Part 2 - RAC Insurance
Purpose and legal basis for using your information
When you purchase RAC Insurance cover, there will be several data controllers responsible for handling your personal data which include:
- The intermediary - who arranges and administers the policy
- The insurer - who underwrites your insurance policy
- The introducer - where RAC does not act as the intermediary of your insurance policy, RAC will act as an introducer for the policy.
If you opt to pay for your insurance premium by monthly instalments, then another data controller will be responsible for handling your data
- The credit lender – who arranges the loan to pay for your insurance in full.
Your insurance policy documents will tell you which organisation underwrites your insurance and where you can view their privacy policy.
The table below confirms which organisation acts as the intermediary for each of the RAC Insurance policies. For Black Box Insurance, Home Insurance and Van Insurance, we have a separate privacy policy which you can view below. For the remaining insurance policies, this privacy policy explains how we use your data when we act as an introducer.
RAC Insurance Product | Our partner which arranges and administers the insurance |
Car Insurance | BISL Limited |
Black Box Insurance | Policies quoted before 30th March 2021: BISL Limited (see our privacy policy here) Policies quoted from 30th March 2021: RAC Financial Services Limited (see our privacy policy here) |
Home Insurance | Policies quoted before 27th July 2021: BISL Limited Policies quoted from 27th July 2021: RAC Financial Services Limited (see our privacy policy here) |
Motorbike Insurance | Europa Group Ltd |
Van Insurance | Policies purchased after 18th May 2021: RAC Financial Services Limited (see our privacy policy here) |
Travel Insurance | Hood Travel Ltd |
Temporary & Learner Insurance | Dayinsure.com Ltd |
Car Hire Excess Insurance | Halo Insurance Services Ltd |
For those RAC insurance policies which do not have a separate privacy policy, RAC will act as an introducer and be the data controller for the following purposes:
Our business activities
Our purpose for using your data | Our lawful basis |
Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling). | Legitimate interest |
Business operations and service improvements: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. | Legitimate interest |
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities. | Legitimate interest |
For the purpose for which we use your data, we need to have a lawful basis. The lawful basis is set out in the UK Data Protection regulation and the General Data Protection Regulation. The ones we’re relying on are:
- Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the UK Data Protection regulation and the General Data Protection Regulation.
RAC Insurance Limited will be the data controller for the information about you collected for these purposes which means that we are responsible for the way in which we use your data.
The information we collect
The information which we collect about you relating to your RAC Insurance may include (depending on the type of insurance):
Information about you
Category of information | Examples |
Key personal details | Name, date of birth, etc |
Contact details | Home address, email address, telephone number |
Your family and beneficiaries | Their name and relationship with you |
Your vehicle details | Information about your vehicle including make, model, age, etc |
Credit Reference information | Information from public records, including court judgments, electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. |
Your RAC Insurance cover
Category of information | Examples |
Your purchases and policies | Details of your cover including start and end date and scope of cover. |
Marketing preferences | Your preferences for the marketing you would like to receive from us. |
Communicating with us | Telephone conversations and communication by email, post and social media if you contact us directly. |
How we get your information
- Insurance intermediaries who are authorised by us to sell an insurance product. They provide us with the information you submit when you engage with them, usually to obtain an insurance quote such as contact details, financial information including premium amount, payment methods and vehicle information.
- From you if you contact us directly we could collect information from you.
- DVLA and other agencies who provide vehicle data obtained under licence.
- Information Commissioner’s Office, law enforcement agencies and other public bodies may provide us with information about individuals who have made a complaint or in relation to their investigations and law enforcement activities.
- Regulatory bodies such the Financial Ombudsman Service and the Financial Conduct Authority may provide us with information about individuals who have made a complaint
- Data services providers such as data service organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services in which we believe you may be interested.
- Credit reporting agencies: We receive information about you from TransUnion. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
How long we keep your information
The RAC keeps your personal information for as long as the law requires, according to the rules and regulations.
Who we share your information with
We may share your data with third parties who are instructed by us, such as:
- RAC group companies
- IT providers: for administration and management of our internal systems
- Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
- Professional advisors and purchasers: for the purpose of providing us with professional advice. If RAC, or any RAC products and services, are sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers. For example, if your policy is sold to a third party, we may need to share your data with the potential purchaser.
- The intermediary for the RAC Insurance product
- The insurers who underwrite RAC insurance products: for the purpose of risk analysis and improving the accuracy pricing for RAC insurance products relative to the respective risks.
- Credit reporting agencies: We share basic identifier information about you with TransUnion to enable them to identify you and provide us with credit related information. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
- RAC Insurance Partners: for the purpose of customer experience, usage analysis and management reporting.
Automated decision-making
Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.
We use automated decision-making, including profiling, for several different purposes:
- to determine the risk of providing you with a product or service;
- to decide whether to offer a product or service; and
- the price of the product or service.
We use automated decision making where it’s necessary in order to provide you with the product or service.
Where your information is held
We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.