Part 2 - RAC Black Box Insurance (post 30th March 2021)
Purpose and legal basis for using your information
This notice tells you about the way in which your personal data will be used when you purchase RAC Black Box Insurance. For more details, you can see our complete privacy notice at rac.co.uk/privacy-policy.
When you purchase RAC Black Box Insurance, there will be two data controllers who are responsible for using your personal data:
- RAC Financial Services Limited (trading as RAC Insurance) and our address is RAC House, Brockhurst Crescent, Walsall, WS5 4AW. We are responsible for arranging and administering your policy and act as the intermediary. Our use of your data is explained in this notice.
- The insurer: The insurer of your policies will be a separate data controller. How each insurer uses your data will be explained in each insurers privacy notice.
If you opt to pay for your insurance premium by monthly instalments, then another data controller will be responsible for handling your data.
- The credit lender – who arranges the loan to pay for your insurance in full.
This privacy notice only covers how RAC handles your information.
When providing you with RAC Black Box Insurance, RAC will typically be the data controller for the following purposes:
Providing our service to you
Our purpose for using your data | Our lawful basis |
Pricing activities, checks and risk assessment: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling and automated decision making), assessing availability of payment methods, conducting checks with credit reference and fraud prevention agencies. | Performance of contract |
Provision of insurance: Using data to provide you with the insurance. This will include sharing information with our partners (e.g. the policy underwriter). This will include passing your data, including Black Box data, to the underwriter in the event of a claim to assist with identification, assessment or investigation of claims made and to provide clarifications as to the circumstances of the claim. | Performance of contract |
Administration of your policy: Administering your policy including making changes, taking payments or cancelling your cover. | Performance of contract |
Communicating with you: Communicating with you as well as other policyholders and beneficiaries. | Performance of contract |
Arranging a loan: to pay for your insurance policy | Legal obligation |
The Black Box: Collecting, using and analysing the data generated by the Black Box including calculation of drivers’ scores and use of location data in conjunction with the terms of your policy. | Performance of contract |
Prevention and diagnosis of vehicle faults: If you have included Vehicle Based membership RAC Breakdown add on with your Black Box policy, data from your vehicles Engine Control Unit (or other On-Board Diagnostic Features within your vehicle) may be transmitted to us in in order to help prevent or diagnose your vehicle faults which may lead to safety concerns or potentially breaking down. We also may use this information anomalously to enrich our database of vehicle faults. | Performance of contract |
Testing the Black Box: Test your RAC Black Box and any associated software (e.g. during installation or to perform maintenance checks). | Performance of contract |
Our business activities
Our purpose for using your data | Our lawful basis |
Statistical and analytical purposes: Making improvements to RAC products and services including internal testing, reporting and analysis. This will include using your data for analysing, assessing and profiling certain information about you such as your vehicle ownership and driving style. | Legitimate interest |
Routine business activities: Business processes and operations including quality assurance, governance, testing, management and audit practices. | Legitimate interest |
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling), personalisation of content and analysis of our marketing activities. | Legitimate interest |
Training and Monitoring: To help us with our training and monitoring, we record all of our inbound and outbound telephone conversations. | Legitimate Interest (for recording telephone calls) |
Legal and regulatory
Our purpose for using your data | Our lawful basis |
Your rights: Complying with your data protection requests under the UK Data Protection regulation and the General Data Protection Regulation Legal obligations. | Legal obligations |
Disclosure: Disclosing your information to regulators and law enforcement agents as required to do so by law. | Legal obligations |
Fraud detection, debt recovery and legal claims: To prevent or detect fraud, recover debts owed to RAC and using data for the purpose of legal proceedings. | Legitimate interest |
Compliance: Complying with our regulatory and legal obligations including those issued by the Financial Conduct Authority and Financial Ombudsman Service. | Legitimate interest |
For each different purpose for which we use your data, we need to have a lawful basis. The different lawful basis are set out in the UK Data Protection regulation and the General Data Protection Regulation. The ones we’re relying on are:
- Consent: We rely on this basis to give you choice where you may not usually expect your information to be recorded. This legal basis is set out in article 6(1)(a) of the UK Data Protection regulation and the General Data Protection Regulation.
- Performance of contract: We rely on this basis when our use of your data is necessary for the performance of the contract between you and RAC and to take steps at your request prior to entering into the contract. This legal basis is set out in article 6(1)(b) of the UK Data Protection regulation and the General Data Protection Regulation.
- Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the UK Data Protection regulation and the General Data Protection Regulation.
- Legal obligations: We rely on this basis when we have a legal obligation to use your data in a certain way. This legal basis is set out in article 6(1)(c) of the UK Data Protection regulation and the General Data Protection Regulation.
