “us” or “Principality”) and is owned and operated by Toluna UK Limited, on behalf of Harris Interactive UK Limited, its sister company (“Toluna”) . The purpose of the portal is the provision and hosting of a community management platform, recruitment of Community Members, data collection and research services. The community is only open to customers of Principality.

What is our Privacy Commitment to you?

We respect your privacy and are committed to protecting your personal data. This privacy notice describes how we collect, use, share and protect personal data that you provide on www.principalitypulse.co.uk (the “site”) when you become a community member and participate in our surveys and/or research studies (“surveys”). It also explains your privacy rights and how laws that are applicable to you may protect you.

This Privacy Notice tells you about:

  • Who are we?
  • What is our Privacy Commitment to you?
  • What personal data do we collect about you and how do we use your personal data?
  • Who do we share your personal data with?
  • Do we transfer your personal data to other countries?
  • What cookies do Toluna use on the site?
  • What other tracking technologies do Toluna use?
  • How do you access your information; use the member services area and/or update, correct or delete your information?
  • How do you opt out from your community membership?
  • How do you ask a question or make a complaint?
  • What is our winner’s policy?
  • What security measures do we undertake to protect your personal data?
  • What are our data retention and destruction policies?
  • Links
  • Your legal rights if you are in the European Union or United Kingdom
  • What are the legal bases we rely on when processing your personal data?
  • Who is the data controller?
  • Changes to the privacy notice and your duty to inform us of changes
  • Privacy contact details

What personal data do we collect about you and how do we use your personal data?

Community Members

When you agree to become one of our community members and complete the registration form on the site, you are able to participate in our surveys. As part of your registration, you will provide us with your Identity data and Contact data and we will through your participation in the Surveys obtain, use and share certain other data about you, such as; Demographic/Profile data, Technical data and Pseudonymised data.

We use your Identity data and Contact data for:

  • Validation – at registration, Toluna will collect some personal details about you. This will include your full name, date of birth and postcode and this data (only) will be imported by Principality so that we can verify that you are an existing customer by matching those details against our customer database.
  • Contacting you - for any reason connected with your online community membership;
  • Incentive fulfilment - We will use your Identity data and Contact data to send you your rewards.
  • Sending you invitations for your participation in surveys - to ask you if you are interested in participating in our upcoming surveys. We may also make you aware via your online community membership account of surveys you may be suitable to participate in, based on our knowledge of your personal data.
  • Operating and maintaining the platform - Toluna will collect your contact data during registration so they can send you invitations to participate in activities.
  • Understanding more about you and the insights you provide us – We may append your responses with other demographic data we have previously collected about you. This would not include your financial data. We do this to help ensure that surveys you are invited to are relevant and to enrich our understanding of our members.

We may from time to time ask you to provide us with Special Categories of personal data about yourself for specific surveys and if required by applicable law, we will ask you for your consent before processing such Special Categories of personal data.

We use the information you provide on your profile to match you to appropriate surveys and activities. This helps make sure our surveys and activities are relevant to your life stage and location. We use the personal data collected about you via the site to match and link with data we previously collected about you.

If you cease to be members of Principality but remain a member of the community then we will not automatically delete you from the community. We will, however, only invite you to activities that are relevant for our former members. If you no longer wish to participate in the community or you feel it is no longer relevant for you it is possible to remove yourself from the community at any time by unsubscribing here.

Public forums and blogs

The site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Personal testimonials of satisfied customers are displayed on the site in addition to other endorsements. With your consent, we may post such testimonials along with your first name and city of residence. If you wish to update or delete your testimonial, you can contact us at hello@principalitypulse.co.uk.

You should be aware that any personal data you choose to make public on the site, in the Community area (under a message on your wall, as an opinion, topic, battle, thumb it) can be read, collected, stored and/or used by other users and could be used to send you unsolicited messages. We strongly discourage you from disclosing any of your personal data in the community area that you may find on the site and in particular, we would never ask you to provide your Contact data or Identity data on a public community area as part of a survey. We cannot guarantee that third parties with whom you share your personal data via those community areas will keep them secure and confidential. Please be aware that we are not responsible for the personal data you choose to submit or make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.

