Effective Date: November 28, 2022
Marsh is made up of different legal entities, namely Marsh LLC, an international insurance brokerage with offices based in more than 75 countries. This Privacy Notice is issued on behalf of the Marsh Group so when we mention “Marsh”, "we", "us" or "our" in this Privacy Notice, we are referring to the relevant company in the Marsh Group responsible for processing the information.
Marsh believes strongly in protecting the privacy and the confidentiality of the information that identifies or relates to an identifiable individual (“Personal Information” or “Personal Data”) that it collects, uses, discloses, stores, and transmits (processes) in the course of providing its insurance placement, managing general underwriter, program administrator, risk advisory or management, and other services (the “Services”). This Privacy Notice is intended to inform you of the ways in which we collect, use, and disclose personal information, and sets forth your rights.
This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the “Effective Date” at the top of this page and post it on our Sites. Where required by local law, we will also notify you of any changes we make to this Privacy Notice in accordance with law and the notice provisions in the terms of our engagement. To the extent permitted by law, any changes we make to this Privacy Notice become effective immediately.
Our contractual commitments to clients will supersede any terms in this Privacy Notice.
In the United States, we generally collect personal information in the course of providing our Services pursuant to a contract we have with a commercial client (our “Client”). In such circumstances, we act as a “service provider” or “processor” under applicable US privacy laws and are thus obligated to process personal information in accordance with instructions from our Client, the business ultimately responsible for determining how your personal information will be handled. Accordingly, if you disclose personal information to us in connection with your role as an employee of our Client, or by virtue of some other relationship you have with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. Further, in any case where we are acting as a service provider to a Client, if you or your authorized agent (together referred to hereinafter, where applicable, as “you”) wish to exercise any rights that may be available to you under law, you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests.
Under the privacy laws in other countries, we generally act as a data controller and will determine the purposes and means of the processing of personal information and will be responsible for handling any request you submit to exercise your rights under such privacy laws.
If you are not certain what our role is with respect to your personal information, please contact us through one of the methods described at the end of this Privacy Notice.
PERSONAL INFORMATION WE COLLECT
The types of personal information we collect will vary depending on the nature of our relationship with our clients, such as the type of product or service we provide or the type of Site being accessed. In either case, we limit the personal information that we collect to that which will allow us to fulfill our intended business purposes. In many cases, the personal information we collect is required for us to provide our clients with our services or meet legal requirements, and failure to provide us with the information may prohibit us from delivering requested services.
Generally, we may collect and process the following types of personal information about individuals and, if required for the services provided, their dependents or beneficiaries under an employer, association, group or benefit program sponsor:
- Individual Contact and Demographic Information (which may include Family Members)
Name, address and/or proof of address, email address, telephone number, gender, marital status, family details, date and place of birth, employment information – employer, job title, employee ID, and employment history, and/or the individual’s relationship to the policyholder, insured, beneficiary or claimant, images.
- Business Contact Information
Employer, job title, business address, email and phone numbers.
- Identification Details
Identification numbers issued by government bodies or agencies (e.g., social security or national insurance number, passport number, tax identification number, ID number, or driver’s license number), and/or insurance provider (e.g., policy number or claim number).
- Benefits Information
Benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments.
- Financial Information
Payment card number and related data, bank account number and account details, income and other financial information.
- Insurable Risk Information
The information necessary for us to secure insurance products/quotes, provide risk consulting services, and/or offer guidance on other financial products and services. This information may include to the extent relevant to the risk being insured:
- Criminal records data – criminal convictions, including driving offenses;
- Vehicle information - vehicle identification number and other vehicle details;
- Health data - current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g., smoking), medical history, previous health insurance information;
- Policy information - historical information about the insurance quotes individuals receive and the policies they obtain;
- Claims information - information about current and/or previous claims, including health data; and
- Other Special Categories of Personal Information - Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and/or data concerning an individual’s sex life or sexual orientation.
- Credit and Anti-fraud Data
Credit history and credit score, individual information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
- Marketing Data
Whether or not an individual has consented to receive marketing from us and/or from third parties; interaction with our Sites, marketing communications, articles, and social media.
- Event and Survey Information
Information related to Marsh-sponsored events that you have attended and product or service-related surveys you have completed.
- Site-Related Information
Information related to the operation of and use of a Site and information collected through cookie or other tracking technologies, which may include log-in credentials, IP addresses, domain names, browser versions and operating system, traffic data, the resources you access, and other Site-related information.
