Here in Driverly Company Limited, we will always treat your personal data with respect and design our products and services with your privacy in mind.
This Privacy Notice will help you understand how we collect, use and protect your personal data.
Driverly Company Limited (also referred to as 'Driverly', 'we', 'us' or 'our') is the Data Controller and responsible for your personal data and is registered at 10 Churchill Way, Cardiff, CF10 2HE (Reg No: 13377155).
Adam Stokes is our data protection officer and can be contacted at email@example.com or at The Data Protection Officer, Driverly Company Limited, 10 Churchill Way, Cardiff, CF10 2HE.
Now, pour a cup of tea and get ready for a good read (or at least a thorough one). ☕️
Your personal data explained
We’re going to talk a lot about your personal data, so let’s get some basics right. 👍
Your personal data is the information relating to you as an individual that is linked to your name or any other way you can be identified, such as your driving license number or your insurance policy number.
Certain types of personal information are considered to be ‘Special Categories’ of information, due to their more sensitive nature. Sometimes we'll ask for (or obtain) special categories of information because it's relevant to your insurance policy or other services provided to you. For example, to assess risk correctly, we'll ask you about previous motoring convictions. This privacy notice highlights where we're likely to obtain special categories of information and the grounds on which we process this data. We'll only process special categories of information if they're relevant e.g. information about your health and criminal convictions.
Now that we know what we’re talking about it, let’s get into it. 🤓
Collecting your data
As a technology-based insurance startup, we pride ourselves on our data analytics capabilities. 👩🏼💻
We believe we can provide a much fairer price and a greater customer experience by using data and technology. To do so, we will need to process your personal data to provide you with our services. We will collect data from you, from your use of our services, and from external sources (both public and private).
The personal information we collect about you may include:
Your contact details such as name, physical and email addresses, phone numbers;
Further personal details such as marital status, employment status, income information, proof of residency;
Government identifiers such as driving license number;
Your claims history;
Machine identifiers including your IP address, IMEI and MAC address.
Information about how you interacted with us, our websites, and our services;
Information about others who will be or are included on your policy (which you should have their permission to share)
Information on your vehicle, some of which will be collected from external databases. Examples include road tax status and geological data for your area.
Data collected from External Data Sources including Regulatory bodies, Location Services providers, Motoring Agencies, Credit Data and Credit Scores, Claims Data, previous Non-Claim-Bonus data, CCJ data, Electoral Roll data and Online Behavioural Data.
Examples of special category data we collect may include: your medical history, criminal convictions and county court judgments
Your driving behaviour data (telematics data),
If you provide us with personal data about another individual, you acknowledge that you have permission from that individual to do so and that they understand how we will process their personal data. We would strongly encourage that any individual, whose personal data you provide to us, reads this Privacy Notice.
How we collect your data
We want to be as transparent as possible about the data we collect. 🤝
We will collect your personal data when:
You provide us with details for a quote
You purchase our products and services or those provided by our service partners
You interact with us or make customer inquiries including through social media
You register for information or other services
You respond to communications or surveys
Someone you know invites you to sign up for our services/the Driverly Club
We require additional information from you for validation purposes
We collect data about you through the use of technology such as cookies and device fingerprinting.
You have the ability to accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. For information about how to manage and disable cookies, you can use the 'Help' function within your browser or please visit www.aboutcookies.org or www.allaboutcookies.org. However, please note that by deleting or disabling cookies could affect the functionality of our website and you may not be able to access certain areas or features of our site.
Driving Behaviour Data (Telematics Data)
In order to provide you with an insurance policy, we need you to download our mobile app. 📱 We will use the app in order to, among other things, capture your driving behaviour data. This information includes the date, time, latitude, longitude, speed, duration, distance, acceleration, braking, cornering, and other associated vehicle information.
Please note that we may team up with other companies to provide you with our telematics services. In such cases, our app normally collects information from your phone and transmits this to us and/or our suppliers after a delay. Instances, where the app may send real-time data and alerts to us, including when a collision or crash is detected.
Using your data
Purposes for which we will use your personal data
As you know, we love data and technology and we love data and technology to work for our customers. The data we collect from you could be used for a wide variety of reasons:
Processing your car insurance quotes;
Fraud detection and prevention;
Verifying your identity when required;
Undertaking market research, product development, and statistical purposes;
To enable us to provide you and other customers with relevant information through our marketing program;
Keeping you informed about promotions and new developments by email, telephone, SMS, social media, or post (dependent on your preferences);
For assessment and analysis to enable us to review, develop and improve the services we offer; and
Refining pricing models and using collected data to accurately price individuals; and
To make decisions about you using computerised technology to profile you, such as assessing which products might be most suitable for you.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (see below).
