Skip to main content

Privacy Policy

In this privacy policy, 'we', 'us', 'our' and ‘Arena’ means Arena Underwriting Pty Ltd.

What is Personal Information

‘Personal Information’ is any information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether or not it is recorded in a material form.

’Sensitive Information’ is a subset of Personal Information which may need to be afforded a higher level of protection. Sensitive Information may include Personal Information and is defined more specifically in the Act, including, amongst other things, health information, criminal history, racial or ethnic origin and sexual orientation.

What Personal Information do we collect, hold and use?

The Personal Information we collect, hold and use generally includes your name and contact information (including telephone numbers and email addresses), information relating to the insured risk and claim, other reference information and information about third parties in relation to a claim.

As we act as claims managers on behalf of underwriting agencies and insurers, providing claims handling and settling services, we may also collect and hold other Personal Information required to provide and administer such products and services and to assist you, including details of your previous insurances and Sensitive Information.

You may be able to deal with us without identifying yourself (i.e. anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the products and services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances.

However, if you do not provide us with the Personal Information and other information that we need, we or any of our third-party providers may not be able to provide you with the appropriate claims handling and settling services.

How we collect your Personal Information

We may collect Personal Information in a number of ways depending on the nature of the claim services being provided and administered, including:

  • directly from you via our website;
  • through any insurance-related portal;
  • by telephone;
  • in writing;
  • by email; and/or
  • from third parties (such as your insurer, underwriting agency, insurance broker, premium funders, other service providers or publicly from available sources). Each third party is also obliged to comply with the applicable privacy principles.

When collecting Personal Information, we will do everything we reasonably can to let you know:

  • how to contact us;
  • why we are collecting the Personal Information;
  • how the Personal Information is collected;
  • the organisations or types of organisations to which we disclose the Personal Information (if any);
  • if we are required by law to collect the Personal Information;
  • whether disclosure overseas is likely; and
  • the consequences should you choose not to provide the Personal Information.

 

We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the ‘Cookies’ section below for more details.

Our purposes for collecting, holding and using your Personal Information

We collect and hold your Personal Information for the primary purpose of providing and administering our claims handling and settling services to you. When we collect Personal Information from you, the collection statement may provide a more specific or broader purpose. Such purposes for collection may include:

  • verifying identity;
  • helping us clarify, assess, process and settle claims;
  • helping us improve our products and services;
  • legal or regulatory requirements;
  • Risk, security and fraud prevention;
  • helping us to develop and identify products and services that may interest our clients and their customers, potential customers or others;
  • conducting market or customer research;
  • developing, establishing and administering alliances and other arrangements with organisations not related to us in relation to the promotion, administration and use of our products and services;
  • telling you about promotions and our other product and service offerings which we believe may be relevant to you;
  • sale of our assets or shares to a buyer; and
  • any other purpose notified to you at the time your Personal Information is collected.

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do so. We will ensure that we only use your personal data for the purposes set out above and where we are satisfied:

  • we need to use your personal data to perform a contract or take steps to enter into a contract with you;
  • we need to use your personal data to comply with a relevant legal or regulatory obligation that we have;
  • we have your consent to use your personal data for a particular activity; or
  • the use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party.

Disclosure of your Personal Information

We will only disclose your Personal Information where it is required or reasonable to providing or administering a product or service that you have requested, or for any of the purposes outlined in this privacy policy. Where appropriate, we will disclose your Personal Information to:

  • our related body corporates, your insurance broker or third parties as is required in order to provide our products and services, including our external service providers, such as payment system operators, lawyers, accountants, other advisers, financial institutions and information technology providers;
  • to agents, Lloyd’s underwriters, insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies and groups;
  • claims management and related service providers;
  • the Australian Financial Complaints Authority or other alternative dispute resolution schemes;
  • Insurance and Financial Services Ombudsman;
  • administrative service providers;
  • any government organisation or agency; and/or
  • any other entities notified to you at the time of collection.

You authorise us to contact such third parties for the purposes of providing you with the products and services that you have requested.

Other than when required or permitted by law, as specified in this privacy policy or where you have provided your consent, we will not disclose your Personal Information for any other purpose.

Nothing in this privacy policy prevents us from using and disclosing to others de-personalised aggregated data.

Disclosure of Personal Information overseas

We may need to share your Personal Information with trusted service providers overseas—including in countries such as India or countries in the United Kingdom or European Union—when it is necessary to provide or administer the products or services you have requested, or for other purposes outlined in our privacy policy. When we disclose your information to our service provider in India, please note that they operate under an Australian Business Number (ABN) and are required to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. This means your information is handled according to Australian privacy standards. For all overseas disclosures, we take reasonable steps—such as contractual agreements and compliance monitoring—to ensure your information remains protected and is handled in line with applicable privacy principles. If you are based in the European Union or United Kingdom, we will ensure that any transfer of your personal data complies with relevant legislation and is managed to protect your privacy rights. This includes only transferring data to countries with adequate legal protection or where alternative safeguards are in place. If you have any questions about how your information is managed overseas, or if you would like more details, please contact us.

