Our privacy notice for fleets and their drivers


Who is this Notice for?

This Privacy Notice applies to fleet managers and the drivers of vehicles that are insured under a Zego Fleet Policy.  We take your privacy very seriously and we're committed to transparency. This privacy notice tells you all about how we use your personal data. We promise that we never sell your data, or share it with anyone who doesn't need it as part of your partnership with Extracover Ltd or Zego BV.


Who we are

We are Extracover Ltd (trading as Zego in the UK) and Zego BV (European operations) referred to as “Zego”, “we”, “our”, “us” in this privacy notice. We're authorised and regulated by the Financial Conduct Authority (FCA) under number 757871 in the UK and by the Authoriteit Financiele Markten (AFM) in the Netherlands.


What data we collect and how we collect it

Your personal data is information which can be used to identify you. We need personal data to provide insurance products and services to fleets (our customers), to calculate insurance pricing, to deal with any claims, and to deliver the best experience to our customers.

As with all insurance, working out pricing requires profiling of drivers. This means the pricing of insurance may be influenced by things like driver age, job, location and driving behaviour.

We'll collect the information we need in different ways including from the fleet, directly from you, and from relevant third parties. We collect driving data from the telematics device installed on the fleet vehicles. We also collect data when you visit our website and any other interactions you might have with us.

The categories of personal data we collect includes:

  • Name
  • Driving licence data
  • Driving behaviour (via telematics)
  • Location data
  • Employment details
  • Claims data
  • Contact details, such as telephone number and email

There's more detail on the information we collect and use here:

Driving licence data and driver checks - We collect information about your driving licence and history (from the DVLA, MyLicence, CUE and other relevant entities in the UK). We need this so we can provide insurance. Information we get from those checks includes:

  • Past claims - More specific details on your past claims such as which insurer you claimed under and the policy that was affected.
  • Motoring convictions - More specific details on your past convictions such as outcome and amounts fined.
  • Identity validation - Checking against the information you gave us to make sure it is all correct.
  • Fraud Checks - Checks against national fraud detection databases.

Location, motion and telematics data - The fleet vehicle you drive is fitted with a telematics device which collects data on your driving behaviour, vehicle, and GPS location. We need this to provide fleet insurance services. The data we receive is mapped against the vehicle and not the driver, but our customer (the fleet) may be able to overlay this data with who is driving each vehicle at any point in time. We analyse the data so that we can create fairer and more accurate pricing for our products. This data can be used by us and the fleet to understand driver behaviour and determine risk. For example, motion and telematics data can determine accurately when a person is driving and help with any claims or disputes. It can also result in better pricing of our insurance products to fleets if the data shows good driving behaviours. To find out how the fleet processes your personal information and uses this data, ask to see a copy of their privacy notice.

Device information - For example, if you access our website or contact us. We use this to help us provide better customer support, we may record the type of device or browser you use. This can include the model, operating system, software, and language. You can control our ability to use device advertising identifiers in your device's settings.

If you contact us - Our conversations (including chats, emails and phone calls) may be recorded or monitored to provide an audit trail. We may use them to help train the Zego team too.

System logs - To help us provide better customer support, we may gather access information when you use our services. This can include IP addresses, access dates and times, system activity including app malfunction or screens viewed.


Why we have this information

We collect all of this information so that we can provide insurance. Depending on what data it is, we have different lawful bases/reasons for its collection and use.

Performance of contract - Most of the things we do and the data we collect is because we need to so we can provide insurance to the fleet. For example, when we need to create a fleet policy and provide cover for the fleet. This also includes processing and managing claims. We perform verification and driving history checks on drivers which is required for Zego to fulfil its contractual obligations with the insurers providing cover. We also provide driver insights to the fleet - this service can help fleets improve operating efficiencies. Our use of Automated Decision Making (ADM) also takes place for the performance of our contract.

Legal obligation - Sometimes the law tells us what we need to do with data. For example, when we are running checks we are doing it to meet regulatory and legal requirements. We are also legally required to keep data for certain amounts of time.

Legitimate Interests - We may need to process data for the legitimate interests of Zego/s business, for example, to improve our products and services we:

  • Enrich and analyse data so that we can get a better understanding of risk, allowing us to create fairer pricing in our insurance products.
  • Share details with national fraud databases, agencies and other insurers for the prevention and detection of fraud.


Who else gets the data and where it is

If you use a fleet vehicle that is insured with us, we will share information with the fleet. For example, we will share telematics data from the vehicle you are driving which will include data on driving behaviour and location. We also share driver checks data for UK licence holders. To find out what personal data the fleet processes and how they use it, ask to see a copy of their privacy notice.

