Privacy Policy

Arrow Underwriting Agency Ltd (“Arrow”) are committed to protecting and respecting your privacy. This policy sets out how we may use any personal data we collect from you or that you provide to us. This policy is written in accordance with the European Union’s General Data Protection Regulation (GDPR).

Data Controller
Arrow Underwriting Agency Ltd
0203 301 2765
Arrow Underwriting Agency Ltd,
75 King William Street,
London, EC4N 7BE

Data Protection Contact
Matthew Maxwell
0203 301 2765
Arrow Underwriting Agency Ltd,
75 King William Street,
London, EC4N 7BE


Your personal data is required by Arrow for communication and setting up a contractual agreement to provide products and services. Without this personal data, Arrow will not be able to communicate with you or enter into a contractual agreement with you. This applies to both business and employment contracts.

Arrow collect personal information such as your name, address, email address and date of birth, as well as other information that relates to the risk to be insured. Bank account and payment details may also be collected to allow us to perform under the terms of our contract with you. Arrow may also collect additional information obtained following a credit assessment or in order for a claim incident to be progressed.

How is it collected?

▪ We collect identifying information via email from you or your intermediary, or via forms sent to you or your intermediary to complete.

▪ Credit searches carried out based on the initial personal data provided will allow us to collect additional information used in order for us to enter into or perform as part of our contract with you.


Arrow will share your information with our service providers and trading partners to assist in the administration and performance of our service to you and your insurance policy.

In order for Arrow to conduct business and fulfil our legal, regulatory and contractual obligations, we need to perform legitimate processing of your data. Information collected by Arrow may be shared as part of our process, with individuals as well as other organisations. Some of the types of organisations Arrow may need to share your personal data with are:

▪ Insurers/Reinsurers

▪ Third Party Agents

▪ Central Government

▪ Regulatory authorities and Ombudsmen that we are governed by

▪ Credit reference agencies

▪ Financial organisations

▪ Health & welfare organisations

▪ Employment Agencies

▪ Insurance Databases

▪ Other companies within the same group Payroll Agent

▪ Pension provider

In the case of current and former employees of Arrow, information we collect will be used to complete our obligations to you under the terms of our contract. We may also have to share this personal information as part of a reference with any of the types of organisations listed above.

Where permitted, we will keep you up to date about our products and services that may interest you. If you have indicated that you prefer not to be informed, we will make sure that you are not contacted in this way. You can update your preference at any time by contacting us with the details provided.


Your personal data collected by Arrow may be stored and processed in the United Kingdom or any other country in which Arrow or associated third parties maintain facilities. Where Arrow need to transfer your personal data, we have put in place reasonable procedures and securities to make sure that this complies with GDPR.

3.1. Keeping your personal data

Arrow may be required to keep specific records to fulfil statutory or regulatory requirements; to meet our operational needs; and/or to meet any historical purposes.

Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at Arrow’s discretion.


Your rights regarding the personal data we store on your behalf include:

▪ Access to a copy of your personal data that we hold

▪ Requesting that we not send you direct marketing material

▪ Requesting that inaccurate personal data be corrected, blocked, or deleted

You can exercise your rights at any time by contacting Arrow’s Data Protection Contact.

4.1. Withdrawing

You have the right to ask us to withdraw your consent to our processing and holding of any sensitive data such as criminal convictions and health data. Should we receive such a request we will at that time explain any consequences of the withdrawal of your consent.

4.2. Complaining

In addition to your rights under our Consultancy Agreement, you also have the right to raise a privacy complaint with the Information Commissioner’s Office (ICO). You can visit the ICO’s website at for more information.

Cookie Policy


Upon your first visit to our website, you may have noticed our banner alerting you to the use of cookies by our website. In compliance with the 2011 EU Cookie Law, our website operates on an "Implied Consent" basis. This means that we will assume that you have opted-in for our website to deploy cookies until you choose to deactivate them within your browser settings or via the instructions below. By default, the majority of popular web browsers automatically permit websites to deploy cookies onto your device. Below you can learn more about the specific cookies deployed by our website, and how they can be disabled. For more information on the EU Cookie Law in the UK, we recommend visiting the Information Commissioner's Office (ICO) website where you can find the latest information, guidelines and advice on the EU Cookie Law.


An anonymous cookie is saved to record that you have seen the cookie notice so that it is not shown on subsequent pages or when returning to the site at a later date.


We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information so it cannot be used to identify who you are. To find out more about Google's privacy policy for their analytics service click here.


Cookies may be set by external websites whose services are used on this site. For example social networks such as LinkedIn, Twitter, Facebook and Google+. In order to implement these and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website. You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.


In order to prevent spam enquiries, we protect our enquiry forms with a CAPTCHA challenge to ensure the submission is from a living person, rather than a computer bot. This CAPTCHA challenge creates a cookie that is used only to check the input response from the user is correct. The CAPTCHA cookie does not store any other information from your enquiry.