To learn more about each category of personal information we collect, the purpose for collection, the sources, and the parties to whom to disclose such personal information, please view this comprehensive chart.
SPECIAL CATEGORIES OF PERSONAL INFORMATION, INCLUDING CRIMINAL DATA
When we collect, use or disclose to third parties (such as insurers, intermediaries and reinsurers) Special Categories of personal information and criminal records data, we typically do so for reasons of substantial public interests, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevention purposes.
Where we collect, use or disclose Special Categories of Personal Data in the administration of a government arrangement to provide compensation to industries affected by the COVID-19 pandemic, we may do so for reasons of substantial public interests insofar as it is necessary for government purposes.
Before you provide us with Special Categories of Personal Data and Criminal Records Data about a person other than yourself, you agree to notify such person of our use of their personal information and, if requested by us, to obtain their consent to our use of their Special Categories of personal information and Criminal Records Data (for example, by requiring the individual to sign a consent form).
HOW WE COLLECT PERSONAL INFORMATION
Information Provided by You, Your Representatives or Third Parties
We may collect information from you, your representatives, your employer, association, group or benefit program/plan sponsor, and/or third parties that have roles in delivering services to our clients. These third parties may include insurance companies, plan administrators and service providers, brokers or agents, credit agencies, financial institutions, and government agencies or persons acting on behalf of such parties. You might provide this information when you visit a Site; apply or request a quote for insurance coverage; enroll in an association, group, or employer benefits program; communicate with us or our service providers through email, chat and instant messenger; speak to a Marsh representative by phone or in a call center; enroll in events, or marketing or business development activities, or send mail to our office. In addition, your employer or program/plan sponsor or someone acting on their behalf may provide us with information about you.
If you supply us with personal information about other people, you represent that you have the authority to provide this information on their behalf and have obtain their consent where necessary. In these instances, you further represent that the individuals to whom this information relates have been informed of the information in this Privacy Notice and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure.
Collection by Automated Means
HOW WE USE THE PERSONAL INFORMATION WE COLLECT
Marsh may use the personal information received from you or your broker, insurance carrier, employer or association, group or benefit program/plan sponsor to:
- Verify your identity;
- Register and service your online account;
- Contact you when necessary and respond to your requests and inquiries;
- Process an insurance transaction, enrollment or service requested by you directly, or by a third party, including the following:
- The procurement of insurance (new and renewals);
- Insurance policy administration;
- Claims processing;
- Consulting and related risk control services; and/or
- General risk modeling, benchmarking and/or other analytics services
- Allow you to manage the services requested by you, or through or third party;
- Market our services to you, including ours, those of our affiliates and those of third parties;
- Analyze, administer, develop, personalize, and improve our products and services and evaluate the overall effectiveness of our marketing activities, Sites, and overall service;
- Maintain network security and performance and protect against cyber-attacks;
- Comply with and enforce applicable laws, industry standards, and our own policies;
- Prevent and detect fraud and other legal or policy violations;
- Perform benchmarking and analytics that support our client services;
- De-identify information; and/or
- As otherwise described to you at the point of collection, for our legitimate business purposes, or pursuant to your consent.
We may also process de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
The legal basis for our ability to process your personal information depends on which Services we provide to you. Please read our Purpose of Processing for complete details. Note that we may process your personal information for more than one legal basis depending on the specific purpose for which we are using your data.
We do not generally rely on consent as a legal basis for processing your personal information other than in relation to sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at email@example.com or by contacting our privacy office using the contact details in the Questions or Concerns section below.
You may also contact us if you need details about the specific legal basis we are relying on to process your personal information where more than one basis has been set out in the attached table.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We may need to disclose your personal information in order to deliver the insurance and consulting products or services requested by you or your employer, or association, group or benefit sponsor, and/or to administer our Sites. We may disclose this information:
- to perform the services you request from us
- We may disclose your personal information to insurers, and/or third-party agents/brokers in connection with providing insurance quotes, binding insurance coverage, administering claims and other services.
- with your employer, association, group or benefit program sponsor (when applicable)
- To assist in the administration of a group insurance program, insurance program-related personal information required for the administration and governance of the group program may be disclosed.
