AA Financial Services privacy notice

This privacy notice lets you know what happens to the personal data we use and hold when you, and any beneficiaries, hold or use a financial services product with us.

You can also read our AA Group privacy notice and our AA Lease privacy notice.

If you provide us with personal information on behalf of another person, you must make sure that it’s accurate, up to date and that you have their authorisation. You should make sure that you provide them with a copy of this Privacy Notice or let them know how to access it. Where this privacy notice refers to 'you', this also includes personal data about anyone else named on the product or anyone whose data you provide us with.

The AA and our Data Protection Officer

Personal data we hold and use

Sources of personal data

Reasons for using your personal data

Sharing and disclosures of your personal data

Withdrawing your consent

Transfers outside of the UK or EEA

Sharing with credit reference agencies and fraud prevention agencies

Monitoring communications

Use of automated decisions

Changes to your data

Retention of your data

Your data protection rights

You have a right to object

Changes to this privacy notice

The AA and our Data Protection Officer

We are The AA. Our main address is Level 3, Plant, Basing View, Basingstoke, Hampshire, England, RG21 4HG.

The data controllers of our financial services products are AA Financial Services Limited and, separately, the provider of your banking products (e.g. savings, loans), including but not limited to NatWest Boxed Limited. If there’s a different data controller, or where we act as joint data controllers, this will be stated in the terms and conditions of the product or in a separate product privacy notice.

We have a Data Protection Officer who you can contact by using the contact details at the bottom of this notice. Where there’s another data controller, please refer to their separate privacy notice for details of how to contact them.

Personal data we hold and use

We hold and use several different types of personal information about you and any beneficiaries.

The list below sets out the types of data we process for our financial services products. If you hold breakdown cover or other products or services, you should also read the privacy notice for those products or services to understand what else we might hold.

Personal and contact details, your date of birth, gender and/or age;
Details of product beneficiaries, users or applicants;
Records of your contacts with us and payment details;
Details of products and services you hold or have held, your use of them, any claims or breakdowns, and any expressions of interest in The AA or its business partners (including but not limited to NatWest Boxed Limited). These will include details of products, services, claims, usage of other AA services such as AA Breakdown Services, AA Driving School and BSM, AA Cars, AA Insurance Services, and other AA branded services;
Pricing and risk data about you, your beneficiaries, or policyholders and applicants. This is data used, for example, to assess or make a decision about insurance risk, decide or set pricing or risk levels, and decide whether we can offer or continue to offer you a product or service. This will use details of your AA product or service holdings (including your usage, claims and breakdown history), credit data, marketing profiles and analysis of you we hold, instances of suspected fraud, data from third parties (see below), property and location details, vehicle details, driving history, and telematics details.
Marketing information, including any records of marketing communications, details of what you may be interested in, analysis and profiles we build up about you and your interests, through products held with The AA and our banking partners (including but not limited to NatWest Boxed Limited) and whether you open or read communications or links;
Vehicle information, including usages, any breakdowns and faults;
Telematics and connected car information about your vehicle (including assessing and predicting faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style), location and routes taken. This will be the case if you have Smart Insurance, Smart Breakdown or a Car Genie device, or one of our other telematics or connected car products;
Information which we obtain from Credit Reference Agencies and Fraud Prevention Agencies (see section 7);
Fraud, debt and theft information related to any of the products you hold with The AA;
Criminal records information, including alleged offences;
Information about your health or if you’re a vulnerable customer, if this is needed for your product;
Information about your property, such as location, value, number of rooms, property type and building work you’ve had done. Also, property and occupier status, such as whether you’re a tenant, live with parents, or are an owner occupier of the property where you live at the time of your application;
Information about your employment status, where needed for the product or policy;
Your marital status, family, lifestyle, education or qualifications, or social circumstances, for example, the number of dependents you have or if you’re a widow or widower;
Information from third parties (including but not limited to NatWest Boxed Limited), including demographic information, vehicle details, details of outstanding finance, claims details, data fraud prevention databases, property, geographic and demographic details, marketing data, publicly available information (e.g. electoral roll and court judgments), and information to help improve the relevance of our products and services or to help us manage our products and services, pricing or risk;
Details of your use of any of our websites or apps, details of your phone and its software (e.g. browser and set up information), browsing history, and other details obtained through cookies or similar technologies (see our cookie policy for more details); and
Third party transactions; such as where a person other than the account holder pays for or uses the service.

