Vixa App Privacy Notice

Vixa App Privacy Notice

Updated June 2024

This privacy notice lets you know what happens to the personal data we collect, use and hold when you, your beneficiaries hold or use the Vixa App. For other AA Group Privacy Notice please click here.

If you provide us with personal information on behalf of another person, you must ensure that it is accurate, up to date and that you have their authorisation to do so. Alternatively, you have full permission from the vehicle owner to use it in connection with the Vixa App and to install and use any Car Plug-In we may provide. You should make sure that you provide them with a copy of this Privacy Notice or let them know how to access it. Where this Privacy Notice refers to "you" this also includes data about anyone else named on the Vixa account or whose data you provide us with.

• The AA Limited and our Data Protection Officer (DPO)

• Personal data we hold and use

• Sources of your personal data

• Reasons for holding and using your personal data

• Sharing and disclosures of your personal data

• Withdrawing your consent

• Transfers outside of the UK or Europe

• Changes to your data

• Monitoring communications

• Retention of your personal data

• How to request the deletion of your Vixa app account?

• Your data protection rights

• You have a right to object

• Opting out of marketing

• Changes to this privacy notice

• Contact us or our DPO

The AA Limited and our Data Protection Officer (DPO)

We are the AA. Our main address is Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA. The data controller of the Vixa product is Automobile Association Developments Limited. We have a Data Protection Officer who you can contact by using the contact details at the bottom of this notice.

Personal data we hold and use

We use several different types of information about you and your product beneficiaries. Below we have set out the types of information we collect, use or hold about you. If you hold any other AA Group products, e.g. insurance policy, roadside product or other services (such as financial service or travel products), you should also read the Privacy Notice for those products or services to understand what other data we might hold. The next section tells you what personal data we collect about you:

• Personal and contact details;

• Product beneficiaries and users of the Vixa product;

• Records of your contacts with us and your payment details;

• Vehicle information, including make, model, age, usage, breakdowns, repairs, MOT information, and faults;

• Connected car insights about your vehicle (including assessing faults or issues), driving style (including recommending improvements, e.g. eco scoring and fuel consumption);

• Telemetry data, such as vehicle diagnostics faults and general vehicle status, idling time, engine revolutions, battery related information (including location data at the start of your journey to enable combining the information with accurate weather data for the battery machine learning models), where available;

• Vehicle location data (subject to your consent);

• Details of products and services you hold or have held, as well as your use of them and any claims or breakdowns, and any expressions of interest in the AA or its business partners. These will include details of products, service, claims, and use of them, and usage of other AA products or services such as AA Insurance Services, AA/BSM Driving School, AA Cars, AA Financial Services and other AA branded products or services;

• Marketing information, including records of marketing communications, details of what you may be interested in, analysis and profiles we build up about you and your interests, and whether you open or read communications or links;

• Information from third parties, including demographic information, vehicle details, geographic and demographic details, marketing data, publicly available information (e.g. electoral roll and court judgments), and information to help improve the relevance of our products and services or to help us manage our products and services, pricing or risk;

• Details of your usage of the Vixa app, including analytics; and

• Third party transactions such as where a person other than the account holder pays for or uses the service.

We may be unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

Sources of your personal data

As we said above, the information we hold comes from different sources. These are:

• You directly, and any information from family members, beneficiaries of products and services (for example, if they are authorised to act for you or are allowed to use a service you have with us);

• Information from your car that has connectivity enabled via the Original Equipment Manufacturer (i.e. car manufacturer) or obtained via the Car Plug-in;

• AA Group and AA branded companies, if you already have a product with them, have applied for one or have held one previously. These include Automobile Association Insurance Services Limited, Automobile Association Financial Services Limited and AA Underwriting Insurance Company Limited;

• Information generated about you when you use our products and services;

• Business partners (e.g. garage agents, financial services institutions, insurers) or others needed to provide our services to you;

• Anyone who operates any of your accounts, products or services on your behalf (e.g. Power of Attorney, solicitors, intermediaries, etc.);

• From sources such as, DVLA, DVSA, publicly available directories and information (e.g. telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies; and

• Information we source about you or customers generally from commercial third parties, including demographic information, vehicle details, claims data, fraud information, marketing data, publicly available information, property and other information to help improve our products and services or our business.

Reasons for holding and using your personal data

The reasons for using your personal data are below. We have arranged them according to the legal reason we are allowed to use the data.

1. To provide you with the Vixa app:

2. Providing you with the Vixa App and car health related information and insights (see Vixa App Terms and Conditions);

3. Communicating with you and holding records about our dealings and interactions with you, your fellow beneficiaries;

4. To manage the operation of our business;

5. To manage the operation of our business and business partners that help support the Vixa app;

6. For analysing and profiling aspects of your vehicle or driving (including assessing faults or issues), driving style (including recommending improvements and assessing risk associated with your driving style);

7. Updating your records and recovering debt;

8. To enable other AA group and branded companies to provide you with your products and services, quote for products and services, or manage products and services you hold; and

9. To share information as needed with business partners as required for managing your product or assessing application account beneficiaries, service providers or as part of providing, administering or developing our products and services or our business.