We share your information with the following:

  • Our fleet customers (this could be your employer or the person that has provided you with access to the vehicle)
  • Insurers, intermediaries and reinsurers to administrate your insurance
  • Claims processors - to deal with claims
  • Telematics service providers - we have partnered with third party telematics service providers, including aggregator services, to obtain and process data related to driving behaviour in connection with the fleet’s insurance contract with us.
  • Government, regulatory and legal bodies including the Financial Ombudsman Service and the Financial Conduct Authority (FCA) in the UK to make sure we meet our legal requirements.
  • In the UK - the MID/MIB the Motor Insurance Database (MID) is managed by the Motor Insurance Bureau (MIB) and we are required by law to upload your policy information to the MID. This information may be used by the police, the DVLA, DVANI the Insurance Fraud Bureau or other bodies permitted by the law. In the EU, it will be the organisation(s) relevant to each member state.
  • Identity, fraud detection agencies and legal check providers to perform our legal checks and checks to detect and prevent fraud. This can include claims history and driver background check platforms.
  • Enhanced data providers to better understand potential insurance risk and to improve our products.
  • Payment services to process payments and run finance reports. We may also use your bank or credit provider to process your payments and refunds for example.
  • Service providers such as for customer service, for our data storage, for our internal correspondence, and other providers to run our day to day business.

The data will be transferred between Zego entities in the EU and the UK.

Most of our data is held in the EU. We have safeguards in place including contractual clauses to ensure where the data is processed outside of the EU the company meets the standards as required by the EU and UK law.


How long we keep it and how we keep it safe

Zego has a retention policy which sets out how long we keep information for. We keep most of the data associated with insurance policies, telematics data and claims for 7 years.

We keep your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations. Where we can, we will minimise personal data or de-personalise it so we can use it for statistical or analytical purposes.

Our databases operate within the Amazon Web Services and Google Cloud. Their computers are housed in secure data centres with heavily restricted access, and numerous levels of security, to keep your data safe. We arrange independent and expert penetration testing on our systems, which helps us maintain first-class information security.


Your data rights

Below are all your rights in no nonsense language but just in case you want to know their official data protection name will be in bold.

You can exercise these rights at any time by clicking here, or by emailing us at [email protected]

  • The right to know how we collect and use your personal data and what happens with your data. We do this through our privacy notice. “The right to be informed”
  • The right to access and receive a copy of your personal data. You can ask us to give you the data we hold about you and there is no fee for doing so! We must send you your data within one month, although we can extend the time by up to 2 more months if your request is complex. “The right of access”.
  • The right to change your personal data if it is incorrect. Do you think something we hold on you is wrong or perhaps it needs updating? We will do everything we can to make sure our information about you is accurate but if you can show us it's not just ask us to change it and we will if we can. “The right to rectification”
  • The right to ask us to delete your personal data. You can ask us to delete your data in some circumstances and if we can delete it, we will. This is sometimes also called “The right to be forgotten”. “The right to erasure”
  • The right to stop us doing some things with your personal data. This means you can ask us to limit or restrict the way we use your personal data, and if we can stop using your data in that way, then we will. “The right to restriction”
  • The right to have a copy of your personal data your data so you can use it elsewhere. If you want the data you gave us so that you can give it to someone else - even another insurance provider - we can give it to you. “The right to data portability”
  • The right to say no. You can tell us when you do not want us to use your personal data or you object to us using your data. Once you have told us to stop using your data, we will stop using it if we can. “The right to object”
  • The right to ask us to use people instead of computers to make our decisions. We use computers sometimes to help us - everyone does these days! We use computers to make sure you meet our underwriting criteria, to make sure your data is accurate and for verification or identity checking. If you think the decision that has been made is incorrect or unfair or you just are not happy with it you can ask us to have a human being review the decision. “Rights related to automated decision making including profiling”
  • You have the right to withdraw your consent - at any time. We may ask for your consent to contact you about things, for example, for marketing, for offers and maybe in the future for new things. When we ask you consent you can at any time change your mind.


Who can you contact?

If you would like to contact someone at Zego in regards to your personal data you can email Zego’s Data Protection Officer (DPO):

In the UK:

[email protected]

DPO, Zego, 7th Floor, Exchange House, 12 Primrose St., London, EC2A 2BQ, UK

In the EU:

[email protected]

DPO, Zego BV, Weesperplein 4 A, Amsterdam, 1018XA, The Netherlands

You can also complain to the registered data protection Supervisory Authority if you are unhappy with how we have used your personal information.


In the UK, you can contact:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline - (+44) (0)303 123 1113

URL - https://ico.org.uk/make-a-complaint/data-protection-complaints/

In the EU, you can contact:

Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG

Telephone - (+31) (0)70 - 888 85 00


Changes to this Privacy Notice

We may amend this Privacy Notice for example, to keep it up to date or to comply with legal requirements, so we ask that you take a look at it again from time to time to check for any changes.