Privacy and Data Protection Policy
Privacy and Data Protection Policy
Effective Date: This Privacy and Data Protection Policy was last revised on Dec. 22, 2023.
You have arrived at a website that is owned and/or operated by Arch Capital Group Ltd. Our office is located at Waterloo House, Ground Floor, 100 Pitts Bay Road, Pembroke HM 08, Bermuda, details of our subsidiaries can be found in the Website’s Terms and Conditions of Use: (collectively, “Arch” or “we,” “our” or “us”).
Arch is committed to a robust privacy and data protection program. The purpose of this Privacy and Data Protection Policy (this “Policy”) is to explain how, when and why we collect, use, disclose and safeguard Personal Data (also referred to as Personal Information), including:
- When you access our website (the “Website”) regardless of how you access or use the Website, whether via personal desktop or laptop computers, mobile devices or otherwise;
- When you, as a representative of a company, purchase an insurance policy or other product or service underwritten by us;
- When you, in an individual capacity, purchase an insurance policy or other product or service underwritten by us (e.g. when you purchase travel insurance from RoamRight); or
- When you purchase an insurance policy from a third-party insurance company that enters into a reinsurance arrangement with us, which is referred to as “reinsurance.”
Particularly in the reinsurance context, we may possess Personal Data about you that we did not collect from you. For example, if you have purchased an insurance policy from an insurance company which reinsures the policy with us, we may come into receipt of your Personal Data. In these instances, we encourage you also to check the privacy policies of those third parties.
It is also important that you show this Policy to any other person who is insured under your insurance policy or about whom you provide Personal Data to us.
This Policy is not intended to override the terms of any insurance policy or contract you have with us, nor any rights you are afforded under applicable privacy and data protection laws.
Arch is a group of companies which writes insurance, reinsurance and mortgage insurance on a worldwide basis through its principal operations in Bermuda, the United States, Canada, U.K., Europe, Australia and Hong Kong. The Arch company which was originally responsible for collecting information about you will be principally responsible for your Personal Data (“data controller”). For example, if you have an insurance policy with us, this will be the Arch company named on that policy.
In addition, please review the Website’s Terms and Conditions of Use, which govern your use of the Website.
We encourage you to read the entire Policy. Please click on the headings in the table of contents to go directly to the full explanation of a specific issue or point.
When we use the terms Personal Data or Personal Information, we generally mean any information that is about or can identify you and which is protected by applicable law. Different pieces of information, when collected together can lead to the identification of a specific person, can constitute Personal Data.
Importantly, de-identified information or aggregate information does not constitute Personal Data or Personal Information (for example, the number of users of our website is aggregate information which does not reveal who those users are and is not Personal Data).
i. Prospective Insureds and Insureds
In order to provide insurance quotes and policies and administer your insurance, or other products and services offered by us, we need to collect and process Personal Data about you. If you do not provide the information we need, we may not be able to offer you a quote or provide other products or services to you. We also may have to cancel our insurance or other products and services with you, but in that case we will notify you and provide an explanation.
The types of Personal Data may include:
| Category | Types of Data collected |
|---|---|
| Individual details | Name, address, gender, marital status, date of birth, nationality, citizenship, immigration status, marketing preferences, bank account details or payment card details, vehicle details, relevant criminal convictions and offenses, penalty points, employer, job title and family details, including their relationship to you. |
| Identification details | Identification numbers issued by government bodies or agencies, including your driving license number. |
| Credit and anti-fraud data | Credit and anti-fraud data such as credit history, credit score, sanctions and criminal offenses and convictions, and information from various anti-fraud databases related to you. |
| Special categories of Personal Data and criminal convictions data | Certain categories of Personal Data may have additional protection under applicable data protection laws. Depending on the applicable law, these categories include data concerning your health and criminal offenses and convictions. |
| Risk details | Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, relevant criminal offenses and convictions, or other special categories of Personal Data. |
ii. Claimants
In order to deal with any claims, we need to collect and process Personal Data about you. If you do not provide the information we need, we may not be able to handle the claim.