Direct marketing and how to opt out

When we collect your Personal Information, we may use this information to provide you with information about our other products and services. If you no longer wish to receive such information, or you do not want us to disclose your Personal Information to any other organisation (including any related body corporates), you can opt out by contacting us using our contact details below.

We will not sell or trade your Personal Information for marketing purposes.

Your obligations when you provide Personal Information of others

You must not provide us with Personal Information (including any Sensitive Information) of any other individual (including any of your employees or clients if you are an insurance broker) unless you have the express consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:

  • must tell that individual, via a collection statement, that you will be providing their information to us and that we will handle their information in accordance with this privacy policy;
  • must provide that individual with a copy of (or refer them to) this privacy policy; and
  • warrant that you have that individual's consent to provide their information to us.

If you have not done this, you must tell us before you provide any third party information.

Your obligations when we provide you with Personal Information

If we give you, or provide you access to the Personal Information of any individual, as authorised under this privacy policy, you must only use it:

  • for the purposes we have agreed to; and
  • in compliance with applicable privacy laws, including any applicable privacy principles and this privacy policy.

You must also ensure that your agents, employees and contractors meet the above requirements.

Accuracy, Access and Correction of your Personal Information

We take reasonable steps to ensure that your Personal Information is accurate, complete and up to date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your Personal Information. All Personal Information identified as being incorrect is updated in our database.

Please contact us using our contact details below as soon as possible if there are any changes to your Personal Information or if you believe the Personal Information, we hold about you is not accurate or complete. We may refuse to correct Personal Information if the correction would not improve the accuracy, completeness, relevance or would make the information misleading. If we refuse to correct your Personal Information, we will record that a request was made and advise you why the request was refused.

You can make a request to access your Personal Information by contacting us using the contact details below. If you make an access request, we will provide you with access to the Personal Information we hold about you, unless otherwise required or permitted by law, within a reasonable time after the request is made. We will notify you of the basis for any denial of access to your Personal Information. No fee will be charged for an access request. However, we may charge you the reasonable cost of complying with the access request, with such costs notified to you before they are incurred.

Security of your Personal Information

We take reasonable steps to protect any Personal Information that we hold from misuse, interference and loss and from unauthorised access, alteration and disclosure.

For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.

However, data protection measures are never completely secure and despite the measures we have put in place, we cannot guarantee the security of your Personal Information. You must take care to ensure you protect your Personal Information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.

How long do we retain your Personal Information

We will retain your Personal Information for no longer than is required for any purpose under this privacy policy unless we are required by law to retain the information for a longer period. We will make reasonable efforts to destroy or de-identify your Personal Information after this time in accordance with any Records Management Policy and procedures.

Links to third party sites

Our website may contain links to other third-party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites, or any products or services offered on them. We recommend that you check the privacy policies of these third-party websites to find out how these third parties may collect and deal with your Personal Information.

Cookies

Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the website or to help us analyse website usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our websites. In all cases in which cookies are used, the cookie will not collect Personal Information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.

Your Rights under the GDPR

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, we will not process sensitive data about you unless we have received your explicit consent to the processing of this information.

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, you also have the right to:

  • be informed as to how we are collecting and using your personal data;
  • obtain confirmation from us as to whether or not your personal data is being processed, where and for what purpose. If requested, we will provide you with a copy of your personal data, free of charge in an electronic format;
  • request that we erase your personal data if we no longer have a legitimate interest to continue holding or processing the data;
  • object to the processing of your personal data, including for direct marketing and processing based on a legitimate interest; and
  • request that we restrict the processing of your personal data in certain circumstances, including in the case of unlawful processing.

 

How to make a complaint

If you wish to make a complaint about how we have handled your Personal Information, you can lodge a complaint by using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence and information.

We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 business days. If this is not possible, you will be contacted within that time to let you know how long it is likely to take us to resolve your complaint.

If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to:

  • The Australian Privacy Commissioner via www.oaic.gov.au
  • The New Zealand Privacy Commissioner in New Zealand via www.privacy.org.nz
  • The European Data Protection Supervisor via edps.europa.eu
  • The Information Commissioner’s Office in the United Kingdom via ico.org.uk

Privacy Policy changes

We may make changes to this policy as a result of operational or legislative changes. When changes are made to this policy, the updated policy will be uploaded to our website and the effective date updated accordingly.

How to contact us

If you wish to gain access to your Personal Information, want us to correct or update it, have a complaint about how we have handled your Personal Information or any other query relating to our privacy policy, please contact our Privacy Officer during business hours in Sydney, NSW Australia on:

The Privacy Officer

Arena Underwriting Pty Ltd
Suite 7, 25 Anzac Rd
Tuggerah NSW 2259

In Australia, for further information on privacy, visit the Australian Government Office, Office of the Australian Information Commissioner website.

In New Zealand, for further information on privacy, visit the New Zealand Privacy Commissioner website.

Effective Date: 24 June 2025

Tell us what you think

We welcome your questions and comments about privacy. If you have any concerns or complaints, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.