Franchisee

Privacy Notice

FRANCHISEE PRIVACY NOTICE

This Privacy Notice lets You know what happens to personal data we use and hold where You are a driving instructor with an AA driving school brand.

1           THE AA AND OUR DATA PROTECTION OFFICER (DPO)

1.1            We are the AA. Our main address is Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA. The data controller of our driving lessons products is the Automobile Association Automobile Association Developments Limited (trading as AA Driving School and BSM Driving School). We have a Data Protection Officer who you can contact by using the contact details below.

2           PERSONAL DATA WE HOLD AND USE

2.1            We use several different types of information about You that we and our underwriters may hold about You for our Roadside policy or products. If You hold any other products or services with the AA (such as financial services or travel products), You should also read the privacy notice for those products or services to understand what other data we might hold:
(a)             Personal and contact details, Your date of birth, gender and/or age;
(b)             Records of Your contacts with us and details of Your payments to us and ours to You;
(c)             Details of Your Business, Agreement, performance as a driving instructor, and quality of lessons provided;
(d)             Details of products and services You hold or have held with the AA in relation to Roadside products and services;
(e)             Details of bookings, lessons and Pupils;
(f)              Information relating to Your Pupils, such as their driving test pass rates, feedback, complaints, payment information and call records;
(g)             Details of Your employment status, background and other information needed to assess Your suitability to be an independent driving instructor including nationality, residency, right to work, national insurance number, bank account details, payroll records and tax status information, pay and payments, annual leave, pension and benefits information;
(h)             Employment and background records (including job titles, work history, working hours, training records and professional memberships), compensation history, performance information, disciplinary and grievance information, information about Your use of our information and communications systems, driving licence and categories of vehicle You are permitted to drive;
(i)              Information about Your race or ethnicity, religious beliefs, sexual orientation and political opinions for equality monitoring purposes;
(j)              Marketing information, including records of marketing communications, details of what You may be interested in, analysis and profiles we build up about You and Your interests, and whether You open or read communications or links;
(k)             Vehicle information, including usages, any breakdown and faults, damage and/or accidents as well as any leasing and Your obligations under your Agreement;
(l)              Telematics and connected car information about Your Tuition Vehicle, driving style, location and routes taken. This will be the case if You use a telematics product or tracking app;
(m)           Information that we obtain from Credit Reference Agencies and Fraud Prevention Agencies;
(n)             Fraud, debt and theft information;
(o)             Information about Your health if you are vulnerable or have special needs, for example, details of assistance required;
(p)             Criminal records information, including alleged offences, to make sure You are suitable to be a driving instructor and pass appropriate fit and proper persons tests;
(q)             Information from third parties, including demographic information, vehicle details, details of outstanding finance, claims details, fraud prevention databases, property, geographic details, marketing data, publicly available information (e.g. electoral roll and court judgments), and information to help improve the relevance of our products and services, administer Your Agreement or run our business;
(r)             Details of Your usage of any of our websites or apps, details of Your phone and its software (e.g. browser and set up information), browsing history, and other details obtained via cookies or similar technologies (see our cookie statement for more details); and
(s)             Third party transactions, such as where a person other than You pays us.

2.2            We may be unable to provide You with our products or services if You do not provide certain information to us.  In cases where providing some personal data is optional, we’ll make this clear.

3           SOURCES OF YOUR PERSONAL DATA

3.1            The information that we hold comes from different sources. These are:
(a)             You directly, and any information from family members, associates or beneficiaries of products and services (for example, if they are authorised to act for You or are allowed to use a service You have with us);
(b)             AA Group and branded companies, including Automobile Association Insurance Services Limited, Automobile Association Financial Services Limited and AA Underwriting Insurance Company Limited;
(c)             DVSA;
(d)             information generated about You when providing services as part of Your Agreement;
(e)             an intermediary (e.g. comparison sites) who we work with to provide products, services or quotes to You;
(f)              business partners (e.g. garage agents, financial services institutions, insurers), account beneficiaries, or others needed to provide our services to You;
(g)             anyone who provides instructions or operates any of Your accounts, products or services on your behalf (e.g. Power of Attorney, solicitors, intermediaries, etc);
(h)             sources such as Fraud Prevention Agencies, Credit Reference Agencies, HMRC, DVLA, Motor Insurers’ Bureau, publicly available directories and information (e.g. telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies; and
(i)              information we source about You or customers generally from commercial third parties, including demographic information, vehicle details, claims data, fraud information, marketing data, publicly available information, property and other information to help improve our products and services or our business.

3.2            If You provide us with personal data on behalf of another person, You must ensure that it is accurate, up to date and that You have their authorisation to do so. You should make sure that You provide them with a copy of this Privacy Notice.

