When you sign up we get following information directly from you:
User Information: Names, date of birth, gender, country.
Contact details: Email address, phone number, home address.
Identity documents: Driving licence, ID card, private hire documents.
Payment details: card details, bank account details.
Details about your vehicle: Registration number,specifications, any modifications, details of other insurance you have for the vehicle, MOT details.
Work provider information: who you work for/with.
Past claims: Details about any claims you have had in the past on your other insurance policies.
Motoring Convictions: Details of any past motoring convictions.
We then perform checks to make sure we can insure you and to double check this information. We get the following information from those checks:
Past claims - More specific details on your past claims such as which insurer you claimed under and the policy that was affected.
Motoring convictions - More specific details on your past convictions such as outcome and amounts fined.
Identity validation - Checking against the information you gave us to make sure it is all correct.
Then when you are using our services we gather:
Telematic information - if you have an approved telematics device installed we collect data to do with your; driving behaviour, vehicle, location and video / audio recordings while driving. We analyse this data so that we can create fairer and more accurate pricing for our products.
The hours you work - we get the hours you work from your work providers app when you are using it. It is all integrated so that you really do get insurance for when you are working and not when you don’t need it.
We collect all of this information so that we can provide you with insurance. Depending on what data it is we have different lawful bases for collecting/using it.
Performance of contract - Most of the things we do and data we collect is because we need to in order to provide you with your insurance. For example when we need to make you policy documents, provide you with cover or make sure we can cover you.
Legal obligation - Sometimes the law tells us what we need to do with your data. For example when we are running checks on your data we are doing it to meet regulatory or legal requirements and we have to legally keep your data for certain amounts of time.
Consent - Sometimes we may process your data and we will ask for your consent. In these cases it is your decision whether or not we process the data in that way and you are able to change your mind at any time. An example of this will be for marketing - you can choose to receive it or not at any time straight from your account.
Legitimate Interests - We may need to process your data for the legitimate interests of improving our products and services. Eg. Processing your telematics data in order to create fairer and more tailored pricing for our products.
We are the data controller for your information. We do use other people to process some of your data and in some cases the Insurers we use will be considered the joint controller of your information.
We share your information with the following (processors):
Insurers/Intermediaries/reinsurers: To administrate your insurance
Claims processors: To deal with your claims
Premium finance: When we need to arrange your credit
Government, regulatory and legal bodies including the Financial Ombudsman Service and the FCA- to make sure we meet our legal requirements.
The MID/MIB: The Motor Insurance Database (MID) which is managed by the Motor Insurance Bureau (MIB) legally require us to upload your policy information. This information may be used by the police, the DVLA, DVANI and the Insurance fraud bureau or other bodies permitted by the law. We upload our policies through a company called MDS.
Identity/fraud/legal check providers: Such as Onfido, Cue and MyLicence to perform our legal checks.
Payment services: We use Stripe to process your payments and Xero to run finance reports. We may use your bank for payments and refunds.
Work Providers: We may contact your work providers if needed to in relation to your insurance.
People who contact us on your behalf: Friends or family if you have given your consent. This could also include lawyers, criminal offices or others who contact us legally on your behalf - once we have verified their identity.
Service providers: Zendesk for customer service, Amazon for our databases, Google and slack for our internal correspondence and other providers in order to run our day to day business.
All of our services are in the EU where we are able to have them. We have safeguards in place including contractual clauses to ensure where the data is processed outside of the EU the company meets the standards as required by the EU law.
If you give us information about another person (for example a family member or a client), it is your responsibility to ensure and confirm that:
you have told the individual who Zego is and how we use personal information (as set out in this Privacy Notice); and
you have permission from this individual to provide their personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Notice.
We will keep your information for as long as you are a customer with us and after that for as long as the law denotes. We keep:
Claims information for 3 years after settlement based on the Data Protection Regulation.
Complaints information for between 3 and 7 years based on Data Protection Regulation, HMRC and Financial Services guidelines.
Financial data for between 7 and 10 years based on the Companies Act and HMRC.
Sales information for 6 years based on HMRC requirements.
Contract information for at least 6 years based on the Limitations Act 1980.
Policy documents/ schedules and disclosures for up to 12 years after they lapse based on industry standards.
Now that the law has changed you have so many more rights than you had before! Below are all your rights in no nonsense language but just in case you want to know their official data protection name will be in bold.
Companies have to tell you now what happens with your data. We do this through our privacy notice and if it ever changes - we will always let you know. “The right to be informed”
You can request all of the data we hold on you and there is no fee for doing so! This is the same for all companies and we must send you your data within 30 days now. “The right of access”.
Do you think something we hold on your is incorrect? We will do everything we can to make sure our information is accurate but if you can show us it is not just ask us to change it and we will. “The right to rectification”
You can ask us to delete your data if a) we no longer need it b) if you have given us your consent and now want to remove that consent c) we have got the data unlawfully. “The right to erasure”
You can ask us to a) make our data more accurate b) stop using your data if you think it we are using it illegally and you don’t want us to delete it just restrict what we are doing c) you don’t want us to delete it but do want us to stop using it whilst you are trying to make a legal claim d) we are using legitimate interests to use it and you do not agree we have them. “The right to restriction”
If you want the data you gave us so that you can give it to someone else - even another insurance provider - we can give it to you. “The right to data portability”
You can say no to a) direct marketing b) to use using your data for ‘public tasks’ or ‘legitimate interests’ or ‘research purposes’ “The right to object”
We use computers sometimes to help us - everyone does these days! We use computers to make sure you meet our underwriting criteria, to make sure your data is accurate and for verification or identity checking. If you think the decision that has been made is incorrect or unfair or just are not happy with it you can ask us to have a human being review the decision. “Rights related to automated decision making including profile”
We ask for your consent to contact you about things that are not directly to do with your current contract with us. For marketing, for offers and maybe in the future for new things. When we ask you consent you can at any time change your mind.
provide you with new product information and offers for Zego’s products and services via marketing tailored to you, whether on Zego, or by direct marketing (e.g. phone, e-mail, text, social networking channels, post); and
use information we hold about you to help us identify, tailor and package our products and services, determine pricing and offer discounts that may be of interest to you.
We want you to have control over how we use your information to make offers and how we communicate these to you.
We will always give you the opportunity to ‘opt out’ of direct marketing when you complete a registration with us or receive any email, text or other direct marketing communication.
We will not use sensitive personal details (such as information relating to your health record or any criminal issues) in order to provide you with marketing, discounts or pricing unless you have given your explicit consent to allow us to use this information for these purposes.
Zego are not currently big enough to have a Data Protection Officer - we do not carry out large scale systematic monitoring or large scale processing of special categories of data. Zego do have a Data Protection Practitioner and Head of Regulatory Compliance. You can contact her at any time in relation to your data protection queries:
Head of Regulatory Compliance
Unit 3.09, Tea Building
56 Shoreditch High Street
We may amend this Privacy Notice from time to time for example, to keep it up to date or to comply with legal requirements we will let you know if and when we do.
If you choose to exercise your legal rights, we have a form for making a requestExercise your rights
(this will take you to an external website)