Part 2 - Pay By Mile Insurance

Purpose and legal basis for using your information

When you purchase Pay By Mile Insurance, there are three parties who will each be a data controller for the personal data you provide, which means that they are each responsible `for how they use your data and the purposes for which they use your data:

  • Wrisk Transfer Limited uses your data to manage and administer the insurance, including managing future communications between it and you and it will also use your data for marketing;
  • LV= uses your data in order to underwrite the insurance; and
  • RAC Financial Services Limited (trading as RAC Insurance) is the introducer of the insurance policy. RAC will use your data for business activities including for statistical and analytical purposes and for marketing activities.

This privacy notice only covers how RAC handles your information. You can view Wrisk’s privacy notice here. You can view the privacy notice for LV= here.

When providing you with Pay By Mile Insurance, RAC will typically be the data controller for the following purposes:

Our business activities

Our purpose for using your data

Our lawful basis

Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling).

Legitimate interest

Provision of insurance: Using data to provide you with the Pay By Mile Insurance.

Legitimate interest

Statistical and analytical purposes: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices.

Legitimate interest

Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities.

Legitimate interest

Regulatory obligations including fraud detection: We use your personal data to comply with our regulatory obligations including for the prevention, detection and reporting of fraud.

Legal obligations

For each different purpose for which we use your data, we need to have a lawful basis. The different lawful basis are set out in the UK Data Protection regulation and the General Data Protection Regulation. The ones we’re relying on are:

  • Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the UK Data Protection regulation and the General Data Protection Regulation.
  • Contract: We relay on this basis when our use of your data is necessary for the purpose of fulfilling our obligations under a contract which you have with us. This legal basis is set out in article 6(1)(b).
  • Legal Obligations: We’re required to comply with legal and regulatory obligations, such as the prevention, detection and reporting of fraud and other financial crime. This legal basis is set in article 6(1)(c) of the UK Data Protection regulation and the General Data Protection Regulation.

You can read more about our use of your information for marketing at https://www.rac.co.uk/legal-information/privacy-policy/part-2/marketing. You can read about our use of cookies here https://www.rac.co.uk/legal-information/privacy-policy/part-2/cookies-policy.

The information we collect

The information which we collect about you relating to your RAC Pay as You Drive Insurance will include:

Application information

Category of information

Examples

Key personal details

Name, date of birth, etc

Application information

Car use, home ownership, employment, licence type

Contact details

Home address, email address, telephone number

Your family and beneficiaries

Their name and relationship with you

Information about your policy

Category of information

Examples

Policy details

Information about your policy including the policy number, start date, driver ID, etc.

Information from the drive tag and App

Category of information

Examples

Login details

When using the App, you will be required to provide a username and password.

Drive tag details

The drive tag you install in your vehicle will have a unique ID which will be linked to your policy via the App.

Journey information

The drive tag is paired with the App on your mobile phone. The drive tag acts as an accelerometer – it recognises when your vehicle moves and is stationary. The App is used to determine the time, location and distance of your journeys.

Your RAC Insurance cover

Category of information

Examples

Your purchases and policies

Details of your cover including start and end date and scope of cover.

Marketing preferences

Your preferences for the marketing you would like to receive from us.

Communicating with us

Telephone conversations and communication by email, post and social media if you contact us directly.

Information from RAC

Category of information

Examples

Years of membership with RAC

Whether you are a member of RAC and the length of your membership.

Your RAC Breakdown Cover

The service level which to which you are entitled under your RAC Breakdown cover.

Roadside Assistance

The number of times you have used the RAC Breakdown service during the past 3 years.

Information from other sources

Category of information

Examples

Driving offences

Details of any driving offences.

Vehicle ownership history

We receive information about your vehicle ownership during the past 5 years. The information includes the number of vehicles you’ve owned, the category of vehicle (e.g. if they were manual or automatic transmission, petrol or diesel, etc).

Vehicle details

We receive from the DVLA information about your vehicle, including the make, model, fuel type, engine capacity, etc.

Fraud detection information

We receive information about from external fraud prevention agencies to assist us in verifying your identity and to detect and prevent financial crime.

MOT data

We receive details of your MOT, including your vehicles recorded mileage, from the Driver and Vehicle Standards Agency (DVSA).

Credit reference agencies

We receive a credit score from TransUnion, a credit reference agency. The score is based on publicly available information such as court judgments (CCJs) and electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. You can find out more about how TransUnion collects and uses your data at https://www.transunion.co.uk/legal/privacy-centre.

How we get your information

  • Wrisk: We receive information from Wrisk relating to your policy such as the information you submit when you make your application for insurance such as contact details, financial information including premium amount, payment methods and vehicle information.
  • From other RAC entities: We receive information about your membership and existing relation with RAC, from other companies in the RAC Group.
  • From you: We receive information directly from you when you use the App and if you contact us directly.
  • From the drive tag in your vehicle: We collect information about your journeys from the drive tag in your vehicle which we use to calculate the charges under your policy.
  • DVLA & DVSA: We receive information about your vehicle, such as the make and model, from DVLA and information about your vehicle’s MOT, such as the latest recorded mileage of the vehicle.
  • Law enforcement agencies and other public bodies: We may receive information about you in relation to potential investigations and law enforcement activities.
  • Regulatory bodies: The Financial Ombudsman Service, Financial Conduct Authority or Information Commissioner’s Office may provide us with information about individuals who have made a complaint.
  • Our credit reference agency: TransUnion, provides us with credit information. You can find out more about how TransUnion collects and uses your data at www.transunion.co.uk/crain
  • Fraud detection agency: Synetics Solutions, provides us with fraud detection information. You can find out more about how Synetics collects and uses your data at https://www.synectics-solutions.com/about-us/privacy
  • Data services providers: Data science organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services that we believe you may be interested in.

How long we keep your information for

The RAC keeps your personal information for as long as the law requires, according to the rules and regulations.

Who we share your information with

We share your data with Wrisk as a joint data controller and we may share your data with third parties who are instructed by us, such as:

  • Wrisk and LV=: In relation to the provision of your insurance.
  • RAC group companies: For administration purposes and to help us understand your relationship with RAC.For administration purposes and to help us understand your relationship with RAC.
  • IT providers: Providers of IT services for administration and management of our internal systems
  • Regulators: Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
  • Professional advisors and purchasers: Our professional advisors for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.

Automated decision-making

Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.

We use automated decision-making, including profiling, for several different purposes:

  1. to determine the risk of providing you with a product or service;
  2. to decide whether to offer a product or service; and
  3. the price of the product or service.

We use automated decision making where it’s necessary in order to provide you with the product or service.

Where your information is held

We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.