Digital Privacy Policy

Last updated: July 1, 2020

We know how important your personal information is to you. It’s why we do so much to protect your information, while continually providing products and services you can count on.

This Digital Privacy Policy (“Policy”) is meant to help you understand the type of personal information we collect, how we collect and use that information, whom we may need to share the information with, and how we protect it.  

The Policy is provided in a layered format so you can click through to the specific areas set out below. You can also download a version of the policy (PDF).

About this policy

This Policy is issued on behalf of the Principal Financial Group and its affiliates (“Principal”, “we”, “us”, “our”).  The Policy applies to this website, our mobile applications or digital forms, and our producer websites that link to this Policy (together, “Digital Platforms”). Additional privacy notices may also apply depending on the nature of our relationship with you (e.g., if you have purchased insurance products from us) and the type of Digital Technology you are using (e.g., our mobile application).

If you are accessing our Digital Platforms from within the European Economic Area (EEA), please review our EEA digital privacy policy.

Other sites

Websites operated by non-Principal entities may link to and from our website, but they may have different privacy policies from the one described here. We do not have control over, or responsibility for, the content or operation of the website of any non-Principal entity. These other sites may send their own cookies to your device, may independently collect data or solicit personal information, and may or may not have their own published privacy policies. Visitors should read the privacy statements of other websites they visit for information regarding their specific privacy practices.

Your consent

Please take a few minutes to review this Policy before using our Digital Platforms. To the extent permissible under applicable law, by using our Digital Platforms you are consenting to the collection, use and disclosure of your information as set forth in this Policy. If you do not agree to be bound by this Policy, you should not access or use our Digital Platforms.

Information collected

The specific information we collect will depend on things like the nature of your relationship with us and how you choose to interact with us. In general, however, we collect the following categories of personal information:

  • Contact information
    •  e.g., email address, physical address, telephone/fax number.
  • Identity information
    • e.g., name, date of birth, nationality, gender, social media profile and other information you make available through social media, photograph, identification number (e.g., passport number, tax number, social security number) or other information contained in identity-related documentation (e.g., passport, driver’s license, or birth certificate).
  • Professional information
    • e.g., occupational and educational history, job title, degrees of schooling, academic records, or other professional information regarding the nature of our business relationship.
  • Financial information
    • e.g., income, assets, liabilities, tax residency, bank details, and other financial information, both current and historical.
  • Transactional information
    • e.g., details about your accounts that you have with us and other details of products and services you have purchased from us.
  • Usage information
    • e.g., your IP address; details on the devices and technology you use and how you use the products and services we provide to you; information on your interactions with our Digital Platforms; geolocation information, survey responses and feedback.
  • Medical and Health information
    • e.g., medical and health information required to provide the products and services you request; other medical and health information you provide us or authorize us to collect.

How we collect information

We collect personal information from the following sources:

  • You
    • We collect information that you provide or make available to us.
    • We collect information from third parties that you authorize us to collect from, such as from consumer reporting agencies and medical providers when you apply for an insurance product. 
  • Financial Professionals
    • We collect information from financial professionals (e.g., brokers, agents, advisors and distribution partners) associated with the products and services we offer you.
  • Contract/Plan Owner
    • We collect information from the owner (e.g., your employer) of products that we issue and service, such as a group insurance contract.
    • We collect information from the plan sponsor and/or your employer for certain retirement products (e.g., 401k plan) that we service. 
  • Service Providers
    • We collect information from third party service providers that perform services on our behalf. 
  • Public Records
    • We collect information that is contained in public records or is otherwise publicly available.

Our Digital Platforms utilize cookies.  For additional information about how we use cookies, and how you can control what information is collected, please see the Cookie Policy section of this Policy.