Categories of personal data we may process about you

  1. Identity data – name (includes first, last, maiden and married names), date of birth, marital status, gender, panellist id and username.
  2. Contact data – postal address, email address and telephone number.
  3. Special categories of personal data – health data.
  4. Demographic/Profile data - interests, preferences, feedback and survey responses and including, but not limited to; age, marital status, gender, birthday, household size, income, education and employment status.
  5. Technical data - internet protocol (IP) addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  6. “Pseudonymised data” - identifiable data as unique identifiers such as panellist ID’s are used, however direct identifiers, such as; name and Contact data are removed.

Who do we share your personal data with?

We have appointed Toluna to host the site on its online platforms for us. Toluna help us to recruit online community members - like you and they build and manage the site and process all personal data we collect from you as part of your community membership. We require Toluna to respect the security and confidentiality of your personal data and to treat it in accordance with the law. We do not allow Toluna to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Toluna has engaged Amazon Web Services (AWS) (located in Ireland) to host the Community platform and to provide back up services.

We will engage Toluna for the purposes of the delivery of your rewards and they will need to use your Identity data and Contact data for those purposes.

From time to time, Toluna may use third-party software for fraud, quality checking and validation purposes, including, but not limited to speeding through surveys without taking the time to answer the questions properly.

Though we make every effort to preserve your privacy, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of the site terms, or to respond to a government request.

Do we transfer your personal data to other countries?

From time to time your personal data is accessed by a Toluna company that is located in a country that has not been recognised as providing equivalent protection as Europe or the United Kingdom. Toluna has put in place transfer agreements using the standard contractual clauses for the transfer of personal data to third countries as decreed by the European Commission to ensure compliance with applicable data protection legislation and to safeguard your personal data in these instances.

What Cookies do Toluna use on the site?

Cookies are used on the site to distinguish you from other users of the site, helping Toluna to provide you with a good experience when you browse the site and allowing Toluna to improve their site. For detailed information on the cookies used and the purposes for which they are used, see the Cookie Policy

What other Tracking Technologies do Toluna use?

Automated technologies or interactions. As you interact with the site, Toluna will automatically collect Technical data about your equipment, browsing actions and patterns. We collect this Technical data by using cookies, server logs, digital finger printing technologies and other similar technologies. We may also receive Technical data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.

Server log files: Toluna may collect Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. This Technical data may be combined with other information collected about you for the purposes of improving our services, site functionality and collecting analytical data.

Fingerprint technologies: In general, digital Fingerprinting technologies assign a unique identifier or "Machine-ID" to a user's computer to identify and track your device (“Technology”). The Technology will analyse publicly available information and data obtained from your computer's web browser and from other publicly available data points, including the technical settings of your computer, the characteristics of your computer, and its IP Address, to create a unique identifier, which will be assigned to your device. Toluna uses the Technology for quality control, validation, and fraud detection and prevention purposes, including assisting us in ensuring the integrity of survey results. Appropriate technical and operational processes and procedures will be put in place to ensure that the Technology is safe, secure and does not cause undue privacy or data security risks and the Technology will be used and distributed in a professional and ethical manner and in accordance with (a) this privacy notice, (b) any other statements and/or disclosures made to you as a member of the community and (c) applicable laws and market research codes of practice. In the event any unethical conduct is discovered in connection with the use of the Technology, or that the Technology is being used in a manner that is inconsistent with privacy notice, immediate action will be taken to prohibit such unethical conduct and to ensure the proper administration of the Technology.

How do you access your information; use the member services area and/or update, correct or delete your information?

Upon request, we will provide you with information about what personal data we may hold about you. If you are based in the European Union or United Kingdom, you should refer to the section entitled Your legal rights if you are in the European Union or United Kingdom to understand more about your rights. You may access, correct, or request deletion of your personal data, or terminate your membership by logging into your Community Account. By following the appropriate directions, your information should be automatically updated in our database. For these purposes, and if you are unable to correct your personal data yourself via your Community Account you may write to us at the postal address found at the end of this Privacy notice, or contact us by email at hello@principalitypulse.co.uk. We will respond to all requests within a reasonable timeframe.

How do you opt out from your online community membership?

If you choose to end your membership with the Community or require us to cease processing your personal data, you may discontinue your membership by going to “Account” and selecting “Unsubscribe Options” in the footer. By following the appropriate directions, your record will be marked as "do not contact", and you will no longer receive invites to participate in future Surveys from Toluna. In addition, you will forfeit any incentive balance that has not been requested as of the time you opt out. In most cases it will take 2 to 3 days to process this change, but please allow up to two full weeks for your status to be finalised. Please note that you may continue to receive communications during this short period after changing your preferences while our systems are fully updated.