10. For our legitimate interests or those of others:

11. To develop the Vixa app and machine learning models, our Roadside, Insurance and any other AA Group products or services using the information we hold;

12. To continually develop, improve and manage our risk assessment and pricing models;

13. To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels;

14. To link together your AA products and services, including to enable you to view these in a single account or profile, linking together your accounts on our systems and using this combined view for the purposes listed in this section;

15. To test and improve the performance of our products, services, processes and systems;

16. To improve the operation of our business - and that of our business partners – for example, by improving customer service and operational performance and efficiency;

17. To develop new products and services, and to review and improve current products and services;

18. For management and auditing of our business operations - including accounting;

19. To monitor and to keep records of our communications with you and our staff (see below);

20. To understand our customers, their use of our products, their preferences and develop models, including developing profiles, algorithms and statistical models;

21. Subject to your preferences, for marketing analysis and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service;

22. To contact you in the event the plug-in device detects that your vehicle has or may have been involved in an accident;

23. Subject to your preferences, to send you marketing by SMS, push notification, email, phone, post, social media and digital channels (e.g. using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services such as cars, money and financial services, insurance, travel, member offers as well as to any other offers and advice we think may be of interest;

24. To provide insight and analysis of our customers both for ourselves and business partners based on your products, your use of it, your other use of your products by others;

25. For market research, profiling, and analysis and developing statistics;

26. To facilitate the sale of one or more parts of our business;

27. To share information with business partners as necessary for the purposes listed in this notice; and

28. To share information with other AA Group, AA branded and non-AA branded companies to enable them to perform any of the above purposes.

29. To comply with our legal obligations such as our financial services or regulatory obligationssuch as our financial services or regulatory obligations, including Financial Conduct Authority, Prudential Conduct Authority and Financial Ombudsman Service rules, regulations and guidance.

30. With your consent or explicit consent:

31. For collecting vehicle location data;

32. For some direct marketing communications which are not based on our legitimate interests;

33. For some of our profiling and other automated decision making which is not required for contractual or legal purposes; and

34. For some of our processing of special categories of personal data such as about your health (where applicable), if you are a vulnerable customer or some criminal records information, if another legal basis does not apply.

35. Necessary for a public interest, such as:

36. Using special categories of personal data such as about your health, criminal records information (including alleged offences) if this is needed to quote for or administer a policy, including assessing the risk of providing you with the Roadside policy or product; and

37. Using special categories of personal data about your health or needs (if you are a vulnerable customer) including assessing the risk of providing you with a policy or product.

Sharing and disclosures of your personal data

The categories of third parties we use are listed below. We will use these third parties for all the reasons we have described in this notice, and they may process the types of personal information we also hold or use.

• With AA Group, AA branded and non-AA branded companies, including but not limited to Automobile Association Developments Limited (including AA Breakdown Services and AA/BSM Driving School), Automobile Association Insurance Services Limited, AA Underwriting Insurance Company Limited and AA Financial Services Limited;

• With account beneficiaries if they use a service you have with us;

• With any parties involved in a claim if they need to receive information to allow us to handle a claim made by you or against you, or if either insurer needs to investigate a case of fraud;

• With service providers who are a part of providing products and services to you or help us to operate our business;

• Police and law enforcement agencies if we are required or need to support a criminal investigation;

• Governmental and regulatory bodies such as HMRC, DVSA, DVLA, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman’s Service, and the Information Commissioner’s Office;

• Organisations and businesses who provide services to us under our authority such as service providers, debt recovery agencies, IT companies, and suppliers of business support services; and

• Market research organisations who help us to develop and improve our products and services.

Withdrawing your consent

Where we rely on your consent, you can withdraw it at any time by using the contact details in the Contact Us section below or via functionality provided within the Vixa app.

Transfers outside of the UK and Europe

Your personal information may be transferred outside the UK or European Economic Area, for example to service providers. If we do so, we’ll make sure that suitable safeguards are in place where required, for example by using approved contractual agreements or other legal arrangements unless certain exceptions apply.

Changes to your data

You should tell us so that we can update our records. Please see the “Contact Us or our DPO” section below for more information.

Monitoring communications

We may monitor communications with you, where permitted by law. We do this for quality control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, to protect the security of our communications, data, and systems, and to enforce compliance with our internal policies.

Retention of your personal data

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

• For as long as we provide products or services to you and then for as long as someone could bring a claim against us;

• To comply with legal and regulatory requirements or guidance; or

• For as long as we have reasonable business needs.

How to request the deletion of your Vixa app account?

You can request to delete your Vixa online account by contacting Vixa support on [email protected] We will delete your online account – however, we will need to retain some of your personal data you provided to us. Please see more details above. If you also have an AA online account, this will be deleted too. After your account has been deleted, you won’t be able to use the Vixa app any longer.

Your data protection rights

Here is a list of the rights that all individuals have under UK data protection laws. They don’t apply in all circumstances so your request may not always be granted. If you wish to use any of them, we will explain when we respond to you if they apply or not, or if we will comply or not with your request, including the reasons why.

• The right to be informed about your processing of your personal information;

• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;

• The right to object to processing of your personal information;

• The right to restrict processing of your personal information;

• The right to have your personal information erased;

• The right to request access to your personal information and how we process it;

• The right to move, copy or transfer your personal information; and

• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws - https://ico.org.uk/. You can contact our DPO, for more details on all the above.

You have a right to object

You have the right to object to certain purposes for processing, in particular to data used for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the contact details listed belowto exercise these rights.

Opting out of marketing

You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication we sent you, e.g. unsubscribe link in the bottom of a marketing email. You can also email [email protected]

Changes to this privacy notice

We may change this privacy notice from time to time to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes periodically.

Contact us or our DPO

You can contact us via the Contact Us section of our website. Alternatively, you can write to AA Limited, Fanum House, Basing View, Basingstoke, Hampshire, RG21 4EA, marking it for the attention of the DPO or email [email protected].