Online Privacy Policy

Effective Date: May 22, 2018

Your personal information is important to us. That’s why we do so much to protect your information, while continually providing products and services you can count on.

This Online Privacy Policy (“Policy”) is meant to help you understand the type of personal information we collect and use, why we use the information, who we may need to share the information with, and how we protect your information.   

The Policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a version of the policy (PDF).

If you are accessing our Digital Technologies from within the European Economic Area (EEA) please review our EEA online privacy policy.

About this policy

This Policy is issued on behalf of the Principal Financial Group (“Principal”, “we”, “us”, “our”).  The Policy applies to this website, our mobile applications or online forms, and our producer websites that link to this Policy (together, “Digital Technologies”). Depending on the nature of our relationship with you (e.g., if you have purchased insurance products from us), other privacy policies may also apply. 

Other sites

Digital Technologies operated by non-Principal related entities may link to and from our website, but they may have different privacy policies from the one described here. We do not have control over, or responsibility for, the content or operation of the website of any non-Principal entity. These other sites may send their own cookies to your device, may independently collect data or solicit personal information, and may or may not have their own published privacy policies. Visitors should read the privacy statements of other websites they visit for information regarding their specific privacy practices.

Your consent

Please take a few minutes to review this Policy before using our Digital Technologies. To the extent permissible under applicable law, by using our Digital Technologies you are consenting to the collection, use and disclosure of your information as set forth in this Policy. If you do not agree to be bound by this Policy, you may not access or use our Digital Technologies.

Information collected

Principal collects personal information about you—information that can be used to identify you as an individual. Types of personal information we collect and use when you provide such information through our Digital Technologies include:

  1. Contact information – e.g., email address, physical address, telephone/fax number;
  2. Identity information – your name, date of birth, nationality, gender, photograph, identification number (e.g., passport number, tax number, social security number) or other information contained in identity-related documentation (e.g., passport, driver’s license, or birth certificate);
  3. Professional information – your occupational history, job title, or other professional information regarding the nature of our business relationship;
  4. Financial information – your income, assets, liabilities, tax residency, bank details, and other financial information, both current and historical;
  5. Transactional information – details about your accounts that you have with us and other details of products and services you have purchased from us;
  6. Contractual information – details about the products and services we provide to you;
  7. Technical information – details on the devices and technology you use;
  8. Communications information – information we obtain through letters, emails, telephone calls, conversations, social media interactions, or any other correspondence between us;
  9. Open Data and Public Records information – details about you that are available in public records or that are openly available on the internet;
  10. Usage information – information about how you use the products and services we provide to you;
  11. Medical and Health information – medical and health information required to provide the products and services you request.

The personal information collected varies depending upon the nature of your relationship with us, how you use the Digital Technologies, and the type of product or service you have with us.

For individuals that login as representatives of a business or corporate account, we may gather information based on your relationship with our organization for the purposes of providing customized online services.

For visitors who provide an email address or volunteer other information, such as contact information and/or site registration, we collect this information. Visitors who provide an email address may also be asked to provide feedback about our website via surveys.   Additionally, visitors may receive periodic messages from us about new products and services or upcoming events. If you do not want to receive e-mail or other mail from us, please update your subscription and delivery services or click the “unsubscribe” link in the email correspondence received from us. 

Connecting with Principal on social media sites

Principal provides experiences on social media platforms that enable online sharing and collaboration among users who have registered to use them. We may collect information you provide by interacting with us via social media, such as photographs, opinions, or Twitter handle. Any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is also subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.

Mobile applications information

Principal’s mobile applications allow you to access your accounts using wireless or mobile devices. Our privacy practices apply to any personal information or other information that we may collect through the applications.   Additional conditions may apply depending on the specific terms of use and privacy policy of the application.  Please refer to the terms of use and other policies for more information about your specific mobile application. 

