§1 Why read this?

Data gives us the power to do incredible things – being able to provide fairer premiums is our favourite example. But handling it is a big responsibility, and one we take very seriously. This policy tells you how we use your personal information, and what we do to keep it safe.

§2 What words mean

This Privacy and Cookie Policy (the “Policy”) describes how By Miles (“we”, “us”, “our” and “By Miles”) collects, stores and uses information about you in connection with By Miles insurance products and services, including your use of the By Miles websites (the “Sites“), the By Miles mobile application (the “App”), the Miles Tracker and your Vehicle Data. This Policy also explains how we use cookies.

“Data Protection Law” means the Data Protection Act 2018, the GDPR, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner.

For the purposes of Data Protection Law, we, the underwriter named on your insurance policy (if you are a By Miles policyholder) and any providers of add-ons to your policy (such as breakdown cover or legal cover) are data controllers, which means we control the processing of your personal information in accordance with Data Protection Law, and are each responsible for holding your personal information safely.

§3 Information we may collect about you

We may collect personal information about you including, but not limited to:

• Your name, date of birth, gender, occupation, and relationship status;
• Family details, including their relationship to you;
• Contact information including postal address, email address, phone number;
• Credit/debit card details, bank account details, driving licence details, vehicle registration number;
• Credit history, credit score, fraud history, sanctions and criminal convictions;
• Motoring offences and criminal convictions;
• Information about your vehicle and the location of your vehicle;
• Technical information including IP address, operating system, location, browser type and related information regarding the device you use to visit our websites, or on which you install our app;
• Information obtained through monitoring your car via the Miles Tracker;
• Information we collect when you send us emails or letters;
• To give you a quote we may collect personal data relating to your health and medical history, plus previous driving convictions, accidents and claims.

§4 Information that we collect automatically

Cookies: We’ll monitor your use of the App by using cookies and similar tracking devices. For example, we may monitor how many times you use the App, which pages you go to and traffic data. This information helps us to build a profile of our users. Some of this data will be aggregated and statistical, which means that we won’t be able to identify you individually. For further information on our use of cookies, please see the section on cookies below.

Device information: We may also collect information about your device each time you use the App or Sites, including:

• the operating system and browser type;
• the browser language;
• the IP address used to connect your computer or mobile device to the Internet;
• the URL of the website you visited before browsing to our Sites;
• the URLs of the pages you visited on our Sites;
• the time you spent on each page you visited;
• the access times;
• other information about your use of and actions on our Sites.
• the location of your device

Website and app usage: We may record information about how you use our website or smartphone app, including mouse clicks, mouse movements, screen taps, scrolling activity, and keystrokes. So that we can improve the way our products and services work, we may send this data to a third party in an anonymised and encrypted form.

Miles Tracker information: When you have signed up to our telematics based insurance product, we’ll automatically collect a range of vehicle and driving related information from the Miles Tracker installed in your vehicle, including:

• the location of your car and roads you've driven on;
• the date and time of day driven;
• the distance driven, and the time used to drive that distance;
• the speed and acceleration of the car;
• the smoothness of braking, accelerating and cornering;
• other vehicle information such as the Vehicle Identification Number (VIN) and engine fault codes.

On the basis of these pieces of data we’ll build a profile of how, where and when your car is driven, which will allow us to manage your insurance policy and better understand how and when accidents occur.

Connected Car information: If you have a compatible Connected Car, we’ll automatically collect different pieces of information depending on the manufacturer of your car. These are detailed below.

The credentials you provide will be processed by something called an ‘Application Programming Interface’ (API) provided by your car’s manufacturer. Your login credentials are never stored or logged in our systems, so no one will be able to see or access them. The API will generate an access token, which we’ll use to take the information from your car.

You can revoke our access at any time within your By Miles account, in your manufacturer account, or by changing the password on your car’s account (the one provided by your car’s manufacturer), but doing so could lead to extra charges and the cancellation of your policy.

We’ll take mileometer readings at least once a day or whenever you request us to take an additional reading through your app or web dashboard. Where your car manufacturer allows, we’ll also take GPS data at the same time.

§5 Information from third parties

Occasionally we may receive information about you from other sources, for example, the Driver and Vehicle Licensing Agency (DVLA), the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), MyLicence and credit checking agencies. Some of these third parties may record our enquiries. The information provided by third parties about you will add to the information we already hold in order to help us check your identity and assess your credit score.

§6 Information about other individuals

If you give us information on behalf of a third party, including other drivers named on your policy, it is your obligation to show this Policy to them, to ask them to read it thoroughly and to make sure they acknowledge and agree to their personal data being processed in line with the requirements of this Policy.

§7 What’s the legal basis for us processing your information?