The types of Personal Data may include:
| Category | Types of Data collected |
|---|---|
| Individual details | Name, address, bank account details, and vehicle details. |
| Identification details | Identification numbers issued by government bodies or agencies, including your driving license number. |
| Claims history reports and anti-fraud data | Claims history reports and anti-fraud data such as sanctions, criminal offenses and convictions, and information from various anti-fraud databases related to you. |
| Special categories of Personal Data and criminal convictions data | In the EEA/UK, certain categories of Personal Data may have additional protection under applicable data protection laws. These categories include data concerning your health and criminal offenses and convictions. |
| Claims information | Information about previous and current claims, (including other unrelated insurances), which may include data concerning your health (e.g., injuries and relevant pre-existing conditions), relevant criminal offenses and convictions, or other special categories of Personal Data. |
iii. Business Partners, Investors and Website Users
- Business Partners: If you are a business partner, we will collect your business contact details. We may also collect information about your professional expertise and experience.
- Investors: If you are a shareholder or investor, we will collect your contact details to provide you with shareholder information and notices.
- Website Users: If you are a Website user:
- You may voluntarily provide us with Personal Data (e.g., if you contact us). Depending on your choice on cookies (see below), you can visit the Website without revealing who you are or providing any Personal Data about yourself. However, there will be times, such as when you request information or a publication from us through the Website, when we will need to obtain Personal Data from you or about you. We may collect this Personal Data through various forms and in various places on the Website, including application forms, contact us forms, via chatbots, or when you otherwise interact with the Website. Additionally, we may also make certain online services available, such as an online portal that permits our customer account holders to access their business accounts.
- We and our third-party service providers may use cookies or other tracking technologies that automatically (or passively) store or collect certain information whenever you visit or interact with the Website based on your use of the Website (“usage information”), unless you elect to reject certain cookies. A cookie is a text file sent by a web server and placed on your device that can store information. This usage information may be stored or accessed using a variety of technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device whenever you visit or interact with our Website. You have options regarding analytical, tracking and/or targeting cookies. Please see our Cookie Policy and Consent Manager for further information.
- We may, from time to time, supplement the information we collect directly from you on the Website with outside records from third parties for various purposes, including to enhance our ability to serve you, to tailor our content to you and to offer you opportunities that may be of interest to you. We will apply this Policy to such supplemental information and where such supplemental information amounts to Personal Data (and/or the combined information amounts to Personal Data), it will be treated as Personal Data.
i. Prospective Insureds and Insureds
We will collect your Personal Data: (1) directly from you when you apply to purchase an insurance policy or other product or service, including Personal Data you provide about other persons when you apply to purchase an insurance policy or other product or service; (2) from third parties, such as an intermediary (e.g., an insurance broker), or other third party insurance companies (e.g., if you are a policyholder with an insurance company which has a reinsurance arrangement with an Arch company) or your employer where, for example, they apply for an insurance policy under which you will be a beneficiary; and (3) from other sources (e.g., credit reference agencies and government agencies) and other public sources where necessary to, for example, comply with applicable sanctions and anti-money laundering laws.
ii. Claimants
We will collect your Personal Data: (1) when you or a third party (e.g., your employer or attorney) provide us with notice of a claim or potential claim either directly or through an intermediary (e.g., an insurance broker) or other third party insurance companies (e.g., if you are a policyholder with an insurance company which has reinsurance with an Arch company); and (2) from other sources (e.g., claim report providers and government agencies) and other public sources where necessary, for example, to validate the notice of claim or potential claim or comply with applicable anti-money laundering laws and sanctions.
iii. Business Partners and Website Users
We will collect your Personal Data: (1) where you or your employer provides your contact details or other information to us in the course of working with us, either directly as a business partner or as a representative of your company; (2) where you attend meetings, events or conferences that we organize or sponsor; or (3) where you become a shareholder or other investor in Arch and your contact details are made available to us or a third party such as our stock transfer agent. We may also collect your Personal Data when you visit and/or contact us through the Website or one of our online portals by use of cookies, which you may choose to reject at any time. Please see our Cookie Policy and Consent Manager for further information.
i. Prospective Insureds and Insureds
In order to provide insurance quotes and policies and provide insurance related services, we may use your Personal Data for the following purposes:
- To consider an application for an insurance policy, assess and evaluate risk, and where applicable, provide you with insurance cover;
- To manage and administer insurance policies (including dealing with your queries) with you or your employer;
- For reinsurance purposes;
- For direct marketing purposes;
- To improve our insurance products and services, to carry out market research, to perform data analytics, for general risk modelling purposes, for transferring books of business, for company sales and reorganizations, and for statistical analyses; and
- For the prevention and detection of fraud, money laundering or other crimes.