- with affiliates
- To enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
- with agents or third-party service providers
- We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf. To perform these services, they may have access to personal information required to perform these services, but are contractually restricted from using it for purposes other than providing services for or on behalf of Marsh.
- with marketing partners
- This sharing may occur, to the extent permitted by law, if you have requested a quote or service from us through such partners
- in the context of mergers, acquisitions, and asset sales
- to address legal matters
We may also disclose de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes. Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.
STEPS WE TAKE TO PROTECT YOUR INFORMATION
We have implemented commercially reasonable physical, administrative, and technical safeguards in an effort to protect your personal information from unauthorized access, use, alteration and deletion. These safeguards may vary depending on the sensitivity, format, location, amount, distribution and storage of the personal information, and include measures designed to keep personal information protected from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
YOUR DATA PROTECTION RIGHTS
Certain jurisdictions extend enhanced personal information rights to residents of or persons located in the jurisdiction. You may have some or all of the following rights in relation to the personal information we collect about or from you, depending on the jurisdiction and our reason for processing your information:
- Right of access
You may ask us to confirm whether we are processing your personal information and the specific pieces of personal information we have collected and, if necessary, provide you with a copy of that personal information (along with certain other details).
- Right to correct (rectify)
If the personal information we hold about you is inaccurate or incomplete, you may be entitled to request to have it corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
- Right to delete
You may have a right in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), to request that we delete or remove your personal information.
- Right to restrict/limit processing
You may have a right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. Please note that we process Sensitive Personal Information solely as necessary in performance of the Services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation. Because we do not process your Sensitive Personal Information for other purposes, you may not have a right to limit our processing of such information.
- Right to data portability
You may have the right to receive a copy of personal information we've obtain from you, where technically feasible, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Rights in relation to automated decision making and profiling
We do not engage in wholly-automated processing of Personal Information to make decisions that produce a legal or other significant effect. Because we do not engage in such automated processing, we do not provide a mechanism for you to limit our processing of Personal Information in such a manner.
- Right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you may have the right to withdraw that consent. If you withdraw your consent, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you.
If you wish to exercise any of the above rights, opt out of marketing communications or appeal a decision or denial we have made with respect to your personal information please select one of the following options:
- Marsh USA: Complete this Form or call 855-275-5436
- Marsh US – Other (Affinity, ICAT, Torrent, Captive Solutions, Advisory): Complete this Form or call 855-275-5436
- Marsh and McLennan Agency: Complete this Form or call 800-960-0416
For your protection, we will need to validate the identity of anyone making a request relating to your personal information. We will respond to your request within a period of time required under law (generally within 30-45 days) unless it is reasonably necessary for us to extend our response time.
You may also have some or all of the following rights:
- Right to lodge a complaint
If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you may report it to the relevant supervisory or regulatory authority. You may contact us as provided at the bottom of this Privacy Notice if you would like to receive contact information for your local authority.
- Right to Opt in or out of Sale or Sharing for Cross-Context Advertising
If you visit one of our Sites, we may share your internet or other electronic network activity information for cross-context targeted advertising purposes utilizing advertising cookies. Under some laws, this activity may be considered a sale of information. As such, you may have the right to opt in or out of the sale of your personal information or the sharing of your personal information for cross context behavioral advertising or targeting purposes. To opt in or out of our selling or sharing of your personal information on our websites or to view the names of specific third parties with whom we have sold or shared your information, please click on the “Manage Cookies” link at the bottom of our webpage, where you will find instructions on how to manage cookies and other online trackers that may collect and share personal information in a manner that could be considered a sale or sharing under applicable law. If you would like to opt out of the sale or sharing of your information, ensure the toggles for “Advertising” and “Analytics” trackers are set to “No”.
You may also implement a browser setting or extension to communicate your selling and sharing preferences automatically to the websites you visit. Our websites process such “opt out preference signals” in a frictionless manner. The current “opt out preference signal” with a defined protocol for companies to follow if they receive the signal is called the Global Privacy Control (GPC). GPC is available for an increasing number of browsers and browser extensions, listed here. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.
- Direct Marketing and Do Not Track Signals
You may have a right to request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes. If applicable, such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any). The notice will cover the preceding calendar year. You may contact us as provided at the bottom of this Privacy Notice if you would like to learn if this right applies to you and, if so, exercise that right.
