Why read this?
Data gives us the power to do incredible things – being able to provide fairer premiums is our favourite example. But handling it is a big responsibility, and one we take very seriously. This policy tells you how we use your personal information, and what we do to keep it safe.
What words mean
“Data Protection Law” means the Data Protection Act 2018, the GDPR, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended from time to time, and all other applicable privacy and data protection laws and regulations, as well as any guidance and/or codes of practice issued from time to time by the Information Commissioner.
For the purposes of Data Protection Law, we, the underwriter named on your insurance policy (if you are a Rooster policyholder) and any providers of add-ons to your policy (such as breakdown cover or legal cover) are data controllers, which means we control the processing of your personal information in accordance with Data Protection Law, and are each responsible for holding your personal information safely.
Information we may collect about you
We may collect personal information about you including, but not limited to:
Your name, date of birth, occupation, and relationship status;
Family details, including their relationship to you;
Contact information including postal address, email address, phone number;
Credit/debit card details, bank account details, driving licence details, vehicle registration number;
Credit history, credit score, fraud history, sanctions and criminal convictions;
Motoring offences and criminal convictions;
Information about your vehicle and the location of your vehicle;
Technical information including IP address, operating system, location, browser type and related information regarding the device you use to visit our websites, or on which you install our app;
Information obtained through monitoring your driving & lifestyle behaviour via the app;
Information we collect when you send us emails or letters;
To give you a quote we may collect personal data relating to your health and medical history, plus previous driving convictions, accidents and claims.
Information that we collect automatically
Device information: We may also collect information about your device each time you use the App or Sites, including:
the operating system and browser type;
the browser language;
the IP address used to connect your computer or mobile device to the Internet;
the URL of the website you visited before browsing to our Sites;
the URLs of the pages you visited on our Sites;
the time you spent on each page you visited;
the access times;
other information about your use of and actions on our Sites.
the location of your device
Website and app usage: We may record information about how you use our website or smartphone app, including mouse clicks, mouse movements, screen taps, scrolling activity, and keystrokes. So that we can improve the way our products and services work, we may send this data to a third party in an anonymised and encrypted form.
App telematics data: If you have granted Rooster permission to do so, we will gather certain telemetric data from your mobile device such as accelerometer, GPS and gyroscope data, and continue to monitor your device activity until the test drive period is finished or you change your permissions.
the location of your car and roads you've driven on;
the date and time of day driven;
the distance driven, and the time used to drive that distance;
the speed and acceleration of the car;
the smoothness of braking, accelerating and cornering;
On the basis of these pieces of data we’ll build a profile of how, where and when you drive, which will allow us to price and manage your insurance policy.
Information from third parties
Occasionally we may receive information about you from other sources, for example, the Driver and Vehicle Licensing Agency (DVLA), the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), MyLicence and credit checking agencies. Some of these third parties may record our enquiries. The information provided by third parties about you will add to the information we already hold in order to help us check your identity and assess your credit score.
Information about other individuals
If you give us information on behalf of a third party, including other drivers named on your policy, it is your obligation to show this Policy to them, to ask them to read it thoroughly and to make sure they acknowledge and agree to their personal data being processed in line with the requirements of this Policy.
What’s the legal basis for us processing your information?
We’ll process your personal data or that of a named driver on your policy as outlined in this Policy only in one or more of the following circumstances:
you've given us consent, for instance i) you've ticked a box in your insurance application consenting to our sending you product offers, information about promotional events, ii) you give us information including on your health and any convictions so that we can provide a quote, iii) you phone or email us to give us information, so that we can manage your policy (including to handle claims), or;
where it’s necessary for us to enter into a contract with you, including to provide you with quotes, provide our products and services, process your payment, register and process claims made under your insurance policy, and to respond to enquiries made by you, or;
for claims processing, such as managing insurance and reinsurance claims, defending or prosecuting legal claims, and for investigating or prosecuting fraud, or;
for renewals, such as re-evaluating the risks to be covered and matching these to an appropriate premium, or;
for compliance with our legal obligations, including in respect of payment processing and financial account management, or;
for the purpose of furthering our legitimate interests, including the improvement of our products, services, websites and applications, to operate our Sites and Apps, to carry out behavioural advertising, and to prevent, detect and investigate fraud or illegal activity.
How we use your information
We may process your information for the following purposes:
to help us identify you and any insurance you hold with us;
to provide personalised insurance quotes;
to remind you about insurance quotes you have not taken up;
to administer your Rooster insurance policy, including for underwriting purposes, to process insurance claims, to calculate your premiums, to invoice you and for debt recovery;
customer profiling and analysing your use of the Rooster insurance policy;
to communicate with you about promotions, upcoming events, and other news about products and services offered by us or our selected partners, including via email, telephone and/or text messages in accordance with any marketing consent provided by you (see “Marketing and opting out”);
fraud prevention and detection;
credit scoring and credit checking (see “Credit Checking”);
customising the App and the Sites, and their contents to your particular preferences
to notify you of any changes to the App, any security notices, updates to our terms or other changes to our services that may affect you;
to contact you in relation to any enquiry you send to us;
to disclose your information to selected third parties as detailed by this policy (see below);
to customise our Sites and their content to your particular preferences;
for security vetting; and
to help with product development and to operate, maintain and improve our services, Sites, App and products.
Profiling and automated decision making
We rely on automated decision-making, including profiling, to assess whether we’re able to insure you, to provide you with personalised insurance quotes, and to calculate your premium. Such automated decision-making will be based on factors that are relevant for us to determine the insurance risk, such as your credit score, the type of car driven and your address.
