Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Fiji
Hong Kong
India
New Zealand
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Howden Driving Data Privacy Notice
1. Introduction
Howden Driving Data Ltd (“we", "us", "our") need to collect and process personal data from or about individuals (“you”, “your”) in order to provide our telematics and connected vehicle/vessel technology services. We are registered with the Information Commissioner’s Office (ICO) under registration ZA795336, and this Privacy Notice explains when, why and how we collect and process your personal data, the third parties with which we may share your personal data, what your rights are in the event we hold your personal data, and how you can enforce these rights. We may amend this Privacy Notice from time to time in order to reflect any changes in how we process personal data, or to satisfy any new requirements under applicable data protection laws. This version was published in May 2026.
2. Definitions
To be clear on what we mean in this Privacy Notice:
- “personal data” is any information that can be used to identify a living individual;
- “data controller” means an organisation that decides how and why to collect personal data;
- “the Howden Group” is Howden Group Holdings Limited and any company or organisation in which Howden Group Holdings Limited holds significant share capital. We are part of the Howden Group, and you can find out more information about other companies in the Howden Group by visiting www.howdengroupholdings.com; and
- “third-party” is someone who isn’t you, us, or a company in the Howden Group.
3. Who does this Privacy Notice relate to?
This Privacy Notice relates to the following types of individuals, where we hold your personal data:
- Vehicle / vessel owners and drivers using our telematics devices, apps, or connected services;
- Fleet managers and their employees who use our services;
- Individuals who contact us with a query, concern, or complaint;
- Visitors to our website;
- Individuals whose information we receive from partners (e.g., fleet operators, technology partners).
4. When and how we collect this personal data
We may collect personal data from, or about, you at different times and through different channels depending on our relationship with you, for example if:
- You install and use one of our telematics devices or mobile apps;
- You register for, or use, our platform or services;
- Your employer or fleet operator provides your details to us in connection with their use of our services;
- You contact us by phone, email, or online;
- You visit our website (cookies and online tracking may apply);
- We receive data from authorised third parties who work with us (e.g., fleet partners, service providers).
5. What personal data do we collect?
Depending on your relationship with us, we may hold the following types of personal data about you:
- Identity and contact data: name, address, email, phone number;
- Vehicle / vessel and telematics data: GPS location, speed, mileage, journey times, driving behaviour;
- (e.g., acceleration, braking, cornering), and battery status;
- Usage data: app usage logs, account preferences;
- Correspondence data: emails, messages, call recordings;
- Internet/cookie data: IP address, device identifiers, browsing behaviour on our site.
6. The lawful ways we use personal data
We collect and process personal data for the following lawful reasons:
- To enter into or perform a contract with you: for example, where you install and use one of our telematics devices or apps as part of your insurance policy, we need to process your personal data in order to set up your account, record and transmit driving data, provide access to our platform, respond to your queries, and deliver ongoing telematics services that support your insurer;
- To comply with a legal obligation: for example, to fulfil your rights under data protection laws, handle complaints about our services, cooperate with regulators or law enforcement, and comply with other applicable requirements such as fraud prevention and road safety reporting;
- For our legitimate business interests: for example, to securely manage and maintain our telematics systems, to monitor and improve our technology and services, to test and develop new telematics features, to analyse driving behaviour trends at an aggregated level, to ensure system and data security, and to carry out internal business reporting. Where we rely on this lawful basis, we make sure our interests are balanced against your rights and freedoms. You may have the right to object in certain circumstances;
- With your consent: for example, if you agree to us using your contact details for marketing communications, or where you consent to share specific telematics data with third-party service providers (such as roadside assistance or driver coaching apps). You can withdraw your consent at any time by contacting us;
- To protect vital interests: in rare circumstances, we may use telematics data to protect your life or the lives of others — for example, where crash detection features are activated and used to help alert emergency services.
7. Who we share personal data with
Below are the categories of third parties that we may share your personal data with, but only where we have a legitimate reason to do so:
- Service providers and technology partners who host our systems, process data, or provide support;
- Fleet operators or employers (if your telematics device is provided via your workplace);
- Authorised third-party partners (e.g. data analytics providers, crash detection or roadside assistance services);
- Regulators, government authorities, or law enforcement when legally required;
- Any third party where disclosure is required to comply with legal or regulatory requirements;
- Other Howden Group companies; and
- Potential purchasers of our businesses.