4           REASONS FOR HOLDING AND USING YOUR PERSONAL DATA

4.1            The information is used by us. The reasons for using Your personal data are below. We have arranged them according to the legal reason we are allowed to use the data.

4.2            To provide you with our contracted products or services or decide whether to do so, including:
(a)             assessing an application to be a driving instructor, including performing background checks;
(b)             administering and supporting providing services to Pupils;
(c)             administering the Agreement, and monitoring and enforce compliance with it;
(d)             communicating with You and holding records about our dealings and interactions with You and Your Pupils;
(e)             making decisions about You, including Your continued suitability for to be a driving instructor and the risk of You being one;
(f)              to carry out checks at credit reference and fraud prevention agencies pre-application, at application, and periodically after that;
(g)             for analysing and profiling aspects of Your Tuition Vehicle, driving, driving style, location and routes taken as part of providing, quoting for, and managing Your Agreement;
(h)             updating Your records, tracing Your whereabouts, and recovering debt;
(i)              to enable other AA Group and branded companies to provide You with Your products and services, quote for products and services, or manage products and services You hold;
(j)              to share information as needed with third party business partners as required for managing Your Agreement; and
(k)             to make automated decisions, including profiling, on whether to offer You a product or service, or the price, payment method, risk or terms of it.

4.3            For our legitimate interests:
(a)             to develop new products and services, and to review and improve current products and services;
(b)             to continually develop, improve and manage our risk assessment and pricing models;
(c)             to provide personalised content and services to You and Your Pupils, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show You on our digital channels;
(d)             to link together our products and services to You, Pupils and our customers;
(e)             to test and improve the performance of our products, services, processes and systems;
(f)              to improve the operation of our business, for example, by improving customer service and operational performance and efficiency;
(g)             for management and auditing of our business operations, including accounting;
(h)             to monitor and to keep records of our communications with You and our staff;
(i)              for marketing analysis and related profiling to help us to offer You relevant products and service, including deciding whether or not to offer You certain products and services;
(j)              to understand our customers, their use of our products, their preferences and develop models, including developing profiles, algorithms and statistical models;
(k)             to send marketing by SMS, email, phone, post, social media and digital channels (e.g. using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services such as cars, money and financial services, insurance, travel, member offers as well as to any other offers and advice we think may be of interest;
(l)              to advertise the AA and its driving schools and your role as a driving instructor, including in publications, digital media and online though services such as Google Ads and Maps (including using business name, address and contact details);
(m)           to provide insight and analysis of our customers both for ourselves and business partners;
(n)             for market research, profiling, and analysis and developing statistics;
(o)             for automated decision making;
(p)             to facilitate the sale of one or more parts of our business;
(q)             to share information with business partners as necessary for the purposes listed in this section; and
(r)             to share information with other AA Group and branded companies to enable them to perform any of the above purposes.

4.4            To comply with our legal obligations such as our financial services or regulatory obligations such DVSA regulations.

4.5            With your consent or explicit consent:
(a)             for direct marketing communications and purposes not based on our legitimate interests;
(b)             for some of our profiling and other automated decision making which is not required for contractual or legal purposes; and
(c)             for some of our processing of special categories of personal data such as about Your health, if You are a vulnerable customer or some criminal records information, if another legal basis does not apply.

4.6            For necessary for a public interest, such as:
(a)             using special categories of personal data such as about your health, criminal records information (including alleged offences) to quote for or administer the agreement and lessons, including a copy of Your criminal records background checks. This may be the case even if You have passed checked with the DVSA or other government bodies; and
(b)             using special categories of personal data about your health or needs (if You are a vulnerable customer) including assessing the risk of providing You with a policy or product.

5           SHARING AND DISCLOSURES OF YOUR PERSONAL DATA

5.1            The categories of third parties we use to process Your personal data are listed below. We will use the third parties as necessary for all the reasons we have described in this Privacy Notice and they may have access to the type of personal data we hold or use:
(a)             AA Group and branded companies;
(b)             Pupils (and their parents or guardians) who book lessons with You;
(c)             DVSA;
(d)             any parties involved in a claim or complaint if they need to receive information to allow us to handle a claim made by You or against You;
(e)             service providers who are a part of providing products and services to You or help us to operate our business;
(f)              police and law enforcement agencies if we are required or need to support a criminal investigation;
(g)             governmental and regulatory bodies such as HMRC, DVLA, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman’s Service, and the Information Commissioner’s Office;
(h)             organisations and businesses who provide services to us under our authority such as service providers, debt recovery agencies, IT companies, and suppliers of business support services;
(i)              credit reference and fraud prevention agencies; and
(j)              market research organisations who help us to develop and improve our products and services.

