Data gives us the power to do incredible things – being able to provide fairer premiums is our favourite example. But handling it is a big responsibility, and one we take very seriously. This policy tells you how we use your personal information, and what we do to keep it safe.
“Data Protection Law” means the Data Protection Act 2018, the GDPR, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner.
For the purposes of Data Protection Law, we, the underwriter named on your insurance policy (if you are a By Miles policyholder) and any providers of add-ons to your policy (such as breakdown cover or legal cover) are data controllers, which means we control the processing of your personal information in accordance with Data Protection Law, and are each responsible for holding your personal information safely.
We may collect personal information about you including, but not limited to:
Device information: We may also collect information about your device each time you use the App or Sites, including:
Website and app usage: We may record information about how you use our website or smartphone app, including mouse clicks, mouse movements, screen taps, scrolling activity, and keystrokes. So that we can improve the way our products and services work, we may send this data to a third party in an anonymised and encrypted form.
Miles Tracker information: When you have signed up to our telematics based insurance product, we’ll automatically collect a range of vehicle and driving related information from the Miles Tracker installed in your vehicle, including:
On the basis of these pieces of data we’ll build a profile of how, where and when your car is driven, which will allow us to manage your insurance policy and better understand how and when accidents occur.
Occasionally we may receive information about you from other sources, for example, the Driver and Vehicle Licensing Agency (DVLA), the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), MyLicence and credit checking agencies. Some of these third parties may record our enquiries. The information provided by third parties about you will add to the information we already hold in order to help us check your identity and assess your credit score.
If you give us information on behalf of a third party, including other drivers named on your policy, it is your obligation to show this Policy to them, to ask them to read it thoroughly and to make sure they acknowledge and agree to their personal data being processed in line with the requirements of this Policy.
We’ll process your personal data or that of a named driver on your policy as outlined in this Policy only in one or more of the following circumstances:
We may process your information for the following purposes:
We rely on automated decision-making, including profiling, to assess whether we’re able to insure you, to provide you with personalised insurance quotes, and to calculate your premium. Such automated decision-making will be based on factors that are relevant for us to determine the insurance risk, such as your credit score, the type of car driven and your address.
This means that our systems could decide – without human intervention – that you don’t meet the requirements to get an insurance policy with us.
We may disclose your information to:
If you’ve left us some particularly nice comments on a public forum, such as a review website or on social media, then we may quote your first name and comments in our marketing materials. We’ll endeavour to get your permission, but this may not always be possible.
We’ll only disclose your data to law enforcement agencies if it is required by law, a court order or our regulators, or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud.
Your data may also be disclosed to third parties in aggregated or anonymised form (i.e. information from which you cannot be personally identified).
Data from the Miles Tracker will be collected by our telematics partners who will process it and then pass it on to us. These partners may also be data controllers of that data. They will process personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) as part of our agreement with them. Our telematics partners may also process the data under their legitimate interests and on a pseudonymised basis for general research and development purposes including improving the Miles Tracker and analysis of driving patterns and accidents.
If our business is sold or integrated with another business your information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
We’re committed to protecting information that we collect from you, including the data collected via the Miles Tracker, and to keeping that information safe and confidential. In line with this, we limit access to your personal information to employees and certain third parties (see above) who need to process it in accordance with this Policy.
We’ll use technical and organisational physical, electronic and procedural safeguards in accordance with good industry practice to safeguard your information collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.
We’ll keep your information only for as long as we need to hold it, including to comply with our legal and regulatory obligations.
We will keep your personal data for no longer than is necessary.
Motor insurance contracts are subject to the normal limitation period under the Limitation Act 1980. That is, a claim can be made up to a maximum of six years after the date on which an incident occurs.
In addition, regulatory and legal requirements as well as requirements from our insurance partners may require us to hold data for a longer period. When we no-longer need to hold your data, it will be anonymised and/or deleted.
We may monitor and record communications with you (such as telephone conversations and emails) for the purposes of provision of services, quality assurance, training, fraud prevention and compliance purposes.
Some of the third parties (such as service providers) to whom we may transfer your personal data may be located in countries outside the European Economic Area ('EEA'). They may not have similar protections in place regarding your data, or restrictions on its use as set out in this Policy. However, we’ll take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information you consent to these transfers for the purposes specified in this Policy.
To enable us and your insurer to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit providers may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also report our suspicions to the appropriate law enforcement and regulatory agencies.
If you’ve given permission, we may contact you by mail, telephone and email. We may also share your personal data with carefully selected third party organisations, so that they can contact you in the same way. This is to provide information about products, services, promotions, special offers and other information we think may be of interest to you. We’ll inform you (before collecting your data) if we intend to use your data for such purposes. If you would rather not receive such third party marketing information from us, or you no longer wish to receive it, you can opt out at any time (see below).
You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to firstname.lastname@example.org or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us or them.
You have the following rights in accordance with data protection legislation. Please note that some of the rights may only apply under certain circumstances:
To exercise any of these rights please write to us using the contact information stated above in ‘Information we may collect about you’. In case you want to amend your personal data you can also do so via our Sites or App.
We may change this Policy from time to time. You should check this Policy regularly to make sure you're aware of the most recent version that will apply each time you use our Sites, the App or the Miles Tracker.
Our Sites or App may contain links to other websites. This Policy only applies to our Sites, the App and the Miles Tracker. If you access links to other websites any Information you provide to them will be subject to the privacy policies of those other websites.
Anything unclear? If you have any questions about this policy, please contact us at email@example.com.
You can also contact us at By Miles Customer Relations, 2-14 Shortlands, Hammersmith, London, W6 8DJ.
If it’s urgent, you can also contact our data protection officer directly at firstname.lastname@example.org. Our data protection officer ensures that our processing personal data is carried out in accordance with applicable law.