We understand that the information you trust us with is important to you, and we are committed
to protecting and respecting your privacy. Please take time to read this carefully as it contains
details of the basis on which we will process (including collecting, using, sharing, transferring) and
store your information. You should show this notice to all parties related to this insurance
arrangement. If you have given us information about someone else, you are deemed to have their
permission to do so.
If you have any questions or need further information you can e-mail [email protected] or write to
our Data Protection Officer, JURNY, Prospect House, Halesowen B62 8DU.

We will process and store your personally identifiable information in accordance with the
requirements of the Data Protection Act 2018.

We will ensure data is processed lawfully, fairly and in an open and transparent manner. We will
ensure appropriate security measures are in place against unauthorised or unlawful processing or
accidental loss, destruction or damage using appropriate technical or organisational measures e.g.
restricting access to key people within our organisation for certain aspects of your information,
and periodically checking the level of security we apply to prevent unauthorised use, accidental
loss, or misuse of your information.
We are governed by and shall operate in accordance with contracts we have in place with our
suppliers (e.g., Insurance Companies, our Software Provider, and similar providers of services to us)
which set out our relationship as a processor as required by the Data Protection Act 2018.
As a controller, we in certain circumstances also determine the purposes and means of processing
data. In particular, the data processed by Minerva Science Limited and other processors, e.g., when
we act as a wholesale distributor of insurance.

We will collect personal data which will include a variety of information about you e.g., your name,
address, communication and contact details, and your date of birth. We will also collect, where
relevant to do so, information relating to you indirectly by reference to an identifier e.g., your IP
address. When you call us, we record calls for quality and monitoring purposes.
Where required and appropriate to do so, we will also collect more sensitive personal information
such as, details about an individual’s motoring or criminal convictions, details of health, credit worthiness and other similarly sensitive information.
In certain circumstances, we will collect information from a variety of different sources such as,
publicly available sources, including social media and networking sites, third party databases generally available to the financial services sector, and the wider commerce and industry
including, credit reference agencies, claims management firms, loss adjusters and/or other
suppliers appointed in the process of handling a claim. We will also collect information from you
regarding your past policies.

We will use information, including sensitive information, about individuals, and other parties
related to our group companies’ insurance activities, because it is:

a. necessary for the performance of or to take steps for an individual to enter into a contract
of insurance; or
b. necessary for compliance with a legal obligation; or
c. necessary for our own legitimate interests or those of other controllers or third parties (e.g.,
to search at credit reference agencies, monitor e-mails, calls and other communications or
for market research, analysis and developing statistics), except where such interests are overridden by the interests, rights, or freedoms of the data subject.

These bases include, providing an insurance quotation, arranging and placement of a policy or
wholesale facility, and providing administration throughout the lifecycle of an insurance
arrangement, as well as assisting with making a claim.

In certain circumstances, such as when you request a quotation, make changes to an existing
policy or at each renewal, our assessment may involve an automated decision to determine
whether we are able to provide you with an insurance arrangement. You can object to us using an automated decision (see the individual rights section) however, in those situations it may prevent us from being able to provide you with insurance.

When processing personal data for profiling purposes either undertaken by the My Policy Group
(see Group Companies section), we will ensure appropriate safeguards are in place, ensuring:

a. processing is fair and transparent and provide meaningful information about the logic
involved, as well as the significance and the envisaged consequences;
b. use appropriate mathematical or statistical procedures for the profiling;
c. appropriate technical and organisational measures are in place to enable inaccuracies to
be corrected and minimise the risk of errors; and
d. secure your personal data in a way that is proportionate to the risk to your interests and
rights and prevents discriminatory effects.

We will also use your information when there is a justifiable reason for doing so, such as
compliance with legal obligation e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you; and for the recording and monitoring of telephone calls for auditing reasons.

By collecting information regarding your current, ongoing and past insurance arrangements or
policies, we will use this to carry out research and analysis (including profiling) principally as part of the actuarial and wholesale services (but not limited to) activities we carry on to provide insurance arrangements to you, now and in the future.

We will do this in such a way, which involves large volumes of information being converted into
statistical or aggregated data, meaning a particular individual can no longer be identified.

Some aspects of the research and analysis undertaken are separate from using your information
directly in connection with your insurance arrangement but are compatible with our activities as a
provider of insurance.

We will share information, including sensitive information, about you, and other parties related to this insurance.

This includes sharing your information with carefully selected third parties providing a service to us, or on our behalf. These include, but are not limited to, Insurance Providers, Minerva Science Limited (including activities undertaken as a wholesale distributor of insurance). In order to comply with our legal and regulatory obligations we will share information with the Financial Conduct Authority, Information Commissioners Office, HM Revenue & Customs, Fraud Prevention Organisations, Insurers and Law enforcement bodies.

Unless required to do so by law, or for other similar reasons, other than those outlined in the sharing your information section, we will never share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place. We will in any other event ask for your consent to share that information and explain the reasons.

We will only keep and/or maintain information about an individual for as long as is necessary in providing our products and services, or for compliance with a legal or regulatory obligation, including our legitimate interests or the legitimate interests of a controller e.g., Minerva Science Limited, and other processors.

This means we will only keep information that is necessary to keep, necessary to deal with queries, claims and for compliance with legal reasons, usually for a maximum retention period of 14 months for any quotations and/or up to a maximum period of 7 years after cessation of a product or service we have provided.

Where we are required to retain information beyond this period (e.g. for legal reasons) we will
ensure the data we retain is minimised so, in the example given here, this would be limited to information which is adequate and relevant for legal reasons.