We use your information for the following reasons:

  • Products/Services Management
    • To provide you our products and services.
    • To develop, manage and improve our products, services and Digital Platforms and to test new products, services, and features of the Digital Platforms.
    • To process transactions and carry out our contractual obligations for the products and services we offer.
  • Business Operations
    • To run our business in an efficient and proper way, including in respect of our financial position, reporting, capital management, business capability, corporate governance, audit, risk management, compliance, product development, strategic planning, marketing, and communications.
    • To comply with our legal and regulatory obligations (e.g., verifying your identity and conducting identity and background checks for anti-money laundering, fraud, credit and security purposes; responding to a subpoena, court order or regulatory request) and to exercise our legal rights.
    • To exercise our rights in agreements and contracts to which we are a party.
    • To detect, investigate, report, and seek to prevent financial crime and to manage risk for us and our customers.
    • To administer auditing, billing and reconciliation activities and other internal and payment-related functions.
  • Technology Management
    • To administer and protect our business and our Digital Platforms (e.g., troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). 
    • To develop and improve the security, efficiency and technical specification of our systems and infrastructure.
  • Customer Relationships
    • To provide high quality customer service.
    • To provide you with educational materials about our products and services, financial wellness, and other financial services related information.
    • To communicate with you and respond to your inquiries, including responding to complaints and attempting to resolve them.
    • To send you promotional and marketing materials, newsletters or other related communications (including making suggestions and recommendations to you about services that may be of interest to you).
    • To conduct research and analysis to improve the experience of, and relationships with, our customers.

Information shared

As permitted by law, we may share information with the following:

  • Principal Companies
    • We may share information with member companies within Principal.
  • Service Providers
    • We may share information with service providers that perform services on our behalf.
  • Financial Professionals
    • We may share information with financial professionals (e.g., advisors, brokers, distribution partners) that help us provide you with our products and services.
  • Regulatory Bodies
    • We may share information with regulators, law enforcement authorities, tax authorities and credit bureaus.
  • Authorized Parties
    • We may share information with third parties that you authorize or direct us to share with, or as otherwise permitted by law.
  • Successor Company
    • We may share information with a third party acquiring all, or a portion of, our business.  The information shared will remain subject to this Policy and the privacy preferences you have expressed to us. 

About cookies and how we use cookies

Cookies are small text files sent to your web browser and stored on your hard drive by a website. Cookies allow your web browser to "remember" specific bits of information about your visits to our site.

Cookies allow you to access secured information, conduct secured transactions, and take advantage of promotional opportunities. They are designed to help you have a better user experience within our website, and we use the information to improve our site content and site functionality. Cookies allow our site to remember your device, remember who you are, and help us to be more efficient. For example, we can learn about what content is important to you, and we can revise or remove web pages that are not of interest.

Types of cookies we use

Our site uses both “session” and “persistent” cookies. Session cookies are temporary and expire when you leave our website or are inactive for a specified length of time. Persistent cookies store your preferences for a site and are read by your browser each time you visit the website.

Our site uses both first-party cookies, which are cookies set by us, and third-party cookies, which are cookies set by other companies to assist our advertising and marketing efforts.

The cookies used by our site fall into the following four categories:

  1. Strictly necessary cookies. These cookies are necessary for our website to function and can’t be switched off in our systems. They’re set for you behind the scenes when you do things such as log in, fill out forms, make a request for services, or set your privacy preferences. You can set your browser to block or alert you about these cookies, but some parts of our site won’t work without them.
  2. Functional cookies. These cookies enable our website to work smoothly and in a manner personalized to you. They may be set by us or by third-party providers whose services we’ve added to our pages. For example: downloading a customer service form using PDF. If these cookies are blocked, then some or all of these services may not function.
  3. Performance cookies. These cookies allow us to count how many times people visit our website, and how they get here, so we can measure and improve its performance. They show us which pages are the most (and least) popular, and how visitors move around on the site when they’re here. If these cookies are blocked, we have less information about how to improve our sites that will be useful to you.
  4. Marketing Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. If these cookies are blocked, you will experience less targeted advertising.

Managing your cookie preferences

If you wish to make changes to your cookie preferences, please click on the appropriate link below to be directed to the applicable Cookie Preference page.

At this time, Principal does not respond to do-not-track signals or similar technologies sent by a browser setting. Most web browsers allow you to change your browser settings to limit or block certain cookies. Doing so, however, may limit your access to certain sections of our website or otherwise compromise the functionality of the site.

