Arch Underwriting at Lloyd’s (Australia) Pty Ltd Privacy Policy

In this Privacy Policy “WE”, “OUR” and “US” means Arch Underwriting at Lloyd's (Australia) Pty Ltd ABN: 27 139 250 of Level 4 Suites 4.01 & 4.02, 68 York Street Sydney NSW 2000 and its authorised representatives, related companies, and third parties who provide services to US or on its behalf. This Privacy Policy applies to any personal information WE collect, handle use or disclose from 22nd February 2018.

Arch Underwriting at Lloyd’s (Australia) Pty Ltd (“AUALA”) is a proud supporter of the intent of the Privacy Act 1988 as amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017. OUR aim is to provide the highest service to OUR Australian Policyholders, and to that end, have developed the following procedures for the fair handling of personal information.

OUR Privacy Policy applies to all information collected about individuals, regardless of how or from where or who the information is collected. It may be collected in relation to a personal or a business policy, but does not protect information obtained regarding the business or its related entities. It also does not protect information regarding OUR own employees.

Why WE collect personal information

WE collect personal information in order to provide you with insurance and insurance related services. Only information necessary for the completion of the above services, AUALA business, or related activities will be collected. This includes information necessary to consider the risk, administer the insurance, assess a claim and determine competitive and appropriate premiums.
WE may also sometimes collect personal information for the development of better products and services, and for conducting marketing and customer service research. WE may sometimes share this information with OUR related companies in order to serve you better.

WE usually collect identifying information such as your name, address, contact telephone numbers and email addresses. If you are applying for a product WE may offer, WE may also need to collect specific information that will enable US to supply that product to you. WE will collect and store this information in a manner that allows US to assist you in the future.

Some products or services may require US to collect ‘sensitive information’, which may include (but is not limited to) your membership of associations, health data, and criminal records. WE will only collect this type of information where necessary to provide OUR services to you and in accordance with the Privacy Act 1988.

If you do not agree to provide US with the information WE request, WE may not be able to offer you the product or services you seek.

How WE collect personal information

Collection can take place through websites (from data input directly or through cookies and other web analytic tools), email, by telephone or in writing. WE collect it directly from you unless you have consented to collection from someone other than you, it is unreasonable or impracticable for US to do so or the law permits US to.

If you provide US with personal information about another person, you must only do so with their consent and agree to make them aware of this privacy notice.

Who WE disclose your Personal Information to

Your personal information will only be disclosed to third parties where the disclosure is reasonably required in order to carry out AUALA’s business or activities, unless you have authorised otherwise, or if required by law.

The third parties include: OUR related companies and OUR representatives who provide services for US, other insurers and reinsurers, OUR claim management partner(s), your agents, OUR legal, accounting and other professional advisers, data warehouses and consultants, investigators, loss assessors and adjusters, other parties WE may be able to claim or recover against, and anyone else appointed by US to review, and handle complaints or disputes, and any other parties where permitted or required by law.

WE may need to disclose information to persons located overseas who will most likely be located in the United Kingdom. Who they are may change from time to time. You can contact US for details or refer to OUR Privacy Policy available at OUR website. In some cases WE may not be able to take reasonable steps to ensure these parties do not breach the Privacy Act 1988 and they may not be subject to the same level of protection or obligations that are offered by the Privacy Act 1988. By proceeding to acquire OUR services and products, you agree that you cannot seek redress under the Privacy Act 1988, or against US (to the extent permitted by law), and may not be able to seek redress overseas.

Security of your personal information

WE will endeavour to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. WE maintain physical security over OUR paper and electronic data stores and premises, by means such as locks and security systems. WE also maintain computer and network security. For example, WE use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords, to control access to computer systems where personal information is stored.

WE may need to transfer your personal information overseas in order to properly carry out OUR business. The countries in which these recipients of your personal information are located will depend on the types of services WE provide to you, the location of the reinsurer and the location of other services providers. WE are unable to identify this location until such time as the services have been provided and this may be subject to change whilst the services are being provided.

In all cases WE will take reasonable steps to ensure all entities to whom WE transfer your personal information comply with the Privacy Act 1988 including ensuring appropriate security measures are taken by those entities to protect your personal information from unauthorised access and use.

Accuracy of and access to your personal information

WE will take reasonable steps to ensure that the personal information you provide is accurate, complete and up to date, whenever it is used, collected or disclosed. You are entitled to access your personal information if you wish and request correction if required. WE may request reasonable costs from you to cover retrieving this information.

Opting out

If WE send you any information about services or products, or you do not want US to disclose your personal information to any other organisation you can opt out by contacting US by telephone on 02 8284 8400.

Notifiable Data Breach

If WE identify a breach or suspected breach of your personal information WE will make an assessment expeditiously and within 30 days to determine if a breach has occurred that is likely to cause you serious harm, an “eligible data breach”. If an eligible data breach is identified WE will notify you and the Australian Information Commissioner of the breach as soon as practicable. WE will also provide you with recommendations of the steps you should take in response to the breach. When making contact with you, WE will use the usual method of communication. If WE cannot contact you, WE will place a notice on OUR website.

Complaints regarding the handling of your personal information

If you are dissatisfied about how WE have handled your personal information you have the right to make a complaint about the matter.

In the first instance, please raise your complaint with AUALA by either writing to US at Arch Underwriting at Lloyd’s (Australia) Pty Ltd, Suites 4.01 & 4.02, Level 4, 68 York Street Sydney NSW 2000 or by telephone 02 8284 8400 or email Should our review take more than 10 business days we will provide regular updates, and ensure that we complete your complaint within 30 business days.

If you are dissatisfied with OUR response, you should refer the matter to the Office of the Australian Information Commissioner:

GPO Box 5218,
Sydney NSW 2001
Phone toll free: 1300 363 992
TTY: 133 677 then ask for 1300 363 992

Where to find further information

Further details on how your information may be processed can be found in the Privacy and Data Protection Policy at If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), it is important that you read section 9 of this policy as it may be of particular relevance to you. If you have any questions about this Policy or the practices described in it please e-mail:

Updating this Privacy Policy

In the event that this Privacy Policy or any part thereof is amended or modified in the future, the revised version will be available from OUR office.