AA Insurance privacy notice
This privacy notice tells you what happens to your personal data when you, your joint policy holders and beneficiaries hold an insurance product with us.
You can also view the:
AA Underwriting Insurance Company Limited privacy notice
If you provide us with personal information on behalf of another person, you must have their authorisation to do so, and it must be accurate and up to date. You'll need to give them a copy of this privacy notice, or tell them how to access this page. Where this privacy notice refers to 'you', this also includes personal data about anyone else named on the policy or anyone whose data you provide us with.
The links below show how we use your personal information.
- The AA and our Data Protection Officer
- Personal data we hold and use
- Sources of personal data
- Reasons for using of your personal data
- Sharing and disclosures of your personal data
- Withdrawing your consent
- Transfers outside of the UK or EEA
- Sharing with credit reference agencies, fraud prevention agencies and third-party specialists
- Changes to your data
- Monitoring communications
- Use of automated decisions
- Retention of your data
- Your data protection rights
- Your right to object
- Changes to this privacy notice
- Contact us or our Data Protection Officer
The AA and our Data Protection Officer
We're the AA, Fanum House, Basing View, Basingstoke, Hampshire RG21 4EA. The data controllers of our insurance products are the Automobile Association Insurance Services Limited and, separately, the underwriter(s) of your policy, which includes the AA Underwriting Insurance Company Limited. We have a Data Protection Officer (DPO), whose contact details are at the bottom of this page.
Back to top
Personal data we hold and use
We, our insurance panel members and underwriters hold and use different types of personal information about you, your policyholders and beneficiaries.
The list below shows the data we process for our insurance products. If you hold breakdown cover or other products and services, you should read their privacy notice to know what other data we might hold.
- Personal and contact details, your date of birth, gender and age.
- Product beneficiaries or users, and policyholders.
- Records of your contacts with us and payment details.
- Details of products and services you hold or have held, your use of them, any claims or breakdowns, and any expressions of interest in the AA or its business partners. These can include AA Breakdown Services, AA Driving School, AA Cars, AA Financial Services and other AA branded services.
- Details of claims made by you or one of your policyholders (including submitted photos and/or videos), or claims made by a third party, and data from industry sources such as the Claims Underwriting Exchange and the Motor Insurance Database (managed by Motor Insurance Bureau).
- Pricing and risk data about you, your beneficiaries or policyholders. This data is used, for example, to assess or make a decision about insurance risk, decide or set pricing or risk levels, and decide whether we can offer or continue to offer you a product or service. The data includes details of your AA product or service holdings (including your usage, claims and breakdown history), credit data, marketing profiles and analysis of you we hold, instances of suspected fraud, driving offences or endorsements, licence details and limitations, data from third parties, property and location details, vehicle details, driving history and telematics details.
- Marketing information, including records of marketing communications, details of what you may be interested in, analysis and profiles we build up about you and your interests, and whether you open or read communications or links.
- Vehicle information, including usages, any breakdowns and faults.
- Telematics and connected car information about your vehicle (including assessing and predicting faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style), and where permitted, the location and routes taken. This will be the case if you have the Vixa app;
- Information which we obtain from credit reference agencies and fraud prevention agencies.
- Fraud, debt and theft information related to any products you hold with the AA.
- Criminal records information, including alleged offences – for example, if you apply for car insurance and we need this information.
- Information about your health or if you're a vulnerable customer, where needed for your insurance policy.
- Information about your property, such as location, value, number of rooms, property type and building work you've had done. Also, property and occupier status, such as whether you're a tenant, live with parents or are an owner occupier of the property where you live at the time of your application.
- Information about your employment status, where needed for your insurance policy.
- Your marital status, family, lifestyle or social circumstances, for example, the number of dependents you have or if you're a widow or widower.
- Information from third parties, including vehicle details, details of outstanding finance, claims details, data fraud prevention databases, property, geographic and demographic details, marketing data, publicly available information (for example electoral roll and court judgments), and information to help improve the relevance of our products and services or to help us manage our products and services, pricing or risk.
- Details of your usage of our websites or apps, details of your phone and its software (for example browser and set up information), browsing history, and other details obtained via cookies or similar technologies. See our cookie policy for more details.
- Third party transactions, such as where a person other than the account holder pays for or uses the service.