We may be unable to provide you with our products or services if you don’t provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

Sources of personal data

The information we hold comes from different sources. These are:

You directly, and any information from family members, associates or beneficiaries of products and services (for example, if they are authorised to act for you or are allowed to use a service you have with us);
The AA Group if you already have a product, have applied for one, or have held one previously;
Information generated about you when you use our products and services;
Business partners e.g. financial services institutions (including but not limited to NatWest Boxed Limited), insurers, account beneficiaries, or others who we work with to provide products or services or quotes to you;
Anyone who provides instructions or operates any of your accounts, products or services on your behalf
(e.g. Power of Attorney, solicitors, intermediaries, etc);
From sources such as fraud prevention agencies, credit reference agencies, other lenders, HMRC, publicly available directories and information (e.g. telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, regulators, government departments or agencies, organisations to assist in prevention and detection of crime, police and law enforcement agencies; and
Information we source about you or customers generally from commercial third parties, including demographic information, vehicle details, claims data, fraud information, marketing data, publicly available information, property and other information to help improve our products and services or our business.

Reasons for use of your personal data

The reasons for using your personal data are below. We’ve arranged them according to the lawful basis that allows us to use the data. This list applies to The AA.

1) To provide you with our products or services or decide whether to do so:

a) Assessing an application for a product, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method, and the terms of the product held with us;

b) Providing you with your product and any other products or service held with The AA and under The AA brand;

c) Communicating with you and holding records about our dealings and interactions with you, your fellow applicants and beneficiaries;

d) Making decisions about you or your product, including your continued suitability for it, the risk of providing you with the product, assessing compliance with the policy terms;

e) To manage the operation of our business and those of our respective financial services partners (including but not limited to NatWest Boxed Limited);

f) To carry out checks at Credit Reference and Fraud Prevention Agencies pre-application, at application, and periodically after that;

g) For analysing, assessing and profiling aspects of you;

h) For analysing and profiling aspects of your home or property in relation to quoting for and managing your product, including the continued assessment of risk of you and your property, and continued compliance with product conditions;

(i) Updating your records, tracing your whereabouts, recovering debt, or validating the information you’ve provided is correct;

(j) To make automated decisions, including profiling, on whether to offer you a policy or a product, or the price, payment method, risk or terms of it;

(k) To share information with business partners (including but not limited to NatWest Boxed Limited) as required for quoting, assessing your application, or managing your product, and as needed with account beneficiaries, service providers to us or otherwise as part of providing, administering or developing our products and services or our business; and

(l) To enable The AA Group to provide you with your products and services, quote for products and services, or manage products and services you hold.

2) For our legitimate interests:

a) To develop our financial services products and any other products or service;

b) To continually develop, improve and manage risk assessment and pricing methods and models;

c) To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels;

d) To link together your AA products and services - including enabling you to view these in a single account or profile, linking together your accounts on our systems, and using this combined view for the purposes listed in this section;

e) To test the performance of our products, services, and processes and systems;

f) To improve the operation of our respective business, for example, by improving customer service and operational performance and efficiency;

g) To develop new products and services, and to review and improve current products and services;

h) For management and auditing of our business operations;

i) To monitor and to keep records of our communications with you and our staff (see below);

j) For marketing analysis and related profiling to help us offer you relevant products and services, including deciding whether or not to offer you certain products and services;

k) To understand our customers, your use of our products and preferences, and to develop models, including developing profiles, algorithms and statistical models for these purposes;

l) To send marketing by text, email, phone, post, social media and digital channels (e.g. using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services such as cars, roadside assistance, money and financial services, insurance, travel and member offers, as well as to any other offers and advice we think may be of interest;

