Part 2 - RAC Black Box Insurance (pre 30th March 2021)
Purpose and legal basis for using your information
If you purchase RAC Black Box Insurance, the insurance will be arranged and administered by our partner insurance provider, BISL Limited BISL will be the data controller for your information for the purpose of providing you with insurance. The underwriter of the insurance will also be a data controller for the purpose of underwriting the insurance.
RAC will typically be the data controller for some of the following purposes:
Our business activities
Our purpose for using your data | Our lawful basis |
Pricing activities: Using data to develop risk acceptance criteria, develop pricing models with our external partners (which may include profiling). | Legitimate interest |
Business operations and service improvements: Making improvements to RAC products and services including internal testing, reporting and analysis; business processes and operations including quality assurance, governance, management and audit practices. | Legitimate interest |
Marketing: Using your information for the purpose of marketing activities, including the use of determining the marketing communications we send to you (which may include profiling) and analysis of our marketing activities. | Legitimate interest |
Telematics based insurance: Using your vehicle telemetry data to provide you with your own driving analysis. contribution towards calculation of insurance premiums based upon your driving characteristics and vehicle usage, passing data to Insurers in the event of a claim, research and analysis. | Legitimate interest |
For the purpose for which we use your data, we need to have a lawful basis. The lawful basis is set out in the UK Data Protection regulation and the General Data Protection Regulation. The ones we’re relying on are:
- Legitimate interest: We rely on this basis when our use of your data is necessary for the purposes of our legitimate interest which does not unduly impact you rights and freedoms. This legal basis is set out in article 6(1)(f) of the UK Data Protection regulation and the General Data Protection Regulation.
RAC Insurance Limited will be the data controller for the information about you collected for these purposes which means that we are responsible for the way in which we use your data.
The information we collect
The information which we collect about you relating to your RAC Black Box Insurance will include:
Information about you
Category of information | Examples |
Key personal details | Name, date of birth, etc |
Contact details | Home address, email address, telephone number |
Your family and beneficiaries | Their name and relationship with you |
Your driving behaviours | How, where and when you drive, faults logged by your vehicle |
Credit Reference information | Information from public records, including court judgments, electoral register information, and financial information from lenders, utilities suppliers and telecoms businesses. |
Information about your vehicle and driving habits
Category of information | Examples |
Your vehicle details | Information about your vehicle including make, model, age, etc. |
Black box details | Information about the RAC Black Box which is installed in your vehicle. |
Your driving habits | Telematics information which is provided to us from your RAC Black Box such as miles driven, and driving behaviours. |
Location data | GPS locations |
Your RAC Black Box Insurance cover
Category of information | Examples |
Your purchases and policies | Details of your cover including start and end date and scope of cover. |
Marketing preferences | Your preferences for the marketing you would like to receive from us. |
Communicating with us | Telephone conversations and communication by email, post and social media if you contact us directly. |
How we get your information
- Insurance intermediaries (such as our insurance partners) who are authorised by us to sell an insurance product. They provide us with the information you submit when you engage with them, usually to obtain an insurance quote such as contact details, financial information including premium amount, payment methods and vehicle information.
- From you if you contact us directly we could collect information from you.
- From your vehicle, if you have a telematics device based insurance product, we collect information from the Black Box or device installed in your vehicle
- DVLA and other agencies who provide vehicle data obtained under licence.
- Information Commissioner’s Office, law enforcement agencies and other public bodies may provide us with information about individuals who have made a complaint or in relation to their investigations and law enforcement activities.
- Regulatory bodies such the Financial Ombudsman Service and the Financial Conduct Authority may provide us with information about individuals who have made a complaint
- Data services providers such as data service organisations, who collect demographic data and publicly available information which is used to help us improve and tailor our products and services or information used to identify products and services in which we believe you may be interested.
- Credit reporting agencies: We receive information about you from TransUnion. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
How long we keep your information
The RAC keeps your personal information for as long as the law requires, according to the rules and regulations.
Who we share your information with
We may share your data with third parties who are instructed by us, such as:
- RAC group companies
- IT providers: for administration and management of our internal systems
- Regulators and governmental bodies, such as the Financial Conduct Authority or Information Commissioner’s Office if necessary to meet our mandatory reporting requirements.
- Professional advisors and purchasers: for the purpose of providing us with professional advice. If RAC is sold, we may need to disclose your personal information to our advisers and any prospective purchasers and their advisers.
- The insurers who underwrite RAC insurance products: for the purpose of risk analysis and improving the accuracy pricing for RAC insurance products relative to the respective risks.
- Credit reporting agencies: We share basic identifier information about you with TransUnion to enable them to identify you and provide us with credit related information. You can read more about TransUnion’s activities in their privacy notice: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
Automated decision-making
Automated decisions are decisions which are made about you using only technology and which aren’t made with the direct input of an actual person.
We use automated decision-making, including profiling, for several different purposes:
- to determine the risk of providing you with a product or service;
- to decide whether to offer a product or service; and
- the price of the product or service.
We use automated decision making where it’s necessary in order to provide you with the product or service.
Where your information is held
We are a UK based organisation but we do offer services to our members across Europe, such as our European Breakdown cover. It is possible that we may transfer your personal information outside of Europe, for example, where one of service providers has operations outside of Europe and such transfer is necessary. Where your data is transferred outside of Europe, we will ensure that suitable safeguards are in place to make sure that your data is protected. The safeguard will usually be reliance on standard contractual clauses.