We may be unable to provide products or services if you don't give certain information to us. In cases where providing some personal information is optional, we'll make this clear.
Back to top
Sources of personal data
The information we hold comes from:
- You directly, and family members, associates or beneficiaries of products and services – for example, if they're authorised to act for you or are allowed to use a service you have with us.
- AA Group and AA branded companies, if you already have a product with them, have applied for one or have held one previously. These include AA Developments Limited (including AA Breakdown Services and AA and BSM Driving School), AA Financial Services and AA Underwriting Insurance Company Limited.
- A third party and their insurer, if they're making a claim.
- Information generated about you when you use our products and services.
- From an insurer, claims company or an intermediary (for example a comparison site) whom we work with to provide products or services or quote to you.
- Business partners (for example financial services institutions, insurers), account beneficiaries, or others.
- Anyone who provides instructions or operates any of your accounts, products or services on your behalf (for example a power of attorney, solicitors and intermediaries).
- From sources such as fraud prevention agencies, credit reference agencies, other lenders, HM Revenue & Customs, Motor Insurers' Bureau, Claims Underwriting Exchange, publicly available directories and information (for example a telephone directory, social media, internet and news articles), debt recovery and tracing agents, regulators, government departments or agencies, organisations to assist in prevention and detection of crime, the police and law enforcement agencies.
- Information we source about you or customers generally from commercial third parties, including demographic information, vehicle details, claims data, fraud information, marketing data, publicly available information, property and other information to help improve our products and services or our business.
Reasons for using of your personal data
The reasons why and how we use your information are given below. We've arranged them according to the lawful basis that allows us to use the data. The lists apply to us the AA, our insurance panel members and the underwriter(s).
1. To provide you with our products or services or decide whether to do so
a. Assessing an application for insurance, including considering whether or not to offer you the product or service; the price; the risk of doing so; availability of payment method; and the terms of the policy.
b. Providing your insurance policy and any other products or services held with the AA and under the AA brand.
c. Communicating with you, and holding records about our dealings and interactions with you, your fellow policyholders and beneficiaries.
d. Making decisions about you or your policy, including your continued suitability for the policy; the risk of providing you with the policy; and assessing compliance with the policy terms.
e. To manage the operation of our business and those of our respective insurers.
f. To carry out checks at credit reference agencies and fraud prevention agencies pre-application, at application, and periodically after that.
g. For analysing, assessing and profiling aspects of you, your vehicle (including assessing and predicting faults or issues), your driving style, your location and routes taken (for example, if you hold a telematics product), for quoting for and managing your policy, and for the continued assessment of insurance risk and compliance with policy conditions.
h. For analysing and profiling aspects of your home or property, and for quoting for and managing your policy, including the continued assessment of the insurance risk of you and your property, and continued compliance with policy conditions.
i. Updating your records, tracing your whereabouts, recovering debt, or validating the information you've provided is correct.
j. To make automated decisions – including profiling – on whether to offer you a policy, and the price, payment method, risk or terms of it.
k. To share information with business partners (for example underwriters, re-insurers) for quoting, assessing your application, and managing your policy; as needed with account beneficiaries, and service and payment providers to us; and for providing, administering or developing our products and services or our business.
l. To enable the AA Group and AA branded companies to provide you with products and services, quotes for products and services, and manage products and services you hold.
2. For our legitimate interests
a. To develop our insurance and any other products or services.
b. To continually develop, improve and manage risk assessment, and pricing methods and models.
c. To provide personalised content, products and services to you, such as our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels.
d. To link together your AA products and services, enabling you to view them in a single account or profile, and using this combined view for the purposes listed in this section.
e. To test the performance of our products, services, and processes and systems.
f. To improve the operation of our business, for example by improving customer service and operational performance and efficiency.
g. To develop new products and services, and to review and improve current products and services.
h. For managing and auditing our business operations.
i. To keep records of our communications with you.
j. For marketing analysis and related profiling, to help us decide whether or not to offer you certain products and services.
k. To understand our customers, and your use of our products and your preferences, and to develop profiles, algorithms and statistical models for these purposes.
l. To send marketing offers by SMS, email, phone, post, social media and digital channels (for example using Facebook Custom Audiences and Google Custom Match). The offers may relate to our products and services, such as cars, roadside assistance, financial services, insurance, travel and Member offers, as well as any other offers and advice we think may be of interest.