Information received from third parties

We may receive information about you from third parties such as consumer or other reporting agencies and medical or health care providers; or through your interactions with our affiliated companies. In addition, if you are on another website and you opt-in to receive information from us, that website will submit to us your email address and other information about you so that we may contact you as requested. We may supplement the information we collect about you through our Digital Technologies with such information from third parties in order to enhance our ability to serve you, to tailor our content to you and/or to offer you opportunities to purchase products or services that we believe may be of interest to you.

Information collected by use of cookies and spotlight tags

We allow third-party companies, including Google Analytics and others, to use cookies and spotlight tags to collect certain information when you visit our website or use our Digital Technologies (“Usage Information”). Usage Information helps us measure the performance of our online advertising campaigns, analyze visitor activity on our Digital Technologies and for other business purposes. Usage Information may include browser type, device type, operating system, application version, the page served, the time, the preceding page views, and your use of features on the Digital Technologies.

About cookies and how we use cookies

Cookies are used to store information on your computer and are a way to have your web browser "remember" specific bits of information about your previous visits to our site. They allow you to access secured information, conduct secured transactions, and take advantage of promotional opportunities. They are designed to help you have a better user experience within our website, and we use the information to improve our site content and site functionality.

Different websites store the information in cookies differently. Cookies allow us to identify your device, which in combination with other information we are collecting, may allow us to identify you personally. Any such information is stored in our protected systems and not in the cookie or on the Internet.

Cookies save you time as they help us to remember who you are and they help us to be more efficient. We can learn about what content is important to you and what is not.  We can revise or remove web pages that are not of interest and focus our energies on content you want.

Types of cookies we use

We primarily use two types of cookies:

  1. Session cookiesThese are temporary and expire when you leave our website or are inactive for a specified length of time. Session cookies allow the website to recognize you as you navigate between pages during a single browser session and allow you to use the website most efficiently.
  2. Persistent cookiesThese store your preferences for a site, are stored on your computer, and are read by your browser each time you visit the website. They therefore enable the website to “recognize” you on your return, remember your preferences, and tailor services to you.

About spotlight tags

Spotlight tags analyze behavior of users who have previously clicked or viewed one of our online advertisements. Spotlight tags only collect anonymous, non-personally identifiable information, and at no time do spotlight tags record user name, password, email address, or Internet Protocol (IP) addresses. Spotlight activities are reported only if they are created by a user who meets the following three criteria:

  1. Clicks one of our ads and is redirected to our website, or views one of our ads and accesses our website later.
  2. Performs an activity on a page containing a spotlight tag.
  3. Performs this activity within 30 days of clicking and/or viewing one of our ads.

Internet applications

During some visits to our Digital Technologies we may collect session information, including page response times, download errors, what time you visited our website, how long you were on our website, if you've been to the website before, what web pages you visited, page interaction such as scrolling, clicks, and mouse overs, what type of browser you used to access our website and methods to browse away from the page. This information helps us identify ways to modify and improve our websites. Examples of information we collect and analyze include the Internet Protocol (IP) address or other unique identifier for the device you use to access the Internet, login email address, computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions and operating systems.

Principal considers the information collected through our Digital Technologies valuable. At this time, Principal does not respond to do-not-track signals or similar technologies sent by a browser setting. However, visitors will continue to have the ability to control cookie settings for Principal’s websites. The information we receive from your web browser and device may or may not be personally identifiable and we may combine it with other information.

How you can control what data is collected through cookies

The information we collect may depend on your web browser settings. Most browsers (Chrome, Safari, Firefox, Internet Explorer, etc.) automatically accept cookies, but you can usually alter the setting of your browser to prevent that; however, doing so may limit your access to certain sections of our website, including account information found behind the login.

If you do not wish to receive cookies, please refer to the help section of your browser to learn how to either block all cookies or receive a warning before a cookie is stored on your computer.  In addition to altering the cookie settings on your browser, you can also install the Google Analytics Opt-out Add-on, which prevents Google Analytics from collecting information about your website visits.