m) To carry out checks at Credit Reference and Fraud Prevention Agencies to enable us to provide you with personalised offers (these will be soft searches that don’t affect your credit rating);

n) To provide insight and analysis of our customers both for ourselves and business partners based on your policy, your use of it, your other policies and the use of them, and possible future opportunities;

o) For market research, profiling, and analysis and developing statistics to support any of the purposes listed in the notice;

p) For profiling and decision making for purposes listed;

q) To facilitate the sale of one or more parts of our business;

r) To share information with business partners as necessary for the purposes listed; and

s) To enable other AA Group companies to perform any of the above purposes.

3) To comply with our legal obligations such as our financial services or regulatory obligations, including Financial Conduct Authority, Prudential Conduct Authority and Financial Ombudsman Service rules, regulations and guidance.

4) With your consent or explicit consent:

a) For some direct marketing communications which aren’t based on our legitimate interests;

b) For some of our profiling and other automated decision making which isn’t required for contractual or legal purposes; and

c) For some of our processing of special categories of personal data such as about your health, if you’re a vulnerable customer, or some criminal records information, if another legal basis doesn’t apply.

5) For a public interest, such as:

d) Using special categories of personal data such as your health, or criminal records information (including alleged offences) to quote for or administer a financial product, including assessing the risk of providing you with the financial product;

e) Using special categories of personal data about your health or needs (if you‘re a vulnerable customer), including assessing the risk of providing you with insurance.

Sharing and disclosures of your personal data

The categories of third parties we use are listed below. We’ll use these third parties for all the reasons we have described in this notice, and they may have access to the type of personal information we hold or use.

With AA Group and AA branded companies, including but not limited to Automobile Association Developments Limited (including AA Breakdown Services and AA/BSM Driving School), Automobile Association Insurance Services Limited, AA Underwriting Insurance Company Limited and Used Car Sites Limited (trading as AA Cars);
With the provider of your financial services product (including but not limited to NatWest Boxed Limited) or alternative providers, should you be declined;
With account beneficiaries if they use a service you have with us;
With service providers who are a part of providing products and services to you or help us to operate our business;
With any parties involved in a claim if they need to receive information to allow us to handle a claim made by you or against you, or if we or a business partner need to investigate a case of fraud;
Police and law enforcement agencies if we’re required or need to support a criminal investigation;
Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman’s Service, and the Information Commissioner’s Office;
Organisations and businesses who provide services to us under our authority such as service providers, debt recovery agencies, IT companies, and suppliers of business support services;
Credit Reference and Fraud Prevention Agencies (see below);
Third parties who help us identify, assess, or manage risk or pricing;
Authorised third parties, where there’s a lawful basis to do so, for any of the purposes specified within this privacy notice, and
Market research organisations who help us to develop and improve our products and services.

Withdrawing your consent

If we rely on your consent, you can withdraw this at any time. Use the contact details below.

Transfers outside of the UK or EEA

Your personal information may be transferred outside the UK or European Economic Area, for example to service providers. If we do so, we’ll make sure that suitable safeguards are in place where required, for example contractual agreements or other legal arrangements, unless certain exceptions apply.

Sharing with credit reference agencies and fraud prevention agencies

To process a quote or application for a product, we’ll perform credit, risk and identity checks on you with one or more credit reference agencies (CRAs) and Fraud Prevention Agencies (FRAs). Where you take insurance, financial or credit from us we may also make periodic searches at CRAs to manage your account with us. To do this, we’ll supply your personal information to CRAs and FRAs, and they’ll give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs and FRAs will supply to us both public (including the electoral register) and shared credit, financial situation, insurance and financial history information and fraud prevention information.

We will, and any proposed or appointed underwriters for your policy will, use this information to:

Assess your creditworthiness and whether you can afford to take out the product;
Assess our ability to offer you our products and services,
Verify the accuracy of the data you’ve provided to us;
Prevent criminal activity, fraud and money laundering;
Manage your account(s);
Assess payment methods available to you;
Trace and recover debts; and
Make sure any offers provided to you are appropriate to your circumstances.

