Global Applicant Data Privacy Policy
This Global Applicant Data Privacy Notice (“Notice”) aims to give job applicants, potential candidates for employment and those who participate in our recruiting programs and events (“Applicants” or “you” or “your”) of Arch (“Arch”, “our”, “us” or “we”) information on how their personal information is collected, maintained, stored, retained, safeguarded or otherwise used (i.e., processed) by Arch and describes rights you may have regarding your personal information. “Arch” refers to Arch Capital Group Ltd. and its affiliated companies and subsidiaries.1 We use the terms “personal data” or “personal information” broadly to refer to information that relates to and directly identifies an individual or that makes an individual identifiable when combined with other information. We use the terms “personal data” and “personal information” interchangeably in this Notice. This personal information may be submitted to Arch through the online application process and the follow-up communications and/or alternative channels (e.g., professional recruitment firms and agencies). If you do use our website, archgroup.com, as part of your application process, please also refer to our website Privacy and Data Protection Policy.
This Notice is issued by Arch as data controller (i.e. a person or organization who alone or jointly determines the purposes for and the manner in which, any personal information is, or is likely to be, processed).
Residents of California should also review Section 7 of this Notice.
[1] Excludes positions at Somerset Bridge Group and its affiliates in the UK, Global Services Philippines and Global Services India.
Arch may collect certain personal data or personal information with respect to Applicants throughout the application and recruitment process, including:
- Contact information — including name, postal address, phone numbers, personal email addresses, geolocation data, online identifiers).
- Identification and background information — including date of birth, gender, nationality, visual images from video or in-person interviews.
- Employment, experience and education history — including information in a curriculum vitae (CV), current and past employment positions, education history (including internal and external employment history), references and professional qualifications.
- Financial information — including your previous salary where permitted by law and your desired salary, bonus and other compensation information.
- Special categories information or sensitive personal information/workforce sustainability — including your ethnic background, age, gender identity, marital status, sexual orientation, pronoun preference, veteran or military duty status, details of any disabilities you have, and socio-economic factors.
- Employment screening, right to work and background check information — if you receive an offer of employment with Arch (or in some cases before), we may separately ask your specific consent to conduct background and pre-employment screening checks, which may include confirmation of items on your background check, right to work status and/or visa/immigration information, criminal background data and financial solvency data.
- Other information — we may also collect any other information which may be voluntarily disclosed by you to Arch in the course of the application process or which you posted publicly on social media (such as LinkedIn) or information you provided to a third-party recruitment firm or employment agency.
Arch may use your personal information for the following purposes:
- Managing your application, including evaluating your candidacy, qualifications and experience, interviews with you, consultation with recruitment firms and references you have provided to us as part of the application process.
- Creating records in our Human Resources and recruitment systems to manage our recruitment process.
- Ensuring our compliance with laws and regulations, including verifying your right to work.
- Furthering our commitment to our people and creating a welcoming workplace.
- If you receive an offer from us, we may conduct a background check using a third party only to the extent permitted by law.
- Analytics purposes to improve our recruitment and hiring process and augment our ability to attract successful candidates to Arch.
- To identify and source talent, including by searching our talent pool and publicly available sources (such as LinkedIn).
- To process and manage applications for roles at Arch, evaluate you for open positions that match your interests and experiences across Arch and manage your candidate profile.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
- We may process personal information to the extent necessary for the establishment, exercise and defense of legal claims, including the management of legal claims and the investigation and establishment of relevant facts.
Arch processes the categories of personal information set out in Section 1 above for the purposes set out in Section 2 above, in reliance on the following legal bases:
Category of Personal Information
All of the categories listed in Section 1 above.
Purpose of Processing
- Managing your application; and
- Creating records in our Human Resources and recruitment systems.
Legal Basis
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- We have a legitimate interest in carrying out the processing for the purpose of recruiting and hiring qualified and talented staff and managing our recruitment process (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- We have obtained your prior consent to the processing (e.g., where this is necessary for the purposes of criminal records checks, in accordance with applicable law).
Category of Personal Information
- Contact information
- Identification and background information
- Employment, Experience and Education history
- Financial information
- Special Categories information or Sensitive personal information/Workforce Sustainability
- Employment Screening, Right to Work and Background Check information
- Other information
Purpose of Processing
Ensuring our compliance with laws and regulations, including verifying your right to work.
Legal Basis
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us (including any contract of employment).
Category of Personal Information
- Contact information
- Identification and background information
- Employment, Experience and Education history
- Special Categories information or Sensitive personal information/Workforce Sustainability
- Other information
Purpose of Processing
Furthering our commitment to our people and creating a welcoming workplace.
