Privacy Notice - Zego customers
What data do we collect and how do we collect it?
When you sign up for personal insurance products through Zego directly, become insured through one of our fleet partners or brokers, information we usually get from you and/or our partners include:
User Information: Names, date of birth, gender, country.
Contact details: Email address, phone number, home address.
Identity documents: Driving licence, ID card, private hire documents.
Payment details: card details, bank account details.
Details about your vehicle: Registration number,specifications, any modifications, details of other insurance you have for the vehicle, MOT details.
Work provider information: who you work for/with.
Past claims: Details about any claims you have had in the past on your other insurance policies.
Motoring Convictions: Details of any past motoring convictions.
We use Automated Decision Making (ADM) based on the information you provide to assess whether you meet the underwriting criteria for the insurance product you have selected.
ADM and profiling will also be used to assess your information in relation to your risk profile as a driver. Zego may share your data with third parties and in return receive additional (enriched) information that can be used to provide you with a more tailored price for your insurance. At all times, privacy remains paramount and we will endeavour to minimise the data shared at every opportunity.
You have the right to request someone to review the automatic decision made using our privacy Portal which you can find here.
Additionally, your enriched personal information may also be used to get a better understanding of your risk and help in creating risk profiles of our customers. These profiles will enable Zego to determine their potential insurance risk score in more granular detail. In turn this will allow Zego to build fair pricing for our insurance products in the future. Special categories of personal data may be used for profiling where relevant, such as past motoring convictions.
You have the right to object to this processing at any time. You can exercise your right to object through our privacy Portal which you can find here.
We then perform checks to make sure we can insure you. Information we get from those checks includes:
Past claims - More specific details on your past claims such as which insurer you claimed under and the policy that was affected.
Motoring convictions - More specific details on your past convictions such as outcome and amounts fined.
Identity validation - Checking against the information you gave us to make sure it is all correct.
Then when you are using our services we gather:
Telematics information - if you have an approved telematics device installed we collect data to do with your; driving behaviour, vehicle, GPS location, phone use.. We analyse this data so that we can create fairer and more accurate pricing for our products. In certain cases this involves creating risk profiles of customers.
The shifts you work - we get the shifts you work from your work providers app when you are using it. It is all integrated so that you really do get insurance for when you are working and not when you don’t need it.
Video/audio recordings while driving - where you have a video camera installed, we would request that information from you if there is an accident or a claim.
Is it legal?
We collect all of this information so that we can provide you with insurance. Depending on what data it is we have different lawful bases for collecting/using it.
Performance of contract - Most of the things we do and data we collect is because we need to in order to provide you with your insurance. For example when we need to make you policy documents, provide you with cover or make sure we can cover you. Our use of Automated Decision Making also takes place for the performance of a contract.
Legal obligation - Sometimes the law tells us what we need to do with your data. For example when we are running checks on your data we are doing it to meet regulatory or legal requirements and we have to legally keep your data for certain amounts of time.
Consent - Sometimes we may process your data and we will ask for your consent. In these cases it is your decision whether or not we process the data in that way and you are able to change your mind at any time. An example of this will be for marketing - you can choose to receive it or not at any time straight from your account.
Legitimate Interests - We may need to process your data for the legitimate interests of improving our products and services. For example enriching and analysing your data so that we can get a better understanding of your risk as a driver allowing us to create fairer pricing in our insurance products.
Does anybody else get the data and where is it?
We are the data controller for your information. We do use other people to process some of your data and in some cases the Insurers we use will be considered the joint controller of your information.
We share your information with the following (processors):
Insurers/Intermediaries/reinsurers: To administrate your insurance
Claims processors: To deal with your claims
Fleet customers: This is necessary to provide fleet insurance policies.
Telematics services: We have partnered with third party telematics service providers, including aggregator services, in order to obtain and use data related to your driving behaviour in connection with your insurance contract.
Premium finance: When we need to arrange your credit
Government, regulatory and legal bodies including the Financial Ombudsman Service and the FCA- to make sure we meet our legal requirements.
The MID/MIB: The Motor Insurance Database (MID) which is managed by the Motor Insurance Bureau (MIB) legally require us to upload your policy information. This information may be used by the police, the DVLA, DVANI and the Insurance fraud bureau or other bodies permitted by the law. We upload our policies through a company called MDS.
Identity/fraud/legal check providers: Such as Onfido, Cue and MyLicence to perform our legal checks.
Enhanced data providers: Zego shares your data with selected third party services (such as Lexis Nexis) in order to gain a greater insight into your risk profile as a driver and improve our products
Payment services: We use Stripe to process your payments and Xero to run finance reports. We may use your bank for payments and refunds.
Work Providers: We may contact your work providers if needed to in relation to your insurance.
People who contact us on your behalf: Friends or family if you have given your consent. This could also include lawyers, criminal offices or others who contact us legally on your behalf - once we have verified their identity.
Service providers: Salesforce for customer service, Amazon Web Services for our data storage, Google and slack for our internal correspondence and other providers in order to run our day to day business.
Other insurance brokers: If we are unable to get an insurance quote for you we may share your details with other trusted insurance brokers we work with in order to help you get the cover you need.
Sift: They are a third party processor that Zego will share your information with for fraud detection and prevention purposes. Full details about how Sift will use your data can be found in their Privacy Notice here.
All of our services are in the EU where we are able to have them. We have safeguards in place including contractual clauses to ensure where the data is processed outside of the EU the company meets the standards as required by the EU law.
Personal information of others
If you give us information about another person (for example a family member or a client), it is your responsibility to ensure and confirm that:
you have told the individual who Zego is and how we use personal information (as set out in this Privacy Notice); and
you have permission from this individual to provide their personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Notice.
How long do we keep it for?
We will keep your information for as long as you are a customer with us and after that for as long as the law denotes. We keep:
Claims information for 7 years after settlement based on the Data Protection Regulation.
Complaints information for between 3 and 7 years based on Data Protection Regulation, HMRC and Financial Services guidelines.
Financial data for between 7 and 10 years based on the Companies Act and HMRC.
Sales information for 6 years based on HMRC requirements.
Contract information for at least 6 years based on the Limitations Act 1980.
Policy documents/ schedules and disclosures for up to 12 years after they lapse based on industry standards.
What are your rights?
Now that the law has changed you have so many more rights than you had before! Below are all your rights in no nonsense language but just in case you want to know their official data protection name will be in bold.
The right to know and understand what happens with your data
Companies have to tell you now what happens with your data. We do this through our privacy notice and if it ever changes - we will always let you know. “The right to be informed”
The right to get a copy of your personal data
You can request all of the data we hold on you and there is no fee for doing so! This is the same for all companies and we must send you your data within 30 days now. “The right of access”.
The right to change your personal data if it is incorrect
Do you think something we hold on your is incorrect? We will do everything we can to make sure our information is accurate but if you can show us it is not just ask us to change it and we will. “The right to rectification”
The right to have your data deleted
You can ask us to delete your data if a) we no longer need it b) if you have given us your consent and now want to remove that consent c) we have got the data unlawfully. “The right to erasure”
The right to stop us doing some things with your data
You can ask us to a) make our data more accurate b) stop using your data if you think it we are using it illegally and you don’t want us to delete it just restrict what we are doing c) you don’t want us to delete it but do want us to stop using it whilst you are trying to make a legal claim d) we are using legitimate interests to use it and you do not agree we have them. “The right to restriction”
The right to have a copy of your data your data so you can use it elsewhere
If you want the data you gave us so that you can give it to someone else - even another insurance provider - we can give it to you. “The right to data portability”
The right to say no
You can say no to a) direct marketing b) to use using your data for ‘public tasks’ or ‘legitimate interests’ or ‘research purposes’ “The right to object”
The right to ask us to use people instead of computers to make our decisions
We use computers sometimes to help us - everyone does these days! We use computers to make sure you meet our underwriting criteria, to make sure your data is accurate and for verification or identity checking. If you think the decision that has been made is incorrect or unfair or just are not happy with it you can ask us to have a human being review the decision. “Rights related to automated decision making including profiling”
You have the right to withdraw your consent - at any time
We ask for your consent to contact you about things that are not directly to do with your current contract with us. For marketing, for offers and maybe in the future for new things. When we ask you consent you can at any time change your mind.
Managing your marketing preferences
provide you with new product information and offers for Zego’s products and services via marketing tailored to you, whether on Zego, or by direct marketing (e.g. phone, e-mail, text, social networking channels, post); and
use information we hold about you to help us identify, tailor and package our products and services, determine pricing and offer discounts that may be of interest to you.
We want you to have control over how we use your information to make offers and how we communicate these to you.
We will always give you the opportunity to select the types of marketing that you would like to receive when you complete a registration with us or receive any email, text or other direct marketing communication.
We will not use sensitive personal details (such as information relating to your health record or any criminal issues) in order to provide you with marketing, discounts or pricing unless you have given your explicit consent to allow us to use this information for these purposes.
Who can you contact?
If you would like to contact someone at Zego in regards to your personal data you can email our Compliance Team:
5th floor, FORA Shoreditch
21-33 Great Eastern St
Changes to this Privacy Notice
We may amend this Privacy Notice from time to time for example, to keep it up to date or to comply with legal requirements we will let you know if and when we do.
If you choose to exercise your legal rights, we have a form for making a requestExercise your rights
(this will take you to an external website)