ARC Claims Online Privacy Policy
Effective Date: March 1, 2021

ARC Claims Management

ARC Claims Management is a global, independent provider of claims management solutions, business process outsourcing and consulting services worldwide to the risk management industry, as well as to self-insured entities. We are committed to protecting the privacy of the personal information we collect and providing clear information about how we handle personal information. We encourage you to read this ARC Online Privacy Policy carefully so that you understand how we treat your personal information and what rights you may have.

ARC Online Privacy Policy

This ARC Online Privacy Policy (the “Policy”) applies to ARC Claims Management and its affiliate and subsidiary companies (together, “ARC ”, “we”, “us” or “our”), and explains how we collect, use and disclose personal information about users of our relevant websites, including associated pages and online services, that display this Privacy Policy (the “Sites”). This Policy is intended to disclose the personal information that we collect about users of our Sites, and to explain how we use and disclose this personal information, and the choices and rights individuals have regarding this personal information.

ARC Claims Management is the responsible party (e.g., “data controller”) for your personal information collected and processed under this Policy. Where the processing of personal information is also undertaken by other ARC companies with whom you engage, they are joint controllers with ARC Claims Management for your personal information. See the “Contact Us” section below for a list of relevant ARC affiliates (“joint controllers”) and their locations, as well as details on how to contact ARC or exercise your rights with respect to your personal information.
GDPR and ARC ’s EU Privacy Notice (“EU Privacy Notice”): Our EU Privacy Notice available here contains additional information about how we process personal information that is subject to the EU General Data Protection Regulation and associated European Union/European Economic Area (“EEA”) national laws (together, the “GDPR”). ARC ’s EU Privacy Notice applies to our processing of personal information from EU users of the Sites, as well as other personal information that is subject to the GDPR.

Information collected by ARC

We may collect personal information directly from you, such as when you contact us online or submit forms through the Sites. We may also collect personal information from third parties and automatically through your use of the Sites. In this Policy, “personal information” means any information that identifies or could be used to identify an individual person and includes other similar terms like personal data or personally identifiable information.

  • Information Collected Directly. We collect information that you provide to us or share on the Sites or on ARC’s Risk+Plus Portals.
  • Communications. When you email us, call us or contact us, we maintain records about our interactions and communications with you.
  • Customer Service and Support. We also maintain records related to customer support and customer service-related requests, including the nature of the request, name and contact information of the requestor, associated company name, and information related to the resolution of the request.
  • Comments and Content. Some areas of ARC’s Risk+Plus Portal(s) may allow you to comment, share or post other content. When you view this content, we keep a record of our content and it may be viewable by other users of the Sites. You may ask us to remove such content as set out below.
  • Professionals, Experts, Contractors. We work with external professionals, experts, consultants and others in order to deliver our client services and otherwise make our products and services available. We may collect information through the Sites or through our Risk + Portal (s)of these third parties, in order to consider them, review their qualifications or assign specific tasks or jobs to them.

Information automatically collected by ARC

We use cookies, log files, pixel tags, local storage objects and other tracking technologies to automatically collect information when users access or use the Sites, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (“ISP”), referring/exit URLs, operating system, language, clickstream data and other information about the links clicked, features used, size of files uploaded, streamed or deleted and similar device and usage information.

For more information, see the “Cookies and similar devices” section below.

Additional information collected by ARC

  • Access-restricted Areas and Submission Forms. We may make available access-restricted portals and certain submission forms, to allow clients and other third parties (e.g., claimants) to provide us with information or review information related to our client services. You must be authorized to use or access these areas, and if you register online to access them or otherwise submit information through them, we may take steps to verify your authorization and identity, including by requesting additional information from you or third parties (such as the clients for whom we are acting). While these forms and portals may be available or linked to from the Sites, they are subject to additional policies and terms.
  • Client-services and Claims-related information. We handle personal information as a result of providing our claims handling and related services to our clients (the “client services”). This information may include claims-related information, transactional details, health, disability and medical information, identification information and other information; our handling of this personal information is subject to our client agreements (and their respective policies)–not this Policy–since we are acting on behalf of and under the instruction of our clients (i.e., as a data processor).

Client Claims Data

Our primary business is to provide claims management and related services globally – including third party claims administrator (or “TPA”) services, loss adjusting and associated risk, consulting and other services. Generally, we provide these services to entities that wish to conclude claims presented by their customers and other individuals and companies to maintain goodwill or which are responsible for payment of the claims that we handle.

As a part of our claim management services, we process claims and handle administrative functions for our clients, such as receiving notices of claims, administering forms and documentation requests, and providing customer support-related services to claimants. We also help assess liability and damages, make recommendations related to the settlement of claims, including payments, repairs and replacements. We process personal information during the course of providing these services to our clients.

Our processing of personal information related to our claims processing is subject to the instructions of our respective clients – not this Online Privacy Policy. While our role depends upon the relevant circumstances, ARC is generally a data processor or service provider regarding the personal information that we process in the course of providing our claims handling services to our clients; we only process such personal information on behalf of and under the instruction of our clients or where otherwise required by law. In the event we are required to provide further notice of our processing of claims- related data for our clients, our activities will be subject to a privacy notice that is separate from this one.

ARC Use of Personal Information

In the course of conducting our business, we use personal information to provide and improve our services, to provide information about our products and services, to respond to requests and to otherwise communicate with you and others.

