In this Policy we explain how we collect, store, protect and use the personal data that you provide to us or that we collect about you via the device we sell or other sources (as set out below). Personal Data has a legal definition but, in brief, it means information relating to an identifiable person who can be directly or indirectly identified from it.
We may update this Policy from time to time. This Policy was last updated on 14/10/2019.
‘We’, ‘us’, and ‘our’ means ThingCo limited (trading as Theo), the owner of the Website. We are a company registered in England and Wales under company number 11106355 whose registered office is at 15th Floor 6 Bevis Marks, London, England, EC3A 7BA. The term ‘you’ refers to the individual accessing and/or submitting information to us.
We act as the data controller, (this means that we are the entity responsible for ensuring that your data is used in accordance with this Policy), and our Data Protection Officer can be contacted with any questions or issues at:
Letter: Data Protection Officer, Suite 208, 32 Threadneedle Street, EC2R 8AY
The Theo promise
As our customer is at the heart of what we do, we allow them to be in charge of their personal data as much as possible. We have to collect personal data from your Theo device and about you to provide our services. We set out more detail below about how we do this and what we collect but generally;
- We’ll only use your personal data to help your experience and improve the service we provide you;
- Your personal data is kept secure;
- We don’t keep what we don't need.
When you use the Website, use the device or our services we may collect the following personal data:
- contact details including your first and last name, email address, postal address and telephone number;
- your date of birth;
- vehicle details and car insurance details;
- technical information including IP address, operating system, browser type and related information regarding the device you used to visit the Website, the length of your visit and your interactions with the Website;
- information obtained through our correspondence and monitoring;
- details of any enquiries made by you through the Website or to us by phone, together with details relating to subsequent correspondence (if applicable);
- details of your driving behaviour including the date and time your car is driven, the locations you drive, the speed you drive, the rate you accelerate when you drive, the intensity with which you brake when you drive, video and voice data from the Theo device and data for accident liability assessment;
- occasionally we may receive information about you from other sources, for example from any third-party websites and applications that integrate or communicate with the Website in relation to you. Any information that we collect via these other channels is added to the information we already hold about you in order to help us carry out the activities listed below. .
In accordance with the law we will only use your personal data where we have a legal basis to do so. Our legal basis for processing your data and details of what we use it for and how we use it is set out in the table below.
Why we process your personal data
The legal basis for which is….
As part of the core service that you sign up to when you purchase a Theo device we need to use your personal data to:
· install your device including contacting you to arrange installation and fitting;
· score your driving behaviour;
· update you by text, letter, email or other methods with score updates, order details and subscription information;
· allow you to compare your driving against your peers;
· to fulfil orders placed with us, to take payments and give refunds;
· to administer your device;
· provide you with customer support;
· use automated processing to allow the device to provide warnings to you as you drive;
· assist you in the case of an accident.
· provision of trip information onto the App; and
· access to the App;
· provide you with rewards for driving safely;
· provide access to cheaper insurance.
We process your personal data to do these things as it is necessary for the performance of the contract that is in place between us.
We also use your personal data to do the following, which are necessary for the business that we operate – but we always ensure that our business interests do not interfere with your own rights.
We do the following in the interests of our business:
· to conduct research, statistical analysis and behavioural analysis which allows us to ensure that the Website works well for you;
· to provide insights based on aggregated, anonymous data collected through the research and analysis carried out above;
· to customise the Website and its content to your particular preferences;
· to improve the Website and our services;
· to send you marketing information.
This processing is necessary for the legitimate interests we pursue in ensuring you receive the best experience of our services, subject to you raising an objection (see “what rights do I have?” below), requiring us to check that our interest in the processing is not overridden by the resulting risk to your rights and freedoms.
In addition to the above, we also have to comply with relevant laws and so we may also process your personal data:
· to prevent or detect fraud and for security vetting;
· to comply with HMRC/accounting requirements.
This processing is necessary due to legal obligations that we are subject to.
We may use your data to make decisions about you, using automated means, such as using algorithms, to determine your driving score and trigger voice warnings in your car whilst you drive.
Where we are processing your personal data on the basis of your consent then you will be required to give consent to those processing activities before we can process personal data in that way. Where applicable, we will seek this consent from you when you first submit personal data to us.