m. To carry out checks at credit reference agencies and fraud prevention agencies, to enable us to provide you with personalised offers. These checks will be soft searches that don't affect your credit rating.
n. To provide insight and analysis of our customers for ourselves and our business partners, based on your use of your policies, and possible future opportunities.
o. For market research, profiling, and analysis and developing statistics, to support any of the purposes listed in this notice.
p. For profiling and decision making for purposes listed.
q. To facilitate the sale of one or more parts of our business.
r. To share information with business partners as necessary for purposes listed.
s. To enable the AA Group and AA branded companies to perform any of the above purposes, in particular AA Breakdown Services, AA Underwriting Insurance Company Limited and AA Financial Services Limited.
3. To comply with our legal obligations
a. Such as financial services regulations and other regulatory obligations, including Financial Conduct Authority, Prudential Conduct Authority and Financial Ombudsman Service.
4. With your consent or explicit consent
a. For direct marketing communications which are not based on our legitimate interests.
b. For profiling and other automated decision making which aren't required for contractual or legal purposes.
c. For processing special categories of personal data if another legal basis does not apply, such as about your health; if you're a vulnerable customer; or criminal records information.
5. For public interest
a. Using special categories of personal data to assess the risk of providing you with insurance, such as about your health; or criminal records information (including alleged offences).
b. Using special categories of personal data to assess the risk of providing you with insurance, such as about your health or needs if you're a vulnerable customer.
Sharing and disclosures of your personal data
The categories of third parties we use are listed below. The reasons why are described on this page, and third parties may have access to personal information we hold or use.
- Within the AA Group and AA branded companies, in particular Automobile Association Developments Limited (including AA Breakdown Services, and AA Driving School and BSM Driving School), Automobile Association Insurance Services Limited, Automobile Association Underwriting Insurance Services Limited and Automobile Association Financial Services Limited.
- Insurance panel members, underwriters and reinsurers.
- Account beneficiaries if they use a service you have with us.
- Parties who provide products and services to you, or help us to operate our business.
- Parties involved in a claim if they need to receive information to allow us to handle a claim made by you or against you, or if either insurer needs to investigate a case of fraud.
- Police and law enforcement agencies if we need to support a criminal investigation.
- Governmental and regulatory bodies such as HM Revenue & Customs, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman's Service, and the Information Commissioner's Office.
- Organisations and businesses who provide services to us under our authority, such as service providers, debt recovery agencies, IT companies, and suppliers of business support services.
- Credit reference agencies and fraud prevention agencies.
- Third parties who help us identify, assess, or manage risk or pricing.
- Market research organisations who help us to develop and improve our products and services.
Withdrawing your consent
If we rely on your consent, you can withdraw it at any time. Please use the contact details below.
Back to top
Transfers outside of the UK or EEA
Your personal information may be transferred outside the UK or the European Economic Area, for example to service providers. If we do so, we'll make sure that safeguards are in place where required, for example contractual agreements or other legal purposes unless certain exceptions apply.
Back to top
Sharing with credit reference agencies, fraud prevention agencies and third-party specialists
To process a quote or application for insurance, we and any underwriters will perform credit, risk and identity checks on you, utilising one or more credit reference agencies (CRAs), fraud prevention agencies (FPAs) or third-party specialists. Some of which will interact with you directly, as a data controller.
Where you do take insurance, financial or credit from us, we may make periodic searches to manage your account. To do this, we'll supply your personal information to CRAs and FPAs, and they'll provide information about you. This will include your credit applications, and about your financial situation and history.
CRAs, FPAs and third-party specialists will process your personal data, potentially including facial images and biometric data, and also supply to us public information (including the electoral register), and shared credit, insurance and financial history information, and fraud prevention information.
We, and any underwriters for your policy, will use this information to:
- Assess your creditworthiness and whether you can afford to take the product.
- Assess our ability to offer you our products and services, including insurance.
- Verify the accuracy of the data you've provided to us.
- Prevent criminal activity, fraud and money laundering.
- Manage your account(s).
- Assess payment methods available to you.
- Trace and recover debts.
- Make sure any offers provided to you are appropriate to your circumstances.
