Privacy Policy

1. Introduction

The information in this Privacy Policy describes how we, Caura Ltd, and our Product Providers, use your personal data in connection with your use of our App (as defined in our Caura Terms of Use).

We respect your privacy and protecting your information is paramount. We want you to be informed and empowered with respect to your privacy when you use our App, so please read this Privacy Policy carefully before using the App and purchasing insurance. Together with our Caura Terms of Use, this Privacy Policy sets out our views and practices regarding your personal data, how we collect, process and treat it, and the rights you have in relation to the protection of your personal data.

2. Who are we?

We are Caura Ltd (also referred to as "we", "our" and "Caura"). We are registered in England and Wales under company number 11520538 and have our registered office at 1 Horse Guards Avenue, London, England, SW1A 2HU. We are the data controller of your information.  

Our registration number with the Information Commissioner’s Office (ICO) is ZA603130. Where there are additional data controllers or processors of your information this is laid out clearly below.

3. Key words

'Terms and Conditions' the terms and conditions set out in the policy which is/was issued to you.

‘App Module Services’ mean the services provided to eligible customers of Lex Autolease Limited as defined within the Lex Autolease Limited and Broker User Terms and Conditions.

‘Broker’ means an eligible vehicle broker who may have facilitated a lease agreement between you and Lex Autolease Limited as defined within the Lex Autolease Limited and Broker User Terms and Conditions.

'Data Protection Laws' means the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK.

‘Insurance Quote' for the purpose of this privacy notice shall include any quotation for a new insurance policy, renewal of your existing policy or when you make a mid-term change to your existing policy.

‘Lex Autolease Limited’ (‘Lex’) is a lease provider who you may have a lease agreement with. Lex are registered in England and Wales under company number 1090741 and have their registered office at 25 Gresham Street, London, EC2V 7HN.

'Product Providers' for the purposes of this privacy notice shall include Insurers providing a quotation, your Insurer, reinsurers, any Underwriter, Administrator (each as defined in your Policy) which either form part of your Policy.

‘Personal information’ means any information that we have obtained from you or third parties in connection with a service or product provided to you that is held now or at any time in the future by us.

'IP address' is your Internet Protocol address which is a code that each device connected to the Internet has in order to identify that device.

'Data subjects' are Caura app users, prospective insurance consumers, insurance Policyholders and premium finance customers.

'Personal data' is information about an identified or identifiable natural person that could allow a living person to be identified.

4. What information do we collect?

Information you give us

You may give us information about you when you use our App or certain services like the App Module Services, get a quotation for insurance, purchase insurance and when you communicate with us. This includes information you input during registration by answering specific questions, providing us with feedback, participating in surveys, and when you report a problem.

The information you give us may include:

• your contact details, such as name, address, email address, phone number; and

• your vehicle registration number;

• to view your driving licence, personal information to verify your identity with the DVLA;

• for insurance we'll collect and process information about you from a number of sources, including details you give us such as your personal information, details of your home/vehicle, or other information required to provide an insurance quote;

• for the App Module Services we’ll collect information about you to verify your identity with Lex.

Information we collect from third parties

If you choose to provide us with your vehicle registration number, we will use that information to obtain certain information related to you and your vehicle from various sources, such as the Driver and Vehicle Licensing Authority (DVLA), including tax due dates, MOT renewal dates and MOT results.

If you choose to view your driving licence details in Caura, will be a concierge service and by entering your Driving Licence Number and your NI number, you are using Caura’s platform to view and fetch your driving licence details from the DVLA yourself. Your Driving Licence Numbers and NI numbers are stored in an encrypted state and not accessible to any Caura employee. We will periodically use them to refresh your licence details for you. If you wish to use this service, you should read and abide by the DVLA’s privacy policy.

When using the App Module Services we collect and process information from Lex about your lease agreement to allow you to view these in the App. You will be asked to consent to this at the time of using these services.

Information we collect about you

We will collect information during your use of the App, including:

• details regarding the communications made between us;

• technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, browser plug-in types and versions, operating system and platform;

• services you viewed or searched for; and

• page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page and any phone number used to call our customer service number.

Recording telephone calls and other communications. we may monitor or record telephone conversations or other communications between you and us.