The information we collect
The information which we collect about you relating to your RAC Black Box Insurance will include:
Information about you
Category of information | Examples |
Key personal details | Name, date of birth, etc |
Application information | Car use, home ownership, employment, licence type |
Contact details | Home address, email address, telephone number |
Your family and beneficiaries | Home address, email address, telephone number |
Information about your policy
Category of information | Examples |
Your purchases and policies | Details of your cover including start and end date and scope of cover. |
Marketing preferences | Your preferences for the marketing you would like to receive from us. |
Communicating with us | Telephone conversations and communication by email, post and social media if you contact us directly. |
Claims information | Details of claims made under the policy, or claims by a third party, and data from industry sources including the Motor Insurance Database. |
Payment details | Details of your payments for products and services. |
Your relationship with RAC
Category of information | Examples |
Your membership with RAC | Details of the tenure of your membership with RAC and information about other products and services you have purchased from RAC. |
Services you have received from RAC | Details of the services which you have received from RAC including the number of occasions you required roadside assistance. |
Information about your vehicle and driving habits
Category of information | Examples |
RAC Black Box details | Information about the RAC Black Box which is installed in your vehicle. |
Information generated by the RAC Black Box | Information about your driving style, usage and whereabouts such as your speed throughout a journey, braking frequency and force, acceleration, types of roads you use (e.g. A-roads, motorways), time and date of travel, location of vehicle. |
Information from other sources
Category of information | Examples |
Driving offences | Details of any driving offences. |
Your vehicle ownership | We receive information about your vehicle ownership during the past 5 years. The information includes the number of vehicles you’ve owned, the category of vehicle (e.g. if they were manual or automatic transmission, petrol or diesel, etc). |
Your vehicle details | We receive from the DVLA information about your vehicle, including the make, model, fuel type, engine capacity, etc |
Fraud detection information | We receive information about from external fraud prevention agencies to assist us in verifying your identity and to detect and prevent financial crime. |
MOT data | We receive details of your MOT, including your vehicles recorded mileage, from the Driver and Vehicle Standards Agency (DVSA). |
Claims history | Years of no claims bonus, previous insurance claims. |
Credit information | We receive a credit score from TransUnion, a credit reference agency. The score is based on publicly available information such as court judgments (CCJs) and electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. You can find out more about how TransUnion collects and uses your data at www.transunion.co.uk/crain. |
We receive information about you from a variety of sources:
- From you if you contact us directly we could collect information from you.
- Other RAC Group companies and providers of RAC branded services If you have RAC Breakdown cover, or other products or services from RAC, your information will be shared with RAC Financial Services for analysis, assessment and pricing activities.
- From our partners such as underwriters, credit providers and others.
- From your vehicle / Black Box we collect information from the Black Box device installed in your vehicle.
- Fraud prevention agencies which may include the Motor Insurers’ Bureau, publicly available information, debt recovery and tracing agents, government departments, police and law enforcement agencies.
- From third parties and their insurer if a claim is made against you.
- DVLA & DVSA: We receive information about your vehicle, such as the make and model, from DVLA and information about your vehicle’s MOT, such as the latest recorded mileage of the vehicle.
- Law enforcement agencies and other public bodies: We may receive information about you in relation to potential investigations and law enforcement activities.
- Regulatory bodies: The Financial Ombudsman Service, Financial Conduct Authority or Information Commissioner’s Office may provide us with information about individuals who have made a complaint.
- Our credit reference agency: TransUnion, provides us with credit information. You can find out more about how TransUnion collects and uses your data at www.transunion.co.uk/crain.
- Data services providers: Data science organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services that we believe you may be interested in.
Credit searches and fraud prevention
In assessing your application/renewal application we or the insurer or the credit provider will perform credit, risk and identity checks on you with credit reference agencies and fraud prevention agencies. To perform the checks, we will share your information with those agencies and they will provide us with the results.
We use the results from the checks to assess your creditworthiness (and whether you can afford to pay for the product), assess our ability to offer the product to you, verify the accuracy of the data you’ve provided, prevent criminal activity (such as money laundering and fraud), and to trace and recover debts.
The information we share with the agencies will be used by other credit providers for making credit decisions about you and the people with whom you are financially associated for fraud prevention, money laundering prevention and for tracing debtors.
How long we keep your information for
The RAC keeps your personal information for as long as the law requires, according to the rules and regulations.
Who we share your information with
We share your data with your insurers, and we may share your data with third parties who are instructed by us, such as:
- RAC group companies
- Our credit lender: Premium Credit Limited (this only applies if you are paying for your insurance by monthly instalments)
- IT providers: providers of IT services for administration and management of our internal systems
- Outsourced operators: Organisations which provide outsourced organisational support
- Regulators: Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
- Professional advisors and purchasers: Our professional advisors for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.
Automated decision-making
Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.
We use automated decision-making, including profiling, for several different purposes:
- to determine the risk of providing you with a product or service;
- to decide whether to offer a product or service; and
- the price of the product or service.
We use automated decision making where it’s necessary in order to provide you with the product or service.
Where your information is held
We are a UK based organisation and most of the information we use about you is held in the UK. It is possible that we may transfer your personal information outside of the UK and Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of the UK or Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.