- Right to Non-Discrimination
You may exercise your rights under law without discrimination. For example, unless applicable law provides an exception, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We may offer you financial incentives to provide us with personal information that is reasonably related to the information’s value. This could result in different prices, rates, or quality levels for our products or services. Any financial incentive we offer will be described in written terms that explain the material aspects of the financial incentive program. You must opt-in to any financial incentive program and may revoke your consent at any time.
Please note that some of these rights may be limited where we have an overriding legitimate interest or legal, regulatory or contractual obligation to continue to process the personal information, or where the personal information may be exempt from disclosure or erasure under to applicable law.
These rights are in some circumstances limited by data protection legislation.
PROFILING AND AUTOMATED DECISION MAKING
Insurance premiums are calculated by insurance market participants benchmarking clients’ and beneficiaries’ attributes as against other clients’ and beneficiaries’ attributes and propensities for insured events to occur. This benchmarking requires Marsh and other insurance market participants to analyze and compile information received from all insureds, beneficiaries or claimants to model such propensities. Accordingly, we may use personal information to both match against the information in the models and to create the models that determine the premium pricing in general and for other insureds. Marsh and other insurance market participants may use special categories of personal information and criminal records data for such modelling to the extent it is relevant, such as medical history for life insurance or past motor vehicle convictions for motor insurance.
Marsh and other insurance market participants use similar predictive techniques to assess information that clients and individuals provide to understand fraud patterns, the probability of future losses actually occurring in claims scenarios, and as set out below. To do this, we may use personal information we receive from clients to match against information in the models that we have created based on the behavior of other individuals with similar attributes and to create further models. We use these models only for the purposes listed in this Privacy Notice. In most cases, our staff make decisions based on the models.
Automated broking platform
These partially automated processes may result in a client not being offered insurance or affect the price or terms of the insurance.
Clients may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias.
There are circumstances in which we will have to transfer your personal information out of the country in which it was collected for the purposes of carrying out the services we provide to you. These countries do not always afford an equivalent level of privacy protection and in such circumstances we take specific steps, in accordance with data protection law, to provide an adequate level of protection for personal information. Where the need for such a transfer arises, we will take steps to ensure that there are appropriate safeguards in place to protect your personal information such as an adequacy decision by the appropriate supervisory authority, the use of approved binding corporate rules or standard contractual clauses, or your consent. If you have questions regarding the specific mechanism under which your personal information is transferred to another country, if applicable, you may contact us at firstname.lastname@example.org or by contacting our privacy office using the contact details in the Questions or Concerns section below.
We may use your personal information to provide you with information about products or services that we think would be of interest to you. We may also disclose your personal information with other companies in the Marsh group so that they can provide you with information about their products and services. These may be sent by email or post or, in some circumstances, we may telephone you to explain this information to you.
We take care to ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of us or our group companies sending you marketing materials.
In all cases, you can opt out of receiving marketing communications at any time. You can do this by clicking on the "unsubscribe" link in any marketing email or by contacting us using the details set out at the end of this Privacy Notice.
Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we provide to you.
RETENTION OF YOUR INFORMATION
Our products, services, and regulatory obligations are complex, and thus our retention periods for personal information vary. We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients’ instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws. When Personal Information is no longer needed, our company policies require that we either de-identify or aggregate the information (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy it.
OTHER INFORMATION YOU SHOULD KNOW
Calls and Text Messages
In some instances, your employer or association, group or benefit program sponsor may request services that require Marsh to contact you via telephone calls or text. By accepting the terms of this
Privacy Notice and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. Consent is not a condition of any purchase or to obtain a quote. Message and data rates may apply. If you wish to withdraw your consent in the future, follow the prompts described in the call or text or contact us as described below.
We do not knowingly collect personal information directly from children under 13. If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our files as quickly as possible. If you believe that we may have collected information from a child under 13, please contact us at the email address provided below.
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). However, we never knowingly sell or share the personal information of minors under 16 years of age and would not do so in the future without affirmative authorization of the individual if between 13 to 16 years of age, or the parent or guardian of an individual less than 13 years of age.
QUESTIONS OR CONCERNS
To submit questions or requests regarding this Privacy Notice or Marsh’s privacy practices, please email us at email@example.com. If you would prefer to contact us by post or by phone, please contact our privacy office using the following contact details:
The Data Protection Officer
Phone: +44 (0)207 357 1447 Email: firstname.lastname@example.org
Outside of the EU/UK
Marsh Global Chief Privacy Officer
Marsh & McLennan Companies, Inc.