We’ll process your personal data or that of a named driver on your policy as outlined in this Policy only in one or more of the following circumstances:

• you've given us consent, for instance i) you've ticked a box in your insurance application consenting to our sending you product offers, information about promotional events, ii) you give us information including on your health and any convictions so that we can provide a quote, iii) you phone or email us to give us information, so that we can manage your policy (including to handle claims), or;
• where it’s necessary for us to enter into a contract with you, including to provide you with quotes, provide our products and services, process your payment, register and process claims made under your insurance policy, and to respond to enquiries made by you, or;
• for claims processing, such as managing insurance and reinsurance claims, defending or prosecuting legal claims, and for investigating or prosecuting fraud, or;
• for renewals, such as re-evaluating the risks to be covered and matching these to an appropriate premium, or;
• for compliance with our legal obligations, including in respect of payment processing and financial account management, or;
• for the purpose of furthering our legitimate interests, including the improvement of our products, services, websites and applications, to operate our Sites and Apps, to carry out behavioural advertising, and to prevent, detect and investigate fraud or illegal activity.

§8 How we use your information

We may process your information for the following purposes:

• to help us identify you and any insurance you hold with us;
• to provide personalised insurance quotes;
• to remind you about insurance quotes you have not taken up;
• to administer your By Miles insurance policy, including for underwriting purposes, to process insurance claims, to calculate your monthly premiums, to invoice you and for debt recovery;
• to send you the Miles Tracker;
• customer profiling and analysing your use of the By Miles insurance policy;
• to communicate with you about promotions, upcoming events, and other news about products and services offered by us or our selected partners, including via email, telephone and/or text messages in accordance with any marketing consent provided by you (see “Marketing and opting out”);
• fraud prevention and detection;
• credit scoring and credit checking (see “Credit Checking”);
• customising the App and the Sites, and their contents to your particular preferences
• to notify you of any changes to the App, any security notices, updates to our terms or other changes to our services that may affect you;
• to contact you in relation to any enquiry you send to us;
• to disclose your information to selected third parties as detailed by this policy (see below);
• to customise our Sites and their content to your particular preferences;
• for security vetting; and
• to help with product development and to operate, maintain and improve our services, Sites, App and products.

§9 Profiling and automated decision making

We rely on automated decision-making, including profiling, to assess whether we’re able to insure you, to provide you with personalised insurance quotes, and to calculate your premium. Such automated decision-making will be based on factors that are relevant for us to determine the insurance risk, such as your credit score, the type of car driven and your address.

This means that our systems could decide – without human intervention – that you don’t meet the requirements to get an insurance policy with us.

§10 Sharing your information

We may disclose your information to:

• insurance underwriters and other insurers and reinsurers, including in order to be able to administer your insurance policy and calculate your insurance premium;
• any providers of third party products that you purchase through us, for example your breakdown cover;
• comparison websites (where you’ve used their services to get a By Miles quote), in order to verify policies purchased through them;
• third parties, where you’ve used a referral link, promotion link or promotional code to get a By Miles quote, in order to verify the policies purchased through them;
• service providers assisting with our business activities, such as: our telematics providers, payment services providers, telematics distribution providers, IT hosting providers, providers of IT support, providers of cloud based software or services used by us, providers of printed documentation, accounting, compliance and law firms;
• third parties who need your personal data in relation to a claim made under your insurance policy, such as claims handling services, recovery agents, car hire companies, mechanics or garages, legal representatives, individuals involved in an accident, and other insurers;
• the Motor Insurance Database (MID, run by the Motor Insurers' Bureau), or services that pass data to the MID, including to establish i) whether a named driver is insured to drive a vehicle, ii) to prevent, detect and investigate fraud or illegal activity, and iii) to obtain relevant information in case you are involved in an accident;
• the Claims and Underwriting Exchange (CUE, run with the Motor Insurer’s Bureau as data controller), the Motor Insurance Anti-Fraud and Theft Register (MIAFTR, run with the Motor Insurer’s Bureau as data controller), other third parties providing similar services as well as fraud prevention agencies, in each case in order to help us verify information provided in respect of a named driver and to prevent, detect and investigate fraud or illegal activity;
• third parties in order to validate and update your No Claims Discount (NCD) entitlement in industry databases that may be made available to other insurers;
• to the FCA and/or HMRC in connection with any investigation to help prevent unlawful activity;
• credit reference agents (see Credit Checking below);
• review websites so that they can verify you’re a By Miles member, and ask you to leave a review;
• third parties if you have specifically consented to us doing so.

If you’ve left us some particularly nice comments on a public forum, such as a review website or on social media, then we may quote your first name and comments in our marketing materials. We’ll endeavour to get your permission, but this may not always be possible.

