Skip to content

Part 2 - RAC Black Box Insurance (post 30th March 2021)

Purpose and legal basis for using your information

This notice tells you about the way in which your personal data will be used when you purchase RAC Black Box Insurance. For more details, you can see our complete privacy notice at

When you purchase RAC Black Box Insurance, there will be two data controllers who are responsible for using your personal data:

  • RAC Financial Services Limited (trading as RAC Insurance) and our address is RAC House, Brockhurst Crescent, Walsall, WS5 4AW. We are responsible for arranging and administering your policy and act as the intermediary. Our use of your data is explained in this notice.
  • The underwriter: The underwriter of your policy will be a separate data controller. How they will use your data will be explained in their privacy notice.

This privacy notice only covers how RAC handles your information.

When providing you with RAC Black Box Insurance, RAC will typically be the data controller for the following purposes:

Providing our service to you

Our purpose for using your data

Our lawful basis

Pricing activities, checks and risk assessment: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling and automated decision making), assessing availability of payment methods, conducting checks with credit reference and fraud prevention agencies.

Performance of contract

Provision of insurance: Using data to provide you with the insurance. This will include sharing information with our partners (e.g. the policy underwriter). This will include passing your data, including Black Box data, to the underwriter in the event of a claim to assist with identification, assessment or investigation of claims made and to provide clarifications as to the circumstances of the claim. 

Performance of contract

Administration of your policy: Administering your policy including making changes, taking payments or cancelling your cover.

Performance of contract

Communicating with you: Communicating with you as well as other policyholders and beneficiaries.

Performance of contract

The Black Box: Collecting, using and analysing the data generated by the Black Box including calculation of drivers’ scores and use of location data in conjunction with the terms of your policy.

Performance of contract

Prevention and diagnosis of vehicle faults: If you have included Vehicle Based membership RAC Breakdown add on with your Black Box policy, data from your vehicles Engine Control Unit (or other On-Board Diagnostic Features within your vehicle) may be transmitted to us in in order to help prevent or diagnose your vehicle faults which may lead to safety concerns or potentially breaking down. We also may use this information anomalously to enrich our database of vehicle faults.

Performance of contract

Testing the Black Box: Test your RAC Black Box and any associated software (e.g. during installation or to perform maintenance checks).

Performance of contract

Our business activities

Our purpose for using your data

Our lawful basis

Statistical and analytical purposes: Making improvements to RAC products and services including internal testing, reporting and analysis. This will include using your data for analysing, assessing and profiling certain information about you such as your vehicle ownership and driving style.

Legitimate interest

Routine business activities: Business processes and operations including quality assurance, governance, testing, management and audit practices.

Legitimate interest

Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling), personalisation of content and analysis of our marketing activities.

Legitimate interest

Training and Monitoring: To help us with our training and monitoring, we record all of our inbound and outbound telephone conversations. We may ask for your consent to record face to face conversations if you purchase RAC breakdown cover from one of our sales agents.

Legitimate Interest (for recording telephone calls)

Consent (for recording our face to face conversations)

Legal and regulatory

Our purpose for using your data

Our lawful basis

Your rights: Complying with your data protection requests under the UK Data Protection regulation and the General Data Protection Regulation Legal obligations.

Legal obligations

Disclosure: Disclosing your information to regulators and law enforcement agents as required to do so by law.

Legal obligations

Fraud detection, debt recovery and legal claims: To prevent or detect fraud, recover debts owed to RAC and using data for the purpose of legal proceedings.

Legitimate interest

Compliance: Complying with our regulatory and legal obligations including those issued by the Financial Conduct Authority and Financial Ombudsman Service.

Legitimate interest

For each different purpose for which we use your data, we need to have a lawful basis. The different lawful basis are set out in the UK Data Protection regulation and the General Data Protection Regulation. The ones we’re relying on are:

  • Consent: We rely on this basis to give you choice where you may not usually expect your information to be recorded. This legal basis is set out in article 6(1)(a) of the UK Data Protection regulation and the General Data Protection Regulation.
  • Performance of contract: We rely on this basis when our use of your data is necessary for the performance of the contract between you and RAC and to take steps at your request prior to entering into the contract. This legal basis is set out in article 6(1)(b) of the UK Data Protection regulation and the General Data Protection Regulation.
  • Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the UK Data Protection regulation and the General Data Protection Regulation.
  • Legal obligations: We rely on this basis when we have a legal obligation to use your data in a certain way. This legal basis is set out in article 6(1)(c) of the UK Data Protection regulation and the General Data Protection Regulation.

The information we collect

The information which we collect about you relating to your RAC Black Box Insurance will include:

Information about you

Category of information


Key personal details

Name, date of birth, etc

Application information

Car use, home ownership, employment, licence type

Contact details

Home address, email address, telephone number

Your family and beneficiaries

Home address, email address, telephone number

Information about your policy

Category of information


Your purchases and policies

Details of your cover including start and end date and scope of cover.

