Part 2 - RAC Pay By Mile Insurance

Purpose and legal basis for using your information 

When you purchase Pay By Mile Insurance, there are three parties who will each be a data controller for the personal data you provide, which means that they are each responsible `for how they use your data and the purposes for which they use your data:

  • Wrisk Transfer Limited uses your data to manage and administer the insurance, including managing future communications between it and you and it will also use your data for marketing;
  • LV= uses your data in order to underwrite the insurance; and 
  • RAC Financial Services Limited (trading as RAC Insurance) is the introducer of the insurance policy. RAC will use your data for business activities including for statistical and analytical purposes and for marketing activities.
This privacy notice only covers how RAC handles your information.  You can view Wrisk’s privacy notice here. You can view the privacy notice for LV= here.
When providing you with Pay By Mile Insurance, RAC will typically be the data controller for the following purposes:

Our purpose for using your data

Our lawful basis

Our business activities 

Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling)

Legitimate interest

Provision of insurance:  Using data to provide you with the Pay By Mile Insurance

Legitimate interest

Statistical and analytical purposes: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. 

Legitimate interest

Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities.  

Legitimate interest

Regulatory obligations including fraud detection: We use your personal data to comply with our regulatory obligations including for the prevention, detection and reporting of fraud.  Legal obligations


For each different purpose for which we use your data, we need to have a lawful basis. The different lawful basis are set out in the General Data Protection Regulation (GDPR).  The ones we’re relying on are: 

  • Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms.  This legal basis is set out in article 6(1)(f) of the GDPR. 
  • Contract: We relay on this basis when our use of your data is necessary for the purpose of fulfilling our obligations under a contract which you have with us.  This legal basis is set out in article 6(1)(b).
  • Legal Obligations: We’re required to comply with legal and regulatory obligations, such as the prevention, detection and reporting of fraud and other financial crime. This legal basis is set in article 6(1)(c) of the GDPR. 

You can read more about our use of your information for marketing at  You can read about our use of cookies here

The information we collect

The information which we collect about you relating to your RAC Pay as You Drive Insurance will include:

Category of information


Application information

Key personal details 

Name, date of birth, etc

Application information Car use, home ownership, employment, licence type. 

Contact details 

Home address, email address, telephone number

Your family and beneficiaries 

Their name and relationship with you

Information about your policy

Policy details

Information about your policy including the policy number, start date, driver ID, etc

Information from the drive tag and App

Login details 

When using the App, you will be required to provide a username and password

Drive tag details

The drive tag you install in your vehicle will have a unique ID which will be linked to your policy via the App

Journey information

The drive tag is paired with the App on your mobile phone. The drive tag acts as an accelerometer – it recognises when your vehicle moves and is stationary. The App is used to determine the time, location and distance of your journeys

Your RAC Insurance cover 

Your purchases and policies 

Details of your cover including start and end date and scope of cover 

Marketing preferences 

Your preferences for the marketing you would like to receive from us

Communicating with us 

Telephone conversations and communication by email, post and social media if you contact us directly 

Information from RAC
Years of membership with RAC Whether you are a member of RAC and the length of your membership
Your RAC breakdown cover The service level which to which you are entitled under your RAC Breakdown cover
Roadside assistance The number of times you have used the RAC Breakdown service during the past 3 year
Information from other sources
Driving offences Details of any driving offences
Vehicle ownership history We receive information about your vehicle ownership during the past 5 years. The information includes the number of vehicles you’ve owned, the category of vehicle (e.g. if they were manual or automatic transmission, petrol or diesel, etc)
Vehicle details  We receive from the DVLA information about your vehicle, including the make, model, fuel type, engine capacity, etc
Fraud detection information We receive information about from external fraud prevention agencies to assist us in verifying your identity and to detect and prevent financial crime
MOT data  We receive details of your MOT, including your vehicles recorded mileage, from the Driver and Vehicle Standards Agency (DVSA)
Credit reference agencies We receive a credit score from TransUnion, a credit reference agency.  The score is based on publicly available information such as court judgments (CCJs) and electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. You can find out more about how TransUnion collects and uses your data at

How we get your information 

  • Wrisk: We receive information from Wrisk relating to your policy such as the information you submit when you make your application for insurance such as contact details, financial information including premium amount, payment methods and vehicle information.
  • From other RAC entities: We receive information about your membership and existing relation with RAC, from other companies in the RAC Group.
  • From you: We receive information directly from you when you use the App and if you contact us directly. 
  • From the drive tag in your vehicle: We collect information about your journeys from the drive tag in your vehicle which we use to calculate the charges under your policy.
  • DVLA & DVSA: We receive information about your vehicle, such as the make and model, from DVLA and information about your vehicle’s MOT, such as the latest recorded mileage of the vehicle.
  • Law enforcement agencies and other public bodies: We may receive information about you in relation to potential investigations and law enforcement activities. 
  • Regulatory bodies: The Financial Ombudsman Service, Financial Conduct Authority or Information Commissioner’s Office may provide us with information about individuals who have made a complaint.
  • Our credit reference agency: TransUnion, provides us with credit information. You can find out more about how TransUnion collects and uses your data at
  • Fraud detection agency: Synetics Solutions, provides us with fraud detection information. You can find out more about how Synetics collects and uses your data at  
  • Data services providers: Data science organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services that we believe you may be interested in.

How long we keep your information for 

We keep your information for as long as is reasonably necessary for the purposes explained in this privacy notice. For example, we typically hold information about your policy for up to 7 years to meet our legal, regulatory, tax or accounting requirements.   

Who we share your information with 

We share your data with Wrisk as a joint data controller and we may share your data with third parties who are instructed by us, such as:

  • Wrisk and LV=: In relation to the provision of your insurance.
  • RAC group companies: For administration purposes and to help us understand your relationship with RAC.For administration purposes and to help us understand your relationship with RAC.
  • IT providers: Providers of IT services for administration and management of our internal systems
  • Regulators: Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements. 
  • Professional advisors and purchasers: Our professional advisors for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.

Automated decision-making 

Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person. 

We use automated decision-making, including profiling, for several different purposes:

i. to determine the risk of providing you with a product or service; 
ii. to decide whether to offer a product or service; and
iii. the price of the product or service. 

We use automated decision making where it’s necessary in order to provide you with the product or service. 

Where your information is held 

We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary.  Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses. 

What happens if you do not provide us with your personal information 

Unfortunately, if you do not provide us with the personal information which we need in order to provide you with a product or service, we may not be able to provide you with that product or service.