AA Website and App Privacy Notice
This Privacy Notice lets you know what happens to the personal data we use and hold when you, your joint policy holders and beneficiaries hold or use our products or services, and use our website or app. You should also refer to our product specific privacy notices, in particular for insurance and breakdown cover.
If you provide us with personal information on behalf of another person, you must ensure that it is accurate, up to date and that you have their authorisation to do so. You should make sure that you provide them with a copy of this Privacy Notice or let them know how to access it. Where this Privacy Notice refers to "you" this also includes data about anyone else named on the policy or whose data you provide us with.
The AA plc and our Data Protection Officer (DPO)
We are the AA. Our main address is Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA. The data controller of our website and app is Automobile Association Developments Limited unless a different entity is listed. For certain products and services, there may be an additional or a different data controller. If so, the data controller will be listed in the product privacy notice or in the terms and conditions of the product or service. We have a Data Protection Officer who you can contact by using the contact details at the bottom of this notice.
Personal data we hold and use
We and our underwriters use several different types of information about you, any additional policyholders and beneficiaries.
Below we have set out the types of information we and our underwriters use or hold about you for our Roadside policy or products. If you hold an insurance policy or other AA products or services (such as financial service or travel products), you should also read the privacy notice for those products or services to understand what other data we might hold. The next section tells you how we use your information.
- Personal and contact details, your date of birth, gender and/or age;
- Product beneficiaries, users and policy holders;
- Records of your contact with us and your payment details;
- Details of products and services you hold or have held, as well as your use of them and any claims or breakdowns, and any expressions of interest in the AA or its business partners. These will include details of products, service, claims, and use of them, and usage of other AA products or services such as AA Insurance Services, AA/BSM Driving School, AA Cars, AA Financial Services and other AA branded products or services;
- Details of breakdowns, call outs, and claims made by you, your policy holders or policy beneficiaries, and product eligibility (such as whether you have an up-to-date MOT, up-to-date tax, or whether your vehicle is listed as being off the road or you provided the DVLA with a Statutory Off Road Notification “SORN”);
- Pricing and risk data about you, your beneficiaries or policyholders. This data is used, for example, to assess or make a decision about policy risk, decide or set pricing or risk levels, and decide whether we can offer or continue to offer you a product or service. This may use details such as your AA product or service holdings and use (including usage, claims or breakdown data), credit data, marketing data and risk profiles, suspected fraud, data from third parties (see below), vehicle and driving details, and telematics details;
- Marketing information, including records of marketing communications, details of what you may be interested in, analysis and profiles we build up about you and your interests, and whether you open or read communications or links;
- Vehicle information, including make, model, age, usage, breakdowns, repairs, and faults;
- Telematics and connected car information about your vehicle (including assessing and predicting faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style), location and routes taken. This will be the case if you have Smart Insurance, Smart Breakdown or a Car Genie device or one of our other telematics or connected car products;
- Information which we obtain from Credit Reference Agencies and Fraud Prevention Agencies (see below);
- Fraud, debt and theft information related to any of the products you hold with the AA;
- Information about your health or if you are a vulnerable customer - for example, details of assistance required – if these are needed to provide your policy to you;
- Criminal records information, including alleged offences if this necessary for your policy;
- Your marital status, family, lifestyle or social circumstances;
- Information from third parties, including demographic information, vehicle details, details of outstanding finance, claims details, fraud prevention databases, property, geographic and demographic details, marketing data, publicly available information (e.g. electoral roll and court judgments), and information to help improve the relevance of our products and services or to help us manage our products and services, pricing or risk;
- Details of your usage of any of our websites or apps, details of your phone and its software (e.g. browser and set up information), browsing history, and other details obtained via cookies or similar technologies (see our Cookie Notice for more details); and
- Third party transactions, such as where a person other than the account holder pays for or uses the service(s).
We may be unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
Sources of your personal data
As we said above, the information we hold comes from different sources. These are:
- You directly, and any information from family members, policyholders or beneficiaries of products and services (for example, if they are authorised to act for you or are allowed to use a service you have with us);
- If you have cover via another company (e.g. a bank, insurer, car company and leasing company), from the company providing you that policy or cover;
- AA Group and AA branded companies, if you already have a product with them, have applied for one or have held one previously. These include Automobile Association Insurance Services Limited, Automobile Association Financial Services Limited and AA Underwriting Insurance Company Limited;
- A third party or beneficiary, if they are making a claim under your policy;
- Information generated about you when you use our products and services;
- Intermediaries (such as comparison sites) we work with to provide products, services or quotes to you;
- Business partners (e.g. garage agents, financial services institutions, insurers) or others needed to provide our services to you;
- Anyone who operates any of your accounts, products or services on your behalf (e.g. via a Power of Attorney, solicitors, intermediaries, etc);
- From sources such as Fraud Prevention Agencies, Credit Reference Agencies, HMRC, DVLA, Motor Insurers’ Bureau, publicly available directories and information (e.g. telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies; and
- Information we source about you or customers generally from commercial third parties, including demographic information, vehicle details, claims data, fraud information, marketing data, publicly available information, property and other information to help improve our products and services or our business.
