RAC Black Box Insurance

Purpose and legal basis for using your information 

This notice tells you about the way in which your personal data will be used when you purchase RAC Black Box Insurance.  For more details, you can see our complete privacy notice at rac.co.uk/privacy-policy. 
When you purchase RAC Black Box Insurance, there will be two data controllers who are responsible for using your personal data:
  • RAC Financial Services Limited (trading as RAC Insurance) and our address is RAC House, Brockhurst Crescent, Walsall, WS5 4AW. We are responsible for arranging and administering your policy and act as the intermediary. Our use of your data is explained in this notice. 
  • The underwriter: The underwriter of your policy will be a separate data controller. How they will use your data will be explained in their privacy notice. 
This privacy notice only covers how RAC handles your information. 

Purpose and legal basis for using your information 

When providing you with RAC Black Box Insurance, RAC will typically be the data controller for the following purposes:
Our purpose for using your data Our lawful basis
Providing our service to you
Pricing activities, checks and risk assessment: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling and automated decision making), assessing availability of payment methods, conducting checks with credit reference and fraud prevention agencies. Performance of contract 
Provision of insurance:  Using data to provide you with the insurance. This will include sharing information with our partners (e.g. the policy underwriter). This will include passing your data, including Black Box data, to the underwriter in the event of a claim to assist with identification, assessment or investigation of claims made and to provide clarifications as to the circumstances of the claim.  Performance of contract 
Administration of your policy: Administering your policy including making changes, taking payments or cancelling your cover.  Performance of contract 
Communicating with you: Communicating with you as well as other policyholders and beneficiaries.  Performance of contract 
The Black Box: Collecting, using and analysing the data generated by the Black Box including calculation of drivers’ scores and use of location data in conjunction with the terms of your policy.  Performance of contract 
Prevention and diagnosis of vehicle faults: If you have included Vehicle Based membership RAC Breakdown add on with your Black Box policy, data from your vehicles Engine Control Unit (or other On-Board Diagnostic Features within your vehicle) may be transmitted to us in in order to help prevent or diagnose your vehicle faults which may lead to safety concerns or potentially breaking down. We also may use this information anomalously to enrich our database of vehicle faults. Performance of contract 
Testing the Black Box: Test your RAC Black Box and any associated software (e.g. during installation or to perform maintenance checks). Performance of contract 
Our business activities
Statistical and analytical purposes: Making improvements to RAC products and services including internal testing, reporting and analysis. This will include using your data for analysing, assessing and profiling certain information about you such as your vehicle ownership and driving style. Legitimate interest
Routine business activities: Business processes and operations including quality assurance, governance, testing, management and audit practices. Legitimate interest  Legitimate interest
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling), personalisation of content and analysis of our marketing activities.     Legitimate interest
Training and Monitoring: To help us with our training and monitoring, we record all of our inbound and outbound telephone conversations.  We may ask for your consent to record face to face conversations if you purchase RAC breakdown cover from one of our sales agents. Legitimate Interest (for recording telephone calls)
Consent (for recording our face to face conversations)
Legitimate Interest (for recording telephone calls)
Consent (for recording our face to face conversations)
Legal and regulatory
Your rights:  Complying with your data protection requests under GDPR Legal obligations  Legal obligations
Disclosure: Disclosing your information to regulators and law enforcement agents as required to do so by law. Legal obligations
Fraud detection, debt recovery and legal claims: To prevent or detect fraud, recover debts owed to RAC and using data for the purpose of legal proceedings Legitimate interest
Compliance: Complying with our regulatory and legal obligations including those issued by the Financial Conduct Authority and Financial Ombudsman Service.  Legitimate interest

For each different purpose for which we use your data, we need to have a lawful basis. The different lawful basis are set out in the General Data Protection Regulation (GDPR).  The ones we’re relying on are: 
  • Consent: We rely on this basis to give you choice where you may not usually expect your information to be recorded. This legal basis is set out in article 6(1)(a) of the GDPR.
  • Performance of contract: We rely on this basis when our use of your data is necessary for the performance of the contract between you and RAC and to take steps at your request prior to entering into the contract. This legal basis is set out in article 6(1)(b) of the GDPR. 
  • Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the GDPR. 
  • Legal obligations: We rely on this basis when we have a legal obligation to use your data in a certain way. This legal basis is set out in article 6(1)(c) of the GDPR. 

