Arcadian Risk Capital

Arcadian Data Privacy Notice

1. Introduction

Arcadian is a group of companies providing services in the selection and structuring of risk management insurance products. The group includes:

  • Arcadian Holdings Limited, Bermuda
  • Arcadian Risk Capital Ltd., Bermuda
  • Arcadian Risk Capital Insurance LLC, United States
  • Arcadian Risk Capital (Ireland) Ltd., Ireland
  • Arcadian Risk Capital (UK) Ltd., United Kingdom

Depending on the context of data collection and processing, each entity may act as a controller of your personal information.

This Privacy Notice describes how we collect, use, disclose, and protect personal information in accordance with applicable privacy laws, including:

  • Bermuda’s Personal Information Protection Act 2016 (PIPA).
  • The General Data Protection Regulation (GDPR).
  • The UK General Data Protection Regulation (UK GDPR)
  • Relevant United States federal and state privacy laws, where applicable.

2. Who This Privacy Notice Applies To?

This Privacy Notice applies to individuals whose personal data is processed by Arcadian in the course of our commercial insurance activities. This Privacy Notice applies to personal information we collect about:

  • Representatives of the insureds and policyholders,
  • Claimants,
  • Witnesses in connection with insurance claims,
  • Persons working for our business partners (brokers, (re)insurers),
  • Persons contacting us via website or other means
  • Visitors to our offices,
  • Website visitors.

This Privacy Notice does not apply to Arcadian employees or job applicants.

3. What Personal Information Do We Collect?

We collect and process the following information from you.

Personal Data Categories

Who Tis Relates To

  • Name, address, email address, phone number.

  • Insureds, policyholders, claimants, witnesses in insurance claims, business partners, general contacts

  • Nationality

  • Insureds, policyholders, claimants

  • Date of birth

  • Insureds, policyholders, claimants

  • Government-issued identification numbers (e.g., Social Security Number, national ID)

  • Insureds, policyholders, claimants

  • Financial information (e.g., bank account details)

  • Insureds, claimants, vendors, service providers

  • CCTV footage

  • Office visitors, claimants

  • Information voluntarily shared via our contact forms or correspondence

  • Website visitors, general contacts

  • IP address,

  • The website from which you visited us.

  • The type of browser software used.

  • The date and duration of your visit to the Arcadian website.

  • Cookies and similar tracking technologies – see our [Cookie Policy]

  • Website visitors

  • Job title, business contact information (e.g., work email)

  • Business partners (e.g., brokers, reinsurers)

  • Special Categories of Personal Data. For certain type of insurance, we may require the following special categories of personal data to assess claims where necessary and permitted: (i) race or ethnic origin, (ii) political opinions, (iii) religious and philosophical beliefs, (iv) sexual orientation, (v) health data.

  • Claimants

4. How Do We Collect Your Personal Information?

We typically obtain your personal data from our clients, who may include businesses, insurance brokers, and (re)insurance companies. These clients, in turn, receive your data from you, your employer, or affiliated companies in connection with contracts, insurance policies, or employment arrangements. Additionally, we may collect personal data directly from you, from third-party providers such as investigators or experts, and from publicly available or regulatory sources, including sanctions or fraud databases. 

5. Purpose of Processing and Legal Bases

Purpose

Legal basis

Administering and underwriting insurance contracts

• Performance of a contract

• Legitimate interests in managing our business

Managing claims

• Performance of a contract

• Legitimate interests

• Legal obligation

Detecting and preventing fraud or financial crime

• Legal obligation

• Legitimate interests

Complying with legal or regulatory obligations (e.g., AML, sanctions, recordkeeping)

• Legal obligation

Responding to regulators and public authorities

• Legal obligation

Communicating with brokers, counterparties, vendors, and claimants

• Legitimate interests

• Performance of a contract

Securing our premises (e.g., CCTV)

• Legitimate interests

Operating and securing of our website.

• Legitimate interests

Handling complaints, enquiries, and correspondence

• Legitimate interests

6. Sharing your Personal Data

We may share your personal information with:

  • Other companies within the Arcadian Group
  • IT service providers acting on our behalf,
  • Other insurance market participants i.e. (re)insurance companies, insurance brokers,
  • Brokers, (re)insurers, claims handlers, adjusters, and expert advisors
  • Regulatory and public authorities as required by law,
  • Legal advisors and investigators

7. International Data Transfers

We operate globally and may transfer your information across borders. Where data is transferred outside Bermuda, the US, the UK, or the EEA, we ensure that adequate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, with the UK Addendum issued by the ICO where applicable;
  • Bermuda’s PIPA complaint transfer mechanisms;
  • Equivalent protections under applicable local laws.

8. Data Retention

We retain your personal data for as long as necessary for the purposes described in this Notice and in accordance with our internal retention schedule and applicable legal requirements.

9. Cookies

When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit our Cookie Policy.

10. Automated Decision-Making including Profiling

We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects

11. What are your Data Protection Rights?

  • Right to access your personal data
  • Right to rectification of inaccurate or incomplete data
  • Right to erasure (in certain circumstances)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent (if processing is based on consent)

If you would like to exercise any of these rights, contact: dataprotection@arcadian-risk.com

We will respond within the timeframes required by law.

12. Who to Contact About Your Data?

Each Arcadian Group entity has appointed a data protection or privacy contact, in line with applicable legal requirements:

  • Bermuda: A Privacy Officer has been appointed in accordance with the Personal Information Protection Act (PIPA).
  • UK and Ireland: A designated privacy contact oversees compliance with the UK and EU GDPR.
  • United States: A privacy contact is responsible for coordinating compliance with relevant U.S. privacy laws.

For all privacy-related queries contact:

Emaildataprotection@arcadian-risk.com

13. Complaints and Contacting Authorities

If you have concerns about how we handle your personal data, please contact us first at dataprotection@arcadian-risk.com.

If unresolved, you have the right to lodge a complaint with the relevant authority:

  • UK: Information Commissioner’s Office (www.ico.org.uk)
  • Ireland: Data Protection Commission (www.dataprotection.ie)
  • Bermuda: Office of the Privacy Commissioner (www.privacy.bm)
  • United States: Although most U.S. state privacy laws do not apply to our business model, individuals with concerns may contact the State Attorney General’s Office in their state of residence. We will assist with any legitimate concerns where applicable.

14. Changes to This Privacy Notice

We may occasionally update this policy. This privacy policy was last updated in August 2025.