Legal Basis
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable equalities legislation); or
- We have a legitimate interest in carrying out the processing for the purpose of creating a welcoming and engaging workforce for talented individuals (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
Category of Personal Information
All of the categories listed in Section 1 above.
Purpose of Processing
If you receive an offer from us, we may conduct a background check using a third party only to the extent permitted by law.
Legal Basis
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us (including any contract of employment); or
- We have obtained your prior consent to the processing (e.g., where this is necessary for the purposes of criminal records checks, in accordance with applicable law).
Category of Personal Information
- Contact information
- Identification and background information
- Employment, Experience and Education history
- Other information
Purpose of Processing
- Analytics purposes;
- To identify and source talent;
- To process and manage applications for roles at Arch; and
- To organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require.
Legal Basis
- The processing is necessary for compliance with a legal obligation (especially in respect of applicable employment law); or
- The processing is necessary in connection with any contract that you have entered into with us, or to take steps prior to entering into a contract with us (including any contract of employment); or
- We have obtained your prior consent to the processing (e.g., where this is necessary for the purposes of criminal records checks, in accordance with applicable law).
Category of Personal Information
All of the categories listed in Section 1 above.
Purpose of Processing
Establishment, exercise, and defense of legal claims
Legal Basis
- We have a legitimate interest in carrying out the processing for the purpose of establishing, exercising, or defending our legal rights (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms); or
- The processing is necessary for the establishment, exercise, or defense of legal claims.
If you do not provide us with certain personal information, Arch may not be able to process your job application or determine your suitability for a role at Arch, comply with our legal obligations or manage our business.
Arch may disclose certain personal information for the purposes listed in this Notice to the following recipients:
- To our affiliated companies, which include Arch Capital Group Ltd. and its subsidiaries, so they can help us manage your application.
- To our third-party service providers to facilitate the services they provide to us (e.g., IT security service providers, background screening providers, employment benefit providers, or recruitment-related providers) so we can process your application. To fraud prevention agencies, law enforcement agencies, public and governmental and regulatory authorities to meet our security and other legal obligations.
- As required or permitted by law, including to comply with a subpoena or similar legal process or government and ombudsman request, to entities or persons when Arch reasonably believes that disclosure is legally required.
- Any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise, or defense of legal claims.
- Any relevant third party acquirer(s) or successor(s) in title, in connection with a sale, merger or acquisition or any portion of our business or assets. that disclosure is legally required.
- In connection with a sale, merger or acquisition.
We may receive your personal data from the following sources:
- Directly from yourself.
- External recruitment agencies.
- Employment screening and background check providers.
- Publicly available sources such as LinkedIn.
- Employment references you provide.
- Regulatory or governmental bodies/organizations.
Transfer of Personal Data Outside the EEA, the UK, Bermuda, Australia, Canada, Gibraltar and Switzerland. Arch may disclose Applicant personal data for the above listed purposes to recipients as described above (including affiliates of the Arch) located in countries outside of the European Economic Area (“EEA”), the UK, Bermuda, Australia, Canada, Gibraltar and Switzerland to locations including the US, Philippines, Bermuda, the EEA, UK, Canada, Gibraltar and Australia, which may not have data protection laws equivalent to the country you reside in. In such a case, Arch will take all necessary steps to ensure the safety of Applicant personal data in accordance with applicable data protection laws. Where transfers are made intra-group, these will be covered by data transfer agreements designed to ensure the protection of your personal data when it is transferred outside of the country you reside in. You may request a copy of our transfer mechanisms using the contact details provided in Section 8 below.
Arch takes proactive measures to protect Applicant personal information against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
Arch retains your personal information for as long as it is necessary for the purposes we originally collected it for, or for as long as we are allowed to keep it under data protection laws. For example, if you accept a job offer from us, we will keep personal information collected about you during the application process and your CV in your personnel file. If we do not employ you, we may nevertheless continue to retain and use your personal information for a period of time (which may vary depending on your country), to consider you for future employment opportunities at Arch. We may also retain personal information to the extent necessary for the establishment, exercise, or defense of legal claims.
Rights of Applicants under European and UK Data Protection Laws. Under applicable European and UK data protection laws, Applicants may have one or more of the following rights:
- If the processing of your personal data was undertaken with your consent, you may withdraw such consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your Personal Data in reliance upon any other available legal bases).
- A right to request access to your personal data, together with information regarding the nature, processing, and disclosure of those personal data.
- A right to restrict or object to the use of your personal data.
- A right to have certain personal data transferred to another Controller, in a structured, commonly used and machine-readable format.
- A right to complain to us via the contact details in Section 8.
- A right to complain to the relevant Data Protection Authority about the use of your personal data:
- For UK residents: the Information Commissioner’s Office.
- For EU residents, the Data Protection Authority for EU Member State in which you live, or in which you work, or in which the alleged infringement occurred.
Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data:
- The right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Article 6(1)(f) (legitimate interests) of the GDPR / UK GDPR; and
- The right to object to the processing of your personal data by us or on our behalf for direct marketing purposes.
If you would like to exercise any of these rights, please contact us via the contact details listed in Section 8. Please note that in some cases, it will be necessary to provide evidence of your identity before we can give effect to these rights.
We will respond to you within one month of receiving your request, unless you make several or particularly complicated requests, in which case we may extend this time by a further two months. We will tell you if we need to use this extra time and will explain why.
Rights of Applicants under Bermuda Data Protection Laws. Under applicable laws, Applicants may have one or more of the following rights:
- A right to request access to your personal information.
- A right to rectification or erasure of your personal information.
- A right to object to the use of your personal information for direct marketing purposes.
We will respond to you within forty-five days of receiving your request.
If you are not satisfied with our response, you may be entitled to make a complaint with the applicable data protection authority.
Rights of Applicants under Bermuda Data Protection Laws. Under applicable laws, Applicants may have one or more of the following rights:
- A right to request access to your personal data.
- A right to rectification or erasure of your personal data.
- A right to object to the use of your personal data for direct marketing purposes.
We will respond to you within forty-five days of receiving your request.
If you are not satisfied with our response, you may be entitled to make a complaint with the applicable data protection authority.
Rights of Applicants under Canada Data Protection Laws. Under applicable laws, Applicants may have one or more of the following rights:
- A right to request access to your personal data.
- A right to rectification of your personal data.
We will respond to you within thirty calendar days of receiving your request.
If you are not satisfied with our response, you may be entitled to make a complaint with the applicable data protection authority.
The information in this Section 7 applies solely to individual residents of the State of California who are Applicants and serves as our notice at collection. This Section 7 describes how we collect, use, disclose and otherwise process personal information of individual residents of the State of California who are Applicants within the scope of the California Consumer Privacy Act of 2018, as amended by the California Consumer Privacy Rights Act (“CCPA”). This section includes the disclosures required by the CCPA, and describes the rights afforded to California Residents. We also describe the methods by which a California Resident may exercise these rights and some of the statutory exceptions that may apply.
In the event of a conflict between the terms of this Section 7 and the rest of the Global Applicant Data Privacy Notice, this Section 7 shall take precedence for Applicants who are residents of California.
Sources. We collect this personal information (or a subset of this personal information) directly from you, our service providers or job references; we may also collect it from other publicly available sources.
Collection and Use of Personal Information. Arch has collected the categories of personal information set out in this Section 7 from Applicants within the last 12 months. Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our Applicants.
Category
Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Purpose of Collection
A subset of this data is collected to:
- Manage your application, including evaluating your candidacy, qualifications and experience, interviews with you, consultation with recruitment firms and references you have provided to us as part of the application process.
- Create records in our human resources and recruitment systems to manage our recruitment process.
- Ensuring our compliance with laws and regulations, including verifying your right to work.
- Process and manage applications for roles at Arch, evaluate you for open positions that match your interests and experience across Arch and manage your candidate profile.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
Category
Personal Information categories listed in the California Civil Code Section 1798.80(e): Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Purpose of Collection
A subset of this data is collected to:
- Manage your application, including evaluating your candidacy, qualifications and experience, interviews with you, consultation with recruitment firms and references you have provided to us as part of the application process.
- Create records in our Human Resources and recruitment systems to manage our recruitment process.
- Ensuring our compliance with laws and regulations, including verifying your right to work.
- Process and manage applications for roles at Arch, evaluate you for open positions that match your interests and experience across Arch and manage your candidate profile.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
Category
Characteristics of Protected Classifications under California or Federal Law: Includes race, ancestry, national origin, religion, age, mental and physical disability, sex, sexual orientation, gender identity and other protected classes.
Purpose of Collection
A subset of this data is collected to:
- Comply with our legal obligations.
- Further our commitment to diversity and inclusion programs and practices.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
Category
Professional or Employment-Related Information
Purpose of Collection
- Manage your application, including evaluating your candidacy, qualifications and experience, interviews with you, consultation with recruitment firms and references you have provided to us as part of the application process.
- Create records in our Human Resources and recruitment systems to manage our recruitment process.
Category
Non-Public Education Records: Includes transcripts, completion of degrees, education institutions attended, and information on educational certification held.
Purpose of Collection
- Manage your application, including evaluating your candidacy, qualifications and experience, interviews with you, consultation with recruitment firms and references you have provided to us as part of the application process.
- Create records in our Human Resources and recruitment systems to manage our recruitment process.
Category
Inferences Drawn From Other Personal Information: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Purpose of Collection
- To process and manage applications for roles at Arch, evaluate you for open positions that match your interests and experiences across Arch and manage your candidate profile.