The information we collect
The information which we collect about you relating to your RAC Black Box Insurance will include:


Category of information Examples
Information about you
Key personal details  Name, date of birth, etc
Application information  Car use, home ownership, employment, licence type. 
Contact details  Home address, email address, telephone number
Your family and beneficiaries Their name and relationship with you
Information about your policy
Your purchases and policies  Details of your cover including start and end date and scope of cover  
Marketing preferences Your preferences for the marketing you would like to receive from us
Communicating with us  Telephone conversations and communication by email, post and social media if you contact us directly 
Claims information  Details of claims made under the policy, or claims by a third party, and data from industry sources including the Motor Insurance Database
Payment details Details of your payments for products and services. 
Information about your vehicle and driving habits 
Your membership with RAC Details of the tenure of your membership with RAC and information about other products and services you have purchased from RAC
Services you have received from RAC
Details of the services which you have received from RAC including the number of occasions you required roadside assistance. 
Information from other sources
Driving offences Details of any driving offences
Your vehicle ownership We receive information about your vehicle ownership during the past 5 years. The information includes the number of vehicles you’ve owned, the category of vehicle (e.g. if they were manual or automatic transmission, petrol or diesel, etc)
Your vehicle details We receive from the DVLA information about your vehicle, including the make, model, fuel type, engine capacity, etc
Fraud detection information
We receive information about from external fraud prevention agencies to assist us in verifying your identity and to detect and prevent financial crime
MOT data We receive details of your MOT, including your vehicles recorded mileage, from the Driver and Vehicle Standards Agency (DVSA)
Claims history  Years of no claims bonus, previous insurance claims 
Credit information We receive a credit score from TransUnion, a credit reference agency.  The score is based on publicly available information such as court judgments (CCJs) and electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. You can find out more about how TransUnion collects and uses your data at www.transunion.co.uk/crain


We receive information about you from a variety of sources: 


  • From you if you contact us directly we could collect information from you. 
  • Other RAC Group companies and providers of RAC branded services If you have RAC Breakdown cover, or other products or services from RAC, your information will be shared with RAC Financial Services for analysis, assessment and pricing activities.
  • From our partners such as underwriters, credit providers and others.
  • From your vehicle / Black Box we collect information from the Black Box device installed in your vehicle.
  • Fraud prevention agencies which may include the Motor Insurers’ Bureau, publicly available information, debt recovery and tracing agents, government departments, police and law enforcement agencies.
  • From third parties and their insurer if a claim is made against you.
  • DVLA & DVSA: We receive information about your vehicle, such as the make and model, from DVLA and information about your vehicle’s MOT, such as the latest recorded mileage of the vehicle.
  • Law enforcement agencies and other public bodies: We may receive information about you in relation to potential investigations and law enforcement activities. 
  • Regulatory bodies: The Financial Ombudsman Service, Financial Conduct Authority or Information Commissioner’s Office may provide us with information about individuals who have made a complaint.
  • Our credit reference agency: TransUnion, provides us with credit information. You can find out more about how TransUnion collects and uses your data at www.transunion.co.uk/crain.
  • Data services providers: Data science organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services that we believe you may be interested in.

Credit searches and fraud prevention 

In assessing your application/renewal application we or the insurer or the credit provider will perform credit, risk and identity checks on you with credit reference agencies and fraud prevention agencies.  To perform the checks, we will share your information with those agencies and they will provide us with the results. 

We use the results from the checks to assess your creditworthiness (and whether you can afford to pay for the product), assess our ability to offer the product to you, verify the accuracy of the data you’ve provided, prevent criminal activity (such as money laundering and fraud), and to trace and recover debts.  

The information we share with the agencies will be used by other credit providers for making credit decisions about you and the people with whom you are financially associated for fraud prevention, money laundering prevention and for tracing debtors. 

How long we keep your information for 

We usually hold your data for up to 7 years. 

Who we share your information with 

We share your data with your underwriter and we may share your data with third parties who are instructed by us, such as:

  • RAC group companies  
  • IT providers: providers of IT services for administration and management of our internal systems
  • Outsourced operators: Organisations which provide outsourced organisational support 
  • Agents and partners: In order to install, service and remove the RAC Black Box and in order to provide you and the underwriter with information via the RAC Insurance portal / app.
  • Regulators: Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements. 
  • Professional advisors and purchasers: Our professional advisors for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.

Automated decision-making 

Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person. 

We use automated decision-making, including profiling, for several different purposes:

i. to determine the risk of providing you with a product or service; 

ii. to decide whether to offer a product or service; and

iii. the price of the product or service. 

We use automated decision making where it’s necessary in order to provide you with the product or service. 

Where your information is held 

We are a UK based organisation and most of the information we use about you is held in the UK. It is possible that we may transfer your personal information outside of the UK and Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary.  Where your data is transferred outside of the UK or Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses. 

What happens if you do not provide us with your personal information 

Unfortunately, if you do not provide us with the personal information which we need in order to provide you with a product or service, we may not be able to provide you with that product or service.