Effective date: June 14, 2021
Marsh Affinity, a division of Marsh USA Inc. (“We”) strive to protect the privacy and the confidentiality of personal information that we collect, use and disclose in the course of providing services to our clients and otherwise in the course of our business. This Privacy Statement is intended to inform you of the ways in which we collect, use, and disclose your personal information, and sets forth your rights.
This Privacy Statement is subject to change at any time. If we make changes to this Privacy Statement, we will update the “Effective date” at the top of this page. Any changes we make to this Privacy Statement will become effective immediately, so please review this Privacy Statement regularly for changes.
If you have any questions, you may contact us at PrivacyPolicyInquiries@marsh.com.
What Personal Information Do We Collect?
The types of personal information we collect, use and disclose will vary depending on the circumstances; however, we collect, use and disclose only the personal information that is necessary for the intended purpose.
We may collect and process the following personal information relating to you and, where applicable, persons insured under your or your employer’s or program sponsor’s policy:
Individual Contact and Demographic Information (including Family Members) ► name, address, email address, telephone number, gender, marital status, date and place of birth, employer, job title and employment history, and/or your relationship to the policyholder, insured, beneficiary or claimant.
Identification details ► identification numbers issued by government bodies or agencies (e.g. depending on the country where you reside, this may include your social security or national insurance number, passport number, ID number, tax identification number, or driver’s license number).
Financial information ► payment card number, bank account number and account details, income and other financial information.
Insurable Risk Information ► the information necessary to secure insurance products, provide risk consulting services, and/or offer guidance on other financial products and services to you – which may include, only to the extent necessary, the following:
- Health data: current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history.
- Criminal records data: criminal convictions, including driving offences; and
- Other Special Categories of personal information: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data.
Policy information ► information about the quotes provided to you and the insurance coverage and policies purchased.
Credit and anti-fraud data ► credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
Claim Information ► information about current and/or previous claims, which may include health data, criminal records data and other Special Categories of personal information (as described in the Insured Risk definition above).
Marketing data ► whether or not you have consented to receive marketing from us and/or from third parties.
Site-Related Information ► information related to the operation of a Site, which may include log-in credentials, IP address and other Site-related information
What Data Do We Collect?
Information Provided by You, Your Representatives or Third Parties
We may collect information from you, your representative, your employer or program sponsor and/or third parties that have roles in delivering services to you or your employer or program sponsor. These may include insurance companies, plan administrators and vendors, brokers or agents, credit agencies, and financial institutions. You might provide this information when you visit a Site; apply or request a quote for insurance coverage; enroll in an association, group, or benefits program; communicate with us through email, chat and instant messenger; speak to a Marsh representative by phone or in a call center; or send mail to our office. In addition, your employer or program sponsor or someone acting on their behalf may provide us with information about you.
If you supply us with personal information about other people, you represent that you have the authority to provide this information on their behalf. In these instances, you further represent that the individuals to whom this information relates have been informed of and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure.
Information Collected by Automated Means
We also collect personal information through automated means on our Sites. We also use various tools, including cookies and web beacons, to enhance your user experience and track users of our Sites. These tools may collect personal information, including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
You can refuse to accept and delete cookies by adjusting your browser setting. Please note that refusing or deleting cookies may impact your browsing experience on our Sites or prevent you from using some of its services, and may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org. We do not use technology that recognizes do-not-track signals from your browser. You can also opt out of internet-based advertising by installing a browser plugin from the third party where available. For more information about internet-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp. You may also be able to opt out of our use of certain cookies using our Cookie Management Tool, where available, linked at the bottom of our Sites.
In addition, in the course of seeking network security and consistent service for all users, software programs may be employed to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. These programs may detect additional information from your computer such as your IP address, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of our networks and computer systems.
We may combine the information you provide us and information we automatically collect with information from public or third-party sources.
How Do We Use the Personal Information We Collect?
We will use the personal information we collect to:
- provide the services and products you, your employer, or your program sponsor request or express interest in, including to follow up on quotes
- contact you when necessary and to respond to your requests and inquiries
- process an insurance transaction, enrollment, or service requested by you directly, or through a third party
- allow you, your employer or program sponsor to manage the requested services or products
- market services offered by us, our affiliates or third parties to you
- comply with and enforce applicable laws, industry standards, and our own policies
- verify your identity
- conduct research, statistical analysis, risk analytics, survey/demographical interpretation, and other data studies based on the data collected
- contact you when necessary and to respond to your requests and inquiries
- as otherwise described to you at the point of collection or pursuant to your consent
We may also collect, use and disclose personal information through our Sites to:
- Administer, improve, and personalize our Sites. In addition to our own analysis, enhancement, and evaluation activities, we work with Google Analytics to collect information about the use of our Sites (including how often users visit the Sites and what pages users visited prior to visiting the Sites). We use this information to maintain and improve the Sites. For information about how Google uses the information, see Google’s Terms of Service and the Google Privacy Statement. You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
- Maintain network security and performance and protect against cyber-attacks
- Register and service your online account
With Whom Do We Share Your Data?
We may share your personal information as follows:
- as necessary to perform the services
- We may disclose your personal information to insurance carriers and third-party brokers/agents in connection with providing quotes, administering claims, binding coverages, and other services.
- We may also disclose your personal information to your employer or program sponsor in connection with the insurance coverages you are able to purchase or benefit from as a result of your employment or business relationship with an employer or program sponsor that is our client.
- We may also disclose your personal information to your or your employer’s or program sponsor’s other agents or service providers.
- We may also disclose your personal information to marketing partners if you have requested a quote from us through the marketing partner’s website.
- with affiliates
- to enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
- with vendors and service providers
- We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting a Site, sending e-mail messages, and making or receiving phone calls. They may have access to personal information in order to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for our company or on our behalf.
- as part of a business transfer
- As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either our company or any of our assets are acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
- to address legal concerns
- We may preserve, and have the right to disclose any information about you or your use of a Site, without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of our company or its affiliates, other users of a Site, or the public; (b) enforce the terms and conditions that apply to use of a Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
We will not otherwise disclose, share, sell, or use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement.
We may also share information that is not reasonably likely to identify you personally for any commercially legitimate business purpose.
What Steps Do We Take to Protect Your Information?
Personal information may be collected, stored, and processed in countries other than the one in which you reside, including, but not limited to, the United States. We restrict access to your personal information to employees and service providers of ours and our affiliates who need to use it to provide our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. Vendors and Service providers with whom we disclose information are also required by law and/or contractual requirements to keep your personal information confidential and secure. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.
How Long Do We Keep Your Information?
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and other permitted purpose(s), including retention of personal information required by contract, law or regulation. Our retention periods are based on business, legal and regulatory needs with information that is no longer needed either de-identified or securely destroyed.
Accessing and Correcting Your Information
Keeping your information accurate and up to date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information by contacting us as described below. For your protection, we will need to validate the identity of anyone making a request to access or change your personal information.
Applicability of This Privacy Statement to International Users
Rights of California Residents
California Consumer Privacy Act
This Privacy Statement is intended to inform you of our policies and practices regarding the collection, use, retention, and disclosure of any personal information that we collect from or about you. However, we provide the services pursuant to a contract we have entered into with our corporate client (“Client”), who is the business ultimately responsible for determining how your personal information will be processed. As such, we act as a “service provider” when it comes to handling your personal information, which means all of the personal information that we collect from or about you in connection with the services are processed under the direction of our Client and governed by our agreement with our Client. We have no direct ownership over your personal information. Instead, our collection, use, sharing, and retention of your personal information is limited to providing the services for which our Client has engaged us.
Accordingly, if you are using the services or our Sites in connection with your duties of employment or by virtue of some other relationship with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. This includes any processing performed by the Client if we make your personal information available to our Client, as described in this Privacy Statement.
Further, in any case where we are acting as a service provider to a Client, if you wish to exercise any rights that may be available to you under certain data privacy laws (for example, the right to access or deletion under California law), you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests, as we do not have any obligation, and, notwithstanding anything in this Privacy Statement to the contrary, may elect not to respond to your requests.
California Shine the Light Law
Under California’s “Shine the Light” law, California residents may request and obtain a notice once annually about the personal information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information, if any, that was shared and the names and addresses of all third parties with which the personal information was shared. The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how our Sites handle Do Not Track browser signals. Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track signals, we do not honor Do Not Track requests at this time.
Our Sites are not intended for children, and we do not knowingly collect information from children under the age of thirteen (13) without the consent of their parents or legal guardians. In an instance where such information was collected, it would be solely in connection with the services.
Automated Calls and Text Messages
In some instances, your employer or program sponsor may request services that require Marsh to contact you via telephone calls or text. By accepting the terms of this Privacy Statement and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. Consent is not a condition of any purchase or to obtain a quote. Message and data rates may apply. If you wish to withdraw your consent in the future, reply STOP to any text message or contact us as described below.
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Statement or our privacy practices, please email us at PrivacyPolicyInquiries@marsh.com.