Privacy Policy (updated : 01/08/2017)

This privacy policy (“Policy”) describes how By Miles Ltd (“we”, “us”, “our”) collect and use your personal data in relation to our insurance products and services, including when you visit our website or use our mobile application. You acknowledge and agree that your personal data may be processed in accordance with this Policy.

In case any other drivers will be or are named on your insurance policy it is your obligation to show this Policy to them and ask them to read it thoroughly to make sure that they acknowledge and agree that their personal data may be processed in accordance with this Policy.

Please note that the provision of personal data in accordance with this Policy is a precondition for us to be able enter into a contract with you and to perform under any such contract entered into. Failure to provide the personal data requested may for instance prevent us from providing you with an insurance quote, from calculating your insurance premium and from processing any claim made under your insurance policy.

You should read this Policy alongside our Terms and Conditions which are available here.

1) CONTACT INFORMATION

We are the data controller in respect of any personal data we collect about you and any other drivers named on your insurance policy for the purposes of the Data Protection Act 1998 and all other applicable law from time to time relating to the processing of personal data including (where applicable) the General Data Protection Regulation (EU) 2016/679 of the European Parliament.

If you have any comments or enquires related to this Policy please do not hesitate to contact us at hello@bymiles.co.uk.

In case of urgency you may also contact our data protection officer directly at data@bymiles.co.uk. Our data protection officer ensures, in an independent manner, that our processing of personal data is carried out in accordance with applicable law.

2) COLLECTION OF YOUR PERSONAL DATA

We collect and process the following personal data about you for the purposes specified in section 3 below:

• Information you give us
  We collect your name, postal address, email address, phone number and demographic information (such as your date of birth, gender and occupation), credit/debit card details, bank account details, driving license data, vehicle registration number as well as other personal data you give us, including when you correspond with us (for example, when you send us e-mails or letters). In order to be able to provide a quote, manage your policy and provide the services described in your policy documents (such as dealing with claims) we may also collect certain personal data relating to health (such as medical history) or criminal convictions and offences.
• Information collected automatically from you

  Telematics data
  When you have signed up to our telematics based insurance product we will automatically collect a range of vehicle and driving related information from the telematics unit (the “Miles Tracker”) installed in your vehicle, including:

  • the location of your car (latitude and longitude) and thereby the roads driven on
  • the date and time of day driven
  • the distance driven and the time used to drive that distance
  • the speed and acceleration of the car
  • the smoothness of the driving (braking) and cornering
  • other vehicle information such as Vehicle Identification Number (VIN) and engine codes.

  On the basis of these data we will build a profile of how, where and when your car is driven and this, amongst others, allows us to manage your insurance policy and calculate your premium. However, note that we will not refuse your insurance claim simply because you were driving above the legal speed limit.

  Website and application data
  When you interact with our website or mobile application we automatically collect certain information in respect of the interaction, including:

  • the operating system and browser type
  • the browser language
  • the IP address used to connect your computer or mobile device to the Internet
  • the URL of the website you visited before browsing to our site
  • the URLs of the pages you visited on our website
  • the time you spent on each page visited
  • the access times
  • other information about your use of and actions on our website.

  Recording and monitoring
  We may record or monitor calls, emails, text messages and other correspondence for training purposes, to improve the quality of our products and services and to prevent and detect fraud.

• Information collected from third parties

  We may collect information about you from third parties and combine it with the information collected from you. Such third parties may include the Driver and Vehicle Licensing Agency (DVLA), the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), MyLicense and credit checking agencies. Some of these third parties may record our enquiries.

  The information collected may include your personal details (name, postal address, demographic information etc.), driving license data, vehicle registration number, credit scoring information, information about prior insurance claims made by or against you and certain personal data relating to health (such as medical history) or criminal convictions and offences.

3) USE OF YOUR PERSONAL DATA

We may use your personal data, including the data collected via the Miles Tracker, for the following purposes:

• to provide personalised insurance quotes (including by use of credit scoring) and for related correspondence;
• to provide the products and services requested by you, including in order for us to be able to administer your insurance policy, for underwriting purposes, to process insurance claims, to calculate your monthly premium, to invoice you and for debt recovery;
• to provide customer service, including to deal with any of your enquires and to notify you of any security alerts, technical notices, updates to our terms or other service messages;
• to facilitate product development and to operate, maintain, and improve our websites, applications, products and services;
• to communicate with you about promotions, upcoming events, and other news about products and services offered by us or our selected partners, including via email, telephone and/or text messages in accordance with any marketing consent provided by you;
• to prevent, detect and investigate fraud or illegal activity, including in respect of any false insurance claims; and
• to comply with our legal obligations and for establishing, exercising or defending legal rights.