We understand the importance of appropriately safeguarding information you provide to us. It is our practice to protect the confidentiality of this information, to limit access to this information to those with a business need, and to not disclose this information unless required or permitted by law.

We have security practices and procedures in place to protect data entrusted to us. These procedures and related standards include limiting access to data and regularly testing and auditing our security practices and technologies.

All employees are required to complete privacy, security, ethics and compliance training. We also offer a wide variety of other training to all employees and temporary workers to help us achieve our goal of protecting your information.

For additional information regarding how we protect your information, please refer to the following documents:

Ultimately, no website, mobile application, database or system is completely secure or “hacker proof.” While no one can guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others, we continuously review and make enhancements to how we protect customer information.

We also cannot control dissemination of personal information you post on or through our Digital Platforms using any social networking tools we may provide, and you should have no expectation of privacy in respect of such information.

This section supplements the information contained within our Digital Privacy Policy and provides additional information to California consumers as required by the California Consumer Privacy Act of 2018 (the “CCPA”).

Notice of collection

Our Digital Privacy Policy explains the types of information we collect, how we collect information, how we use information we collect, and whom we share information.

The CCPA requires that we provide you with additional information about each category of information that we collect. As previously discussed, the nature of your relationship with us and how you choose to interact with us will determine the specific information we collect, and how/why that information is collected, used, and shared.

Scope of the CCPA

The CCPA does not apply to certain types of personal information. For example, the CCPA does not apply to certain information already protected by other laws. This includes health and medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the California Confidentiality of Medical Information Act (CMIA). It also includes information collected, processed or disclosed pursuant to federal privacy law (Gramm-Leach-Bliley and its implementing regulations) or pursuant to California state law (California Financial Information Privacy Act).

Principal complies with the protections and rights provided for in the above federal and state laws.

In addition, under the CCPA, personal information does not include publicly available information from government records or personal information that has been properly de-identified or aggregated.

No Sale of Personal Information

The CCPA contains provisions and requirements for businesses that sell personal information.

Principal does not sell your personal information. 

Your Rights Under the CCPA

The CCPA provides California consumers with certain rights regarding their personal information. This section describes your rights under the CCPA and provides information about how to exercise those rights.

Right to Know

This Policy, including the Notice of Collection section, explains how we collect, use and share information. In addition, you have the right to request that we disclose what personal information we collect, use, disclose, and sell about you (Principal does not sell your personal information).

Additional information is contained in the "How to submit a request" section.

Right to Request Deletion

You have the right to request that we delete personal information we have collected or maintain about you. Please note, the CCPA recognizes that businesses may not be able to fulfill a deletion request if there is a business need to maintain the information. If we are unable to fulfill a deletion request, we will tell you why in our response.

Additional information is contained in the How to Submit a Request section.

Right to opt-out of the sale of personal information

You have the right to opt-out of the sale of your personal information. However, no opt-out is required because Principal does not sell your personal information.

Right to non-discrimination for exercising your CCPA rights

You have the right not to receive discriminatory treatment for exercising your rights under the CCPA. 

Principal complies with the non-discrimination provisions of the CCPA and other applicable laws.

How to submit a request

You can exercise your Right to Know and/or Right to Request Deletion by submitting a request.

You can also contact us at 800-986-3343. Please inform our customer service representative that you wish to submit a “Right to Know” and/or a “Right to Request Deletion” request.

The protection of your personal information is important to us. In order to respond to your request, we will need to verify your identity. As part of the initial request process, we will ask you for certain information about you. This information helps us identify who is making the request and helps us determine that the person making the request is really whom they say they are. The information you provide us during the verification process will only be used to review and respond to your request. 

We may not be able to verify your identity based solely on the information you provide during the initial request process. If we are unable to verify your identity, we will follow-up with you and request additional information that only you should know. For example, if you have an existing product or service, we may ask information specific to that product or service. Or we may ask you to provide documentation that allows us to verify your identity. If we are unable to verify your identity, we may not be able to respond to your request. For example, if you are requesting specific pieces of information that we maintain about you, but we are unable to verify your identity, we may not be able to provide you with the specific pieces of information, but may still be able to provide you with the categories of information that we maintain about you. 

