Privacy Notice for Fleet Insurance Policies
Last Updated: 28 September 2023
About This Notice
Information for Drivers
The Contracting Entity will also be a Data Controller under data protection legislation.
How We Receive This Information
We collect personal information from a number of different sources. These include:
- Directly from you in person, by telephone, email or via our website and app;
- From third parties involved in the contractual chain of vehicle licensing - in the case of drivers for example this may be The Contracting Entity;
- From other third parties involved in your insurance policy or claim such as another insurer, claimants, defendants, or witnesses;
- From other third parties who provide a service in relation to your insurance policy or claim such as claims service providers, loss adjusters, claims handlers, medical experts, healthcare providers, emergency assistance personnel, legal counsel, and other professional service providers;
- From publicly available sources such as internet search engines and social media sites;
- From data contributors such as software houses and intermediaries;
- From risk analysis, fraud prevention, credit reference agencies and identity verification companies;
- From insurance industry fraud prevention and detection databases and sanctions screening tools;
- From providers of demographic and vehicle data;
- From call recordings when interacting with us;
- From third parties who we buy marketing lists from;
- From third parties who provide us with details of companies who have expressed an interest in hearing about our products and services such as when we receive data through introducer agreements;
- From third party telematics providers and OEM’s;
- From local authorities;
- From brokers and insurance intermediaries;
- From other insurers;
- From third parties in connection with any acquisition or merger of a business by us.
The Personal Information We Collect
Basic Categories Data
- Biographical information such as your name, title, date of birth, age, occupation and years resident in the United Kingdom;
- Personal contact information such as home address, personal email address, telephone number, social media information;
- Professional contact information such as the name of your employer, work address, work e-mail and telephone number;
- Financial information such as bank details, payment details and information obtained as a result of credit checks;
- Online and transactional information such as details of your IP address and interactions that you have with our websites and digital platforms. Please see our Cookies Policy for more information;
- Telematics data such as GPS location, time and date, direction of travel, speed, accelerometer data, safety events as processed and detected by the telematics service provider, CAN bus data;
- Vehicle data such as registration, VIN, make and model;
- Driver licence related information such as related data such as type of licence held, licence date and licence number;
- Dashcam data such as images captured by the dashcam device(s);
- Diagnostic data such as vehicle fault codes, better health status etc;
- Your opinions and preferences in relation to your working conditions.
Special Categories Data
- Medical information such as your current or former physical or mental health and historic confirmed personal claims information;
- Information relating to criminal convictions and motoring offences such as endorsements on your licence;
- Your raw data and reports from psychometric questionnaires.
What We Use Your Data For
- In order to process any application you make for policy cover;
- Providing you with policy cover, including underwriting and claims handling;
- Administering and managing your motor insurance policy;
- Providing any additional services to you as agreed such as top up products. For example, policy checks for fleets;
- Providing you with risk management insights and driver behaviour data;
- Managing any disputes or complaints in relation to our contractual relationship with one another.
Legal or Regulatory Obligation
- To fulfil our obligations as an entity regulated by the Financial Conduct Authority (FCA) such as the information we process in order to fulfil our obligations for Know your Customer (KYC) checks and our obligations towards The Financial Ombudsman Service;
- Contacting the insured/ policyholder during the renewals process;
- To fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements.
- In furtherance of our commercial activities such as to maintain and manage our business operations, management reporting information and internal process requirements;
- To develop and improve our products and services;
- To communicate with you regarding additional product offerings, awareness campaigns, research projects and surveys you may wish to participate in and to facilitate marketing campaigns and events;
- To carry out business to business to customer awareness campaigns such as driver safety;
- To monitor your use of our platform and subsequently provide you with any help or support in relation to our products and services;
- To send out promotional materials and/or gifts;
- To offer additional services to drivers such as our incentive programme and driver coaching;
- For the purposes of reinsuring and the insurance renewal process.
- In order to facilitate Driver ID so that we accurately identify the driver for any given trip in order to provide our products and services.
- To communicate with you regarding any queries you raise via the website.
- To send you (the driver) reports about your driving and training materials.
- To send reports about your driving to your employer.
Establishment, Exercise or Defence of Legal Claims.
- We may process your personal information for the establishment, exercise, or defence of legal claims or if we proceed with a claim against you.
Substantial Public Interest
- We may use your personal information under Schedule 1 of the Data Protection Act 2018 in that doing so is necessary for insurance purposes.
If you would like further details regarding our processing activities please contact the Data Protection and Privacy Office details of which can be found below.
Automated Decision Making and Profiling for the Purposes of Underwriting
If you feel that the outcome of this processing has been unfair you have the right to contest any decision produced by a solely automated means and request for human intervention. In order to affect this right please contact the Data Protection and Privacy Office details of which can be found below.
Automated Decision Making and Profiling for the Purpose of Driver Behaviour Scores
Driver Behaviour Scores are calculated using a combination of recorded telematics data, speed limit or similar data and system thresholds that may be defined within our systems by The Contracting Entity. These thresholds typically relate to legal speed limits (speeding events), acceleration rates (harsh acceleration events), deceleration rates (harsh braking events) or other driving behaviours (such as harsh cornering).
Humn.ai uses the Driver Behaviour Score profiling as key metrics in automated decision-making processes to calculate dynamic insurance premium prices on behalf of The Contracting Entity.