Marketing preferences

Your preferences for the marketing you would like to receive from us.

Communicating with us

Telephone conversations and communication by email, post and social media if you contact us directly.

Claims information

Details of claims made under the policy, or claims by a third party, and data from industry sources including the Motor Insurance Database.

Payment details

Details of your payments for products and services.

Your relationship with RAC

Category of information


Your membership with RAC

Details of the tenure of your membership with RAC and information about other products and services you have purchased from RAC.

Services you have received from RAC

Details of the services which you have received from RAC including the number of occasions you required roadside assistance.

Information about your vehicle and driving habits

Category of information


RAC Black Box details

Information about the RAC Black Box which is installed in your vehicle.

Information generated by the RAC Black Box

Information about your driving style, usage and whereabouts such as your speed throughout a journey, braking frequency and force, acceleration, types of roads you use (e.g. A-roads, motorways), time and date of travel, location of vehicle.

Information from other sources

Category of information


Driving offences

Details of any driving offences.

Your vehicle ownership

We receive information about your vehicle ownership during the past 5 years. The information includes the number of vehicles you’ve owned, the category of vehicle (e.g. if they were manual or automatic transmission, petrol or diesel, etc).

Your vehicle details

We receive from the DVLA information about your vehicle, including the make, model, fuel type, engine capacity, etc

Fraud detection information

We receive information about from external fraud prevention agencies to assist us in verifying your identity and to detect and prevent financial crime.

MOT data

We receive details of your MOT, including your vehicles recorded mileage, from the Driver and Vehicle Standards Agency (DVSA).

Claims history

Years of no claims bonus, previous insurance claims.

Credit information

We receive a credit score from TransUnion, a credit reference agency. The score is based on publicly available information such as court judgments (CCJs) and electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. You can find out more about how TransUnion collects and uses your data at

We receive information about you from a variety of sources:

  • From you if you contact us directly we could collect information from you.
  • Other RAC Group companies and providers of RAC branded services If you have RAC Breakdown cover, or other products or services from RAC, your information will be shared with RAC Financial Services for analysis, assessment and pricing activities.
  • From our partners such as underwriters, credit providers and others.
  • From your vehicle / Black Box we collect information from the Black Box device installed in your vehicle.
  • Fraud prevention agencies which may include the Motor Insurers’ Bureau, publicly available information, debt recovery and tracing agents, government departments, police and law enforcement agencies.
  • From third parties and their insurer if a claim is made against you.
  • DVLA & DVSA: We receive information about your vehicle, such as the make and model, from DVLA and information about your vehicle’s MOT, such as the latest recorded mileage of the vehicle.
  • Law enforcement agencies and other public bodies: We may receive information about you in relation to potential investigations and law enforcement activities.
  • Regulatory bodies: The Financial Ombudsman Service, Financial Conduct Authority or Information Commissioner’s Office may provide us with information about individuals who have made a complaint.
  • Our credit reference agency: TransUnion, provides us with credit information. You can find out more about how TransUnion collects and uses your data at
  • Data services providers: Data science organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services that we believe you may be interested in.

Credit searches and fraud prevention

In assessing your application/renewal application we or the insurer or the credit provider will perform credit, risk and identity checks on you with credit reference agencies and fraud prevention agencies. To perform the checks, we will share your information with those agencies and they will provide us with the results.

We use the results from the checks to assess your creditworthiness (and whether you can afford to pay for the product), assess our ability to offer the product to you, verify the accuracy of the data you’ve provided, prevent criminal activity (such as money laundering and fraud), and to trace and recover debts.

The information we share with the agencies will be used by other credit providers for making credit decisions about you and the people with whom you are financially associated for fraud prevention, money laundering prevention and for tracing debtors.

How long we keep your information for

The RAC keeps your personal information for as long as the law requires, according to the rules and regulations.

Who we share your information with

We share your data with your underwriter and we may share your data with third parties who are instructed by us, such as:

  • RAC group companies
  • IT providers: providers of IT services for administration and management of our internal systems
  • Outsourced operators: Organisations which provide outsourced organisational support
  • Agents and partners: In order to install, service, remove and deal with queries you may have about the RAC Black Box, and in order to provide you, us and the underwriter with information collected by the RAC Black Box.
  • Regulators: Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
  • Professional advisors and purchasers: Our professional advisors for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.

Automated decision-making

Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.

We use automated decision-making, including profiling, for several different purposes:

  1. to determine the risk of providing you with a product or service;
  2. to decide whether to offer a product or service; and
  3. the price of the product or service.

We use automated decision making where it’s necessary in order to provide you with the product or service.

Where your information is held

We are a UK based organisation and most of the information we use about you is held in the UK. It is possible that we may transfer your personal information outside of the UK and Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of the UK or Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.

Back to top