As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as personal information and we reserve the right to convert, or permit others to convert, your personal information into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as personal information.
In addition to the categories of personal information above, we collect the following categories of sensitive personal information:
Category
Social security, driver’s license, state identification card or passport number.
Purpose of Collection
- Ensuring our compliance with laws and regulations, including verifying your right to work.
- Protecting against fraud.
- Keeping your information accurate and current.
Category
Racial or ethnic origin, religious or philosophical beliefs, or union membership.
Purpose of Collection
- Ensuring our compliance with laws and regulations.
- Furthering our commitment to our diversity and inclusion programs and practices.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
Category
Personal information concerning a consumer’s sex life or sexual orientation.
Purpose of Collection
- Furthering our commitment to our diversity and inclusion programs and practices.
Category
Health Information for accommodation requests.
Purpose of Collection
- Ensuring our compliance with laws and regulations, including verifying your right to work.
- Furthering our commitment to our diversity and inclusion programs and practice.
- Organize an interview, and to make you aware of employee benefits you may elect to receive or to determine any accommodations you may require (if you are required to travel to us to interview, we may use a subset of this information to arrange your travel).
Selling or Sharing of Personal Information: We do not sell any personal information to third parties, as that term is defined in the CCPA. In addition, we do not sell the personal information of minors under 16 years of age. Additionally, we do not share any personal information with third parties, as that term is defined in the CCPA (i.e., for purposes of cross-context behavioral advertising). We also have not done these activities for the last 12 months.
Retention of Personal Information: We retain personal information and sensitive personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, establishing or defending legal claims, or for fraud prevention purposes. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Rights of Applicants under California Law. If you are a California resident, the CCPA grants you the following rights regarding your personal information:
- Right to know. You may have the right to request that we disclose personal information we have collected, the categories of sources from which we collected the information, the purposes of collecting the information, the categories of third parties with whom we have shared the information, and the categories of personal information that we have shared with third parties for a business purpose.
- Right to data portability. You may have the right to obtain your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
- Right to correct. You may have the right to notify us through the methods identified in Section 8 below to correct any mistakes in your personal information. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect; data solely retained for data backup purposes is generally excluded.
- Right to delete. You may have the right to request deletion of your personal information, subject to certain exceptions, e.g. fraud protection, compliance with legal obligations.
- Right to limit use and disclosure of sensitive personal information. Arch does not provide the right to Limit Use and Disclosure of Sensitive Personal Information because we only collect sensitive personal information for purposes exempted under the CCPA.
- Right to opt-out of the sharing or selling of information. California residents have the right to opt-out of the sale or sharing of their personal information. We do not sell any personal information of our personnel to third parties, as that term is defined in the CCPA, or for cross-context behavioral advertising – so there is no need to exercise these opt-out rights.
- Non-discrimination. We will not discriminate or retaliate against any person exercising any of these rights..
To exercise your rights under the CCPA, please submit your request through the means listed under Section 8 below. If we receive a request from a California resident Applicant to exercise the rights referenced above, Arch will respond within 45 days (which may be extended for up to an additional 45 days in certain circumstances), unless an exception applies.
Before exercising certain rights, we must be able to verify your identity, which we will do by asking you to submit personal information to confirm it matches what we already have on file.
Any requests to access or delete information on behalf of another person must be accompanied by a letter from an authorized agent of the Applicant (i.e. the Applicant’s attorney, or a notarized power of attorney). The authorized agent or attorney must provide this proof at the time of request. We may require the Applicant to provide proof to verify his or her identity with us directly before we provide any requested information to the authorized agent. We will not delete personal information when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law.
Please contact us with any inquiries, requests or concerns regarding this Notice or relating to the processing of Applicant personal data by emailing [email protected] or by letter to:
Arch Data Protection Officer
360 Hamilton Ave., Suite 600
White Plains, NY 10601, U.S.A.
To contact the Arch Data Protection Officer in the UK and EU, please email [email protected] or by letter to:
Arch Data Protection Officer, UK and EU
Arch Insurance International
4th Floor, 10 Fenchurch Avenue
London EC3M 5BN
To contact the Arch Privacy Officer in Bermuda, please email [email protected] or by letter to:
Bermuda Privacy Officer
Arch Reinsurance Ltd.
Waterloo House, First Floor
100 Pitts Bay Rd.
Pembroke HM08 Bermuda
If you are a California resident wishing to exercise your rights to your personal information, please contact us by telephone (toll-free in the U.S.A.) +1 800 877 6249 or by submitting a Privacy Request Form.
We keep our Privacy Notice under regular review. This Privacy Notice was last updated Dec. 17, 2025.