Effective Date: March 1, 2021
ARC Claims Management
ARC Claims Management is the responsible party (e.g., “data controller”) for
your personal information collected and processed under this Policy. Where the
processing of personal information is also undertaken by other ARC companies
with whom you engage, they are joint controllers with ARC Claims Management
for your personal information. See the “Contact Us” section below for a list of
relevant ARC affiliates (“joint controllers”) and their locations, as well as details
on how to contact ARC or exercise your rights with respect to your personal
GDPR and ARC ’s EU Privacy Notice (“EU Privacy Notice”): Our EU Privacy Notice available here contains additional information about how we process personal information that is subject to the EU General Data Protection Regulation and associated European Union/European Economic Area (“EEA”) national laws (together, the “GDPR”). ARC ’s EU Privacy Notice applies to our processing of personal information from EU users of the Sites, as well as other personal information that is subject to the GDPR.
Information collected by ARC
We may collect personal information directly from you, such as when you contact us online or submit forms through the Sites. We may also collect personal information from third parties and automatically through your use of the Sites. In this Policy, “personal information” means any information that identifies or could be used to identify an individual person and includes other similar terms like personal data or personally identifiable information.
- Information Collected Directly. We collect information that you provide to us or share on the Sites or on ARC’s Risk+Plus Portals.
- Communications. When you email us, call us or contact us, we maintain records about our interactions and communications with you.
- Customer Service and Support. We also maintain records related to customer support and customer service-related requests, including the nature of the request, name and contact information of the requestor, associated company name, and information related to the resolution of the request.
- Comments and Content. Some areas of ARC’s Risk+Plus Portal(s) may allow you to comment, share or post other content. When you view this content, we keep a record of our content and it may be viewable by other users of the Sites. You may ask us to remove such content as set out below.
- Professionals, Experts, Contractors. We work with external professionals, experts, consultants and others in order to deliver our client services and otherwise make our products and services available. We may collect information through the Sites or through our Risk + Portal (s)of these third parties, in order to consider them, review their qualifications or assign specific tasks or jobs to them.
Information automatically collected by ARC
For more information, see the “Cookies and similar devices” section below.
Additional information collected by ARC
- Access-restricted Areas and Submission Forms. We may make available access-restricted portals and certain submission forms, to allow clients and other third parties (e.g., claimants) to provide us with information or review information related to our client services. You must be authorized to use or access these areas, and if you register online to access them or otherwise submit information through them, we may take steps to verify your authorization and identity, including by requesting additional information from you or third parties (such as the clients for whom we are acting). While these forms and portals may be available or linked to from the Sites, they are subject to additional policies and terms.
- Client-services and Claims-related information. We handle personal information as a result of providing our claims handling and related services to our clients (the “client services”). This information may include claims-related information, transactional details, health, disability and medical information, identification information and other information; our handling of this personal information is subject to our client agreements (and their respective policies)–not this Policy–since we are acting on behalf of and under the instruction of our clients (i.e., as a data processor).
Client Claims Data
Our primary business is to provide claims management and related services globally – including third party claims administrator (or “TPA”) services, loss adjusting and associated risk, consulting and other services. Generally, we provide these services to entities that wish to conclude claims presented by their customers and other individuals and companies to maintain goodwill or which are responsible for payment of the claims that we handle.
As a part of our claim management services, we process claims and handle administrative functions for our clients, such as receiving notices of claims, administering forms and documentation requests, and providing customer support-related services to claimants. We also help assess liability and damages, make recommendations related to the settlement of claims, including payments, repairs and replacements. We process personal information during the course of providing these services to our clients.
ARC Use of Personal Information
In the course of conducting our business, we use personal information to provide and improve our services, to provide information about our products and services, to respond to requests and to otherwise communicate with you and others.
- Providing Support and Services: To provide and operate our services and the Sites, communicate with you about your use of the Sites, respond to your inquiries, provide troubleshooting, fulfil your orders and requests, process your payments, and complaints and inquiries, provide technical support and for other customer service and support purposes.
- Personalization: To tailor content we send or display on the Sites or through ARC’s Risk+Plus Portal(s)in order to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
- Analytics and Improvement: To better understand how users access and use the Sites and ARC’s Risk+Plus Portal(s)and other products and offerings and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop additional products, services and features.
- Comply with Legal Obligations: To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
- General Business Operations: Where necessary to the administration of our general business, accounting, record keeping and legal functions.
- Anonymous and De-identified Information. We may de-identify information and create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports on our industry and for other research and analytics purposes.
- Client Services and Claims Handling. As noted, we may collect certain personal information online that is used to provide our client services (including claims handling services), and we use such personal information on behalf of and under the instructions of our clients and subject to our client agreements.
ARC disclosure of information
We do not sell your personal information to third parties. In general, we disclose the personal information we collect as follows:
- Personal Information. ARC Claims Management is a global company, your personal information may be shared among our affiliated and subsidiary companies (ARC Claims UK, Ltd., Loftus Global Risk, CZ, Loftus Adjustment Service, Inc., WebAppClouds, LLC, ARC Driver, ARC Global, LLC, and Web Solutions, LLC) whose handling of personal information is subject to this Policy.
- Service Providers. We may share your information with third-party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, consultants and customer service and support providers.
- Business Transfers. We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Legally Required. We may disclose your information if we are required to do so by law (e.g., to law enforcement, courts or others, e.g., in response to a subpoena or court order).
- Protect our Rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and protect the rights, property or safety of ARC , our clients and customers or others.
- Anonymized and Aggregated Data. We may share aggregate or de- identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
- Client Services and Claims-related Personal Information. As noted above, we are a service provider to our clients, and a data processor with respect to the personal information we collect in performing our client services (including claims handling services). Any personal information we collect related to handling claims on behalf of our clients, may be disclosed to such clients or others as directed by our clients; such disclosures are subject to our clients’ policies.
Cookies and similar devices
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites, while others are used to enable a faster log-in process or to allow us to track your activities while using our Sites. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Sites and ARC’s Risk+Plus Portal(s) to, among other things, track the activities users of our Sites, help us manage content, and compile statistics about usage of our Sites. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.
We are a global company, and the data that we collect from you may be transferred to, accessed or stored in and subject to requests from law enforcement in jurisdictions outside of your home jurisdiction, including the United States, , Australia, , Brazil, India, the UAE, Saudi Arabia, Egypt, the European Union and other jurisdictions in which we (or our service providers) operate. Some of these jurisdictions, including the United States, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.
If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission (the form for these clauses can be found here) or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country
We have implemented appropriate safeguards and technical measures to protect the personal information that we have under our control from unauthorized access, use or disclosure (such as where appropriate, access controls and encryptions). However, no data security measures can guarantee 100% security.
As a general rule, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, as required by clients and to enforce our agreements. We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.
Your choices and rights
We know the importance of accurate data.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
EU Individuals. Additional information for EU individuals about their rights under EU data protection laws is available in our EU Privacy Notice.
Your California privacy rights
California residents have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
Information about children
Our Risk + Portal(s)are not directed towards children and we do not encourage children to participate in providing us with any personal information. We do not knowingly collect any personal information from children under the age of 16. If you have reason to believe that a child under the age of 16, without a parent or guardian's consent, has provided personal information to us through the Sites, please contact us at firstname.lastname@example.org.
If you have questions or concerns regarding this Policy, please contact us at:
ARC Global Privacy Office
Chief Privacy Officer
If you are in the European Union, you may also contact our EU Data Protection Officer as set out in the EU Privacy Notice.