We’ll only disclose your data to law enforcement agencies if it is required by law, a court order or our regulators, or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud.

If your insurer is Zurich Insurance plc, you can find their Fair Processing Notice on their website. Paper copies are available on request from: Data Protection Officer, Zurich Insurance Group, Tri-centre, 1 Newbridge Square, Swindon SN1 1HN.

Your data may also be disclosed to third parties in aggregated or anonymised form (i.e. information from which you cannot be personally identified).

Data from the Miles Tracker will be collected by our telematics partners who will process it and then pass it on to us. These partners may also be data controllers of that data. They will process personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) as part of our agreement with them. Our telematics partners may also process the data under their legitimate interests and on a pseudonymised basis for general research and development purposes including improving the Miles Tracker and analysis of driving patterns and accidents.

If our business is sold or integrated with another business your information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.

§11 Keeping your information secure

We’re committed to protecting information that we collect from you, including the data collected via the Miles Tracker, and to keeping that information safe and confidential. In line with this, we limit access to your personal information to employees and certain third parties (see above) who need to process it in accordance with this Policy.

We’ll use technical and organisational physical, electronic and procedural safeguards in accordance with good industry practice to safeguard your information collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.

We’ll keep your information only for as long as we need to hold it, including to comply with our legal and regulatory obligations.

§12 Retention of your data

We will keep your personal data for no longer than is necessary.

Motor insurance contracts are subject to the normal limitation period under the Limitation Act 1980. That is, a claim can be made up to a maximum of six years after the date on which an incident occurs.

In addition, regulatory and legal requirements as well as requirements from our insurance partners may require us to hold data for a longer period. When we no-longer need to hold your data, it will be anonymised and/or deleted.

§13 Recording and Monitoring

We may monitor and record communications with you (such as telephone conversations and emails) for the purposes of provision of services, quality assurance, training, fraud prevention and compliance purposes.

§14 Overseas transfers

Some of the third parties (such as service providers) to whom we may transfer your personal data may be located in countries outside the European Economic Area ('EEA'). They may not have similar protections in place regarding your data, or restrictions on its use as set out in this Policy. However, we’ll take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information you consent to these transfers for the purposes specified in this Policy.

§15 Credit checking

To enable us and your insurer to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit providers may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also report our suspicions to the appropriate law enforcement and regulatory agencies.

§16 Cookies

Our Sites and our App uses cookies and pixel tags. For more information about these, please refer to our Cookie Policy.

§17 Marketing and opting out

If you’ve given permission, we may contact you by mail, telephone and email. We may also share your personal data with carefully selected third party organisations, so that they can contact you in the same way. This is to provide information about products, services, promotions, special offers and other information we think may be of interest to you. We’ll inform you (before collecting your data) if we intend to use your data for such purposes. If you would rather not receive such third party marketing information from us, or you no longer wish to receive it, you can opt out at any time (see below).

You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to hello@bymiles.co.uk or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us or them.

The App and the Sites may contain links to the websites or apps of our partners or third parties. Please note that if you follow any of these links, the websites, apps and services provided through them will have their own privacy policies and terms of use. We do not accept any responsibility or liability for their respective privacy policies and terms of use, or the collection and use of any personal data collected through these websites, apps or services. You’ll need to make sure that you review the relevant privacy policies and terms of use before providing any personal data or using these websites, apps and services.

§18 Your rights

You have the following rights in accordance with data protection legislation. Please note that some of the rights may only apply under certain circumstances:

• the right to obtain a copy of the personal data we have collected about you, and to transmit said copy to another data controller;
• the right to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
• the right to erase, or restrict the processing of, the personal data we have collected about you;
• the right to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
• the right to withdraw any consents you have provided in respect of our processing of your personal data, and;
• the right to lodge a complaint with the ICO (www.ico.org.uk).

To exercise any of these rights please write to us using the contact information stated above in ‘Information we may collect about you’. In case you want to amend your personal data you can also do so via our Sites or App.

§19 Changes to this Policy

We may change this Policy from time to time. You should check this Policy regularly to make sure you're aware of the most recent version that will apply each time you use our Sites, the App or the Miles Tracker.

§20 Links to other websites

Our Sites or App may contain links to other websites. This Policy only applies to our Sites, the App and the Miles Tracker. If you access links to other websites any Information you provide to them will be subject to the privacy policies of those other websites.

§21 Contact details

Anything unclear? If you have any questions about this policy, please contact us at hello@bymiles.co.uk.

You can also contact us at By Miles Customer Relations, 2-14 Shortlands, Hammersmith, London, W6 8DJ.

If it’s urgent, you can also contact our data protection officer directly at data@bymiles.co.uk. Our data protection officer ensures that our processing personal data is carried out in accordance with applicable law.