4. What is the basis for processing?

We make sure we have appropriate legal bases on which to collect, use and share data about you. Our lawful bases may include:

Consent: We will always seek your consent to process certain types of information where we are legally required to do so. You have the right to withdraw or decline your consent at any time;  

Performance of a contract: We need you to give us the information you provide and to collect information about you from the DVLA or third-parties like Lex in order for us to provide you with the services offered via our App, as agreed in the Terms of Use and the Lex Autolease Limited Broker User Terms and Conditions, if applicable. If you do not provide this information, we may not be able to provide the App to you or you may not benefit from the App’s full functionality;

Compliance with our legal obligations;

Legitimate Interests: We may process your personal data for the purposes of our own legitimate interests or for the legitimate interests of our suppliers provided that such processing does not outweigh your interests. When we rely on our legitimate interests, you have the right to object at any time. For example, we may process your personal data to:

o Keep our records up to date;

o Provide you with our services, including for the purpose of quality control and analysis;

o Develop and improve our products and services; and

o Communicate and manage our relationship with you.

5. What is your information used for?

All the personal data we collect, store, process or share is processed:

• by Caura as the Data Controller;

• by our insurance partners who may be Data Controllers in their own right to provide you with insurance quotations and products / services;

• by Lex and the Broker as independent data controllers to allow the App Module Services to be delivered;

• by Caura as data processor for vehicle and lease information for and on behalf of Lex when providing the App Module Services;

• to provide you with information and third-party services which you request via the App;

• to perform our obligations under any contract we have with you;

• to manage our communications with you in relation to your queries and complaints;

• to notify you about changes or updates to our App and the third-party services available through it, including via push notifications;

• for analytical or training purposes;

• to ensure that content from our App is presented in the most effective way for you and your device;

• to assist in improving our processes, products and services (e.g. by pre-populating data when you request a service);

• as part of our efforts to keep our App safe and secure and to prevent fraud;

• to ensure compliance with your requests for the exercise of your rights.

What we will never do. Rest assured, we will never sell your information to third parties.

Information we receive from other sources. We may combine this information (including information we receive from the DVLA) with information you give to us and use this information and the combined information for the purposes set out above.

Recording telephone calls and other communications. We will use telephone recordings or transcripts of communications to check your instructions to us, analyse, assess and improve our services, for training and quality purposes and for the purposes of investigating any complaint you may make, or as evidence in any dispute between you and us.

6. Who do we share your data with?

We may need to disclose your data to others to facilitate the provision to you of the App, and any additional services you request via the App. Your data may be disclosed to the other entities as described below.

We may share your information with:

• Our insurance partners for the purposes of obtaining insurance quotations, insurance product providers named on your insurance policy, with suppliers acting on our, your Insurer's and additional Product Provider's behalf – for example, our claims suppliers and government organisations such as our regulators, the Financial Conduct Authority and the Financial Ombudsman Service (FOS); the Police, Trading Standards, fraud prevention organisations and agencies such as the Insurance Fraud Register;

• Lex Autolease for the purposes of verifying your identity, to allow the App Module Services to be delivered, to report on App usage and engagement, or to complete and fulfil your lease requirements now and in the future. To see how Lex uses, processes and stores your information please see Lex’s privacy Policy at Privacy Policy | Lex Autolease;

• The Broker to allow the App Module Services to be delivered, or to complete and fulfil your lease requirements now and in the future. If you choose to view your Lex lease information in the App, we will provide you with your Broker’s details including their privacy policy for you to see how they use, process, and store your information;

• If we find you've given us false or inaccurate information, we may pass your details to fraud prevention agencies. To prevent fraud and money laundering, we and other organisations, including law enforcement agencies may also access and use information recorded by fraud prevention agencies.

• our group companies for the purposes of business administration;

• third party service providers to whom you choose to make a payment using our App (e.g. DVLA, or various City Charge operators);

• third parties who supply services to us, such as our IT and hosting providers and our payment service provider, Stripe, who we use to facilitate payments you make via our App, where we do this you implicitly agree to their terms and conditions, and privacy policies;

• our professional advisers, such as our legal advisers where they require that information in order to provide advice to us in relation to our services;

• any regulatory authority we may be subject to for the purpose of demonstrating compliance with applicable law and regulations;

• a prospective seller or buyer (or the buyer or seller’s advisers) of any of our business or assets;

• if we or part or all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and

• such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.

Disclosure of your personal information to a third party will only be made where they agree to keep your information confidential and will only be used for the specific purpose for which we provide it to them.

Please note that when you use our App to make payments to third parties, you will be subject to the relevant service provider's terms of use and privacy policy (which will be different from ours). The terms of use and privacy notice of Stripe, our payment service provider, may also apply. We encourage you to read these third-party terms of use and privacy policies carefully.

7. Transfers to another country

Your personal data may be stored and processed outside of the European Economic Area (EEA), in countries that may have different data protection rules to our own. However, we will ensure that the transfer of your personal data outside of the EEA will only occur where the appropriate safeguards have been put in place. If you want to learn more about the details of these safeguards you should get in touch with us using the contact details at the bottom of this Privacy Policy.

