We may use the information we obtain in connection with the following activities (including those provided by our partners) and based on the following legal grounds:
3.1. Conclusion of insurance policies based on Driving Data via NovoAdapt
We collect and process telematics data (e.g., trip history, driving behavior, safety score) through our NovoAdapt program to provide personalized quotes and enable the conclusion of insurance policies. This includes analyzing driving patterns over a predefined evaluation period (e.g., during Test Drive) and using that data to generate accurate, risk-based pricing. If you accept the quote, the data informs you of the terms and conditions of your policy.
Legal basis: performance of a contract - processing is necessary to prepare and issue a tailored insurance policy at your request, based on behavioral risk indicators; consent - required to collect and process telematics data during the evaluation period (e.g., location, driving speed, braking); legitimate business purposes (limited) - to verify quote accuracy and ensure fair risk-based pricing, where not overridden by user rights; enhancing customer loyalty through personalized services; promoting road safety, preventing accidents; reducing insurance claims; legal obligation - in some cases, to comply with Know Your Customer (KYC), fraud detection, and other regulatory insurance requirements tied to quote and policy issuance.
3.2. Performance of the Contractual Relationship with You
We process your data to establish, execute, and manage the contractual relationship with You. This includes issuing insurance policies, handling billing, providing access to customer support, administering policy changes, processing claims, and communicating essential information about your coverage and participation in related programs (e.g., NovoAdapt, NTD/ or any of our NSP variations: Novo Next, Novo Flex or Novo Classic).
Legal basis: performance of a contract - necessary for delivering the services you’ve requested, including insurance coverage, claims processing, and policy management; legal obligation - for obligations such as consumer disclosures, insurance record-keeping, and fraud checks; consent - to collect and process location data, telematics data and implied/derived data; such telematics data is predicated upon explicit and informed customer consent, enabling Novo to refine risk assessment for potentially tailored premium structures; operational/business purposes - in maintaining accurate customer records, service efficiency, and ensuring business continuity, where processing is not strictly required under contract or law.
3.3. Enrollment in Our Programs (NSP)
We process your personal and vehicle data (e.g., make, model, Bluetooth/telematics capability) to determine your eligibility and facilitate your enrollment in our telematics-based insurance programs, including Novo Test Drive (NTD) and Novo Smart Pricing (NSP). This also involves verifying the correct setup of connected services and confirming your technical compatibility for participation.
Legal basis: performance of a contract - to enroll you in the programs that enable personalized pricing or benefits; consent - when participation requires the collection and sharing of telematics data; operational/business purposes - to ensure compatibility, validate eligibility, and maintain the integrity and proper function of the program; legal obligation - where verification or identification processes are required for compliance (e.g., fraud prevention, anti-money laundering/KYC depending on jurisdiction).
3.4. For underwriting and rate purposes
We process your personal data to assess insurance risk, determine pricing, and calculate premiums tailored to your profile. This may include verifying the information you provide during application (such as driving history, vehicle data, or telematics results) and using behavioral insights where applicable (e.g., through Novo Test Drive or NovoAdapt). These activities ensure fair, accurate, and risk-based underwriting.
Legal basis: performance of a contract - to provide you with an insurance quote and issue or adjust your policy; operational/business purposes - to maintain pricing accuracy and underwriting integrity across our products; consent - where we rely on telematics or behavioral data you have agreed to share.
3.5. Carrying out business-related services
We process your personal data to support essential insurance operations. This includes handling applications, facilitating claims or service requests, conducting necessary investigations, executing policy-related transactions (such as renewals or endorsements), and maintaining or servicing your customer account throughout the policy lifecycle.
Legal basis: performance of a contract - to provide you with the insurance services you request; operational/business purposes - to operate and manage our services efficiently and effectively; manage your claims and keep proof of that; conduct investigations and ensure activity flows and to defend our interests and rights as well as your rights.