How and why we use information collected through the Digital Technologies

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you;
  • Where it is necessary for our legitimate interests (i.e., we have a business or commercial reason for using your information) and your interests and fundamental rights do not override those interests;
    • Complying with regulations that apply to us.
    • Being efficient about how we fulfill our legal and contractual duties.
    • Providing high quality customer service.
    • Developing products and services, and what we charge for them.
    • Defining types of customers for new products and services.
    • Seeking your consent when we need it to contact you.
    • Developing and improving the network security, efficiency and technical specification of our IT systems and infrastructure.
    • Developing and improving how we deal with and manage financial crime.
    • Providing our customers with high quality products, services and Digital Technologies features.
    • Keeping our products, services and Digital Technologies features updated and relevant.
  • Where we need to comply with a legal or regulatory obligation; or
  • Where you consent.

We use your personal information for the following reasons:

  • To provide and manage our products, services and Digital Technologies (including any online account with us).
  • To create, process and deliver the accounts you hold with us or the products or services you receive from us.
  • To comply with our legal and regulatory obligations (including verifying your identity and conducting identity and background checks for anti-money laundering, fraud, credit and security purposes) and to exercise our legal rights.
  • To process transactions and carry out obligations arising from any contract entered into between you and us.
  • To communicate with you and respond to your inquiries, including responding to complaints and attempting to resolve them.
  • To exercise our rights in agreements and contracts to which we are a party.
  • To administer auditing, billing and reconciliation activities and other internal and payment-related functions.
  • To detect, investigate, report, and seek to prevent financial crime and to manage risk for us and our customers.
  • To run our business in an efficient and proper way, including in respect of our financial position, business capability, corporate governance, audit, risk management, compliance, product development, strategic planning, marketing, and communications.
  • To send you promotional and marketing materials, newsletters or other related communications (including making suggestions and recommendations to you about services that may be of interest to you).
  • To conduct research and analysis to improve the quality of our marketing and the experience of and relationships with our customers.
  • To administer and protect our business and our Digital Technologies (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). 
  • To develop, manage and improve our products, services and the Digital Technologies (including conducting research and analysis) and to test new products, services, and features of the Digital Technologies.
  • Medical and Health Information for providing and servicing your policies, accounts, claims or contracts as allowed by the relevant laws protecting your privacy.

Failure to provide personal information

Where we need to collect personal information by law or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Change of purpose

We will only use your personal information for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Information shared

We may share your personal information to the following categories of recipient:

  • With group companies and affiliates. We may share the information we collect about you with other member companies of Principal, including Principal Life Insurance Company, Principal National Life Insurance Company, Principal Global Investors and their affiliates for a variety of purposes. For example, we share information to assist us in providing service and account maintenance, to help us design and improve products and to offer products and services that may be of interest to you.
     
  • With our service providers. We may disclose information to third party service providers that perform services for us in the processing or servicing of your account, or with third parties that perform marketing or other services on our behalf. Third parties with whom we may have joint marketing agreements include financial services companies (such as other insurance companies, banks or mutual fund companies).
     
  • With third parties as permitted or required by law. This includes disclosing your information to regulators, law enforcement authorities, tax authorities and credit bureaus. This information is only disclosed as required or permitted by law, and in accordance with established company procedures.We may transfer and disclose the information we collect about you to comply with a legal obligation, including responding to a subpoena or court order, to prevent fraud, to comply with an inquiry by a government agency or other regulator, to address security or technical issues, to respond to an emergency, or as necessary for other legal purposes.
     
  • With our carefully selected business partners. We may share information with third parties that offer products or services that we believe may be of interest to you. Before we do so, we will provide you the opportunity to “opt out” or “opt in,” as required by applicable law so that you can say “no” to such sharing.
     
  • As part of business transitions. In relation to an ongoing or proposed business transaction your information may be transferred to a successor organization. If such a transfer occurs, the successor organization’s use of your information will still be subject to this Policy and the privacy preferences you have expressed to us.
     