Where we need to comply with a legal or regulatory obligation.
When we have your consent.
Where there is a substantial public interest.
Substantial Public Interest
In certain cases, we may ask you to provide us with information about your health and criminal convictions, in order to provide you with an insurance policy or other services, which we may also need to share with insurance underwriters. When this is necessary, we will collect this information on the basis of fulfilling a substantial public interest.
Sometimes we need to use your personal data for legitimate business purposes, in order to ensure we continue to provide a great customer experience. In such instances, we will always balance our interests against yours.
The processes below are considered legitimate interests:
Fraud detection and prevention, which may include conducting checks against external databases and your social media profiles;
Engaging and contacting you throughout the lifecycle of your policy to ensure you have a good experience as a Driverly customer;
Internally auditing our processes to maintain our high standards;
Some of our marketing activities;
Use of your quote data (whether you accepted a policy or not), data collected during the lifetime of your policy, and data collected from third parties (such as credit reference agencies), to refine our pricing and risk assessment models, to improve the accuracy of our premiums and improve the quality of our services;
Sharing data with selected third parties in order to add value to our products.
Fraud detection and prevention
The personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity.
If false or inaccurate information is provided and fraud is identified, details may be passed to fraud prevention agencies. Law enforcement agencies may access and use this information.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
checking details on applications for credit and credit-related or other facilities
managing credit and credit-related accounts or facilities
checking details on proposals and claims
checking details of job applicants and employees
Generally, we do not rely on consent as a legal basis for processing your personal data - other than:
The collection of Telematics Data from your mobile device
Sending third party direct marketing communications to you or
Sharing your data with other members of a Driverly Club.
Driving Behaviour Data (Telematics Data)
Driverly’s promise is to offer you a fair price and a great customer experience based on how you drive. We and joint controller companies we partner with will use the data captured by our app for the purposes of:
Calculating and charging insurance premiums based upon actual vehicle usage and compiling and generating Driving Scores.
Controlling your personal data for the purpose of providing you with services relating to the insurance policy. We will process your data in accordance with our responsibilities under the European Data Protection Regulation (GDPR).
Carrying out the activation, disconnection, servicing, updating, or testing of the app
General research and analysis, mapping purposes, researching and refining techniques for analyzing motor Telematics data, and the supply of traffic data. In all such circumstances, the data will be used anonymously and will not identify any individual, vehicle user, or policyholder.
Enabling us, joint controller companies, and any service partners, to contact you by post, electronic mail, telephone, or text messaging regarding the administration of your insurance policy and the associated services.
Provision of the insurance services under the policy. Data will be used for fraud prevention, detection, and investigation purposes.
Please note that where the Driverly App indicates a severe crash has occurred, we will try to contact the policyholder and the named driver to offer assistance. If they cannot be reached, we will try to reach anyone else named on the account. If we are unable to contact any of those persons named on the account then we will contact the emergency services with details of the vehicle, its last known location, and the names of those individuals named on the policy.
Promotional offers from us
We may use your Contact Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this ‘Marketing’).
You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us [or if you provided us with your details when you entered a competition or registered for a promotion] and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside Driverly for marketing purposes.
Driverly may contact you from time to time to ask you to take part in a survey, in order to enable us to review, develop and improve our services. Your survey responses, including any personal data provided, will only be used by Driverly for the purposes stated within this Privacy statement. Personal data can include (but is not restricted to) your name, age, and e-mail address. We may also collect special category personal data, depending on the survey to which you are responding.
How we retain your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Presence Of Automated Decision Making
We utilise automated decision-making technology about whether you are eligible for a quote or policy. This process uses information provided by you in combination with additional data, sourced from our partners (listed in the section ‘Sharing Your Data’ below) to automatically classify risk levels which may impact whether we decide to offer you a quote or policy.
As per GDPR Article 15.1.H, the table below contains information about the logic involved and envisaged consequences:
If you've been subject to an automated decision and don't agree with the outcome, you can ask us to review it by writing to: firstname.lastname@example.org.
Sharing your data
Sharing with Service Providers
Subject to the foregoing, Driverly uses your personally identifiable information in several ways. Driverly may share your personally identifiable information with service providers to help us with our business activities such as running and maintaining our applications, processing credit cards, email and digital marketing activities (including social media and display marketing), offering customer service, or operating a community forum. These service providers are authorized to use your personally identifiable information only as necessary to provide these services to us.