Additional information concerning the legal bases for processing Personal Data of individuals in the EEA/UK is provided in Section 9.
ii. Claimants
In order to deal with any claims or potential claim notices, we may process Personal Data for the following purposes:
- For claims processing including assessing and evaluating the merits of a claim and to pay a settlement;
- For statistical analyses; and
- For the prevention and detection of fraud, money laundering or other crimes.
iii. Business Partners, Investors and Website Users
Business Partners and Investors:
As part of our business activities, we may process your Personal Data for the following purposes:
- To manage our relationship with you;
- To provide you with information about us which we may be required to send to you; and
- To administer our contract with you or your employer.
Website Users:
As part of our business activities, we may process your Personal Data for the following purposes:
- To improve the Website or our services, to customize your experience on the Website, or publish specific content that is relevant to you;
- To contact you with regard to your use of the Website and, in our discretion, changes to the Website or the Website policies;
- For internal business purposes, including to help us understand how our Website is navigated and used; and
- For direct marketing purposes.
In addition, we may share with third parties the information we have collected about you, including Personal Data, to provide our products and services and comply with our legal obligations. We do not share Personal Data with third parties for their direct marketing purposes.
The third parties we may share Personal Data with include:
- Affiliates. We may share your Personal Data with other companies in the Arch group of companies located in and outside of the EEA/UK to assist in the delivery of products and services to you. We also reserve the right to disclose and transfer such information: (1) to a subsequent owner, co-owner or operator of the Website; or (2) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process.
- Third Party Intermediaries. We may disclose your Personal Data to intermediaries (e.g., brokers, managing general agents, third party administrators) and other (re)insurers in and outside of the EEA/UK to assist us in managing our business.
- Third Parties. We may use third party vendors in and outside of the EEA/UK to perform certain services on our behalf, such as technical support and back-office services, loss adjustors, medical service providers, fraud detection agencies, other debt collection agencies, motor bureaus and other insurance reference bureaus and claims experts, hosting services and Website activity tracking and analytics. We may also disclose your Personal Data to our advisors (e.g., attorneys and other professional services firms) in and outside of the EEA/UK.
Transfers of Personal Data amongst Arch entities are covered by intra organizational agreements which provide specific requirements designed to ensure your Personal Data receives adequate protection whenever it is transferred within Arch. Transfers of Personal Data to our third party intermediaries and service providers are protected by contractual agreements that require an adequate level of data protection. If you are located in the EEA/UK, please also see Section 9(v)’s discussion of transfers of Personal Data outside of the EEA/UK. - Judicial, Regulatory and Law Enforcement Bodies. We may disclose your Personal Data to judicial, regulatory and law enforcement bodies, including, but not limited to: (1) satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such disclosure is required or permitted by law; (2) protect and/or defend our rights, property and/or interests (including, the Website’s Terms and Conditions of Use or other policies applicable to the Website) and investigation of potential violations thereof; (3) protect the safety, rights, property or security of Arch or any third party where we are legally required or advised to do so; and (4) detect, prevent or otherwise address fraud, security or technical issues. Further, we may use information or device identifiers to identify users, on our own or in cooperation with third parties and/or law enforcement agencies, including disclosing such information to third parties, all in our discretion and subject to applicable law. Such disclosures may be carried out without notice to you.
In accordance with our Cookie Policy, data about your online activity may be collected on our Website to, among other things: (1) help deliver advertisements to you that you might be interested in; (2) prevent you from seeing the same advertisements too many times; and (3) understand the usefulness to you of the advertisements that have been delivered to you. Note that any images (or any other parts of content) served by third parties in association with third-party ads or other content may act as web beacons, which enable third parties to carry out the previously described activities.