1166 Avenue of the Americas
New York, NY 10036
If we are unable to resolve an enquiry or a complaint, individuals may have a right to contact the applicable supervisory or regulatory authority. For more information about how to contact your supervisory or regulatory authority, please email us at email@example.com.
What Personal Information Do We Collect?
The types of personal information we collect, use and disclose will vary depending on the circumstances; however, we collect, use and disclose only the personal information that is necessary for the intended purpose.
We may collect and process the following personal information relating to you and, where applicable, persons insured under your or your employer’s or program sponsor’s policy:
Individual Contact and Demographic Information (including Family Members) ► name, address, email address, telephone number, gender, marital status, date and place of birth, employer, job title and employment history, and/or your relationship to the policyholder, insured, beneficiary or claimant.
Identification details ► identification numbers issued by government bodies or agencies (e.g. depending on the country where you reside, this may include your social security or national insurance number, passport number, ID number, tax identification number, or driver’s license number).
Financial information ► payment card number, bank account number and account details, income and other financial information.
Insurable Risk Information ► the information necessary to secure insurance products, provide risk consulting services, and/or offer guidance on other financial products and services to you – which may include, only to the extent necessary, the following:
- Health data: current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history.
- Criminal records data: criminal convictions, including driving offences; and
- Other Special Categories of personal information: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data.
Policy information ► information about the quotes provided to you and the insurance coverage and policies purchased.
Credit and anti-fraud data ► credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
Claim Information ► information about current and/or previous claims, which may include health data, criminal records data and other Special Categories of personal information (as described in the Insured Risk definition above).
Marketing data ► whether or not you have consented to receive marketing from us and/or from third parties.
Site-Related Information ► information related to the operation of a Site, which may include log-in credentials, IP address and other Site-related information
What Data Do We Collect?
Information Provided by You, Your Representatives or Third Parties
We may collect information from you, your representative, your employer or program sponsor and/or third parties that have roles in delivering services to you or your employer or program sponsor. These may include insurance companies, plan administrators and vendors, brokers or agents, credit agencies, and financial institutions. You might provide this information when you visit a Site; apply or request a quote for insurance coverage; enroll in an association, group, or benefits program; communicate with us through email, chat and instant messenger; speak to a Marsh representative by phone or in a call center; or send mail to our office. In addition, your employer or program sponsor or someone acting on their behalf may provide us with information about you.
If you supply us with personal information about other people, you represent that you have the authority to provide this information on their behalf. In these instances, you further represent that the individuals to whom this information relates have been informed of and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure.
Information Collected by Automated Means
We also collect personal information through automated means on our Sites. We also use various tools, including cookies and web beacons, to enhance your user experience and track users of our Sites. These tools may collect personal information, including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
You can refuse to accept and delete cookies by adjusting your browser setting. Please note that refusing or deleting cookies may impact your browsing experience on our Sites or prevent you from using some of its services, and may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org. We do not use technology that recognizes do-not-track signals from your browser. You can also opt out of internet-based advertising by installing a browser plugin from the third party where available. For more information about internet-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp. You may also be able to opt out of our use of certain cookies using our Cookie Management Tool, where available, linked at the bottom of our Sites.
In addition, in the course of seeking network security and consistent service for all users, software programs may be employed to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. These programs may detect additional information from your computer such as your IP address, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of our networks and computer systems.
We may combine the information you provide us and information we automatically collect with information from public or third-party sources.
How Do We Use the Personal Information We Collect?
We will use the personal information we collect to:
- provide the services and products you, your employer, or your program sponsor request or express interest in, including to follow up on quotes
- contact you when necessary and to respond to your requests and inquiries
- process an insurance transaction, enrollment, or service requested by you directly, or through a third party
- allow you, your employer or program sponsor to manage the requested services or products
- market services offered by us, our affiliates or third parties to you
- comply with and enforce applicable laws, industry standards, and our own policies
- verify your identity
- conduct research, statistical analysis, risk analytics, survey/demographical interpretation, and other data studies based on the data collected
- contact you when necessary and to respond to your requests and inquiries
- as otherwise described to you at the point of collection or pursuant to your consent
We may also collect, use and disclose personal information through our Sites to:
- Administer, improve, and personalize our Sites. In addition to our own analysis, enhancement, and evaluation activities, we work with Google Analytics to collect information about the use of our Sites (including how often users visit the Sites and what pages users visited prior to visiting the Sites). We use this information to maintain and improve the Sites. For information about how Google uses the information, see Google’s Terms of Service and the Google Privacy Statement. You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
- Maintain network security and performance and protect against cyber-attacks
- Register and service your online account
With Whom Do We Share Your Data?