8. Data storage and retention

If you ask for an insurance quote with us, via any route, we will keep this data for up to three years. If you purchase an insurance policy from us, we will keep your personal data for the duration of your policy and for up to seven years or longer to ensure we’re able to answer any queries, manage any complaints and to manage outstanding claims.

We will only keep your personal data for as long as necessary to carry out the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations, following which we will securely destroy your personal information. We will provide you with more detail regarding the storage periods for the different types of services offered via the App as and when you request them.

After termination of your account with us, we may continue to use anonymised data (that does not identify you) which is aggregated with anonymised data of other users. We use this aggregated data for data analysis, profiling and research purposes. We may also keep your email address to ensure that you no longer receive any communications from us.

9. Use of cookies

Cookies are small text files that are placed on your device by websites that you visit. They are widely used in order to make websites and apps work, or work more efficiently, as well as to provide information to the owners of the site or app. Cookies do not contain person-identifiable information such as personal contact details or credit/debit card numbers.

Our websites only enable essential cookies by default. These are cookies necessary for the technical performance of our platform, such as security and fraud prevention. Non-essential cookies, such as those that collect information about user journeys to deliver relevant content, are only enabled after explicit consent has been given. If you would prefer to deactivate all non-essential cookies, you can do so by ‘rejecting’ cookies when prompted. Please note that disabling cookies will limit the service that we can provide. For more information on how to update your settings, visit the Information Commissioner's Office website.

We and our service providers collect information about your use of our App from cookies. Caura uses three types of cookie:

Session cookies: These enable us to track your movements across our websites and save information to make life easier.

Persistent cookies: These enable us to remember your preferences and settings each time you visit our websites. This makes using the site faster and reduces the need to re-enter data.

Third party cookies: These enable us to track user activity outside our websites and better optimise campaigns and analytics.

We use the following cookies for the reasons stated below:

Google Ads: Allows us to see how effective our ad campaigns are by tracking how many users click through to our website from a particular ad, and the demographic of those users.

Google Analytics: Allows us to see how many users are on the website and which pages they are visiting.

Google Tag Manager: Allows us to see which pages users are visiting, and how many users click through to our website from a particular link.

Facebook Pixel: Allows us to see how effective our ad campaigns are by tracking how many users click through to our website from a particular ad, and the demographic of those users.

Hotjar: Allows us to see how many users are on the website, which pages they are visiting and what content they are interacting with.

Segment: Allows us to see how effective our ad campaigns are by tracking how many users click through to our website from a particular link.

Singular: Allows us to see how effective our ad campaigns are by tracking how many users click through to our website from a particular link.

10. Your legal rights

We are committed to delivering the rights that data protection law provides to individuals. Please be aware that these rights are often not absolute, and exemptions may apply.

To exercise your rights, please contact us using the contact details at the bottom of this Privacy Policy.

The right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.

The right to access: You have the right to access the information we hold about you. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs for certain requests.

The right to rectification: You have the right to ask us (and third parties to whom we transfer your personal information) to rectify your personal information if it becomes inaccurate.

The right to erasure: You have the right to ask us to erase your personal information in certain circumstances.

The right to restrict processing: You have the right to restrict our processing of your personal information in certain circumstances, including if we no longer need your personal information but you would like us to retain it to ensure its continued availability to you in connection with any legal claims.

The right to data portability: You have rights to obtain and reuse your personal data for your own purposes across different services in certain circumstances. This right only applies to personal information you have provided to us (i.e. not any other information); where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.

The right to object: You have the right to object at any time to processing of personal information concerning you which is based on our legitimate interests. If we can show compelling legitimate grounds for processing your personal information which override your interests, or we need your personal information to establish, exercise or defend legal claims, we can continue to process it.  Otherwise, we must stop using the relevant information.

The right to withdraw consent: Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

11. How we protect your information

We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.

12. Links to third party websites

Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

13. Changes

We may make changes to this Privacy Policy in future to reflect changes in the functionality of the App or otherwise changes in the way that we process your personal information. Any changes we may make to our Caura Privacy Policy will be posted here and, where the changes are material or we decide it is appropriate, notified to you by push notification or any other manner we deem appropriate. Please check back frequently to see any updates or changes.

14. Complaints

If you have a complaint relating to the processing of your personal data, please email dpo@caura.com.

We would appreciate the opportunity to address any concerns or complaints you may have with respect to the App and our data processing practices. However, you are also entitled to lodge a complaint with a supervisory authority at any time. In the UK this would be the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/).

Cookies give you a personalised experience. You can learn more in our .