This means that our systems could decide – without human intervention – that you don’t meet the requirements to get an insurance policy with us.
Sharing your information
We may disclose your information to:
insurance underwriters and other insurers and reinsurers, including in order to be able to administer your insurance policy and calculate your insurance premium;
any providers of third party products that you purchase through us, for example your breakdown cover;
third parties, where you’ve used a referral link, promotion link or promotional code to get a Rooster quote, in order to verify the policies purchased through them;
service providers assisting with our business activities, such as: our telematics providers, payment services providers, telematics distribution providers, IT hosting providers, providers of IT support, providers of cloud based software or services used by us, providers of printed documentation, accounting, compliance and law firms;
third parties who need your personal data in relation to a claim made under your insurance policy, such as claims handling services, recovery agents, car hire companies, mechanics or garages, legal representatives, individuals involved in an accident, and other insurers;
the Motor Insurance Database (MID, run by the Motor Insurers' Bureau) including to establish i) whether a named driver is insured to drive a vehicle, ii) to prevent, detect and investigate fraud or illegal activity, and iii) to obtain relevant information in case you are involved in an accident;
the Claims and Underwriting Exchange (CUE, run by Experian PLC), the Motor Insurance Anti-Fraud and Theft Register (MIAFTR, run by Insurance Database Services Limited), other third parties providing similar services as well as fraud prevention agencies, in each case in order to help us verify information provided in respect of a named driver and to prevent, detect and investigate fraud or illegal activity;
third parties in order to validate and update your No Claims Discount (NCD) entitlement in industry databases that may be made available to other insurers;
to the FCA and/or HMRC in connection with any investigation to help prevent unlawful activity;
credit reference agents (see Credit Checking below);
review websites so that they can verify you’re a Rooster member, and ask you to leave a review;
third parties if you have specifically consented to us doing so.
If you’ve left us some particularly nice comments on a public forum, such as a review website or on social media, then we may quote your first name and comments in our marketing materials. We’ll endeavour to get your permission, but this may not always be possible.
We’ll only disclose your data to law enforcement agencies if it is required by law, a court order or our regulators, or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud.
Your data may also be disclosed to third parties in aggregated or anonymised form (i.e. information from which you cannot be personally identified).
Data from the app will be collected by our telematics partners who will process it and then pass it on to us. These partners may also be data controllers of that data. They will process personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) as part of our agreement with them. Our telematics partners may also process the data under their legitimate interests and on a pseudonymised basis for general research and development purposes including improving the analysis of driving patterns and accidents.
If our business is sold or integrated with another business your information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
Keeping your information secure
We’re committed to protecting information that we collect from you, including the data collected via the app, and to keeping that information safe and confidential. In line with this, we limit access to your personal information to employees and certain third parties (see above) who need to process it in accordance with this Policy.
We’ll use technical and organisational physical, electronic and procedural safeguards in accordance with good industry practice to safeguard your information collected against unauthorised or unlawful processing and against accidental loss, damage, destruction, alteration or disclosure.
We’ll keep your information only for as long as we need to hold it, including to comply with our legal and regulatory obligations.
Retention of your data
We will keep your personal data for no longer than is necessary.
Motor insurance contracts are subject to the normal limitation period under the Limitation Act 1980. That is, a claim can be made up to a maximum of six years after the date on which an incident occurs.
In addition, regulatory and legal requirements as well as requirements from our insurance partners may require us to hold data for a longer period. When we no-longer need to hold your data, it will be anonymised and/or deleted.
Recording and Monitoring
We may monitor and record communications with you (such as telephone conversations and emails) for the purposes of provision of services, quality assurance, training, fraud prevention and compliance purposes.
Some of the third parties (such as service providers) to whom we may transfer your personal data may be located in countries outside the European Economic Area ('EEA'). They may not have similar protections in place regarding your data, or restrictions on its use as set out in this Policy. However, we’ll take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information you consent to these transfers for the purposes specified in this Policy.
To enable us and your insurer to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit providers may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this. We may also report our suspicions to the appropriate law enforcement and regulatory agencies.
Marketing and opting out
If you’ve given permission, we may contact you by mail, telephone and email. We may also share your personal data with carefully selected third party organisations, so that they can contact you in the same way. This is to provide information about products, services, promotions, special offers and other information we think may be of interest to you. We’ll inform you (before collecting your data) if we intend to use your data for such purposes. If you would rather not receive such third party marketing information from us, or you no longer wish to receive it, you can opt out at any time (see below).
You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to email@example.com or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us or them.
You have the following rights in accordance with data protection legislation. Please note that some of the rights may only apply under certain circumstances:
the right to obtain a copy of the personal data we have collected about you, and to transmit said copy to another data controller;
the right to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
the right to erase, or restrict the processing of,the personal data we have collected about you;
the right to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
the right to withdraw any consents you have provided in respect of our processing of your personal data, and; the right to lodge a complaint with the ICO (www.ico.org.uk).
To exercise any of these rights please write to us using the contact information stated above in ‘Information we may collect about you’. In case you want to amend your personal data you can also do so via our Sites or App.
Changes to this Policy
We may change this Policy from time to time. You should check this Policy regularly to make sure you're aware of the most recent version that will apply each time you use our Sites or the App.
Links to other websites
Our Sites or App may contain links to other websites. This Policy only applies to our Sites, the App. If you access links to other websites any Information you provide to them will be subject to the privacy policies of those other websites.
Anything unclear? If you have any questions about this policy, please contact us at firstname.lastname@example.org.
If it’s urgent, you can also contact our data protection officer directly at email@example.com. Our data protection officer ensures that our processing personal data is carried out in accordance with applicable law.