Data gives us the power to do incredible things – being able to provide fairer premiums is our favourite example. But handling it is a big responsibility, and one we take very seriously. This policy shows how we use your personal information, and what we do to keep it safe.
This Privacy notice (the “Notice”) describes how By Miles (“we”, “us”, “our” and “By Miles”) collects, stores and uses information about you in connection with By Miles insurance products and services, including your use of the By Miles websites (the “Sites”), the By Miles mobile application (the “App”) and the Miles Tracker or via an authorised connection to your vehicle so we can collect your vehicle data.
“Data Protection Law” means the Data Protection Act 2018, the UK General Data Protection Regulation (the UK GDPR), and the Privacy and Electronic Communications (sometimes shortened to EC Directive) Regulations 2003 (also known by the acronym PECR), as amended from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner.
For the purposes of Data Protection Law we, the insurer named on your insurance policy (if you are a By Miles policyholder) and any providers of add-ons to your policy (such as breakdown cover, legal cover or providers of any other optional cover add-on) are data controllers. This means that we control the processing of your personal information in accordance with Data Protection Law, and are each responsible for holding your personal information safely. See the section ‘information we may collect about you’ for further information.
By Miles is a company registered in England and Wales under company number 09498559 and our registered office is at By Miles Ltd, Churchill Westmoreland Road, Bromley, BR1 1DP. We are part of the Direct Line Group of companies. "You" refers to the individual (also known as the Data Subject) about whom we collect and process data and the purposes by which we do so.
We’re registered with the Information Commissioner's Office, with reference number ZA219758.
We’re also ISO 27001 certified by the British Assessment Bureau, with certificate number 214977. This means the way we process and safeguard your data is always at the forefront of everything we do. You can read more about this in our information security management policy.
You can contact us:
Most of the personal information we may collect about you is provided directly to us, by you, for the following reasons. This data is collected if you have:
If you give us information on behalf of a third party, including other drivers named on your policy, it’s your obligation to show this notice to them and to ask them to read it thoroughly. You should also make sure they acknowledge and agree to their personal data being processed in line with the requirements of this notice.
We may also collect and store personal data automatically. Some of this will be worked out based on information you give us so we can provide the service to you, including but not limited to:
We may get information about you from other sources, for example: the Driver and Vehicle Licensing Agency (DVLA), the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), MyLicence and credit checking agencies. Some of these third parties may record our enquiries. The information provided by third parties about you will add to the information we already hold to help us check your identity and get an idea of your credit score.
When you sign up to our telematics-based insurance, we’ll automatically collect some vehicle and driving-related information from the Miles Tracker installed in your vehicle, or by using our connection with your Connected Car (which you allow us to access when you sign up). This information may include:
Using this data, we’ll build a profile of how, where and when your car is driven, which helps us to manage your insurance policy and better understand how and when accidents occur.
We won’t use data about how you drive to change your policy or premium, however, we reserve the right to decide not to offer you a policy at renewal.
We may also use this information to help with the settling of claims. For example, to help track down your stolen car, or to prove you weren't to blame.
We may collect data about your driving after your policy ends if you keep the Miles Tracker plugged in, or if your Connected Car connection is live. If you sell your car, it is your responsibility to remove the Miles Tracker before the buyer takes ownership of your car, and to notify them if you forget.
If you have a Connected Car policy instead of a plugged-in Miles Tracker, as part of the guided onboarding process, you’ll be asked to log in to your account with your car’s manufacturer and give permission for By Miles to access and use your vehicle data.
We’ll process your personal data in one or more of the following circumstances:
We may process your information for the following reasons:
If we need to use your personal information for an unrelated reason, we’ll notify you to explain the legal reason why we’re doing so.
Please note that if we need to process your personal information without your knowledge or consent, we’ll only do so in line with the above rules and as we are required or permitted to do so by law.
Under data protection law, you have the following rights (please note that some may only apply under certain circumstances):
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the ICO if you’re unhappy with how we’ve used your data. The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Under Article 15 of the UK GDPR you have a ‘right of access’ as the data subject. To exercise your right to be given a copy of your data, please write to us at email@example.com. In most cases we’ll respond to legitimate requests within one calendar month, free of charge, but we reserve the right to (in accordance with the guidelines set out by the ICO):
Under Article 16 of the UK GDPR you have the right for your personal data to be accurate. If you want to amend your personal data, you can do do so via our Sites or App, or you can contact us to help you out.
Depending on the permission you’ve given and the marketing preferences you’ve selected, we may get in touch by mail, telephone and email.