Please note that we may rely on automated decision-making, including profiling, in order to assess whether we are able to insure you, to provide you with personalised insurance quotes and to calculate your premium. Such automated decision-making will be based on factors (such as for instance your credit score, the type of car driven and your address) that are relevant for us to determine the insurance risk.

In addition, the website and application data (see above) collected via cookies and similar technologies may be used to help us understand how our websites and applications are being used and to enable us to carry out targeted online advertising that is more likely to be relevant to you. For more information about our use of cookies and similar technologies see section 10 below.

4) SHARING OF YOUR PERSONAL DATA

We may share your personal data, including the data collected via the Miles Tracker, with the below categories of third parties:

• service providers assisting with our business activities such as our telematics provider, payment services providers, hosting providers, providers of IT support, providers of cloud based software or services used by us, accounting firms and law firms;
• insurance underwriters and other insurers, including in order to be able to administer your insurance policy and calculate your insurance premium;
• third parties who need your personal data in relation to a claim made under your insurance policy, such as individuals involved in an accident, their insurer, solicitor or representative;
• the Motor Insurance Database (MID, run by the Motor Insurers' Bureau) including to establish i) whether a named driver is insured to drive a vehicle, ii) to prevent, detect and investigate fraud or illegal activity, and iii) to obtain relevant information in case you are involved in an accident;
• the Claims and Underwriting Exchange (CUE, run by Expedia Ltd), the Motor Insurance Anti-Fraud and Theft Register (MIAFTR, run by Insurance Database Services Limited), other third parties providing similar services as well as fraud prevention agencies, in each case in order to help us verify information provided in respect of a named driver and to prevent, detect and investigate fraud or illegal activity.;
• regulators and public authorities, such as the police, HM Revenue & Customs and the ICO, but only to the extent required by our regulators, law, court order or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud; and
• other third parties with your consent or if they are involved in a merger, de-merger or a sale which involves all or part of our business or assets.

You can rest assured that any such third party to whom we transfer your personal data will be under an obligation to protect the confidentiality and security of your personal data.

5) TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)

Some of the third parties (such as service providers) to whom we may transfer your personal data may be located outside of the European Economic Area.

In case we transfer any of your personal data to countries outside of the European Economic Area which do not provide an adequate level of protection according to applicable data protection legislation we will always ensure that appropriate safeguards to protect your data are in place. In this respect we may rely on standard data protection clauses adopted by the European Commission or the ICO. If you would like more information about these contracts, please contact us using the contact information stated above in section 1.

6) LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We will process your personal data in accordance with this Policy because it is necessary:

• for the performance or entering into of a contract with you, including in order to provide you with quotes, provide our products and services, process your payment, register and process claims made under your insurance policy and to respond to enquires made by you;
• for compliance with our legal obligations, including in respect of payment processing and financial account management; or
• for the purpose of furthering our legitimate interests, including in respect of improving our products, services, websites and applications, to operate our websites and applications, to carry out behavioural advertising, and to prevent, detect and investigate fraud or illegal activity.

We also process your personal data on the basis of any consents provided by you, for instance i) in order to send you product offers, information about promotional events or other marketing in accordance with your communication preferences, and ii) in cases where personal data concerning health (such as your medical history) is being processed in order to provide you with a quote, manage your policy and provide our services, including to handle claims made in accordance with our policy.

7) PROTECTON OF YOUR PERSONAL DATA

We are committed to protecting the personal data collected, including the data collected via the Miles Tracker, and to keeping it safe and confidential. Accordingly, we limit access to the personal data to employees and certain third parties (see above) who reasonably need to process it in accordance with this Policy.

We will also ensure that appropriate technical and organisational physical, electronic, and procedural safeguards are implemented to protect the personal data collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.

8) STORAGE OF YOUR PERSONAL DATA

The personal data we collect about you will only be stored for as long i) as it may be necessary for us to fulfil our contractual obligations (during and after the term of your insurance policy) in respect of the services and products requested by you, or ii) as required by applicable law. Any data kept longer will be anonymised.

9) YOUR RIGHTS

You have the following rights in accordance with data protection legislation, however please note that some of the rights may only apply under certain circumstances:

• the right obtain a copy of the personal data we have collected about you and to transmit said copy to another data controller;
• the right to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
• the right to erase, or restrict the processing of, the personal data we have collected about you;
• the right to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
• the right to withdraw any consents you have provided in respect of our processing of your personal data; and
• the right to lodge a complaint with the ICO (www.ico.org.uk).

To exercise any of these rights please write to us using the contact information stated above in section 1. In case you want to amend your personal data you can also do so via our website or mobile application.

10) CHANGES TO THIS POLICY

From time to time we may change this Policy. Changes made to this Policy will be notified to you by email where appropriate. In case you do not accept the changes within the deadline stated in the email (which will be no less than 30 days) we may have to (and reserve the right to) terminate your insurance policy.