We'll continue to exchange information about you with CRAs and FPAs while you have a relationship with us, and if necessary afterwards. We'll also notify the CRAs about your settled accounts.
If you borrow and don't repay in full and on time, CRAs will record the outstanding debt. This information may be given to other organisations by CRAs.
The identities of the CRAs, FPAs and third-party specialists are available on request, and the data they hold, the ways in which they use and share personal information, data retention periods, and your data protection rights.
When CRAs receive a search from us, they'll place a search footprint on your credit file that may be seen by other lenders.
If you're making a joint application, or you tell us that you have a spouse or financial associate, we and our underwriters will link your records together. So make sure you discuss this with them before making the application. CRAs will also link your records together, and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
We and our underwriters use FPAs such as the Motor Insurance Database, Claims Underwriting Exchange, and commercially available insurance fraud prevention services and claims services in order to prevent, detect and investigate potential fraudulent insurance policy applications and claims. We'll share information with the FPAs about your application and policies in order to do this, and this information may be given to other organisations. More details can be found in the Credit Reference Agency Information Notice, which contains fraud prevention information.
Back to top
Changes to your data
You should tell us about any changes to your personal data so we can update our records. The contact details for this purpose are in your insurance documents.
Back to top
Monitoring communications
We may monitor communications with you where permitted by law. We do this for quality control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, to protect the security of our communications and data, and to enforce compliance with business polices.
Back to top
Use of automated decisions
We sometimes make decisions about you using only technology, where none of our employees or any other individual has been involved. The decisions include whether to offer you a product or service, the risk of doing so, the price we'll offer, whether to offer you credit, the terms and conditions, to assess lending, insurance and business risks, and to assess what payment methods we can offer you.
We may do this using data from the AA Group and AA branded companies, and underwriters. This includes product or services data (including usage of claims made), and telematics data captured on your vehicle, driving behaviour and location information.
These examples explain why we do this:
- Assess your creditworthiness and ability – for example if you're applying for credit and have a history of late or non-payment of debts, we may not be able to offer you credit or else do so at a higher rate.
- Assess our ability to offer our products and services and manage those accounts – for example if you or your beneficiaries have a history of making claims on insurance policies, or if we have concerns about the use of a policy (for example if you're in breach of its conditions) or your financial status, this may result in a higher risk being assigned to you, meaning you may be quoted a higher price or a policy being declined or cancelled.
- Assess the risk of fraud – if we believe there's a significant risk of fraud, based on the information available to us, we may decline your application, quote a higher price, or decline or cancel your policy or application.
It's necessary to do this when entering into or performing the relevant insurance or credit agreement with you. We only do so if it's authorised by law or is based on your explicit consent.
Back to top
Retention of your data
Unless we explain otherwise to you, we'll hold your personal information on the following criteria:
- For as long as we have reasonable business needs.
- For as long as we provide products or services to you, and then for as long as someone could bring a claim against us.
- To comply with legal and regulatory requirements or guidance.
Your data protection rights
Here is a list of the rights that individuals have under UK data protection laws. The rights don't apply in all circumstances, so your request may not always be granted, and we'll explain why at the time.
- The right to be informed about the processing of your personal information.
- The right to have your personal information corrected if it's inaccurate, and to have incomplete personal information completed.
- The right to object to processing of your personal information.
- The right to restrict processing of your personal information.
- The right to have your personal information erased.
- The right to request access to your personal information and how we process it.
- The right to move, copy or transfer your personal information.
- Rights in relation to automated decision making which has a legal effect, or otherwise significantly affects you.
You have the right to complain to the Information Commissioner's Office, which enforces data protection laws. Our DPO can provide you with more details on the above rights.
Back to top
Your right to object
You have the right to object to certain purposes for processing your personal information, in particular direct marketing and for certain reasons based on our legitimate interests. You can contact our DPO to exercise your right.
Opting out of marketingYou can stop our marketing at any time by contacting us.
Back to top
Changes to this privacy notice
We may update this privacy notice to reflect changes in the law and our privacy practices. Accordingly, please check this page from time to time.
Back to top
Contact us or our Data Protection Officer
You can use the contact details in your insurance documents or the contact us section of our website. Or please write to the Data Protection Officer at:
AA Limited, Fanum House, Basing View, Basingstoke, Hampshire RG21 4EA
Back to top