Purpose and legal basis for using your information
When you purchase RAC Insurance cover, there will be several data controllers responsible for handling your personal data which include:
-
The intermediary - who arranges and administers the policy
-
The insurer - who underwrites your insurance policy
-
The introducer - where RAC does not act as the intermediary of your insurance policy, RAC will act as an introducer for the policy.
Your insurance policy documents will tell you which organisation underwrites your insurance and where you can view their privacy policy.
The table below confirms which organisation acts as the intermediary for each of the RAC Insurance policies. For Black Box Insurance, Home Insurance, Van Insurance and Pay By Mile, we have a separate privacy policy which you can view below. For the remaining insurance policies, this privacy policy explains how we use your data when we act as an introducer.
|
RAC Insurance product |
Our partner which arranges and administers the insurance |
|
Car Insurance |
BISL Limited |
|
Black Box Insurance |
Policies quoted before 30th March 2021: BISL Limited (see our privacy policy here).
Policies quoted from 30th March 2021: RAC Financial Services Limited (see our privacy policy here).
|
|
Home Insurance |
Policies quoted before 27th July 2021: BISL Limited
Policies quoted from 27th July 2021: RAC Financial Services Limited
|
|
Motorbike Insurance |
Europa Group Ltd |
|
Van Insurance |
Policies purchased on or before 31st December 2020: IGO4 Ltd
Policies purchased after 18th May 2021: RAC Financial Services Limited
|
|
Travel Insurance |
Hood Travel Ltd |
|
Temporary & Learner Insurance |
Dayinsure.com Ltd |
|
Car Hire Excess Insurance |
Halo Insurance Services Ltd |
|
Pay By Mile Insurance |
Wrisk Transfer Ltd (see our privacy policy here). |
For those RAC insurance policies which do not have a separate privacy policy, RAC will act as an introducer and be the data controller for the following purposes:
|
Our purpose for using your data |
Our lawful basis |
|
Our business activities |
|
Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling) |
Legitimate interest |
|
Business operations and service improvements: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. |
Legitimate interest |
|
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities. |
Legitimate interest |
For the purpose for which we use your data, we need to have a lawful basis. The lawful basis is set out in the General Data Protection Regulation (GDPR). The ones we’re relying on are:
-
Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the GDPR.
RAC Insurance Limited will be the data controller for the information about you collected for these purposes which means that we are responsible for the way in which we use your data.
The information we collect
The information which we collect about you relating to your RAC Insurance may include (depending on the type of insurance):
|
Category of information |
Examples |
|
Information about you |
|
Key personal details |
Name, date of birth, etc |
|
Contact details |
Home address, email address, telephone number |
|
Your family and beneficiaries |
Their name and relationship with you |
|
Your vehicle details |
Information about your vehicle including make, model, age, etc |
|
Credit Reference information
|
Information from public records, including court judgments, electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses.
|
|
Your RAC Insurance cover |
|
Your purchases and policies |
Details of your cover including start and end date and scope of cover |
|
Marketing preferences |
Your preferences for the marketing you would like to receive from us |
|
Communicating with us |
Telephone conversations and communication by email, post and social media if you contact us directly |
How we get your information
-
Insurance intermediaries who are authorised by us to sell an insurance product. They provide us with the information you submit when you engage with them, usually to obtain an insurance quote such as contact details, financial information including premium amount, payment methods and vehicle information.
-
From you if you contact us directly we could collect information from you.
-
DVLA and other agencies who provide vehicle data obtained under licence.
-
Information Commissioner’s Office, law enforcement agencies and other public bodies may provide us with information about individuals who have made a complaint or in relation to their investigations and law enforcement activities.
-
Regulatory bodies such the Financial Ombudsman Service and the Financial Conduct Authority may provide us with information about individuals who have made a complaint
-
Data services providers such as data service organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services in which we believe you may be interested.
-
Credit reporting agencies: We receive information about you from TransUnion. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
How long we keep your information
We primarily hold your data for up to 7 years however for some products this can be up to 10 years.
Who we share your information with
We may share your data with third parties who are instructed by us, such as:
-
RAC group companies
-
IT providers: for administration and management of our internal systems
-
Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
-
Professional advisors and purchasers: for the purpose of providing us with professional advice. If RAC, or any RAC products and services, are sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers. For example, if your policy is sold to a third party, we may need to share your data with the potential purchaser.
-
The intermediary for the RAC Insurance product
-
The insurers who underwrite RAC insurance products: for the purpose of risk analysis and improving the accuracy pricing for RAC insurance products relative to the respective risks.
-
Credit reporting agencies: We share basic identifier information about you with TransUnion to enable them to identify you and provide us with credit related information. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
Automated decision-making
Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.
We use automated decision-making, including profiling, for several different purposes:
i. to determine the risk of providing you with a product or service;
ii. to decide whether to offer a product or service; and
iii. the price of the product or service.
We use automated decision making where it’s necessary in order to provide you with the product or service.
Where your information is held
We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.
What happens if you do not provide us with your personal information
Unfortunately, if you do not provide us with the personal information which we need in order to provide you with a product or service, we may not be able to provide you with that product or service.