Humn.ai/ Ford Privacy Notice

Last Updated: 25th October 2022

About This Notice

This Privacy Notice sets out how Humn.ai Limited (Humn, we, our, us) and Ford Credit Europe Bank plc (FCE) will process your personal data in relation to launching a Single Commercial Vehicle (SCV) proposition (Pilot).

Changes To This Notice

Humn reserve the right to amend this Privacy Notice at any time without notification in response to changes in data protection legislation or in order to fulfil our legal and regulatory obligations. We recommend that you check landing page [https://humn-ai.webflow.io/data-protection-and-privacy] on a regular basis in order to ensure that you are aware of any changes which may affect you.

Who We Are

For the purposes of any applicable data protection laws inEngland and Wales, including the Data Protection Act 2018 (DPA) the UK GeneralData Protection Regulation (UK GDPR) and General Data Protection Regulation EU2016/679 (EU GDPR), Humn is the data controller of your personal data.
Humn is Authorised and Regulated by the Financial Conduct Authority under firm reference number 923700. We are registered in England and Wales under company number 11032616. We are also registered with the Information Commissioners Office under reference ZA504331.
FCE is responsible for insurance product development within the Ford group of companies. For the purposes of this pilot FCE will be an Independent Data Controller and will receive anonymised data for the purposes of analysis and product development.

What We Will Use Your Data For

  • We will use your details to keep in touch throughout the pilot and for sending vouchers associated with completion of the questionnaires.
  • We will calculate a driver safety score based ondata from your vehicle. Your score will be updated throughout the pilot.
  • We will use your data to provide a monthly summary of the factors and driving events that influence your driver score. We may also use this data to provide insights and guidance for how to improve your score.
  • Based on data you provide, data collected from the vehicle during the pilot and some underlying assumptions (e.g. annual mileage, licence points and claims history), we will calculate an indicative premium if you were covered by Humn.
  • We will produce a summary report of the pilot that will be shared with Ford. Results from the trial may be shared elsewhere (e.g.conferences, trade magazines however we will only publish statistical data or anonymous data).
  • We may use data from the pilot for on going research to understand customers’ needs and to inform product development.
FCE is responsible for insurance product development within the Ford group of companies. For the purposes of this pilot FCE will be an Independent Data Controller and will receive anonymised data for the purposes of analysis and product development.

How We Receive Your Information

We collect personal information from you directly should you choose to participate in the commercial vehicle proposition. This will typically be done by way of webform, e-mail or surveys.

The Personal Information We Collect

We collect a range of different personal information in order to provide or offer our services to you.

Basic Categories Data

  • Biographical information such as your name and age;
  • Personal contact information suchas your e-mail address;
  • Telematics data such as GPS location, time and date, direction of travel, speed, accelerometer data, advanced Driver assistance systems data;
  • Vehicle data such as registration, VIN, make and model;
  • Your opinions around your interaction with the service by way of optional surveys;
  • How much you spend on Insurance per year;
  • How many years you’ve held a No Claims Bonus;
  • An estimate of the average number of miles you drive per year;
  • Online and transactional information such as details of your IP address and interactions that you have with our websites, e-mail open rates, driver risk report open rates, unique visits to the report and the frequency of returns per report, average time per visit and total time you have reviewed your driver risk report per month.
  • Information we receive from Typeform such as number of respondents and time to complete questionnaire.

Our Legal Basis for Processing Your Personal Data

Legitimate Interest

In processing your personal data we are relying upon the lawful basis of Humn’s legitimate interest in developing a SCV product that is fit for purpose and is of benefit to the vehicle owner as well as to the Original Equipment Manufacturer.
Where we rely on this lawful basis, we conduct a balancing exercise to ensure that our interests are proportionate and do not override your rights and interests as a data subject. In some instances, you also have the right to object to this kind of use. If you wish to object to this type of processing please contact the Data Protection and Privacy Office details of which can be found below.

Consent

At the end of the POC Humn will give you the option to stay in touch with us. In order to provide you with this information we will require your consent. Please note that as consent will be the legal basis for providing this information you are free to withdraw your consent at any time.

Legal or Regulatory Obligation

  • To fulfil our obligations as an entity regulated by the Financial Conduct Authority (FCA) and The Financial Ombudsman Service.
  • To fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements.
In this respect, please note that we may have to process your data to comply with other legal obligations such as requests from law enforcement agencies or other international and national governmental and regulatory bodies. This will be covered more fully in the section below regarding “Data Sharing”.

Data Sharing

During the course of the commercial vehicle proposition we may have cause to share your personal data and any data generated from the proposition with certain third parties as set out below:
  • Sharing Data back with FCE in order to report of the results of the proposition and for the purposes of product development;
  • Regulators who govern how we operate, including the FCA, PRA, FOS, HMRC, ICO and the Advertising StandardsAuthority;
  • The police, courts and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
  • Any personal representatives appointed by you to act on your behalf;
  • Legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;
  • Our third-party services providers such as IT suppliers, actuaries, auditors, marketing agencies, providers of market research services, including customer feedback surveys, referral administrators, document management providers and tax advisers;
  • Third party service providers that enable us to process data during the course of this POC namely Amazon AWS, Freshsales, Churnzero, Webflow, Typeform, Carusso and Microsoft.
  • We may also disclose your personal information to other third parties where the disclosure is required bylaw or by a regulator with authority over us on the grounds of substantial public interest.
If you would like further details in relation to how we share your information and with whom please contact the Data Protection and Privacy Office details of which can be found below.

Automated Decision Making and Profiling for the Purposes of Underwriting

In order to provide you with data in relation to what your potential cost of insurance could be at the end of the proposition we will require to process your data in the ways in which we would process client data for the purposes of underwriting an insurance policy. As such we may use personal data in processes that involve automated decision making and profiling for the purposes of assessing whether or not you meet our underwriting criteria, to determine premium pricing and assessing the risk of the policy as a whole.  
If you feel that the outcome of this processing has been unfair you have the right to contest any decision produced by a solely automated means and request for human intervention. In order to affect this right please contact the Data Protection and Privacy Office details of which can be found below.

Automated Decision Making and Profiling for the Purpose of Driver Behaviour Scores

In order to provide you with data in relation to what your driver risk score would be and any behavioural insights as part of the proposition we will require to process your data in the ways in which we would process client data for this service. Humn.ai systems allow Driver Behaviour Scores to be calculated based on recorded telematics data and other publicly available data such as speed limits. The calculation of Driver Behaviour Scores is a form of profiling under Data Protection Legislation.

Driver Behaviour Scores are calculated using a combination of recorded telematics data, speed limit or similar data and models defined within our systems by The Contracting Entity. These models typically take legal speed limits (speeding events) and acceleration/deceleration behaviour patterns on either one or two axes (longitudinal or lateral).

Humn.ai uses the Driver Behaviour Score profiling as key metrics in automated decision-making processes to calculate dynamic insurance premium prices on behalf of The Contracting Entity.

You have the right to contest any decision produced by a solely automated means and request for human intervention. In order to affect this right please contact the Data Protection and Privacy Office details of which can be found below.

Transferring Data Internationally

Data protection law places restrictions on transferring personal data outside of the United Kingdom (UK) and the European Economic Area (EEA).  

There may be circumstances where we transfer information to our service providers in countries outside the UK and the EEA. If we do so, then your personal data will only be transferred on one of the following bases:  
  • where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (e.g. data transfer assessments and standard data protection contract clauses adopted by the European Commission and UK Government respectively);
  • a European Commission or UK Government decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
  • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).