6           WITHDRAWING YOUR CONSENT

6.1            Where we rely on Your consent, You can withdraw it at any time using the contact details in to the Contact Us section below.

7           TRANSFERS OUTSIDE OF THE UK AND WUROPE

7.1            Your personal data may be transferred outside the European Economic Area, for example to service providers. If we do so, we’ll make sure that suitable safeguards are in place where required, for example by using approved contractual agreements or other legal arrangements unless certain exceptions apply.

8           SHARING WITH FRAUD PREVENTION AGENCIES

8.1            To process Your application for a franchise, we will perform credit, risk and identity checks on You with one or more Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). During Your Agreement with us we may also make periodic searches at CRAs to manage Your account with us. To do this, we and our underwriters supply Your personal data to CRAs and FPAs, and they will give us information about You. This will include information about Your financial situation and financial history. CRAs and FPAs will supply to us both public (including the electoral register) and shared credit, financial situation, insurance and financial history information and fraud prevention information.

8.2            We will continue to exchange information about You with CRAs and FPAs while You have a relationship with us, and if necessary afterwards.  We also notify the CRAs about Your settled accounts. The identities of the CRAs and FPAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail on our website. When CRAs receive a search from us they will place a search footprint on Your credit file that may be seen by other lenders.

8.3            If You’re making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

8.4            We also use fraud prevention agencies and commercially available insurance fraud prevention services and claims services to prevent, detect and investigation potential fraud. We will share information with FPAs about Your application. This information may be given to other organisations. More information can be found on our website.

9           CHANGES TO YOUR DATA

9.1            You should tell us when there are any changes to Your personal data so that we can update our records. We’ll then update Your records if we can.

10       MONITORING COMMUNICATIONS

10.1         We may monitor communications with You, where permitted by law. We do this for quality control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, to protect the security of our communications, data, and to enforce compliance with our internal policies.

11        USE OF AUTOMATED DECISIONS

11.1         We sometimes make decisions about You using only technology, where none of our employees or any other individuals have been involved. We do this to decide whether to offer You a product or service, to determine the risk of doing so, the price we will offer, whether to offer You credit, what terms and condition to offer You, assess lending, insurance and business risks, or to assess what payment methods we can offer You.  We may do this using data from other parts of the AA Group, including product or services details (including usage of claims made) and telematics data captured including on Your Tuition Vehicle, driving behaviour and location information.

11.2         To understand the logic involved in this and why we do this, You may wish to consider the following example:
(a)             Assess your credit worthiness and ability.
(b)             Assess our ability to offer our products and services and manage those accounts.
(c)             Assess the risk of fraud.

We do this because it is necessary for entering into or performing the relevant insurance or credit agreement with you. We may do so if it is authorised by law or is based on your explicit consent.

12        RETENTION OF YOUR PERSONAL DATA

12.1         Unless we explain otherwise to You, we’ll hold Your personal data:

(a)             for as long as you have an Agreement and then for as long as someone could bring a claim against us;

(b)             to comply with legal and regulatory requirements or guidance; or

(c)             for as long as we have reasonable business needs. 

13        YOUR DATA PROTECTION RIGHTS

13.1         Below is a list of the rights that all individuals have under UK data protection laws. They don’t apply in all circumstances so Your request may not always be granted. If You wish to use any of them, we’ll explain at that time if they are apply or not, and if we will comply or not with Your request, including the reasons why:

(a)             the right to be informed about processing of Your personal data;
(b)             the right to have Your personal data corrected if it is inaccurate and to have incomplete personal data completed;
(c)             the right to object to processing of Your personal data;
(d)             the right to restrict processing of Your personal data;
(e)             the right to have Your personal data erased;
(f)              the right to request access to Your personal data and how we process it;
(g)             the right to move, copy or transfer Your personal data; and
(h)             rights in relation to automated decision making that has a legal effect or otherwise significantly affects You.

13.2         You have the right to complain to the Information Commissioner’s Office which enforces data protection laws at https://ico.org.uk/. You can contact our DPO for more details on all the above.

14        YOU HAVE A RIGHT TO OBJECT

14.1         You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the contact details in your policy documents or listed below to exercise these rights.

15        OPTING OUT OF MARKETING

15.1         You can stop our direct marketing at any time by contacting us using the details below, emailing dataprotection@theaa.com or by following the instructions in any direct marketing communication.

16        CHANGES TO THIS PRIVACY POLICY

16.1         We may change this Privacy Notice from time to time to reflect changes in the law and/or our privacy practices. We encourage You to check the Privacy Notice for changes periodically on the website.

17       CONTACT US OR OUR DPO

17.1         You can go to the Contact Us section of our website. Alternatively, you can write to the AA PLC, Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA, marking it for the attention of the DPO or email dataprotection@theaa.com.