  • With third party social media platforms and applications. We may provide functionality on our Digital Technologies that allows you to automatically post information to a third-party social media platform (such as Facebook, Twitter, or Pinterest). If you choose to take advantage of this functionality, people with access to your profile on the third-party platform will be able to see your post. Thus, you should have no expectation of privacy in those actions. Further, if you choose to link your profile on our Digital Technologies with an account on a third-party social media platform, we may share the information in your profile with that third-party platform. We may also use third-party social media platforms to offer you interest-based ads. To offer such ads, we may convert your email address into a unique value which can be matched by our partner company with a user on their platform. Although we do not provide any personal information to these platform vendors, they may gain insights about individuals who respond to the ads we serve.
  • Other
    • Agents and advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business;
    • Fraud prevention agencies;
    • Any party linked with you or your business’s product or service;
    • Companies we have a joint venture or agreement to co-operate with;
    • Organizations that introduce you to us;
    • Companies that we introduce you to;
    • Market researchers;
    • Independent Financial Advisors;
    • Companies that offer ways to research and apply for financial products and services;
    • Companies you ask us to share your data with.

In addition, we may share non-personal (anonymized) information, such as aggregate data and Usage Information with other third parties.

Except as described above, or as set forth in a separate privacy policy, we will not provide your personal information to other third parties without your specific consent.

How we protect your information

We understand the importance of appropriately safeguarding information you provide to us. It is our practice to protect the confidentiality of this information, limit access to this information to those with a business need, and not disclose this information unless required or permitted by law.

We have security practices and procedures in place to protect data entrusted to us. These procedures and related standards include limiting access to data and regularly testing and auditing our security practices and technologies.

All employees are required to complete privacy, security, ethics and compliance training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your information.

For additional information regarding how we protect your information, please refer to the following:

Ultimately, no website, mobile application, database or system is completely secure or “hacker proof.” While no one can guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others, we continuously review and make enhancements to how we protect customer information.

Further, we cannot control dissemination of personal information you post on or through our Digital Technologies using any social networking tools we may provide and you should have no expectation of privacy in respect of such information.

Do Not Contact or Call Requests

We comply with all Federal regulations related to Do Not Call or Do Not Email requests by customers. If you do not wish to be contacted by mail, telephone, email or fax, you can indicate this on the Do Not Contact Form. We will not contact customers for the purpose of product sales based on the methods indicated on the Do Not Contact list. We retain the right to contact any customer for service-related issues.

Canadian residents should complete the Canada Do Not Email Form.

Accuracy of information

We strive to keep our records accurate and will make appropriate corrections when you notify us. Please let us know if there is incorrect information in any statements or other communications that you receive from us.

If you would like to correct or update your personal information, please contact us by sending a letter via postal mail or through our online contact us reply form.

Children’s privacy online

Our Digital Technologies are not directed toward children. We do not knowingly collect, use or post personal information from children under the age of 13. If we determine upon collection that a user is under this age, we will not use or maintain his or her personal information without parent or guardian consent. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make reasonable efforts to delete such information from our records.

Effective date and changes to this Policy

We are continually improving and adding to the features and functionality of our website and the services we offer through our Digital Technologies. As a result of these changes (or changes in the law), we may need to update or revise this Policy. Accordingly, we reserve the right to update or modify this Policy at any time, without prior notice, or providing any notice required under applicable law, by posting the revised version of this Policy behind the link marked “Privacy” at the bottom of each page of this website and as may otherwise be made available on our Digital Technologies. To the extent permissible under applicable law, your continued use of our Digital Technologies after we have posted the revised Policy constitutes your agreement to be bound by the revised Policy. However, we will honor the terms that were in effect when we gathered data from you.

For your convenience, whenever this Policy is changed, we will update the Effective Date at the top of this policy. Be sure you check the Effective Date to see if this Policy has been revised since your last visit. We recommend that visitors to our site review our online privacy policies from time to time to learn of new privacy practices and changes to our policies.

You may access the current version of this Policy at any time by clicking the link marked “Privacy” at the bottom of each page of this website.

Contact us

If you have any questions about this Policy, or about how we collect and use your personal information, please contact us at:  CorpPrivacy@exchange.principal.com or Privacy Officer
P.O. Box 14582, Des Moines, IA 50306-3582.