Website users are able to reject any or all of the cookies and other tracking technologies utilized on our Website at any time.
Our Cookie Policy provides additional details and explains how you can set and manage your preferences and limit the collection of this information. Website users can learn about all the cookies and other tracking technologies utilized on our Website without first providing their Personal Data.
We do not track information about an individual consumer’s online activities over time and across third-party website or online services (i.e. cross-contextual behavioral advertising) except with your specific, opt-in consent. Accordingly, we do not monitor or take any action with respect to these browser \Do Not Track signals (including the Global Privacy Control signal).
The Website may contain content that is supplied by a third party, and those third parties may collect usage information and your device identifier when webpages from the Website are served to you. The Website may contain links to third parties. We are not responsible for the data collection and privacy practices employed by any of these third parties on their websites. We encourage you to review their privacy policies and our Terms and Conditions of Use.
- If you wish to update or correct your Personal Data, please email our Data Protection Officer at: [email protected].
- You may cancel or modify the email marketing communications you receive from us by following the instructions contained in our promotional emails or in some cases by logging into your Website account and changing your communication preferences. This will not affect subsequent subscriptions and you may limit your opt-out to certain types of emails.
- Please note that we reserve the right to send you certain communications relating to your account or use of the Website, such as administrative and service-related announcements, and you will continue to receive these transactional communications if you opt-out from receiving marketing communications.
i. Legal Basis for Processing Personal Data of Individuals in the EEA/UK
We will only use your Personal Data for the purposes for which we collect such Personal Data as outlined below and in Section 3 above, unless we need to use it at a later date for another purpose that is compatible with the original purpose. If we need to further process your Personal Data for a purpose that is not compatible with the original purpose for collection, we will notify you and provide an explanation of the legal basis which allows us to do so.
| Purpose(s) for Processing | Legal Basis for Processing |
|---|---|
| To consider an application for an insurance policy, assess and evaluate risk, and where applicable, provide you with insurance cover To manage and administer contracts including insurance policies (including dealing with your queries) with you or your employer For claims processing including, assessing and evaluating the merits of a claim and, where relevant to pay a settlement For reinsurance purposes To manage our relationship with you |
|
| For statistical analyses To improve our insurance products and services, to carry out market research, to perform data analytics, for general risk modelling purposes, for transferring books of business, company sales and reorganizations, and for statistical analyses |
|
| Direct marketing |
|
| For the prevention and detection of fraud, money laundering or other crimes |
|
ii. Legal Basis for processing personal data (including usage information) relating to Website users in the EEA/UK
| Purpose(s) for Processing | Legal Basis for Processing |
|---|---|
| To improve the Website or our services, to customize your experience on the Website, or to serve you specific content that is relevant to you. To contact you with regard to your use of the Website and, in our discretion, changes to the Website or the Website policies For internal business purposes, including to help us understand how our Website is navigated and used |
|
| Direct marketing |
|
Learn how Personal Data is used within the London Insurance Market (link to external PDF opens in a new window).
iii. Criminal Offenses and Convictions Data and Special Categories of Personal Data of Individuals in the EEA/UK
- Criminal Offenses and Convictions Data: We will only process Personal Data relating to criminal offenses and convictions for the following purposes: (i) in order to underwrite risk appropriately, calculate a quote or policy renewal and in the context of motor insurance, to risk assess any person who will be driving the insured vehicle (e.g., a risk assessment), (ii) for fraud detection or prevention or (iii) where required for claims handling. We will only carry out such processing where it is authorized by applicable law.
- Special Categories of Personal Data: Where we process special categories of Personal Data (e.g., health data) for any of the above purposes, we will only do so where: (1) you have given explicit consent to the processing of your special categories of Personal Data for these purposes – which you may withdraw at any time; (2) the processing is necessary to protect your vital interests (or those of a third party); (3) you have manifestly made your special categories of Personal Data public; (4) the processing is necessary for the establishment, exercise or defense of legal claims; or (5) the processing is necessary for reasons of substantial public interest on the basis of applicable law.
iv. What Additional Rights Do You Have if You are in the EEA/UK?
