Purpose and legal basis for using your information
If you purchase RAC Insurance, the insurance will typically be arranged and administered by one of our partner insurance providers. For example:
|
RAC Insurance product |
Our partner which arranges and administers the insurance |
|
Car Insurance |
BISL Limited |
|
Black Box Insurance - policies quoted before the 30th March 2021 |
BISL Limited (see our page for Black Box Insurance) |
|
Black Box Insurance - policies quoted from 30th March 2021 |
RAC Financial Services Limited (see our page for Black Box Insurance) |
|
Home Insurance |
BISL Limited |
|
Motorbike Insurance |
Europa Group Ltd |
|
Van Insurance |
IGO4 Ltd |
|
Travel Insurance |
Hood Travel Ltd |
|
Temporary & Learner Insurance |
Dayinsure.com Ltd |
|
Car Hire Excess Insurance |
Halo Insurance Services Ltd |
|
Pay As You Drive Insurance |
Wrisk Transfer Ltd (see our page for Pay as you drive insurance) |
The partner which arranges and administers the insurance will be the data controller for your information for the purpose of providing you with insurance. The underwriter of the insurance will also be a data controller for the purpose of underwriting the insurance.
RAC will typically be the data controller for some of the following purposes:
|
Our purpose for using your data |
Our lawful basis |
|
Our business activities |
|
Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling) |
Legitimate interest |
|
Business operations and service improvements: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. |
Legitimate interest |
|
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities. |
Legitimate interest |
For the purpose for which we use your data, we need to have a lawful basis. The lawful basis is set out in the General Data Protection Regulation (GDPR). The ones we’re relying on are:
-
Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the GDPR.
RAC Insurance Limited will be the data controller for the information about you collected for these purposes which means that we are responsible for the way in which we use your data.
The information we collect
The information which we collect about you relating to your RAC Insurance may include (depending on the type of insurance):
|
Category of information |
Examples |
|
Information about you |
|
Key personal details |
Name, date of birth, etc |
|
Contact details |
Home address, email address, telephone number |
|
Your family and beneficiaries |
Their name and relationship with you |
|
Your vehicle details |
Information about your vehicle including make, model, age, etc |
|
Your driving behaviours |
How, where and when you drive, faults logged by your vehicle |
|
Credit Reference information
|
Information from public records, including court judgments, electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses.
|
|
Your RAC Insurance cover |
|
Your purchases and policies |
Details of your cover including start and end date and scope of cover |
|
Marketing preferences |
Your preferences for the marketing you would like to receive from us |
|
Communicating with us |
Telephone conversations and communication by email, post and social media if you contact us directly |
How we get your information
-
Insurance intermediaries (such as our insurance partners) who are authorised by us to sell an insurance product. They provide us with the information you submit when you engage with them, usually to obtain an insurance quote such as contact details, financial information including premium amount, payment methods and vehicle information.
-
From you if you contact us directly we could collect information from you.
-
From your vehicle If you have a telematics based insurance product, we collect information from the Black Box or device installed in your vehicle
-
DVLA and other agencies who provide vehicle data obtained under licence.
-
Information Commissioner’s Office, law enforcement agencies and other public bodies may provide us with information about individuals who have made a complaint or in relation to their investigations and law enforcement activities.
-
Regulatory bodies such the Financial Ombudsman Service and the Financial Conduct Authority may provide us with information about individuals who have made a complaint
-
Data services providers such as data service organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services in which we believe you may be interested.
-
Credit reporting agencies: We receive information about you from TransUnion. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
How long we keep your information
We primarily hold your data for up to 7 years however for some products this can be up to 10 years.
Who we share your information with
We may share your data with third parties who are instructed by us, such as:
-
RAC group companies
-
IT providers: for administration and management of our internal systems
-
Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
-
Professional advisors and purchasers: for the purpose of providing us with professional advice. If RAC, or any RAC products and services, are sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers. For example, if your policy is sold to a third party, we may need to share your data with the potential purchaser.
-
The insurers who underwrite RAC insurance products: for the purpose of risk analysis and improving the accuracy pricing for RAC insurance products relative to the respective risks.
-
Credit reporting agencies: We share basic identifier information about you with TransUnion to enable them to identify you and provide us with credit related information. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
Automated decision-making
Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.
We use automated decision-making, including profiling, for several different purposes:
i. to determine the risk of providing you with a product or service;
ii. to decide whether to offer a product or service; and
iii. the price of the product or service.
We use automated decision making where it’s necessary in order to provide you with the product or service.
Where your information is held
We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.
What happens if you do not provide us with your personal information
Unfortunately, if you do not provide us with the personal information which we need in order to provide you with a product or service, we may not be able to provide you with that product or service.