You may also send an email directly to contact@toluna.com requesting to be removed. Email links are provided on the site so that you may contact us directly with any questions or concerns you may have. Each email we receive is read and responded to individually; please allow two to three business days for us to get back to you.

If you decide to terminate your membership, we will no longer use your Identity data or Contact data, except for archival purposes and we will process your personal data in accordance with our backup procedures. Your personal data will eventually be destroyed in accordance with our data Retention and Destruction Policies and we will continue to employ the security procedures and technologies to keep your personal data safe.

How do you ask a question or make a complaint?

You can direct any questions or complaints about the use or disclosure of your personal data to our Privacy Contact. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal data within 30 days of receiving your complaint.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, then please refer to your rights to make a complaint under the section entitled Your legal rights if you are in the European Union or United Kingdom.

What is our winner’s policy?

Community members may win prizes for participation in research activities. All winners are notified by email of their winnings. For more information, please visit our Terms and Conditions page. Toluna shall post the first name and city of residence of winners on the Reward Page, which is accessible only by Community Members. For more information, please visit our terms and conditions page.

What security measures do we undertake to protect your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data in accordance with our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or supervisory authority of a breach where we are legally required to do so.

What are our data retention and destruction policies?

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you are a citizen or resident of the European Union or United Kingdom, or we are processing your personal data in the European Union or United Kingdom, in some circumstances you can ask us to delete your data: see the section entitled Your legal rights if you are in the European Union or United Kingdom below for further information.

As the results of the surveys and other aggregated or Pseudonymised data are used for research and/or statistical purposes, we and other third parties may use this information in accordance with the terms indefinitely without further notice to you.

Links

From time to time we may offer visitors the ability to voluntarily link to other sites. Toluna does not review and is not responsible for, the content or effect of the privacy policies of these sites.

Your legal rights if you are in the European Union or United Kingdom

If you are a resident of the United Kingdom or citizen of a country in the European Union, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out below, please contact us.

You have the following rights:

  • Request access to your personal data and we may conduct ID checks before we can respond to your request.
  • Have your personal data erased, corrected or restricted if it is inaccurate or requires updating. You may also have the right under certain circumstances to request deletion of your personal data; however, this is not always possible due to legal requirements and other obligations and factors. You can update your account information via your Account or by contacting us at the address given below.
  • Object to the processing your personal data if we are not using your personal data for the purposes set out in this privacy policy.
  • Have your personal data transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Make a complaint at any time to a data protection regulator. You can also complain to the Information Commissioner’s Office, which is the regulator for data-protection law in the United Kingdom. Details of how to complain to the ICO can be found on the website at www.ico.org.uk/concerns. For a list of National Data Protection Authorities in the European Union please visit: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

We would however, appreciate the chance to deal with your concerns before you approach the data protection regulator so please contact us in the first instance.

What are the legal bases we rely on when using your personal data?

The law on data protection in the European Union and the United Kingdom sets out a number of different reasons for which a company that is processing personal data may collect and process such personal data, including:

Consent – In certain cases, we collect and process your personal data with your consent e.g. when you participate in surveys.

Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests e.g. conducting customer satisfaction research by getting your feedback on our products and/or services.

Contractual obligations – In some circumstances, we may need to process your personal data to comply with a contractual obligation e.g. when we use your personal data to send you your rewards.

Legal compliance – If the law requires us to, we may need to collect and process your personal data in response to lawful requests by public authorities or if e.g. we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of the site terms, or to respond to a government request.

Who is the data controller?

We, Principality Building Society with whom you registered with as a community member are the controller and responsible for your personal data.

Toluna is also a controller of your personal data, by virtue of the administration, operation and maintenance of the Community platform.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on the date at the top of this privacy policy.

The data protection law in the European Union and the United Kingdom requires that you have certain rights under law, we will respond to some of your requests (for example, a request for the transfer or erasure of your personal data) and we have explained these processes above.

If we decide to change our privacy notice, we will post those changes to this privacy statement on the homepage, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.

It is important that the personal data we hold about you is accurate and current. Please keep your Account details updated if your personal data changes during your relationship with us.

 

You may contact us by writing to:

The Data Protection Officer
Principality Building Society PO Box 89,
Principality Buildings,
Queen Street,
Cardiff
CF10 1UA

Email: panelmanager@principality.co.uk