Arcadian Data Privacy Notice
Arcadian is a group of companies offering a service in the selection and structuring of risk management insurance products. Arcadian includes Arcadian Holdings Limited domiciled in Bermuda and its affiliated entities:
- Arcadian Risk Capital Insurance LLC domiciled in the USA.
- Arcadian Risk Capital Ltd. domiciled in Bermuda.
- Arcadian Risk Capital (Ireland) Ltd. domiciled in Ireland.
- Arcadian Risk Capital (UK) Ltd. domiciled in the United Kingdom.
Each entity, depending on the purposes of processing, may act as controller of your personal data.
This privacy policy will explain how we use the personal data collected from you.
Topics
- Introduction.
- What data do we collect?
- Where do we get your Personal Data From?
- Purposes of processing and legal basis.
- Sharing personal data.
- International data transfers.
- Retention of your Personal Data.
- Cookies.
- Automated Decision Making.
- What are your data protection rights?
- Changes to our privacy notice.
- How to contact us?
- How to contact the appropriate authorities?
1. Introduction
The type of personal data we process depends on your relationship with Arcadian. We collect personal data on the following individuals covered by this Privacy Notice:
- representatives of the insureds and policyholders,
- claimants filing a claim under an insurance policy,
- witnesses in insurance claims,
- persons working for our business partners; (re)insurance companies, insurance brokers,
- persons contacting us via ‘contact us’ form on our website,
- persons visiting our offices,
- website visitors.
This Privacy Notice does not apply to Arcadian employees and job applicants.
2. What data do we collect?
We collect and process the following information from you.
Personal Data Categories | Relationship with Arcadian |
|
|
We only process special category personal Information where strictly necessary. When we do, we will ask for your explicit consent where such is required in accordance with applicable data protection law, or we rely on a specific authorisation in law that allows us to process this information. | |
|
|
|
|
|
|
|
|
3. Where do we get your personal data from?
We will almost always obtain your data from our clients, who include businesses, insurance brokers, (re)insurance companies. Our clients will in turn have it obtained it from you or your employer or a company close to you in relation to a contract, insurance policy or employment policy.
If you are a broker or business partner, we may also collect your personal data from our day-to-day business activities with you.
We may also collect your personal data directly from you when you are a Website Visitor or when you contact us.
4. Purposes of processing and legal basis
We process your personal data where we have a purpose and a legal basis to do so. Further information is outlined below.
Purpose | Legal basis |
Managing and administering contracts and insurance policies, including communicating with you and with third parties in the course of operating our business. | The processing of your personal data is necessary to perform a contract with you. The processing of your personal data is necessary to support our legitimate interests in managing our business. |
Claims handling and administration including assessing and evaluating the merits of a claim and, where relevant to pay a settlement. In some cases, this will involve processing special categories of personal data. | The processing of your personal data is necessary to perform a contract with you. The processing of your personal data is necessary to support our legitimate interests in managing our business |
Know your client, supplier and counterparty and other legal obligations, in addition to fraud investigation and recovery. We obtain information about our clients, suppliers and counterparties and their representatives and beneficial owners and others to help us comply with legislation on money laundering, terrorist financing, and sanctions. We may also use your personal data in the context of fraud investigation and recovery. | The processing of your personal data is necessary for us to comply with legal and regulatory obligations. |
Responding to requests from Regulatory and other Public Authorities which are required to receive this information. | The processing of your personal data is necessary for us to comply with legal and regulatory obligations |
Responding to your queries, complaints and providing you with information about our business upon your request. | We have a legitimate interest to communicate with you upon your request. |
Securing our offices and workplace environment. We have security measures in place at our offices, which include building access controls and may include CCTV. | We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure. |
Improving securing of our website. | We have a legitimate interest to operate and improve our website. |
5. Sharing Personal Data
From time to time, we may need to share your personal data with other companies within Arcadian Group and third parties. Sometimes, these will be companies who process on our behalf and only act upon our instructions. We may also share your personal data with individuals and companies such as consultants; experts; lawyers; and other professionals within or connected to the insurance industry.
Arcadian may share your personal data with the following recipients:
- other companies within the Arcadian Group,
- IT service providers supporting our information security and technology,
- other insurance market participants i.e. (re)insurance companies, insurance brokers,
- competent regulatory authorities and bodies as requested or required by law,
- Individuals and companies such as consultants, experts; lawyers and other professionals within or connected to the insurance industry.
6. International Data Transfers
The recipients mentioned above may be located in countries that may have data protection laws that are different to the laws of your country. In some cases, these countries may not have adequate privacy protection. If you are located in the EEA/UK and we transfer your Personal Information to other Arcadian Group companies or third parties located outside the EEA/UK, we rely on the EU Commission Standard Contractual Clauses (“SCCs”) amended for use in the UK as appropriate with the application of the international transfer addendum to the EU SCCs) (Art. 46(2)(c) GDPR) or the UK standalone international data transfer agreement.
7. Retention of your Personal Data
We will retain your personal data for the purposes described in this Notice. We will not hold your personal data for longer than is required or permitted and in accordance with Arcadian’s Retention Schedule.
8. Cookies
When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit our Cookie Policy.
9. Automated Decision-Making including profiling
Automated Decision-Making is where an electronic system uses personal information to make a decision about you without human intervention. Profiling is where an electronic system uses personal information to try and predict something about you.
We do not use Automated Decision Making and profiling.
10. What are your Data Protection Rights?
We would like to make sure you are fully aware of all your data protection rights. You are entitled to the following subject to certain limitations:
The right to access – You have the right to request from us copies of your personal data.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to processing of your personal data.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:
11. Changes to our Privacy Notice
We may occasionally update this policy. This privacy policy was last updated in May 2024.
12. How to contact us?
If you any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us by using the following contact details.
13. How to contact the appropriate authorities?
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the relevant data protection authority that is responsible for making sure that privacy laws are followed in your country of residence. Individuals residing in the EEA may find a list of their local data protection authorities at: