ARIA — ASSOCIATION OF REINSURANCE (ADGM) LIMITED
Privacy Policy
Effective Date: May 2026
Governing Framework: ADGM Data Protection Regulations 2021
1. Introduction and Data Controller Identity
This Privacy Policy explains how ARIA — the Association of Reinsurance (ADGM) Limited (“ARIA”, “we”, “us”,
“our”) — collects, uses, stores, and protects your personal data in accordance with the ADGM Data
Protection Regulations 2021 (“DPR 2021”).
ARIA is incorporated in the Abu Dhabi Global Market under company registration number 24920.
ARIA is registered as a Data Controller with the ADGM Office of Data Protection.
2. Personal Data We Collect
2.1 Information You Provide Directly
When you submit an enquiry, apply for membership, or subscribe to our communications, we may collect the following personal data:
-
Full name
-
Job title and professional role
-
Organisation / company name
-
Business email address
-
The nature of your enquiry (as selected or described by you)
-
Any additional information you voluntarily include in your message
2.2 Information Collected Automatically
When you visit aria-uae.org, certain technical data may be collected automatically through our website platform (hosted on Wix), including:
-
IP address
-
Browser type and version
-
Pages visited and time spent on the site
-
Referring URL
This data is collected in aggregate and is used solely for website performance and security purposes. It is processed by Wix in accordance with Wix's own privacy policy and terms of service.
2.3 Special Category Data
ARIA does not intentionally collect or process special category personal data (as defined under DPR 2021), including data relating to health, religion, ethnicity, political opinions, or criminal records. You should not include such information in any communication with ARIA. If special category data is submitted inadvertently, it will be deleted promptly upon identification.
3. How We Use Your Personal Data
ARIA processes personal data only for the purposes for which it was collected, and only where a lawful basis exists under DPR 2021. The table below sets out our processing activities and their lawful bases:
Purpose of Processing
-
Responding to membership enquiries and applications — Lawful Basis: Legitimate interests / Pre-contractual steps
-
Sending market updates, regulatory insights, and event invitations to newsletter subscribers — Lawful Basis: Consent
-
Communicating with existing members and institutional partners — Lawful Basis: Contract performance / Legitimate interests
-
Improving website performance and user experience — Lawful Basis: Legitimate interests
-
Complying with ADGM regulatory or legal obligations — Lawful Basis: Legal obligation
-
Maintaining records of data processing activities as required under DPR 2021 — Lawful Basis: Legal obligation
ARIA will not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
4. Newsletter Subscriptions and Consent
Where you have subscribed to receive ARIA communications — including market updates, sector intelligence, regulatory commentary, and event invitations — we process your email address on the basis of your freely given, informed consent.
You may withdraw your consent at any time by:
-
Clicking the unsubscribe link included in any ARIA communication
-
Contacting us directly at secretariat@aria-uae.org
Withdrawal of consent will not affect the lawfulness of any processing carried out prior to the withdrawal.
5. Data Sharing and Disclosure
ARIA does not sell, rent, or commercially exploit your personal data. We share personal data only in the following limited circumstances:
5.1 Service Providers (Data Processors)
ARIA uses third-party service providers to operate its website and communications infrastructure. These include:
-
Wix.com Ltd — website hosting and form submission management. Wix processes data on our behalf as a Data Processor, subject to a data processing agreement. Wix's servers may be located outside the ADGM; appropriate safeguards are in place in accordance with DPR 2021 Part V.
All Data Processors engaged by ARIA are required to process personal data only on ARIA's documented instructions and to implement appropriate technical and organisational security measures.
5.2 Regulatory and Legal Disclosure
ARIA may disclose personal data to the FSRA, ADGM authorities, or other competent bodies where required by law, regulation, or legal process. Such disclosures will be made only to the extent required and will be documented in accordance with our obligations under DPR 2021.
5.3 No Other Third-Party Sharing
ARIA does not share personal data with any other third parties — including innovation partners (MBZUAI, Hub71, GCRI), event partners, or media organisations — without your prior explicit consent, unless required by law.
6. International Data Transfers
ARIA is incorporated in the ADGM, and your personal data is primarily processed within the ADGM and the UAE. Where personal data is transferred to or processed in a jurisdiction outside the ADGM — for example, through the use of Wix's international server infrastructure — ARIA ensures that such transfers are subject to appropriate safeguards in accordance with DPR 2021 Part V, including:
-
Adequacy decisions issued by the ADGM Commissioner of Data Protection; or
-
Standard data protection clauses approved by the ADGM Office of Data Protection.
For further information on international transfers, please contact us at the details provided in Section 10.
7. Data Retention
ARIA retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law or regulation. Our standard retention periods are as follows:
-
Membership enquiry and application data: retained for the duration of the membership relationship and for 7 years following the end of that relationship, in accordance with applicable legal and regulatory obligations.
-
Newsletter subscriber data: retained for the duration of the subscription, and deleted within 30 days of unsubscription.
-
General correspondence: retained for up to 3 years from the date of the last communication, unless a longer period is required by law.
-
Website analytics data: retained in aggregate form for up to 12 months.
When personal data is no longer required, it is securely deleted or anonymised in accordance with our internal data management procedures.
8. Security of Personal Data
ARIA implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:
-
Access controls limiting personal data access to authorised personnel only
-
Use of secure, encrypted communication channels
-
Data processing agreements with all third-party service providers
-
Regular review of security measures in line with DPR 2021 requirements
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, ARIA will notify the ADGM Office of Data Protection within 72 hours of becoming aware of the breach, and affected data subjects where required, in accordance with DPR 2021.
9. Your Rights as a Data Subject
Under the ADGM Data Protection Regulations 2021, you have the following rights in relation to your personal data:
-
Right of Access — you may request a copy of the personal data ARIA holds about you.
-
Right to Rectification — you may request correction of inaccurate or incomplete personal data.
-
Right to Erasure — you may request deletion of your personal data where there is no compelling reason for its continued processing.
-
Right to Restriction of Processing — you may request that ARIA restrict the processing of your personal data in certain circumstances.
-
Right to Data Portability — where processing is based on consent or contract and carried out by automated means, you may request that your data be provided to you in a structured, commonly used, machine-readable format.
-
Right to Object — you may object to processing based on legitimate interests, including for direct marketing purposes.
-
Right Not to be Subject to Automated Decision-Making — you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
-
Right to Withdraw Consent — where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us as set out in Section 10. We will respond to all valid requests within one month of receipt, in accordance with DPR 2021. In some circumstances, we may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the ADGM Office of Data Protection:
-
Website: www.adgm.com/operating-in-adgm/office-of-data-protection
-
Address: ADGM Office of Data Protection, Al Maryah Island, Abu Dhabi, UAE
10. Contact and Data Protection Queries
Having assessed the nature and scale of its processing activities, ARIA has determined that the appointment of a Data Protection Officer is not currently mandatory under DPR 2021. ARIA will keep this position under review as its activities develop. All data protection queries should be directed to the secretariat at secretariat@aria-adgm.org.
11. Cookies
ARIA's website (aria-uae.org) is hosted on the Wix platform. Wix uses cookies and similar technologies to operate the website, including session cookies necessary for site functionality and analytics cookies to understand how visitors interact with the site.
A separate Cookies Policy is available on our website. By continuing to use aria-uae.org, you consent to the use of necessary cookies. You may configure your browser settings to refuse cookies, though this may affect the functionality of certain parts of the site.
12. Changes to This Privacy Policy
ARIA may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal and regulatory requirements. The updated Policy will be published on aria-uae.org with a revised effective date. Where changes are material, we will notify registered members and newsletter subscribers by email.
We encourage you to review this Policy periodically to remain informed of how ARIA protects your personal data.
Association of Reinsurance (ADGM) Limited — aria-adgm.org
Incorporated in the Abu Dhabi Global Market. ADGM Registration No. 24920. Registered Data Controller under the ADGM Data Protection Regulations 2021.