We may also share your personal information with:
Our IT platform and systems providers.
- Analytical, Know Your Customer (KYC) and cyber security providers.
- Fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity.
- Third parties that carry out advertising services for us (but we won't share identifiable personal data with these third parties for their own marketing purposes unless you give us permission, and you can opt out).
- Credit reference agencies.
- Customer 'interface' providers (like the ones who manage our sites chat service).
- Anyone who you give us explicit permission to share it with.
We'll also share it to comply with the law, to enforce our Terms and Conditions, or to protect the rights, property or safety of us, our customers or others.
The Driverly Club
If a colleague or family member invites you to join the Driverly Club, and you give us your consent, then your name and driving score will be shared with other members of that club. We will never share this information with your consent and you may withdraw your consent at any time within the Driverly app. For more information on the Driverly Club, go to https://www.driverly-insurance.co.uk/car-insurance/faqs.
How we protect your data
We are committed to protecting your personal data and maintain a robust Information Security framework to ensure it remains confidential and secure. No one wants to find their personal data in the dark web, right?
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Information Commissioner’s Office or the European Commission.
Where we use certain service providers, we may use specific contracts (or SCCs) approved by the UK Information Commissioner’s Office or the European Commission, which give personal data the same protection it has in Europe.
The way that we store and process data is compliant with the Data Protection Act 2018 (DPA) and ePrivacy Directive 2002 (amended 2009). The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
We always aim to comply both with the spirit as well as the letter of the law and to be responsible with your data. As well as keeping up-to-date with laws about data, we also aim to make sensible decisions based on common sense, listening to users’ views and industry best practices.
Under the UK Data Protection Act 2018, you have various rights in relation to your own data (i.e. where you are the ‘data subject’), which are summarised below:
Right of Access: You have the right to request a copy of all the personal information that we have about you.
Right to Rectification: You have the right to ask us to update information that we hold about you where it is incorrect or incomplete.
Right to Erasure: You have the right to request the deletion of your personal data, for example where processing is no longer necessary for the purposes for which the data were collected (see “Exceptions” below).
Right to Restriction of Processing: You can ask us to stop processing your data (i.e. we cannot make any further changes, delete, or share it). For example, this could be where you wish to challenge the accuracy of data or where you make use of your ‘Right to Object’.
Right to Data Portability: You are entitled to an electronic copy of the data that you provided to us as part of subscribing to the email alert service.
Right to Object: You can object to processing conducted under the ‘Legitimate Interest’ condition (as outlined in the section “Using your Data”) and we must then cease processing unless we can demonstrate compelling grounds.
Right to Withdraw Consent: You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Automated Decision-Making and Profiling: You have the right not to be subject to a decision that is based solely on automated processing (including profiling), which would have a significant or legal effect on you. You have the right to contact us to express your point of view and challenge the decision.
You may exercise your Rights by contacting us at: email@example.com.
Your Right to Erasure (and Right to Withdraw Consent) applies to any and all personal data collected from you based on having acquired your Consent; we will also endeavour to delete any data collected from you based on Legitimate Interest but, depending on your usage of our services, we may retain some personal data that we may need to protect our interests in the future. This data might include the minimal information we need to identify you, records of any financial benefits you received from us (e.g Vouchers received and Acorns spent) and information concerning crashes or driving behaviour that might be relevant if you reengage with us in future. In this scenario, we will only keep the minimal information necessary to protect our interests and will ensure that it receives special protection and can only be accessed by internal staff for whom it is absolutely necessary.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please note that there will be situations where exceptions apply under Data Protection law that we may rely on. We will tell you if we are unable to comply with your request, or how your request might impact you, when you contact us.
How we update this Privacy Notice
We may update this Privacy Notice at any time, in accordance with applicable legislative and regulatory requirements or our internal policies and processes. Service users may be notified of significant changes, for example via email communication.
How to contact us
If you would like to discuss any aspect of this Privacy Notice or anything else about the personal data we collect on you, please contact us at firstname.lastname@example.org.
If you have any concerns or complaints in relation to the processing of your data, we ask that you contact us first to give us the chance to understand the issue and see how we can address it.
In any event, you have the right to lodge a complaint with our supervisory authority, the Information Commissioners Office. To report a concern to the ICO:
Telephone helpline 0303 123 1113
Textphone service 01625 545860