Pursuant to the CCPA, you can only submit a Right to Know request twice within a twelve-month period. The CCPA also allows businesses to establish specific ways in which requests must be submitted, such as through our online form and toll-free telephone number. In addition, the CCPA’s Right to Know requests only cover information that has been collected or shared within the preceding twelve months. If we are unable to fulfill a request, we will tell you why in our response.

An authorized agent may submit a request on your behalf. Under the CCPA, an authorized agent is a person or business entity registered with the Secretary of State that you have authorized to act on your behalf. We may still require that you verify your identity with us directly and submit proof that the agent has been authorized to act on your behalf. 

Our response to your Right to Know and Right to Request deletion requests

We will confirm receipt of your request within 10 days and provide information about how we will process the request. This confirmation will include additional information, as applicable, regarding the verification process. The CCPA allows for a response within 45 days of receiving your request. If we need additional time to respond, the CCPA allows for an additional 45 days. We will contact you if we need the additional time and explain why. 

Our response will contain additional information specific to your request. This could include, for example, reasons why we were unable to fulfill the request.

We do not normally charge a fee to process or respond to your request. The CCPA does permit us to charge a fee, however, if the request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Contact for More Information

If you have any questions about our privacy policies and practices, or about the CCPA, please contact us at: CorpPrivacy@exchange.principal.com or Privacy Officer, P.O. Box 14582, Des Moines, IA 50306-3582.

Do Not Contact or Call Requests

We comply with all federal regulations related to Do Not Call or Do Not Email requests by customers. If you do not wish to be contacted by mail, telephone, email or fax, you can indicate this on our Do Not Contact Form. We will not contact customers for the purpose of product sales based on the methods indicated on the Do Not Contact list. We retain the right to contact any customer for service-related issues.

You can also update your subscription and delivery services by logging into your account and updating your profile at any time. 

Canadian residents should complete the Canada Do Not Email Form.

Accuracy of information

We strive to keep our records accurate and will make appropriate corrections when you notify us. Please let us know if there is incorrect information in any statements or other communications that you receive from us.

If you would like to correct or update your personal information, please contact us by sending a letter via postal mail or through our digital contact us reply form.

Children’s privacy online

Our Digital Platforms are not directed toward children. We do not knowingly collect, use or post personal information from children under the age of 13. If we determine upon collection that a user is under this age, we will not use or maintain the user’s personal information without parent or guardian consent. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make reasonable efforts to delete such information from our records. If you want to learn more about children's privacy, you can access the Children's Online Privacy Protection Act (COPPA) at the Federal Trade Commission's website.

Effective date and changes to this Policy

We are continually improving and adding to the features and functionality of our website and the services we offer through our Digital Platforms. As a result of these changes (or changes in the law), we may need to update or revise this Policy. Accordingly, we reserve the right to update or modify this Policy at any time, without prior notice, or providing any notice required under applicable law, by posting the revised version of this Policy behind the link marked “Privacy” at the bottom of each page of this website and as may otherwise be made available on our Digital Platforms. To the extent permissible under applicable law, your continued use of our Digital Platforms after we have posted the revised Policy constitutes your agreement to be bound by the revised Policy. However, we will honor the terms that were in effect when we gathered data from you.

For your convenience, whenever this Policy is changed, we will update the Last Updated Date at the top of this policy. Be sure you check the Last Updated Date to see if this Policy has been revised since your last visit. We recommend that visitors to our site review our digital privacy policies from time to time to learn of new privacy practices and changes to our policies.

You may access the current version of this Policy at any time by clicking the link marked “Privacy” at the bottom of each page of this website.

Contact us

If you have any questions about this Policy, or about how we collect and use your personal information, please contact us at: CorpPrivacy@exchange.principal.com or Privacy Officer
P.O. Box 14582, Des Moines, IA 50306-3582.