Calculated Driver Behaviour Scores are passed directly from Humn.ai to The Contracting Entity for their subsequent processing and use.
Humn.ai do not control the use of Driver Behaviour Score data by The Contracting Entity and you should contact The Contracting Entity directly for further information on their use of this data.
You have the right to contest any decision produced by a solely automated means and request for human intervention. In order to affect this right please contact the Data Protection and Privacy Office details of which can be found below.
- In the case of drivers, The Contracting Entity that you have a primary relationship with;
- For those drivers that wish to work with Uber we will share your data with Uber via our established Instadoc verification mechanism in order to confirm your status as an insured driver;
- Our insurance partners and reinsurers. If you require further details regarding these companies then please contact us directly on the details provided below;
- Other insurers who provide us with our own insurance;
- Other third parties who assist in the administration of insurance policies such as loss adjusters, first notification of loss providers, claims handlers, accountants, auditors, lawyers and other experts;
- Where you have opted to pay your insurance by instalments with our Finance Partners;
- Fraud detection agencies and other third parties who operate and maintain fraud detection registers including but not limited to the Claims and Underwriting Exchange, Insurance Fraud Register, Motor Insurance Anti-Fraud and Theft Register and other centralised insurance industry applications/databases investigative firms we ask to look into claims on our behalf in relation to suspected fraud;
- Motor Insurance Database managed by the Motor Insurance Bureau;
- Regulators who govern how we operate, including the FCA, PRA, FOS, HMRC, ICO and the Advertising Standards Authority;
- The police, courts and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
- Government agencies and regulatory bodies including the DVLA, DVA, DVSA, DWP and the Motor Insurance Bureau;
- Any personal representatives appointed by you to act on your behalf;
- Industry bodies;
- Debt collection, credit reference and fraud prevention agencies or any organisations we instruct to commence legal proceedings against you;
- Legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;
- Our third-party services providers such as IT suppliers, actuaries, auditors, marketing agencies, providers of market research services, including customer feedback surveys, referral administrators, document management providers and tax advisers;
- Third parties in connection with any sale, transfer, or disposal of our business;
- We may also disclose your personal information to other third parties where the disclosure is required by law or by a regulator with authority over us on the grounds of substantial public interest.
- Other entities within the Humn Group.
Motor Insurance Database
- electronic licensing
- continuous insurance enforcement
- law enforcement (prevention, detection, apprehension and/or prosecution of offenders)
- the provisions of government services and/or other services aimed at reducing uninsured driving
It is important that the MID holds the correct vehicle registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized by the police and/or a fixed penalty notice. You can check your current registration number with the MID at www.askmid.com.
MIB are an Independent Data Controller and you should contact them for further information about the use of your information.
If you would like further details in relation to how we share your information and with whom please contact the Data Protection and Privacy Office details of which can be found below.
Transferring Data Internationally
There may be circumstances where we transfer information to our service providers in countries outside the UK and the EEA. If we do so, then your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (e.g. Data Transfer Assessments and Standard Contract Clauses adopted by the European Commission and/or the UK IDTA and UK Addendum as adopted by the UK Government);
- a European Commission or UK Government decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
- our own products and services;
- industry related insights and news;
- advice for fleet and risk management;
- third party marketing information that you have expressed an interest in receiving.
- Identity and Access Management, based on strong Authentication (SSO and a Zero Trust Model) and Role-Based-Access-Control to enforce granular access to data;
- Data Loss Prevention, through Backup & Recovery standards as well as Business Continuity & Disaster Recovery procedures;
- Encryption and Anonymisation, leveraging AES-256 based data encryption at rest and TLS v1.3 for data in-transit, whilst utilising SHA256 for PII hashing.
How Long We Keep Your Data For
Your Rights Under The Law
- The right to be informed – We are required to provide individuals with clear and precise transparency information regarding who we are and what we do with your data. This Privacy Notice along with other transparency information gives effect to this right;
- The right of access – Individuals have the right to access and receive copies of their personal data alongside other supplementary information as required. If you wish to affect this right please contact the Group Data Protection Officer on the details provided below;
- The right to rectification – Individuals have the right to ensure that the information that we hold about them is accurate. If you believe that the personal information that we hold about you is inaccurate or incomplete, then please contact us to request that we amend or update our records;
- The right to erasure – You have the right to request that all data pertaining to you be erased from our systems. Please note that there are certain circumstances where this request may not be possible. If we are unable to comply, we will issue you with meaningful information regarding why this is the case;
- The right to restriction of processing – There may be circumstances where we will restrict the processing of your data. For example, if we are investigating a claim that your personal information is no longer accurate or you object to the processing taking place;
- The right to data portability - You have the right to request that your information be compiled into a common, machine-readable format and either provided directly to you or sent by us to a third-party you nominate. If this is not possible, we will issue you with information setting out why this cannot be done;
- The right to object – You have the right to object to us processing your data or a category of data that we hold about you. If we are unable to comply with your request, we will issue you with meaningful information regarding why this is the case;
- Rights in relation to automated decision making and profiling – As set out above you have the right to request human intervention into any process involving automated decision - making or profiling where that processing results in legal or similarly significant effects. Please note that this right would not apply to underwriting decisions as this automated decision-making is required for entering into the insurance contract however, we would be happy to review your case and provide you with further information regarding the process and your case.
C/O Onside Accounting
4-6 Spicer Street
Changes To This Notice