Humn.ai/ Ford Privacy Notice
Last Updated: 25th October 2022
About This Notice
Changes To This Notice
Who We Are
What We Will Use Your Data For
- We will use your details to keep in touch throughout the pilot and for sending vouchers associated with completion of the questionnaires.
- We will calculate a driver safety score based ondata from your vehicle. Your score will be updated throughout the pilot.
- We will use your data to provide a monthly summary of the factors and driving events that influence your driver score. We may also use this data to provide insights and guidance for how to improve your score.
- Based on data you provide, data collected from the vehicle during the pilot and some underlying assumptions (e.g. annual mileage, licence points and claims history), we will calculate an indicative premium if you were covered by Humn.
- We will produce a summary report of the pilot that will be shared with Ford. Results from the trial may be shared elsewhere (e.g.conferences, trade magazines however we will only publish statistical data or anonymous data).
- We may use data from the pilot for on going research to understand customers’ needs and to inform product development.
How We Receive Your Information
The Personal Information We Collect
Basic Categories Data
- Biographical information such as your name and age;
- Personal contact information suchas your e-mail address;
- Telematics data such as GPS location, time and date, direction of travel, speed, accelerometer data, advanced Driver assistance systems data;
- Vehicle data such as registration, VIN, make and model;
- Your opinions around your interaction with the service by way of optional surveys;
- How much you spend on Insurance per year;
- How many years you’ve held a No Claims Bonus;
- An estimate of the average number of miles you drive per year;
- Online and transactional information such as details of your IP address and interactions that you have with our websites, e-mail open rates, driver risk report open rates, unique visits to the report and the frequency of returns per report, average time per visit and total time you have reviewed your driver risk report per month.
- Information we receive from Typeform such as number of respondents and time to complete questionnaire.
Our Legal Basis for Processing Your Personal Data
Legal or Regulatory Obligation
- To fulfil our obligations as an entity regulated by the Financial Conduct Authority (FCA) and The Financial Ombudsman Service.
- To fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements.
- Sharing Data back with FCE in order to report of the results of the proposition and for the purposes of product development;
- Regulators who govern how we operate, including the FCA, PRA, FOS, HMRC, ICO and the Advertising StandardsAuthority;
- The police, courts and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
- Any personal representatives appointed by you to act on your behalf;
- Legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;
- Our third-party services providers such as IT suppliers, actuaries, auditors, marketing agencies, providers of market research services, including customer feedback surveys, referral administrators, document management providers and tax advisers;
- Third party service providers that enable us to process data during the course of this POC namely Amazon AWS, Freshsales, Churnzero, Webflow, Typeform, Carusso and Microsoft.
- We may also disclose your personal information to other third parties where the disclosure is required bylaw or by a regulator with authority over us on the grounds of substantial public interest.
Automated Decision Making and Profiling for the Purposes of Underwriting
Automated Decision Making and Profiling for the Purpose of Driver Behaviour Scores
Driver Behaviour Scores are calculated using a combination of recorded telematics data, speed limit or similar data and models defined within our systems by The Contracting Entity. These models typically take legal speed limits (speeding events) and acceleration/deceleration behaviour patterns on either one or two axes (longitudinal or lateral).
Humn.ai uses the Driver Behaviour Score profiling as key metrics in automated decision-making processes to calculate dynamic insurance premium prices on behalf of The Contracting Entity.
You have the right to contest any decision produced by a solely automated means and request for human intervention. In order to affect this right please contact the Data Protection and Privacy Office details of which can be found below.
Transferring Data Internationally
There may be circumstances where we transfer information to our service providers in countries outside the UK and the EEA. If we do so, then your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (e.g. data transfer assessments and standard data protection contract clauses adopted by the European Commission and UK Government respectively);
- a European Commission or UK Government decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
- Identity and Access Management, based on strong Authentication (SSO and a Zero Trust Model) and Role-Based-Access-Control to enforce granular access to data;
- Data Loss Prevention, through Backup & Recovery standards as well as Business Continuity & Disaster Recovery procedures;
- Encryption and Anonymisation, leveraging AES-256based data encryption at rest and TLS v1.3 for data in-transit, whilst utilising SHA256 for PII hashing.
How Long We Keep Your Data For
In the case of the commercial vehicle proposition we will retain your personal data for a period of one year post completion of the project after which time all data will be anonymised and held for our records.
Your Rights Under The Law
- The right to be informed – We are required to provide individuals with clear and precise transparency information regarding who we are and what we do with your data. This Privacy Notice along with other transparency information gives effect to this right;
- The right of access – Individuals have the right to access and receive copies of their personal data alongside other supplementary information as required. If you wish to affect this right please contact the Group Data Protection Officer on the details provided below;
- The right to rectification – Individuals have the right to ensure that the information that we hold about them is accurate. If you believe that the personal information that we hold about you is inaccurate or incomplete, then please contact us to request that we amend or update our records;
- The right to erasure – You have the right to request that all data pertaining to you be erased from our systems. Please note that there are certain circumstances where this request may not be possible. If we are unable to comply, we will issue you with meaningful information regarding why this is the case;
- The right to restriction of processing – There may be circumstances where we will restrict the processing of your data. For example, if we are investigating a claim that your personal information is no longer accurate or you object to the processing taking place;
- The right to data portability - You have the right to request that your information be compiled into a common, machine-readable format and either provided directly to you or sent by us to a third-party you nominate. If this is not possible, we will issue you with information setting out why this cannot be done;
- The right to object – You have the right to object to us processing your data or a category of data that we hold about you. If we are unable to comply with your request, we will issue you with meaningful information regarding why this is the case;
- Rights in relation to automated decision making and profiling – As set out above you have the right to request human intervention into any process involving automated decision-making or profiling where that processing results in legal or similarly significant effects. Please note that this right would not apply to underwriting decisions as this automated decision-making is required for entering into the insurance contract however, we would be happy to review your case and provide you with further information regarding the process and your case.
The Data Protection and Privacy Office
184 Shepherds Bush Road