LAST UPDATED: March 2026

At DrivingInsights (DI), your privacy is of great importance to us. DI is dedicated to the protection of the personal information of our clients’ employees who use our services, website visitors and other individuals whose personal information is entrusted to DI.

Policy Contents:

  • Accountability for Privacy Compliance
  • Collecting Personal Information
  • Your Consent
  • Using Your Information
  • Sharing Your Information
  • Keeping Your Information Safe
  • Access to Your Personal Information
  • Your Information – How Long Do We Keep It For?
  • Our Privacy Complaint and Breach Management Process
  • Changes to this Policy
  1. Accountability for Privacy Compliance

DI takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared, and stored in accordance with all applicable privacy laws that apply to DI’s clients, DI as a separate legal entity, as well as internationally recognised Generally Accepted Privacy Principles.

DI has appointed a Data Protection Officer who oversees compliance with privacy laws and best practice. The Data Protection Officer’s duties include:

Developing and, on a regular basis, reviewing DI policies and practices to ensure consistent implementation and compliance;
Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
Ensuring all third parties to whom DI provides access to personal information adhere to appropriate standards of care in managing that information.

  1. Collecting Personal Information

‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, birthdate, and any identifiable on-line activity. It also includes information such as details about your current health and wellness, which is sensitive personal information that we treat with extra care.

Aggregate and de-identified information that cannot be associated with a specific individual is not personal information.

Personal information will be collected using DI’s on-line questionnaires completed by you. We collect only the information needed to offer and deliver our services and do so with your consent.

Most of the information DI gathers comes directly from you. In those instances where information is collected prior to your participation, your data will be respected in exactly the same way as if we collected it from you personally.

  1. Your Consent

We obtain your consent when you commence the completion of a questionnaire. We always obtain your express consent when you provide information to DI. Your consent is only implied for non-sensitive information when we can reasonably conclude that you’ve given consent by your actions, or when it is obvious that you would consent if directly asked.

Note that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example in the context of fraud investigations, and where necessary to protect our legal interests or the safety of others. In other contexts, your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of notice of withdrawal of consent, we will inform you of the likely consequences of withdrawing your consent before we process your request, which may include the inability of DI to provide you or your insurer with particular services.

  1. Using Your Information

We collect and use your information, personally or on behalf of your organisation, to help understand your needs and requirements, and to help identify if there are areas of your driving behaviour you can focus on.

When you use DI’s questionnaires, we automatically receive and record information on our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, DI is able to enhance a user’s on-line experience (e.g. we may identify you as a return visitor in order to provide you with a more meaningful visit). You can disable cookies through your website browser, however the questionnaire cannot work properly with cookies disabled.

The information we collect when you visit DI online is used strictly to analyse and improve the performance of our digital services, and for diagnosing technical issues with the operation of the systems.

  1. Sharing Your Information

Your information is shared with your organisation in accordance with our contractual relationship with them, if such exists. Only authorised persons have access to your data as required by your organisation.

DI will only release your personal information when we believe such release is appropriate in order to comply with the law, for example, if we receive a subpoena, court order or request from government authorities. Unless otherwise required by law, such disclosure would only take place in consultation with your organisation. If anyone else requests information in your data, we will only provide it if you have authorised us to release it to them.

  1. Keeping Your Information Safe

DI has implemented critical physical, organisational and technical measures to guard against unauthorised or unlawful access to the information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your information. While no system is completely secure, the measures implemented by DI significantly reduce the likelihood of a data security breach.

Here are some examples of the security controls we have in place:

The use of encryption, firewalls and authentication processes, for electronic records;
Limited access to personal information by employees on a “need-to-know” basis;
The use of data centers with effective physical and logical data security controls;
Staff that are keenly aware of their data protection responsibilities; and
Regular reviews of privacy compliance and best practice initiatives.

  1. Access to Your Information

We make every effort to ensure that the personal information we hold is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time, and also request that it be corrected if there are any inaccuracies. You will need to provide as much information as you can to help us process your request and locate the information you require.

If you need assistance in preparing your request, please contact us and we would be pleased to help you. Upon your written request, DI will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. If we have obtained information about you from other people, we will let you know who we got it from, upon your request.

DI responds to access requests within 30 days, unless an extension of time is required. We may charge a nominal fee to cover any expenses related to responding to your access request. Note that there may be contexts where access must be refused or only partial information can be provided, for example, in the context of an on-going investigation or litigation, or if another individual’s personal information or identity must be protected.

  1. Your Information – How long do we keep it for?

DI retains personal information for as long as necessary to fulfill legal or business purposes as specified by your organisation.

Once your information is no longer required by DI to administer services and meet contractual, legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that residual information may remain in back-ups for a period of time after its destruction date.

  1. Our Privacy Complaint and Breach Management Process

DI takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to DI’s Data Protection Officer who oversees the containment, investigation and corrective actions for the breach situation.

In the event that you are not satisfied with DI’s resolution of a complaint or response to a privacy breach, you may escalate the matter to the relevant privacy regulator for the jurisdiction in which you reside.

  1. Changes to this Policy

We may change this Privacy Policy from time to time in order to better reflect our current personal information handling practices. Thus, we encourage you to review this document frequently. The “Last Updated” date at the top of this Privacy Policy indicates when changes to this policy were published and are thus in force. Your continued use of DI services following the posting of any changes to this Privacy Policy means you accept such changes.

  1. How can you contact us about this policy?

If you have questions or comments about this policy, you may email us at contact@drivinginsights.co.uk

  1. How can you review, update, or delete the data we collect from you?

Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request to contact@drivinginsights.co.uk We will respond to your request within 30 days.