Reasons for holding and using your personal data
The information is used by us and our underwriter(s). The reasons for using your personal data are below. We have arranged them according to the legal reason we are allowed to use the data.
To provide you with our products or services or decide whether to do so:
- Assessing an application for a policy, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment methods and the terms;
- Providing you with your policy, member benefits and any other products or services held with the AA;
- Communicating with you and holding records about our dealings and interactions with you, your fellow policyholders and beneficiaries;
- Making decisions about you or your policy, including your continued suitability for it, the risk of providing you with the policy, and assessing compliance with the policy terms;
- To manage the operation of our business and those of our in-house or partner insurers or re-insurers;
- To manage the operation of our business and business partners that help support your policy;
- To carry out checks at Credit Reference and Fraud Prevention Agencies at pre-application, application, and periodically after that;
- For analysing and profiling aspects of your vehicle or driving (including assessing and predicting faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style), location and routes taken as part of providing, quoting for, and managing your policy (if, for example, you hold Smart Breakdown or another telematics product);
- Updating your records, tracing your whereabouts, and recovering debt;
- To enable other AA Group and branded companies to provide you with your products and services, quote for products and services, or manage products and services you hold;
- To share information as needed with business partners as required for managing your policy or assessing application account beneficiaries, service providers or as part of providing, administering or developing our products and services or our business; and
- To make automated decisions, including profiling, on whether to offer you a product or service, or the price, payment method, risk or terms of it.
For our legitimate interests or those of others:
- To develop our roadside, insurance and any other products or services using the information we hold;
- To continually develop, improve and manage our risk assessment and pricing models;
- To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels;
- To link together your AA products and services, including to enable you to view these in a single account or profile, linking together your accounts on our systems and using this combined view for the purposes listed in this section;
- To test and improve the performance of our products, services, processes and systems;
- To improve the operation of our business - and that of our business partners – for example, by improving customer service and operational performance and efficiency;
- To develop new products and services, and to review and improve current products and services;
- For management and auditing of our business operations - including accounting;
- To monitor and to keep records of our communications with you and our staff (see below);
- For marketing analysis and related profiling to help us offer you relevant products and services, including deciding whether or not to offer you certain products and services;
- To understand our customers, their use of our products, their preferences and develop models, including developing profiles, algorithms and statistical models;
- To send marketing by SMS, email, phone, post, social media and digital channels (e.g. using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services, such as cars, money and financial services, insurance, travel, member offers as well as to any other offers and advice we think may be of interest;
- To provide insight and analysis of our customers both for ourselves and business partners based on your policy and products, your use of it, your other policies and the use of your policy by others;
- For market research, profiling, and analysis and developing statistics;
- To facilitate the sale of one or more parts of our business;
- To share information with business partners as necessary for the purposes listed in this notice; and
- To share information with other AA Group and AA branded companies to enable them to perform any of the above purposes, in particular AA Underwriting Insurance Company Limited and AA Financial Services Limited.
- To comply with our legal obligations such as our financial services or regulatory obligations such as our financial services or regulatory obligations, including Financial Conduct Authority, Prudential Conduct Authority and Financial Ombudsman Service rules, regulations and guidance.
With your consent or explicit consent:
- For some direct marketing communications which are not based on our legitimate interests;
- For some of our profiling and other automated decision making which is not required for contractual or legal purposes; and
- For some of our processing of special categories of personal data, such as about your health, if you are a vulnerable customer or some criminal records information, if another legal basis does not apply.
Necessary for a public interest, such as:
- Using special categories of personal data, such as about your health, criminal records information (including alleged offences) if this is needed to quote for or administer a policy, including assessing the risk of providing you with the Roadside policy or product; and
- Using special categories of personal data about your health or needs (if you are a vulnerable customer) including assessing the risk of providing you with a policy or product.
Sharing and disclosures of your personal data
The categories of third parties we use are listed below. We will use these third parties for all the reasons we have described in this notice and they may process the types of personal information we also hold or use.
- With AA Group and AA branded companies, including but not limited to Automobile Association Developments Limited (including AA Breakdown Services and AA/BSM Driving School), Automobile Association Insurance Services Limited, Automobile Association Underwriting Insurance Company Limited and AA Financial Services Limited;
- With account beneficiaries if they use a service you have with us;
- With any parties involved in a claim if they need to receive information to allow us to handle a claim made by you or against you, or if either insurer needs to investigate a case of fraud;
- With service providers who are a part of providing products and services to you or help us to operate our business;
- With other breakdown organisations in other countries if you have European Breakdown Cover and need assistance abroad;
- Police and law enforcement agencies if we are required, or to support a criminal investigation;
- Governmental and regulatory bodies such as HMRC, DVSA, DVLA, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman’s Service, and the Information Commissioner’s Office;
- Organisations and businesses who provide services to us under our authority such as service providers, debt recovery agencies, IT companies, and suppliers of business support services;
- Credit Reference and Fraud Prevention Agencies (see below); and
- Market research organisations who help us to develop and improve our products and services.