  • Providing Support and Services: To provide and operate our services and the Sites, communicate with you about your use of the Sites, respond to your inquiries, provide troubleshooting, fulfil your orders and requests, process your payments, and complaints and inquiries, provide technical support and for other customer service and support purposes.
  • Personalization: To tailor content we send or display on the Sites or through ARC’s Risk+Plus Portal(s)in order to offer location customization and personalized help and instructions and to otherwise personalize your experiences.
  • Analytics and Improvement: To better understand how users access and use the Sites and ARC’s Risk+Plus Portal(s)and other products and offerings and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop additional products, services and features.
  • Protect Our Legal Rights and Prevent Misuse: To protect the Sites and ARC’s Risk+Plus Portal(s) and our business operations; to prevent and detect fraud, unauthorized activities and access and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party as well as violations of our Terms of Use or this Privacy Policy.
  • Comply with Legal Obligations: To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
  • General Business Operations: Where necessary to the administration of our general business, accounting, record keeping and legal functions.
  • Anonymous and De-identified Information. We may de-identify information and create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports on our industry and for other research and analytics purposes.
  • Client Services and Claims Handling. As noted, we may collect certain personal information online that is used to provide our client services (including claims handling services), and we use such personal information on behalf of and under the instructions of our clients and subject to our client agreements.

ARC disclosure of information

We do not sell your personal information to third parties. In general, we disclose the personal information we collect as follows:

  • Personal Information. ARC Claims Management is a global company, your personal information may be shared among our affiliated and subsidiary companies (ARC Claims UK, Ltd., Loftus Global Risk, CZ, Loftus Adjustment Service, Inc., WebAppClouds, LLC, ARC Driver, ARC Global, LLC, and Web Solutions, LLC) whose handling of personal information is subject to this Policy.
  • Service Providers. We may share your information with third-party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, consultants and customer service and support providers.
  • Business Transfers. We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
  • Legally Required. We may disclose your information if we are required to do so by law (e.g., to law enforcement, courts or others, e.g., in response to a subpoena or court order).
  • Protect our Rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation and protect the rights, property or safety of ARC , our clients and customers or others.
  • Anonymized and Aggregated Data. We may share aggregate or de- identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
  • Client Services and Claims-related Personal Information. As noted above, we are a service provider to our clients, and a data processor with respect to the personal information we collect in performing our client services (including claims handling services). Any personal information we collect related to handling claims on behalf of our clients, may be disclosed to such clients or others as directed by our clients; such disclosures are subject to our clients’ policies.

Cookies and similar devices

We and our service providers use cookies, pixels, java script and other tracking mechanisms to track information about your use of our Sites, and we may combine this information with other information, including personal information, we collect about you. Our Cookie Policy contains further information about our use of cookies.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites, while others are used to enable a faster log-in process or to allow us to track your activities while using our Sites. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Sites and ARC’s Risk+Plus Portal(s) to, among other things, track the activities users of our Sites, help us manage content, and compile statistics about usage of our Sites. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.

Third-Party Analytics. We also use automated devices and applications, such as Google Analytics to evaluate use of our Sites. We use these tools to gather non-personal data about users to help us improve our Sites and ARC’s Risk+Plus Portals and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Sites and ARC’s Risk+Plus Portal(s) with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Do-Not-Track Signals. Our Sites and ARC’s Risk+Plus Portal(s) do not respond to do-not-track signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.

International transfers

We are a global company, and the data that we collect from you may be transferred to, accessed or stored in and subject to requests from law enforcement in jurisdictions outside of your home jurisdiction, including the United States, , Australia, , Brazil, India, the UAE, Saudi Arabia, Egypt, the European Union and other jurisdictions in which we (or our service providers) operate. Some of these jurisdictions, including the United States, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

If you are in the European Economic Area, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission (the form for these clauses can be found here) or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country


We have implemented appropriate safeguards and technical measures to protect the personal information that we have under our control from unauthorized access, use or disclosure (such as where appropriate, access controls and encryptions). However, no data security measures can guarantee 100% security.


As a general rule, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, as required by clients and to enforce our agreements. We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.

Your choices and rights

We know the importance of accurate data.

Access Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, to request deletion of or object to processing of your information or to request a paper copy of this Privacy Policy, please send you request to privacy

Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.

EU Individuals. Additional information for EU individuals about their rights under EU data protection laws is available in our EU Privacy Notice.

Your California privacy rights

California residents have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to

Third-party sites

ARC ’s Risk + Portal(s)may contain links to third-party websites or services. We are not responsible for the data privacy practices of such third parties, whose practices are subject to their own privacy policies and procedures, not to ARC ’s Online Privacy Policy.

Information about children

Our Risk + Portal(s)are not directed towards children and we do not encourage children to participate in providing us with any personal information. We do not knowingly collect any personal information from children under the age of 16. If you have reason to believe that a child under the age of 16, without a parent or guardian's consent, has provided personal information to us through the Sites, please contact us at

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes and will post changes by updating the Privacy Policy (and effective date) on this page. If we make any material changes that affect how we treat your personal information, we will endeavor to notify you in advance, such as by prominently posting a notice on this website or by directly sending you a notification. We encourage you to periodically review this website and our Policy to understand how ARC protects your personal information. Once effective, the revised Policy will apply to you and your personal information.

Contact us

If you have questions or concerns regarding this Policy, please contact us at:

ARC Global Privacy Office
Chief Privacy Officer

If you are in the European Union, you may also contact our EU Data Protection Officer as set out in the EU Privacy Notice.