3.6. To determine eligibility for the NSP and NTD Program
We may collect and processes data based on various factors, including vehicle make and model, type, Bluetooth capabilities, and/or telematics compatibility. This ensures that only vehicles meeting the necessary technical and Program requirements are enrolled.
Legal basis: operational/business purposes - to ensure the technical suitability of enrolled vehicles; consent - when you provide this information voluntarily.
3.7. To calculate your driver score
We process your telematics data-including driving behavior, trip history, and vehicle usage-to generate a driver safety score. This score is used alongside traditional rating factors (such as age, location, and vehicle type) to determine your personalized insurance quote, the premium you pay for your current policy, and pricing at renewal or for future policies. The use of driver scoring enables fairer, more usage-based pricing that reflects your actual driving risk.
Legal basis: performance of a contract - as part of our insurance offering; Your consent; operational/business purposes - to ensure accurate and fair pricing based on usage.
3.8. To validate trip data and analyze telematics data
We process telematics data-including trip records, vehicle metrics, and app connectivity status-to ensure accurate mileage reporting, enable correct calculation of your safety score, and verify ongoing compliance with program requirements. This includes monitoring app permissions, OEM connectivity, Bluetooth or subscription status, and other technical criteria that determine your eligibility and participation in telematics-based insurance programs.
Legal basis: performance of a contract - to maintain program integrity and prevent misuse; performance of a contract - when necessary for delivering telematics-based features.
3.9. To understand how to interact with the Novo Insurance Platform
We collect and analyze data about how you use our digital platforms (e.g., website, app) to continuously improve the user experience, interface design, service quality, system performance, and security of our services. This may include usage patterns, feature engagement, technical diagnostics, and navigation behavior.
Legal basis: operational/business purposes - to enhance the usability, reliability, and safety of our platform; consent - when optional technologies like cookies or app trackers are involved.
3.10. To respond to your customer service requests or the requests of others who may be covered, administer your account, send you service-related correspondence
We process your personal data to provide full access to the Novo Insurance Platform and to deliver essential customer support. This includes responding to your inquiries (or those of covered individuals), managing your account, sending service-related communications, enabling policy updates or additions, handling claims, confirming your identity, and facilitating transactions related to your insurance coverage. It also includes participation in insurance support organizations and performing underwriting and rating activities.
Legal basis: performance of a contract - to support your policy and related services; legal obligation - where we are required to retain records or respond to lawful requests; operational/business purposes - to ensure responsive and accurate customer service, defend our and your rights and interests, keep proof of requests management, manage your complaints/requests accordingly, measure quality of support services.
3.11. To enhance user experience and deliver personalized content
We process data using cookies, tracking pixels, and analytics tools. This enables targeted advertising based on browsing behavior, app usage, and engagement with marketing communications. Additionally, performance tracking helps analyze website and app traffic, user interactions, and feature engagement to improve functionality. For more details, refer to our Cookie Policy.
Legal basis: consent - when legally required for cookies, tracking, or marketing activities; operational/business purposes - to optimize platform content and feature development, where permitted.
3.12. To send you newsletters, evaluate marketing campaigns, develop new products and services, market our products and services, analyze how users use the Novo Insurance Platform, send you notifications, and provide a more customized web or mobile experience
Throughout your participation in NTD, you will receive a variety of notifications and communications, both through the app and via email. These notifications include: welcome notifications upon successful registration and app setup, with instructions on how to begin using the app and tracking your driving behavior; trip notifications to inform you of completed trips and their impact on your safety score; weekly reports that summarize your driving habits, safety score, and overall progress; quote alerts when your driving data is sufficient to provide an accurate quote. You will also receive email communications, such as a welcome email after signup, updates on your driving performance, and notifications about the availability of a full quote once sufficient data has been collected.
