Privacy Notice for Single Commercial Vehicle Policies
Last Updated: 25 October 2022
About This Notice
If your single commercial vehicle policy is with Kinetiq Underwriting Ltd (The ContractingEntity), Humn process your data as an Independent Data Controller if you have selected their traditional policy or if you have a telematics device fitted as part of your policy.
It is very important that you read this Privacy Notice in conjunction with that offered by The Contracting Entity in order to understand how your data is processed and the legal basis for onward transfer to us. This Privacy Notice only covers the processing performed by Humn and not those processes performed by The Contracting Entity. If you have any questions in relation to this please contact the Data Protection and Privacy Office on the details provided below.
How We Receive This Information
We collect personal information from a number of different sources. These include:
- Directly from you in person, by telephone, email or via our website and app;
- From third parties involved in your insurance policy - for example The Contracting Entity;
- From call recordings when interacting with us;
- From third party telematics providers;
- From third parties in connection with any acquisition or merger of a business by us.
The Personal Information We Collect
Basic Categories Data
- Biographical information such as your name, title;
- Personal contact information such as home address, personal email address;
- Online and transactional information such as details of your IP address and interactions that you have with our websites and digital platforms. Please see our Cookies Policy for more information;
- Telematics data such as GPS location, time and date, direction of travel, speed, accelerometer data, safety events as processed and detected by the telematics service provider, CAN bus data;
- Vehicle data such as registration, VIN, make and model.
What We Use Your Data For
Legal or Regulatory Obligation
- To fulfil our obligations as an entity regulated by the Financial Conduct Authority (FCA) and The Financial Ombudsman Service;
- To fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements.
- Facilitate the provision and maintenance of the telematics device and receive information captured about the status of the device and your driving behaviour;
- Provide support services for telematics devices if there are any issues with fitting the device, keeping the device operational and replacement devices, if required;
- In furtherance of our commercial activities such as to maintain and manage our business operations, management reporting information and internal process requirements;
- To develop and improve our products and services;
- To communicate with you regarding any queries you raise via the website.
Establishment, Exercise or Defence of Legal Claims.
- We may process your personal information for the establishment, exercise, or defence of legal claims or if we proceed with a claim against you.
If you would like further details regarding our processing activities please contact the Data Protection and Privacy Office details of which can be found below.
- In the case of drivers, The Contracting Entity that you have a primary relationship with;
- Third party telematics providers;
- Our third-party services providers such as IT suppliers, actuaries, auditors, document management providers and tax advisers;
- Third parties in connection with any sale, transfer, or disposal of our business;
- We may also disclose your personal information to other third parties where the disclosure is required by law or by a regulator with authority over us on the grounds of substantial public interest.
Transferring Data Internationally
- where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (e.g. Data Transfer Assessments and Standard Contract Clauses adopted by the European Commission and/or the UK IDTA and UK Addendum as adopted by the UK Government);
- a European Commission or UK Government decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
- our own products and services;
- industry related insights and news;
- advice for fleet and risk management;
- third party marketing information that you have expressed an interest in receiving.
- Identity and Access Management, based on strong Authentication (SSO and a Zero Trust Model) and Role-Based-Access-Control to enforce granular access to data;
- Data Loss Prevention, through Backup & Recovery standards as well as Business Continuity & Disaster Recovery procedures;
- Encryption and Anonymisation, leveraging AES-256 based data encryption at rest and TLS v1.3 for data in-transit, whilst utilising SHA256 for PII hashing.
How Long We Keep Your Data For
Your Rights Under The Law
- The right to be informed – We are required to provide individuals with clear and precise transparency information regarding who we are and what we do with your data. This Privacy Notice along with other transparency information gives effect to this right;
- The right of access – Individuals have the right to access and receive copies of their personal data alongside other supplementary information as required. If you wish to affect this right please contact the Group Data Protection Officer on the details provided below;
- The right to rectification – Individuals have the right to ensure that the information that we hold about them is accurate. If you believe that the personal information that we hold about you is inaccurate or incomplete, then please contact us to request that we amend or update our records;
- The right to erasure – You have the right to request that all data pertaining to you be erased from our systems. Please note that there are certain circumstances where this request may not be possible. If we are unable to comply, we will issue you with meaningful information regarding why this is the case;
- The right to restriction of processing – There may be circumstances where we will restrict the processing of your data. For example, if we are investigating a claim that your personal information is no longer accurate or you object to the processing taking place;
- The right to data portability - You have the right to request that your information be compiled into a common, machine-readable format and either provided directly to you or sent by us to a third-party you nominate. If this is not possible, we will issue you with information setting out why this cannot be done;
- The right to object – You have the right to object to us processing your data or a category of data that we hold about you. If we are unable to comply with your request, we will issue you with meaningful information regarding why this is the case;
- Rights in relation to automated decision making and profiling – As set out above you have the right to request human intervention into any process involving automated decision - making or profiling where that processing results in legal or similarly significant effects. Please note that this right would not apply to underwriting decisions as this automated decision-making is required for entering into the insurance contract however, we would be happy to review your case and provide you with further information regarding the process and your case.
The Data Protection and Privacy Office
184 Shepherds Bush Road
Changes To This Notice