If you have previously given consent you may freely withdraw such consent at any time. You can do this through the app or by notifying us in writing by contacting our Data Protection Officer.
If you withdraw your consent, and if we do not have another legal basis for processing your information (see table above), then we will stop processing your personal data. If we do have another legal basis for processing your personal data, then we may continue to do so subject to your legal rights (for which see “what rights do you have?” below).
You cannot withdraw consent for processing that has already taken place.
Please note that if we need to process your personal data in order to operate the Website and/or provide our services, and you object or do not consent to us processing your personal data, the Website and/or those services may not be available to you.
All information we collect and hold on you is stored within the European Economic area (EEA). There may be times when third parties used to ensure fulfilment of the Theo product or services send data outside of the EEA. For third parties sending your data outside of the EEA we will put contractual clauses in place requiring your data to be managed in line with data protection laws in force in the UK.
We do not and will not sell any of your personal data to third parties. We provide a service to you, we have a device in your car, therefore we need to earn and maintain your trust in us as a service provider.
Your data will be shared with the following company types as part of our contract to you.
- Other companies in the ThingCo group, where different tasks may be done within different companies for legal reasons;
- Other companies where they are offering a service part of the Theo offering including, but not limited to, box installation companies, vehicle recovery companies, companies assisting in the event of an accident and insurance companies where you have consented;
- Companies providing a means to communicate with you;
- Companies who provide services to us e.g. app development, marketing;
- Fraud prevention companies, credit referencing agencies and law enforcement agencies in order to prevent fraud or for legal/regulatory reasons;
- Companies approved by you via the app, such as insurance companies (if you’ve got insurance via Theo) and social media sites (if you want to share your score with your friends).
We may provide third parties with anonymous and aggregated information about our customers in order to improve our service, but we will make sure before doing so that there is no way to identify you from that information. For example, we pass anonymous driving data to our hardware partners in order to keep improving the ADAS (advanced driver assistance system) service we offer you.
We may sometimes get data from external sources (for example to help prevent fraud) or to enrich your driving data (for example mapping data for trips on your app).
If you would rather we did not contact you for these purposes or would like to confirm how you would like to be contacted and for which services and products, please email us at email@example.com.
Please be aware that we have a genuine business need to contact you should there be problems with the Theo product or services, or where they are being updated. This form of contact falls outside of your marketing preferences and must continue to allow us to provide you with the services.
We’ll keep your personal information as long as you have an account with us that is either active or disabled, in order for us to provide you with the services agreed. If you disable your account we will keep your personal data for a minimum period of 7 years to comply with regulatory, accounting and HMRC requirements.
If necessary we may keep your information for longer periods for legal purposes, to help prevent fraud, to resolve complaints, even after account closure.
You do have the right to request your information be deleted, but under some circumstances some information may not be deleted. For example, any driving information where there was a Theo connected insurance policy active at the time. This is in case a claim relating to that period is made in the future.
Depending on the contract you have with us, there are slight differences. Regardless of the contract type, you’ll always have these rights.
- The right to be informed about how we’re using your personal data - which this page helps to do;
- The right to access any personal information we store about you;
- The right to request us to change any incorrect personal information - you can do this via your app most of the time;
- The right to stop us sending direct marketing messages;
- The right for us to share your data with either yourself or another entity of your choosing;
- The right to complain to your data protection regulator - in the UK it’s the Information Commissioner’s Office.
If you bought a Theo subscription and don’t have insurance connected then you have these rights
- The right to stop us scoring your driving data;
- The right to stop us processing your data;
- The right to request all your data be deleted;
- The right to stop us providing an accident alert service.
Please note that by exercising these rights, you may limit the services that are available to you via the Theo App or Theo Device.
If you bought a Theo subscription and have insurance connected then you have these rights
- The right to stop us scoring your driving data - if your insurer doesn’t require this data as part of your insurance contract;
- The right to request your data be deleted, excluding any information required by your insurers part of your contract, or any driving information in the period where the insurer was providing cover.
Please note that, by exercising these rights you may limit the services that are available to you via the Theo App or Theo Device.
We would like the opportunity to resolve any complaints you have about how we collect or process your Information, so please contact us if you have any concerns via complaints@driveTheo.com. Alternatively, you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.