In the interests of information security, we treat General Packet Radio Service (GPRS) data
differently (See GPRS section). This category of data is treated in the same way as sensitive data
(see the Sensitive Data section for more information).

This shall be in compliance with the Data Protection Act 2018 and using appropriate technical or
organisational measures we will regularly:

a. review the length of time we keep and/or maintain information about you;
b. consider the purpose or purposes why we hold the information about you in deciding
whether and for how long to retain it;
c. securely delete information about you that is no longer needed for this purpose or
purposes; and
d. update, archive or securely delete information about you if it goes out of date.

In carrying out our duties as Data Controller and Data Processor we will collect sensitive
information about you and other parties related to this insurance.

What we mean by sensitive data includes information such as:

a. your health, including medical conditions;
b. motoring or other criminal convictions;
c. a wide range of journey data from your telematics device (JURNY Meter).

We will always apply additional organisational and technical measures for this category of data,
including restrictions to access this data, and key-coding of journey data (this is where your
journey data is secured with additional layers of security to prevent misuse and protect personally
identifiable information).

General Packet Radio Service (GPRS) is a packet orientated mobile data technology used by the JURNYmeter to transmit information about the way the motor vehicle in which it is fitted, is being driven. We use this information to track your mileage so that we can charge you accurately. We also collect this data to enable us to provide a price at renewal, and for any mid-term changes, that reflects how you drive. In the event of a claim this information will be used to determine the circumstances of any such incident.

We do not proactively monitor or use driving data to intervene to correct driving behaviour.

Typically, this is the information you can view in your Driver Dashboard, which includes the
journeys you have undertaken.

Because we treat this type of information in the same way as sensitive data, we will only keep
journey information that is necessary to keep, and purely for compliance with legal reasons (see
how long we will keep information section), for a minimum retention period of 7 years after cessation of a product or service we have provided.

We will apply appropriate organisational and technical measures for this category of data
including restricting access to key people within our organisation for certain aspects of your information (typically this will be in relation to the journey data we maintain outside what you can
access in your Driver Dashboard).

In the event that you no longer have a current or ongoing insurance arrangement with us, we will usually, after a period of between 12 and 14 months, take further steps to safeguard your journey data (this is where your journey data is secured with additional layers of security to prevent unauthorised access, misuse and to ensure we always protect personally identifiable information).

We store all your personal data in the UK. No personal data will be processed outside of the UK without adequate data protection in place that is at least equivalent to the current UK data protection laws. In any event, if we are compelled to transfer your information outside the UK, it shall be in compliance with the conditions for transfer set out in the Data Protection Act 2018
and/or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm has suitable standards in place to protect your information.

You will be asked to accept a cookie, which is a small file of letters and numbers that is
downloaded onto your computer when you visit our website. This will be clearly explained to you
when you visit our website and you will typically have to accept the cookie to benefit from the
services our website can offer.

Cookies are operated in strict accordance with Privacy and Electronic Communications
Regulations 2011 (PECR) and are widely used by many websites and enable our website to remember your preferences, recording information you have entered.

These same rules also apply if you access or use any other type of technology to gain access to
information stored electronically by us e.g. the Jurny dashboard using your smartphone or similar
portable device.

You have a number of rights relating to the information we hold about you; these rights include but are not limited to:

a. a copy of your personal information we hold;
b. rectify information, if it is inaccurate or incomplete;
c. request the deletion or removal of your personal data where there is no compelling reason
for its continued processing;
d. suppress processing of your personal data, when processing is restricted, we are permitted
to store the personal data, but not further process it. We will retain sufficient information
about the individual to ensure that the restriction is respected in future (see Marketing);
e. object to certain uses of your personal information (see Marketing);
f. in certain circumstances to not be subject to a decision when it is based on automated
processing and/or it produces a legal effect or a similarly significant effect on you;
g. withdraw any permission you have previously provided; and
h. complain to the Information Commissioner’s Office at any time if you are not satisfied with
our use of your information.

You can request a copy of your personally identifiable information we hold by contacting us. You have a right to data portability so we will normally provide that information in a format that is easily accessible e.g. in a CSV format, should you require it to allow your information to be exchanged easily with other organisations. We will provide this information free of charge, however we may apply a charge where information requests are excessive.

For further information please e-mail [email protected] or write to our Data Protection Officer,
JURNY, Prospect House, Halesowen B62 8DU.

We will ask you separately for your permission to contact you and how you would like to be
contacted e.g. by phone, e-mail, push notifications, SMS, or post to tell you about:

a. new products or services we have or are developing;
b. trialling products and services which we think may improve our service to you or our
business processes;
c. offer you rewards;
d. enter you into a competition.

We will typically ask for your permission when you first contact us (usually on our website), but you will maintain the right to easily withdraw your consent whenever you wish. We will regularly review your consent to check that your relationship with us, the processing and the purposes for processing have not changed.

We will have processes in place to refresh your consent at appropriate intervals, including any parental consents and act on withdrawals of consent as soon as we can. We will not penalise you if
you choose not to give or later choose to withdraw your consent.

The My Policy Group operates under a number of trading names including:

JURNY (a trading name of My Policy Limited), My Policy Limited which is an insurance intermediary, and My Policy Limited trading as Measured Miles which acts a distributor (wholesaler) of insurance, and Minerva Science Limited which provides our actuarial services.

For more information on the My Policy Group companies please visit www.mypolicy.co.uk.

We may change this Privacy Policy from time to time to keep it up to date, or to comply with legal requirements. Any changes we make in the future will be posted on the relevant section of our website.

PRIVACY POLICY V 3.0
Last updated January 2023