Withdrawing your consent
Where we rely on your consent, you can withdraw it at any time by using the contact details in the Contact Us section below.
Transfers outside of the UK and Europe
Your personal information may be transferred outside the UK or European Economic Area, for example to service providers. If we do so, we’ll make sure that suitable safeguards are in place where required, for example by using approved contractual agreements or other legal arrangements unless certain exceptions apply.
Sharing with credit reference and fraud prevention agencies
If you apply for credit or take a product on the basis of us offering credit, to process your application we will perform credit, risk and identity checks on you with one or more Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). When you take out a Roadside policy or product from us we will also make periodic searches at CRAs to manage your account with us. To do this, we and our underwriters supply your personal information to CRAs and FPAs, and they will give us information about you. This will include information about your financial situation and financial history. CRAs and FPAs will supply to us both public (including the electoral register) and shared credit, financial situation, insurance and financial history information and fraud prevention information.
If you have credit, we any continue to exchange information about you with CRAs and FPAs while you have a relationship with us, and if necessary afterwards. We will also notify the CRAs about your settled accounts. The identities of the CRAs and FPAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on our website. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you’re making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
For some products and services, we and our underwriters may also use FRAs such as the Motor Insurance Database, Claims Underwriting Exchange, and commercially available insurance fraud prevention services and claims services in order to prevent, detect and investigation potential fraudulent insurance policy applications and claims. We will share information with FRAs about your insurance policy application and policies in order to help us do this. This information may be given to other organisations. We will also use digital fraud prevention organisations to help us identify devices linked to fraud. This information, which can include device ID and IP address, may be shared with fraud prevention organisations who in turn may make it available to other companies.
We will also use FPAs, such as Experian and commercially available fraud prevention services and claims services to prevent, detect and investigation potential fraud. We will share information with FPAs about your application and policies in order to help us do this. This information will be given to other organisations. More information can be found here.
Changes to your data
You should tell us if the personal information you have provided to us changes so that we can update our records. The contact details for this purpose are in your policy documents. We’ll then update your records if we can.
We may monitor communications with you, where permitted by law. We do this for quality control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, to protect the security of our communications, data, and systems, and to enforce compliance with our internal policies.
Use of automated decisions
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. We do this to decide whether to offer you a product or service, to determine the risk of doing so, the price we will offer, whether to offer you credit, what terms and condition to offer you, assess lending, insurance and business risks, or to assess what payment methods we can offer you. We may do this using data from other parts of the AA (AA Group and AA branded companies) and policy underwriters, including product or services details (including usage of claims made) and telematics data captured, including on your vehicle, driving behaviour and location information.
To understand the logic involved in this and why we do this, you may wish to consider the following example:
- Assess your credit worthiness and ability – for example, if you are applying for credit and have a history of late or non-payment of debts, we may not able to offer you credit or do so at a higher rate.
- Assess our ability to offer our products and services and manage those accounts – for example, we will take account of your history of using your policy or policies. If you or your beneficiaries make claims or have calls outs or, or if we have concerns about potential use of a policy (for example, if you are in breach of the conditions) or circumstances this may result in a higher risk being assigned to you, meaning you may be quoted a higher price or a policy being declined or cancelled.
- Assess the risk of fraud – if we believe there is a significant risk of fraud, based on the information we hold or that is available to us, we may decline your application, quote a higher price or decline or cancel your policy or application.
We do this because it is necessary for entering into or performing the relevant insurance or credit agreement with you. We may do so if it is authorised by law or is based on your explicit consent.
Retention of your personal data
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we provide products or services to you and then for as long as someone could bring a claim against us;
- To comply with legal and regulatory requirements or guidance; or
- For as long as we have reasonable business needs.
Your data protection rights
Here is a list of the rights that all individuals have under UK data protection laws. They don’t apply in all circumstances so your request may not always be granted. If you wish to use any of them, we will explain when we respond to you if they apply or not, or if we will comply or not with your request, including the reasons why.
- The right to be informed about the processing of your personal information;
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased;
- The right to request access to your personal information and how we process it;
- The right to move, copy or transfer your personal information; and
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws - https://ico.org.uk/. You can contact our DPO for more details on all the above.
You have a right to object
You have the right to object to certain purposes for processing, in particular to data used for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the contact details in your policy documents or listed below to exercise these rights.
Opting out of marketing
You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication. You can also email [email protected]
Changes to this privacy notice
We may change this privacy notice from time to time to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes periodically –
Contact Us or our DPO
You can use the contact details in your policy book or you can go to the Contact Us section of our website. Alternatively, you can write to AA PLC, Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA, marking it for the attention of the DPO or email [email protected]