You have the right, at any time, to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to firstname.lastname@example.org, giving us enough information to identify you and deal with your request. Alternatively, you can follow the unsubscribe instructions in emails you receive from us.
Under Article 17 of the UK GDPR, you have the right to be forgotten or withdraw your consent for it to be processed, as long as your personal data is no longer required for processing. If your personal data is retained for legal reasons then we may keep it for legal reasons. See section 8 for more detail.
We won’t sell or share your personal data with third parties for them to use for marketing purposes. Your information is securely stored and managed within our Information Security Management System (ISMS) and according to the requirements of the ISO 27001 Information Security standard.
We may share your personal information with other companies within the Direct Line Group for the purposes mentioned in Sections three (3) and four (4) above.
As part of your policy, we may disclose your information to:
We’ll only disclose your data to law enforcement agencies if required by law, a court order or our regulators, or if we need to establish, exercise or defend our legal rights, or if we suspect fraud or attempted fraud.
Your data may also be disclosed to third parties in aggregated or anonymised form (i.e. information that you can’t be personally identified with, because it’s summarised or has had any information that could be used to identify you stripped out). This may include publishing aggregated or anonymised data in industry reports, press releases and advertisements.
Data from the Miles Tracker, or a Connected Car integration that we’ve authorised you to use, may be collected by our telematics partners who will process it and then pass it on to us. These partners may also be data controllers of that data. They will process personal data in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) as part of our agreement with them.
Our telematics partners may also process the data under their legitimate interests and on an anonymised basis for general research and development purposes, including improving the Miles Tracker and analysis of driving patterns and accidents.
If our business is sold or integrated with another business, your information may be disclosed to our advisers and any prospective purchasers and their advisers, and will be passed on to the new owners of the business.
We use advertising services and social media sites to help us market our services to you, and also to find other people who share similar characteristics to the demographic profile of our users. This helps us reach other people who may be interested in, or could potentially benefit from, pay-by-mile insurance. We don’t share any information about you with social media companies that isn’t already available on these platforms.
To enable us and your insurer to make credit decisions about you and members of your household, and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search).
We may disclose information about how you use your account to such agencies, and your information may be combined with records relating to other people that you’re financially linked with who are living at the same address.
Other credit providers may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, tracing any debts owed to us and for purposes relating to investigating potential money laundering activities. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also report our suspicions to the appropriate law enforcement and regulatory agencies.
Some of the third parties we work with (such as software and service providers) that we transfer your personal data to may be located in countries outside the UK, including the US. We put steps in place to ensure the security and protection of your information, which includes the following:
In all cases, we’ll ensure that your personal data is protected in line with the UK GDPR (that’s the UK General Data Protection Regulation).
We’re committed to protecting information that we collect from you, including the data collected from the Miles Tracker or your Connected Car, and to keeping that information safe and confidential. In line with this, we limit access to your personal information to employees and certain third parties (see above) who need to process it in accordance with this Notice.
We’ll use technical and organisational physical, electronic and procedural safeguards in line with good industry practice to safeguard your information collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.
We’ll only keep your information for as long as we need to process it, including to comply with our legal and regulatory obligations. Motor insurance contracts are subject to the normal limitation period under the Limitation Act 1980, which ensures that a claim can be made up to a maximum of six (6) years after the date of an incident.
Regulatory and legal requirements and those from our insurance partners may require us to hold data for longer. When we no longer need to hold your data, it will be deleted or anonymised so we can use it for reporting.
Information you provide us with, and transcripts of the chat session via live chat, may be kept alongside your profile so we can identify you. If you’ve asked us to help resolve a query or issue, we may need to share that data in other systems to support our teams in finding the right resolution.
We may monitor and record communications with you (such as telephone conversations, live chat and emails) to provide services, quality assurance, training, fraud prevention and compliance.
We rely on automated decision-making, including profiling, to work out whether we’re able to insure you, renew your insurance policy, give personalised insurance quotes and to calculate your premium. This will be based on factors that are needed for us to work out the insurance risk, like your credit score, the vehicle you drive, your address, and the data collected from your Miles Tracker or Connected Car, as detailed in section 3.3.
This means our systems could decide (without human intervention) that you don’t meet the acceptance criteria we use to offer you an insurance policy, or to offer you a renewal.
We may change this notice from time to time. You should check it regularly to make sure you’re aware of the most recent version that applies when you use our Sites, the App, Connected Car or the Miles Tracker.