Legal basis: consent - for sending marketing communications, newsletters, and notifications not strictly necessary for service delivery (e.g., promotional emails or feature announcements); performance of a contract - for essential communications related to your participation in the NSP/NTD program, such as setup instructions, trip summaries, quote alerts, and safety score updates; operational/business purposes - to improve products and services, analyze platform usage, personalize user experience, and evaluate the effectiveness of communications and campaigns (where consent is not strictly required, and processing does not override user rights or interests).
We may use specific contact data as mobile phone number and SMS interaction data, to assess the effectiveness of our marketing campaigns, and support the development and improvement of our products and services-such as new features; analyzing how users interact with the Novo Insurance Platform across web, app, and SMS channels; and delivering a seamless, customized experience tailored to your preferences and engagement history. Where applicable, this may involve using mobile communication (such as SMS) to follow up on quotes, send reminders, provide real-time support, and engage with users who explore telematics-based tools, even if they are not policyholders;
3.13. Participation in Referral and Rewards Program
If you choose to participate in our referral and reward program, we will process personal data necessary to administer the program. This includes generating and linking referral codes, tracking when referrals register and complete a safety score, awarding referral and safe driving points, notifying you and your referee of reward eligibility, and facilitating gift card redemption. We also process this data to detect and prevent fraud (e.g., limiting the number of referral awards per user).
Legal basis: performance of a contract - to administer the referral and reward program you voluntarily join; consent - where you opt in to share referral links or communications via third-party platforms; operational/business purposes - to prevent abuse of the referral system and ensure fairness.
3.14. To facilitate auditing, legal compliance, and law enforcement cooperation
We process your personal data to support internal and external audits, investigate potential fraud, respond to requests from regulators or law enforcement, comply with applicable laws (including subpoenas or court orders), and protect our legal rights or the safety of individuals.
Legal basis: legal obligation - to comply with legal, regulatory, or judicial requirements; operational/business purposes - to ensure lawful operations, protect legal rights, and respond appropriately to official investigations.
3.15. To establish or defend legal claims and allegations
We process data necessary to investigate, establish, exercise, or defend against legal claims or allegations that may arise during the course of business.
Legal basis: operational/business purposes - to protect our company against legal risk and ensure access to judicial remedies.
3.16. Identifying and preventing security incidents, and safeguarding against malicious, deceptive, fraudulent, or illegal activities, including money laundering and other criminal acts
We use technical and behavioral data to detect, prevent, and respond to fraud, unauthorized access, financial crimes (e.g., money laundering or terrorist financing), and other deceptive, malicious, or illegal conduct.
Legal basis: operational/business purposes - to protect our systems, users, and business from threats, management of security and confidentiality, conduct investigations, prevent and diminish risks; legal obligation - where required by financial crime, anti-terrorism, or fraud prevention regulations.
3.17. Internal research, debugging and technological development
We conduct internal analysis to drive innovation, improve existing technologies, identify and fix bugs, analyze performance issues and develop new products and services. This may involve aggregated or pseudonymized data.
Legal basis: operational/business purposes - to improve our offerings, remain competitive, and deliver value to customers; product and services development; ensure a good market position; enhancement of existing technologies; consent - where research uses identifiable or sensitive personal data beyond what's necessary for core service delivery.
3.18. Product and services development and delivery
We process data to enable all activities related to the creation, offering, delivery, and improvement of our insurance products and services, including testing, launching, or updating features.
Legal basis: performance of a contract - when related to your active use of our products or services; operational/business purposes - to ensure the continuous enhancement and relevance of our offerings.
3.19. Supporting legitimate business activities
We process data in support of broader internal operations that contribute to our efficiency, compliance, and long-term sustainability, provided such activities are lawful and proportionate.
Legal basis: operational/business purposes - to operate effectively, manage risk, and support overall business development within the boundaries of applicable laws and regulations.
3.20. Training of algorithms and machine learning
We may use personal data-preferably anonymized or pseudonymized-to train, test, or improve machine learning and algorithmic systems, such as those used for quote simulation, driver risk scoring, or fraud detection. This supports the development of fairer, more accurate, and efficient automated decision-making processes.
