Part 2 - RAC Black Box Insurance

Purpose and legal basis for using your information 

If you purchase RAC Black Box Insurance, the insurance will be arranged and administered by our partner insurance provider, BISL Limited BISL will be the data controller for your information for the purpose of providing you with insurance. The underwriter of the insurance will also be a data controller for the purpose of underwriting the insurance. 

RAC will typically be the data controller for some of the following purposes:

Our purpose for using your data Our lawful basis
Our business activities 
Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling) Legitimate interest
Business operations and service improvements: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. Legitimate interest
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities. Legitimate interest
Telematics based insurance: Using your vehicle telemetry data to provide you with your own driving analysis. contribution towards calculation of insurance premiums based upon your driving characteristics and vehicle usage, passing data to Insurers in the event of a claim, research and analysis. Legitimate interest

For the purpose for which we use your data, we need to have a lawful basis. The lawful basis is set out in the General Data Protection Regulation (GDPR). The ones we’re relying on are: 

  • Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the GDPR. 

RAC Insurance Limited will be the data controller for the information about you collected for these purposes which means that we are responsible for the way in which we use your data. 

The information we collect

The information which we collect about you relating to your RAC Black Box Insurance will include:

Category of information Examples
Information about you
Key personal details  Name, date of birth, etc
Contact details  Home address, email address, telephone number
Your family and beneficiaries  Their name and relationship with you
Your driving behaviours How, where and when you drive, faults logged by your vehicle
Credit Reference information 
Information from public records, including court judgments, electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses.
Information about your vehicle and driving habits
Your vehicle details  Information about your vehicle including make, model, age, etc
Black box details  Information about the RAC Black Box which is installed in your vehicle. 
Your driving habits  Telematics information which is provided to us from your RAC Black Box such as miles driven, and driving behaviours  
Location data GPS locations
Your RAC Black Box Insurance cover 
Your purchases and policies  Details of your cover including start and end date and scope of cover 
Marketing preferences  Your preferences for the marketing you would like to receive from us
Communicating with us  Telephone conversations and communication by email, post and social media if you contact us directly 


How we get your information 

  • Insurance intermediaries (such as our insurance partners) who are authorised by us to sell an insurance product. They provide us with the information you submit when you engage with them, usually to obtain an insurance quote such as contact details, financial information including premium amount, payment methods and vehicle information.
  • From you if you contact us directly we could collect information from you. 
  • From your vehicle, if you have a telematics device based insurance product, we collect information from the Black Box or device installed in your vehicle
  • DVLA and other agencies who provide vehicle data obtained under licence.
  • Information Commissioner’s Office, law enforcement agencies and other public bodies may provide us with information about individuals who have made a complaint or in relation to their investigations and law enforcement activities. 
  • Regulatory bodies such the Financial Ombudsman Service and the Financial Conduct Authority may provide us with information about individuals who have made a complaint
  • Data services providers such as data service organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services in which we believe you may be interested.
  • Credit reporting agencies: We receive information about you from TransUnion.  You can read more about TransUnion’s activities in their privacy notice:

How long we keep your information 

We primarily hold your data for up to 7 years.

Who we share your information with 

We may share your data with third parties who are instructed by us, such as:

  • RAC group companies  
  • IT providers: for administration and management of our internal systems
  • Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements. 
  • Professional advisors and purchasers: for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.
  • The insurers who underwrite RAC insurance products: for the purpose of risk analysis and improving the accuracy pricing for RAC insurance products relative to the respective risks.
  • Credit reporting agencies: We share basic identifier information about you with TransUnion to enable them to identify you and provide us with credit related information.  You can read more about TransUnion’s activities in their privacy notice:

Automated decision-making 

Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person. 

We use automated decision-making, including profiling, for several different purposes:

i. to determine the risk of providing you with a product or service; 
ii. to decide whether to offer a product or service; and
iii. the price of the product or service. 

We use automated decision making where it’s necessary in order to provide you with the product or service. 

Where your information is held 

We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary.  Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses. 

What happens if you do not provide us with your personal information 

Unfortunately, if you do not provide us with the personal information which we need in order to provide you with a product or service, we may not be able to provide you with that product or service.