We’ll continue to exchange information about you with CRAs and FRAs while you have a relationship with us, and if necessary afterwards. We’ll also notify the CRAs about your settled accounts. If you borrow and don’t repay in full and on time, CRAs will record the outstanding debt. This information may be given to other organisations by CRAs. The identities of the CRAs and FRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods, and your data protection rights with the CRAs, are available on request.

When CRAs receive a search from us they’ll place a search footprint on your credit file that may be seen by other lenders. If you’re making a joint application, or tell us that you have a spouse or financial associate, we and our underwriters will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together. These links will remain on your and their files, until you or your partner successfully files for a disassociation with the CRAs to break that link.

We and our underwriters may also use commercially available insurance fraud prevention services and claims services, in order to prevent, detect and investigate potential fraudulent insurance policy applications and claims. We’ll share information with FRAs about your insurance policy application and policies to help us do this. This information may be given to other organisations. More information can be found on our AA Group privacy notice.

Monitoring communications

We may monitor communications with you, where permitted by law. We do this for quality control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, and to protect the security of our communications and data to enforce compliance with business polices.

Use of automated decisions

We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. We do this to decide whether to offer you a product or service, to determine the risk of doing so, the price we’ll offer, whether to offer you credit, what terms and condition to offer you, assess lending, insurance and business risks, or to assess what payment methods we can offer you. We may do this using data from other parts of The AA Group and underwriters, including product or services details (including usage of claims made) and telematics data captured including on your vehicle, driving behaviour and location information.

These examples illustrate the logic involved and why we do this:

Assess your credit worthiness and ability - for example, if you’re applying for credit and have a history of late or non-payment of debts, we may not be able to offer you credit or we may do so at a higher rate.
Assess our ability to offer our products and services and manage those accounts – for example, if you or your beneficiaries have a history of making claims on insurance policies, or if we have concerns about potential use of a policy (for example, if you’re in breach the conditions of it) or financial status, this may result in a higher risk being assigned to you meaning you may be quoted a higher price or a product being declined or cancelled.
Assess the risk of fraud - if we believe there’s a significant risk of fraud, based on the information we hold or that’s available to us, we may decline your application, quote a higher price, or decline or cancel your policy or application.

We do this because it’s necessary for entering into or performing the relevant insurance or credit agreement with you. We may do so if it’s authorised by law or is based on your explicit consent.

Changes to your data

You should tell us so that we can update our records. The contact details for this purpose are in your policy documents. We’ll then update your records if we can.

Retention of your data

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

For as long as we have reasonable business needs;
For as long as we provide products or services to you, and then for as long as someone could bring a claim against us; or
To comply with legal and regulatory requirements or guidance.

Your data protection rights

Here’s a list of the rights that all individuals have under UK data protection laws. They don’t apply in all circumstances so your request may not always be granted. If you want to use any of them, we’ll explain at that time if they apply or not, and if we’ll comply or not with your request, including the reasons why.

The right to be informed about the processing of your personal information;
The right to have your personal information corrected if it’s inaccurate, and to have incomplete personal information completed
The right to object to processing of your personal information;
The right to restrict processing of your personal information;
The right to have your personal information erased;
The right to request access to your personal information and how we process it;
The right to move, copy or transfer your personal information; and
Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws. You can contact our DPO for more details on all the above.

You have the right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us to exercise these rights.

Opting out of marketing

You can stop our marketing at any time by contacting us on the details below, emailing [email protected] or following the instructions in the communication.

Changes to this privacy notice

We may change this privacy notice from time to time to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes periodically – all of The AA's privacy notices can be found here.

Contact us or our Data Protection Officer

You can use the contact details in your policy book or you go to the Help section of our website. Alternatively, you can write to the Data Protection Officer at:

AA Financial Services Limited, Level 3, Plant, Basing View, Basingstoke, Hampshire, England, RG21 4HG, marking it for the attention of the DPO or email [email protected].

Where there is another data controller, please refer to their separate privacy notice for details of how to contact them.