If you are located in the EEA/UK, you have several rights in relation to your Personal Data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made repeated requests in which case we aim to respond within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request. If you wish to exercise any of these rights, please contact us using the contact details set out in Section 15 below. We may request proof of identification to verify your request.
| Your Right | What this Means |
|---|---|
| Right of Access | You can ask us to confirm whether we are processing your Personal Dataand request a copy of that Personal Data. You can also ask that we provide additional information, including:
|
| Right to Erasure (‘Right to be Forgotten’) | You have the right to request that your Personal Data be deleted in certain circumstances, including:
|
| Right to Withdraw Consent | If we are processing your Personal Dataon the legal basis of consent, you are entitled to withdraw your consent at any time. Please see our contact details in Section 15 below. However, the withdrawal of your consent would not invalidate any processing we carried out prior to your withdrawal and based on your consent. |
| Right to Object | You have a right to object where we are processing your Personal Data:
|
| Right to Rectification | You have the right to request that we correct any inaccuracies in the Personal Datawe hold about you and complete any Personal Datawhere this is incomplete. |
| Right to Data Portability | Where you have provided Personal Datato us, you have a right to receive such Personal Databack in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
|
| Right to Restriction of Processing |
You can ask that we restrict the processing of your Personal Data (i.e., keep but not use) where:
|
| Automated Decision-Making | You have a right not to be subject to decisions based solely on automated processing (including profiling) which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
|
| Right to Complain | If you are not satisfied with our use of your Personal Dataor our response to any request made by you to exercise any of your rights, you have the right to lodge a complaint with the local data protection supervisory authority at any time. |
v. Transfers of Personal Data out of the EEA/UK
If you are located in the EEA/UK, the Personal Datawe collect from you may be transferred to, and stored at a destination outside of the EEA/UK (including, Bermuda, Switzerland and the United States) for the purposes described above. The recipients may be located in countries which do not provide a similar or adequate level of protection to that provided by countries in the EEA/UK.
Transfers within the Arch group will be covered by data transfer agreements designed to ensure the protection of your Personal Datawhen it is transferred outside of the EEA/UK.
Transfers to service providers and other third parties will comply with applicable data protection laws (e.g., under Model Clauses).
We may also transfer your Personal Data outside of the EEA/UK when required by law (e.g., if we receive a request from a foreign judicial, regulatory or law enforcement body), as necessary to comply with a contract, or with your explicit consent. For example, the Website is hosted in the US as such, all Personal Data collected via the Website will be transferred to the US. Such transfer is made in reliance on your explicit consent. You may withdraw your consent at any time.
All international transfers of your Personal Data will be made in accordance with applicable data protection laws.
If you would like further information about the safeguards, we have implemented please contact us using the contact details set out in Section 15 below.
This Section provides additional information for California residents/households pursuant to the CCPA, as amended, and applies to Personal Information, whether collected online or offline.
The tables below set out generally the categories of Personal Information about California residents/households that we have collected in the last twelve (12) months and have disclosed to others for a business purpose. Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect or disclose some information within that category. It does not necessarily mean that we collect or disclose all information listed in a particular category for all our customers, nor does it necessarily mean that the CCPA and other U.S. state law applies to that data. For example, Personal Information which is governed by the federal Gramm- Leach-Bliley Act (GLBA) or Fair Credit Reporting Act (FCRA) is exempted from the CCPA.
i. How We Collect Your Personal Information
For the categories of Personal Information specified below, we collect the information directly from you, through our service providers, third party vendors, publicly available sources, consumer reporting agencies, government agencies or other businesses. For the category indicated “INTERNET OR OTHER ELECTRONIC NETWORK ACTIVITY INFORMATION,” we collect that information through automated means.
ii. Use and Disclosure of Your Personal Information
We do not sell Personal Information or share Personal Information for cross-context behavioral advertising purposes as such terms are defined under California law. We also have not done so for the last 12 months.