Legal basis: operational/business purposes - to enhance the performance and reliability of our algorithmic models while applying appropriate safeguards to protect individuals’ rights; consent - where non-anonymized or special category data is used beyond what is necessary for core services.
3.21. Service Personalization
We process interaction and usage data to personalize the user experience, including the layout of interfaces, the type and timing of notifications, and recommendations related to services or features. This helps ensure communications are relevant and the platform adapts to your needs.
Legal basis: operational/business purposes - to increase relevance and usability of services, where personalization does not rely on sensitive data; consent - where cookies, app tracking, or profiling require user opt-in under applicable law.
3.22. Business Continuity and Disaster Recovery
We store and back up personal data to maintain service continuity, enable system recovery, and restore access in case of outages, cyber incidents, or technical failures. This is a vital part of securing your data and maintaining platform availability.
Legal basis: operational/business purposes - to ensure system resilience and protect service integrity; legal obligation - where regulatory frameworks (e.g., in insurance or cybersecurity) require continuity planning.
3.23. Vendor and Third-Party Management
We share and manage data with authorized service providers, technology partners, and distribution platforms (e.g., telematics providers, analytics services, claims handlers, or insurance marketplaces such as The Zebra) who assist us in delivering, maintaining, and offering our services. These partners are contractually obligated to process your data solely on our behalf and in compliance with strict confidentiality, security, and data protection requirements.
Legal basis: performance of a contract - where third-party services are essential to providing the product or functionality you’ve requested; operational/business purposes - to manage an efficient and secure service delivery ecosystem; legal obligation - where third parties support compliance functions (e.g., fraud detection, or KYC).
3.24. Corporate Restructuring or Acquisition
In the event of a merger, acquisition, or sale of assets, we may transfer your personal data to the relevant parties, but only as necessary and with appropriate contractual and legal safeguards in place. You will be informed of any material changes to how your data is processed.
Legal basis: our operational/business purposes - to enable lawful business continuity or restructuring while protecting your rights; legal obligation - where notification or specific handling is required by law or supervisory authorities.
3.25. Optimization of customer service
We use a chatbot to optimize the customer service support in relation with our potential/existing customers. When you initiate a conversation through our chatbot interface embedded on our website you may be asked to provide certain personal data before the chat session begins.
This includes, but is not limited to: (i) first name and last name, (ii) email address and (iii) any personal data you voluntarily submit during the conversation (e.g., account-related inquiries, policy details, complaint information, or identification data).
We collect and process this information via the chatbot in order to:
Identify you and facilitate secure communication;
Respond to your queries, requests, or complaints;
Redirect you to appropriate customer support channels or departments;
Maintain logs for quality assurance, training, fraud prevention, and security monitoring; or
Any other purpose listed in our privacy policy depending on your request/query or complaint.
Legal basis: our operational/business purposes - to provide efficient, secure, optimized, and personalized customer service, as well as to troubleshoot technical issues in a timely manner. By continuing to use our chatbot, you provide implied consent for the processing of your data for these purposes. Depending on the specific nature of your request, additional legal grounds may apply (e.g., if you report an error in our services through the chatbot, your data will also be processed for technical troubleshooting, analytics, and contract performance).
Prior to beginning the conversation, you will be presented with a notice confirming that your data will be processed in accordance with this Privacy Policy. By continuing to use our chatbot, you confirm that you have read and understood this Policy. The chatbot session will proceed based on this acknowledgment.
Please note that chatbot interactions are logged and may be reviewed internally for quality control, audit, and compliance purposes. If your request contains sensitive personal information or if we require further verification, you may be redirected to our human support agents or invited to continue the conversation through a more secure channel.
Each data collected via the chatbot will be retained in accordance with the purposes for which such is processed on a case by case as described in this Privacy Policy.