8. Use of Artificial Intelligence
In certain cases, the tools, systems or platforms that we our third party partners use may leverage Artificial Intelligence and related technologies. For example, in order to reduce the time it takes for us to manually produce a summary of a meeting or a phone call, we may use a Generative AI service that analyses the transcript of that meeting or phone call to produce a summary that is then subject to a human review for accuracy. Or we may use Large Language Models that rely on our internal indexing of documents to make it easier for us to search for and retrieve information that we hold. In the event that we use Artificial Intelligence and similar technologies to make decisions about you, we will inform you of such separately.
9. Sharing data within the Howden Group
As stated in Section 7, we may share personal data with other companies within the wider Howden Group for the following purposes:
- To receive administrative support from those companies, such as the receipt of IT, HR, Finance and Compliance services; and
- So that these companies can provide market insight to insurers on a confidential basis, but only where personal data has been aggregated or anonymised.
We will only share the minimum amount of personal data required to achieve these purposes, ensuring that we have a lawful basis to share personal data and that any processing undertaken on our behalf is governed by a data processing agreement.
10. International data transfers
Some of the third parties that we work with may be based outside of the UK. Where we need to transfer personal data overseas to deliver our services or for other legitimate reasons (for example where legally required), and in the event the overseas country is not considered to provide an adequate level of protection under UK data protection law, then we shall ensure that a formal and enforceable set of standard contractual clauses is, or has been, entered into between us and the overseas recipient. You can ask us for more information on this by using the contact details set out under Section 13.
11. Retaining and destroying personal data
We retain personal data about you in order to provide any services that you may request from us, to meet a number of legal and regulatory record-keeping requirements, as well as to support our own legitimate business interests. In most cases we will retain your personal data for 7 years following the end of our relationship with you in order to ensure we can sufficiently handle any disputes, claims or complaints that may arise in connection with the relationship. In some cases we may need to retain your personal data for longer than this period, for example if a relevant insurance policy allows for a longer claim notification window.
12. Your data rights
Data protection laws give you rights relating to your personal data. Should you wish to enforce a right (generally at no cost to you), or make a data protection complaint, please use the contact details set out under Section 13. We aim to provide a final response within one month of receiving a request, unless the request is particularly complex in which case we will let you know when we expect to complete it by:
| Access | You have a right to request a copy of the personal data that we hold on you, along with meaningful information on how it is used and who we share it with, however there are some instances where we may not be able to provide you with some or all of the information we hold. Where this is the case we will explain to you why when we respond to your request, unless the relevant laws or regulations prevent us from doing so. |
Rectification | You have a right to ask us to correct inaccurate or incomplete personal data that we hold about you. We will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why. |
| Erasure | You can request that we delete your personal data in certain circumstances, for example if we no longer need the personal data for the purpose(s) for which we collected it. We will either confirm to you that this has been done, or if we are unable to delete it due to a compelling overriding reason we will let you know why. |
| Restrict processing | You can ask us to restrict the processing of your personal data in certain circumstances. If you do so, we will either confirm that this has been done, or if we are unable to do so, we will let you know why. |
| Data portability | In certain circumstances you have the right to request that your personal data be transferred to yourself or a nominated third party in a common, machine readable format. If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why. |
| Object to direct marketing | You can object to receive direct marketing from us, and this right is absolute. You can do this by simply clicking on the unsubscribe link in any email you receive from us or alternatively getting in touch with us. |
| Object to our legitimate interests | Where we process your personal data to achieve a legitimate business interest of ours, for example those described under Section 7, you have the right to challenge this. If you do so, we will either confirm to you that the processing has stopped, or explain why we believe our interest in the relevant activity outweighs your interest. |
| Object to automated decision-making | If you are an insured person undertaking a credit check through a premium finance lender, we may use Automated Decision Making to determine what action to take based on the resulting credit score. You have the right to object to decisions made about you using your personal data and undertaken by purely automated means. If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you. |
Should you submit a request or complaint to us and remain unhappy with our response, you may raise a complaint directly with the UK supervisory authority whose contact details can be found at www.ico.org.uk.
13. Our contact details
Should you wish to exercise a right or submit a data protection complaint, you can contact [email protected].