| Category | Purposes | Categories of Parties to Whom Personal Information is Disclosed |
|---|---|---|
| IDENTIFIERS: such as a real name, alias, postal address, unique personal identifier, online identifier internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | We collect all or a subset of all of the Personal Information:
|
|
| PERSONAL INFORMATION categories listed in the California Civil Code Section 1798.80(e): Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | We collect all or a subset of all of the Personal Information:
|
|
| CHARACTERISTICS OF PROTECTED CLASSIFICATIONS UNDER CALIFORNIA OR FEDERAL LAW: Includes race, ancestry, national origin, religion, age, mental and physical disability, sex, sexual orientation, gender identity and other protected classes. | We collect all or a subset of all of the Personal Information:
|
|
| COMMERCIAL INFORMATION: Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | We collect all or a subset of all of the Personal Information:
|
|
| INTERNET OR OTHER ELECTRONIC NETWORK ACTIVITY INFORMATION: Includes, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | We collect all or a subset of all of the Personal Information:
|
|
| AUDIO, ELECTRONIC, VISUAL, THERMAL, OLFACTORY OR SIMILAR INFORMATION | We collect all or a subset of all of the Personal Information:
|
|
| PROFESSIONAL OR EMPLOYMENT-RELATED DATA | We collect all or a subset of all of the Personal Information:
|
|
In addition to the categories of personal information above, we collect the following categories of sensitive personal information, none of which we share with third parties or to personalize marketing:
| Category of Personal Information Collected | Purposes | Categories of Parties to Whom Personal Information is Disclosed |
|---|---|---|
| Social security, driver’s license, state identification card, or passport number | We collect all or a subset of all of the Personal Information:
|
|
| Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | We collect all or a subset of all of the Personal Information:
|
|
We do not process sensitive personal information beyond what is reasonably necessary to provide our products and services and the purposes described above. We may rely on service providers to assist us with these efforts.
Privacy Rights under the California Consumer Privacy Act and other U.S. State Law
For residents/households of California, as well as for residents of certain other U.S. states, you may have the rights described below with respect to Personal Information about you. We may also provide you with rights even if we are not required to do so.
Subject to certain conditions and limitations, you may have the following rights with respect to personal information about you:
- Access. You may have the right to request that we disclose personal information we have collected, the categories of sources from which we collected the information, the purposes of collecting the information, the categories of third parties with whom we have shared the information, and the categories of personal information that we have shared with third parties for a business purpose.
- Portable data. You may have the right to obtain your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
- Correct. You may have the right to notify us through the methods identified in the “Exercising Your Rights” section below to correct any mistakes in your personal information. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect; data solely retained for data backup purposes is generally excluded.
- Delete. You may have the right to request deletion of your personal information, subject to certain exceptions.
- Limit use and disclosure of sensitive personal information. California provides for a right to limit the use and disclosure of sensitive personal information to only those purposes necessary to provide our services; but we only process sensitive personal information for those purposes necessary to provide our services.
- Opt-out of the sharing or selling of information. We do not sell any personal information or share it for cross contextual behavioral advertising.
- Non-discrimination. We will not discriminate against any person exercising any of these rights. We may, however, charge a different rate or provide a different level of service to the extent permitted by law.
Before providing information you request in accordance with your rights, we must be able to verify your identity. In order to verify your identity, you will need to submit information about yourself, including, to the extent applicable, providing your account login credentials or other account information, answers to security questions, your name, government identification number we already have on file, date of birth, contact information, or other personal identifying information. We will match this information against information we have previously collected about you to verify your identity and your request.
To the extent you maintain an account with us, we will require you to login to that account as part of submitting your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity, but we may offer you the ability to provide additional information for verification purposes.
If you would like to appoint an authorized agent to make a request on your behalf, you must provide the agent with written, signed, and notarized permission to submit privacy right requests on your behalf. The agent must provide this authorization at the time of request. For requests to disclose or delete your personal information, we will also require you to verify your identity directly with us, unless the agent has been provided with valid power of attorney. To request that we access or delete personal information, please contact us at 1-877-800-6249 (toll free in the U.S.) or submit an online request.