We may share your personal information as follows:
- as necessary to perform the services
- We may disclose your personal information to insurance carriers and third-party brokers/agents in connection with providing quotes, administering claims, binding coverages, and other services.
- We may also disclose your personal information to your employer or program sponsor in connection with the insurance coverages you are able to purchase or benefit from as a result of your employment or business relationship with an employer or program sponsor that is our client.
- We may also disclose your personal information to your or your employer’s or program sponsor’s other agents or service providers.
- We may also disclose your personal information to marketing partners if you have requested a quote from us through the marketing partner’s website.
- with affiliates
- to enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
- with vendors and service providers
- We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting a Site, sending e-mail messages, and making or receiving phone calls. They may have access to personal information in order to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for our company or on our behalf.
- as part of a business transfer
- As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either our company or any of our assets are acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
- to address legal concerns
- We may preserve, and have the right to disclose any information about you or your use of a Site, without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of our company or its affiliates, other users of a Site, or the public; (b) enforce the terms and conditions that apply to use of a Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
We will not otherwise disclose, share, sell, or use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement.
We may also share information that is not reasonably likely to identify you personally for any commercially legitimate business purpose.
What Steps Do We Take to Protect Your Information?
Personal information may be collected, stored, and processed in countries other than the one in which you reside, including, but not limited to, the United States. We restrict access to your personal information to employees and service providers of ours and our affiliates who need to use it to provide our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. Vendors and Service providers with whom we disclose information are also required by law and/or contractual requirements to keep your personal information confidential and secure. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.
How Long Do We Keep Your Information?
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and other permitted purpose(s), including retention of personal information required by contract, law or regulation. Our retention periods are based on business, legal and regulatory needs with information that is no longer needed either de-identified or securely destroyed.
Accessing and Correcting Your Information
Keeping your information accurate and up to date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information by contacting us as described below. For your protection, we will need to validate the identity of anyone making a request to access or change your personal information.
Applicability of This Privacy Statement to International Users
Rights of California Residents
California Consumer Privacy Act
This Privacy Statement is intended to inform you of our policies and practices regarding the collection, use, retention, and disclosure of any personal information that we collect from or about you. However, we provide the services pursuant to a contract we have entered into with our corporate client (“Client”), who is the business ultimately responsible for determining how your personal information will be processed. As such, we act as a “service provider” when it comes to handling your personal information, which means all of the personal information that we collect from or about you in connection with the services are processed under the direction of our Client and governed by our agreement with our Client. We have no direct ownership over your personal information. Instead, our collection, use, sharing, and retention of your personal information is limited to providing the services for which our Client has engaged us.
Accordingly, if you are using the services or our Sites in connection with your duties of employment or by virtue of some other relationship with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. This includes any processing performed by the Client if we make your personal information available to our Client, as described in this Privacy Statement.
Further, in any case where we are acting as a service provider to a Client, if you wish to exercise any rights that may be available to you under certain data privacy laws (for example, the right to access or deletion under California law), you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests, as we do not have any obligation, and, notwithstanding anything in this Privacy Statement to the contrary, may elect not to respond to your requests.
California Shine the Light Law
Under California’s “Shine the Light” law, California residents may request and obtain a notice once annually about the personal information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information, if any, that was shared and the names and addresses of all third parties with which the personal information was shared. The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how our Sites handle Do Not Track browser signals. Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track signals, we do not honor Do Not Track requests at this time.
Our Sites are not intended for children, and we do not knowingly collect information from children under the age of thirteen (13) without the consent of their parents or legal guardians. In an instance where such information was collected, it would be solely in connection with the services.
Automated Calls and Text Messages
In some instances, your employer or program sponsor may request services that require Marsh to contact you via telephone calls or text. By accepting the terms of this Privacy Statement and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. Consent is not a condition of any purchase or to obtain a quote. Message and data rates may apply. If you wish to withdraw your consent in the future, reply STOP to any text message or contact us as described below.
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Statement or our privacy practices, please email us at PrivacyPolicyInquiries@marsh.com.