Note that to the extent we receive, obtain, or generate information about you in connection with providing a financial service or product to you in your personal capacity within the United States, your rights with respect to that information are generally governed by the Gramm-Leach-Bliley Act (GLBA). Those Arch entities that have privacy policies under GLBA are:
https://www.roamright.com/aigi-privacy-notice/
However, while we may receive this kind of information, individuals in their individual capacity- as opposed to their capacity as a representative of a company—are not our consumer or customer as those terms are defined in the GLBA.
Nonetheless, as required by GLBA, we protect that information to keep it confidential and secure, and we do not share or use this kind of information other than as necessary for providing the financial product or service. If you have questions about how information about you is collected and used in connection with a financial product for you, your family or our household, please contact your financial institution.
In connection with providing financial services or products, we may also receive or obtain information about your creditworthiness or insurability subject to the Fair Credit Reporting Act. We need to handle and share this personal information to run our everyday business. We may use and share this information:
- For our everyday business purposes — such as to process transactions, maintain accounts, respond to court orders and legal investigations, or report to credit bureaus.
You cannot limit the use or sharing of FCRA data for these purposes. Federal law gives you the right to limit only:
- Sharing for affiliates’ everyday business purposes — information about your creditworthiness or insurability.
- Affiliates from using your information to market to you.
- Sharing for non-affiliates to market to you.
We do not share information for these purposes. Should we share information for these purposes in the future, we will notify you before doing so and you will have the right to opt-out of that sharing.
The Website is not targeted at children, as defined by local law, and we do not knowingly collect any Personal Data from children. We will delete any Personal Data of children under the relevant digital age of consent where we determine this has been collected. If you are a parent or guardian of a child under the relevant digital age of consent and believe he or she has disclosed Personal Data to us, please contact the Arch Data Protection Officer at [email protected].
We implement appropriate and reasonable security and technical and organizational measures against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data.
Although we take measures to protect the security of the information communicated through the Website, no Internet-connected computer system can be made absolutely secure from intrusion. We, therefore, cannot and do not guarantee that information communicated by you to us via the Website will be received or that it will not be altered before or after its transmission to us. If you elect to use the Website to communicate with us or provide us with information, you do so at your own risk.
We retain your Personal Data only for as long as necessary in accordance with our document retention policy and in accordance with legal, regulatory, tax or accounting requirements, or for dealing with complaints, legal challenges or prospective litigation.
We consider the following criteria when determining how long a particular record will be retained, including any personal information contained in that record:
- How long the record is needed to provide you with the products and services you request.
- How long the record is needed to support and enhance our operational processes.
- How long the record is needed to protect our rights and legal interests.
- How long the record must be retained to comply with applicable laws and regulations.
The same personal information about you may be included in more than one record and used for more than one purpose, each of which may be subject to different retention periods based on the factors listed above.
For example, where you purchase our insurance product, information will be held for the duration of your insurance cover and a period of several years after the end of our relationship. We keep information after our relationship ends in order to comply with applicable laws and regulations and for use in connection any legal claims brought under or in connection with your policy.
Once your Personal Data is no longer required, it will be securely deleted.
We reserve the right to change, update and/or modify this Policy at any time without notice to you. Any changes will be effective immediately upon the posting of the revised Policy. However, if we make material changes to this Policy we will notify you by means of a prominent notice on the Website prior to such changes becoming effective, or in other ways as required by law. Please review the Policy whenever you access or use this Website.
To the extent any provision of this Policy is found by a competent tribunal to be invalid, illegal or unenforceable, such provision shall be deemed to be severed to the extent necessary, but the remainder shall be valid and enforceable.
If you have any questions about our Policy or practices described in it, you should contact us in the following ways (and if you are a California resident/household looking to exercise CCPA rights, see an additional method above):
- Postal Mail: Arch Group Data Protection Officer, Arch Capital Services LLC, 360 Hamilton Avenue, Suite 600, White Plains, New York 10601.
- By e-mail: [email protected].
- By phone: 1-877-800-6249 (toll free in the U.S.) or +1 914 872 3609.