Privacy Statement
Effective date: February 1, 2021
Marsh Affinity, a division of Marsh USA Inc. (“We”) strive to protect the privacy and the confidentiality of personal information that we process, including that of visitors to this website or application (the “Site”). This Privacy Statement explains what personal information we collect through this Site, how we use, share, and protect that personal information, and what your rights are with respect to your personal information that we gather.
The Privacy Statement is subject to change at any time. If we make changes to this Privacy Statement, we will update the “Effective date” at the top of this page. Any changes we make to this Privacy Statement become effective immediately, so you should review this Privacy Statement regularly for changes.
The Privacy Statement is incorporated into our Terms of Use. By using this Site, you acknowledge that you have read, understand and accept the Terms of Use, including this Privacy Statement. Please take a moment to familiarize yourself with our privacy practices. If you have any questions, contact us at PrivacyPolicyInquiries@marsh.com.
Scope of this Privacy Statement
This Privacy Statement applies solely to data collected via the Site and websites we control that link to this Privacy Statement. We gather this information when you:
- Visit or use our Site
- Provide us with the information required to fulfill the services of this Site
- Send messages to us through this Site
- View or click on ads or other online content
- Create an account
Please note that this Privacy Statement does not apply to:
- Information we collect through other sources: The Privacy Statement does not apply to information we may collect about you through other means (for example by phone or in the context of a direct client relationship), although such information may be covered by separate privacy policies.
- Third party websites: This Site includes links or may redirect you to other websites operated by third party organizations. If you access another organization’s website, the other organization may collect information from you. We are not responsible for the content or privacy practices of linked websites or their use. After you leave our Site (you can tell where you are by checking the URL in the location bar on your browser), you should refer to those websites' privacy policies, terms of use, and practices to determine how they will handle any information they collect from you./li>
- Company Career Candidates: You can search for and review postings about job opportunities on the Marsh Careers Page. To apply for a position, you must navigate to and sign into a separate global recruitment website. Our Careers Page and recruitment website are not covered by this Privacy Statement, so please review the privacy statement specific to those websites.
- Children: This Site it not intended for children, and we do not knowingly collect, use, or disclose information of children under the age of thirteen (13) without the consent of their parents or legal guardians. In an instance where such information was collected, it would be purely accidental and unintentional, and we will promptly remedy upon notification.
What Data Do We Collect?
"Personal information" is information that identifies you as an individual or relates to an identifiable individual.
The personal information we collect through the Site falls into two categories:
(1) Information you voluntarily provide to us on the Site.
(2) Information gathered via automated means as you navigate through the Site.
Information Provided by You or Those You Authorize
We may collect and process the following personal information:
Individual details ► name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
Identification details ► identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s license number).
Financial information ► payment card number, bank account number and account details, income and other financial information.
Insured risk ► information about the insured risk, which contains personal information and may include, only to the extent relevant to the risk being insured:
- Health data ► current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
- Criminal records data ► criminal convictions, including driving offences; and
- Other Special Categories of personal information ► racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation.
Policy information ► information about the quotes individuals receive and the policies they obtain.
Credit and anti-fraud data ► credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
Previous claims ► information about previous claims, which may include health data, criminal records data and other Special Categories of personal information (as described in the Insured Risk definition above).
Current claims ► information about current claims, which may include health data, criminal records data and other Special Categories of personal information (as described in the Insured Risk definition above).
Marketing data ► whether or not you have consented to receive marketing from us and/or from third parties.
Login credentials ► user ids, passwords, and responses to questions used to verify your identity and assist in resetting your password
Information Collected by Automated Means
We also use various tools to enhance your user experience and track users of the Site, including cookies and web beacons. These tools may collect personal information including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
Cookies are small pieces of text that a website places on your computer to help remember information about your visit. Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages. Neither cookies nor web beacons can read data off your computer's hard drive or collect your personal information. We use information collected from cookies and web beacons to improve your experience and the overall quality of our services. We may also use cookies to collect information from third parties (such as Google) to help advertise our products and services, to analyze the effectiveness of our marketing or the performance of this Site, and to determine whether you may be interested in other products or services. We also use web beacons to help deliver cookies and compile analytics. Our cookies may also come from third-party service providers who have permission to place such tools on our Site.
You can refuse to accept and delete cookies by adjusting your browser setting. Please note that refusing or deleting cookies may impact your browsing experience on the Site, or prevent you from using some of its services, and it may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org. We do not use technology that recognizes do-not-track signals from your browser. You can also opt out of Internet based advertising by installing a browser plugin from the third party where available. For more information about interest-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp. You may also be able to opt out of our use of certain cookies using our Cookie Management Tool, where available, linked at the bottom of the Site.
In addition, in the course of seeking network security and consistent service for all users, software programs may be employed to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. These programs may detect additional information from your computer such as your IP address, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of our networks and computer systems.
We may combine the information you provide us and information we automatically collect with information from public or third-party sources. .
How Do We Use the Personal Information We Collect?
We will use the information provided by you in order to:
- provide you with services and products you request
- allow you to manage the services you requested
- respond to your inquiries on this Site (for example, we may send you electronic or written materials or, if you supply us with your telephone number, you may receive telephone contact from us in response to your request)
- administer, improve, and personalize the Site
- In addition to our own analysis, enhancement, and evaluation activities, we work with Google Analytics to collect information about the use of this Site (including how often users visit the Site and what pages users visited prior to visiting the Site). We use this information to maintain and improve the Site. For information about how Google uses the information, see Google’s Terms of Service and the Google Privacy Statement. You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
- maintain network security and performance and protect against cyber-attacks
- market our services to you, including ours, those of our affiliates, and those of other third parties
- comply with and enforce applicable laws, industry standards, and our own policies
- verify your identity
- register and service your online account
- conduct research, statistical analysis, risk analytics, survey/demographical interpretation, and other data studies based on the data collected
- contact you when necessary and to respond to your requests and inquiries
- as otherwise described to you at the point of collection or pursuant to your consent
Who Do We Share Your Data With?
We share or may share your personal information as follows:
- as necessary to perform the services
- We may disclose your personal information to insurance carriers and third-party brokers/agents in connection with providing quotes, administering claims, binding coverages, and other services.
- We may also disclose your personal information to your employer in connection with the insurance coverages you are able to purchase or benefit from as a result of your employment with an employer that is our Client.
- We may also disclose your personal information to your or your employer’s other agents or service providers.
- with affiliates
- to enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
- with agents and service providers
- We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting this Site, sending e-mail messages, and making phone calls. They may have access to personal information, such as email addresses, needed to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for our company or on our behalf.
- as part of a business transfer
- As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either our company or any of our assets are acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
- to address legal concerns
- We may preserve, and have the right to disclose any information about you or your use of this Site, without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of our company or its affiliates, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
We will not disclose, share, sell, or otherwise use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement.
Third parties to whom we disclose information are required by law and/or contractual requirements to keep your personal information confidential and secure. These parties may not use or disclose it except as reasonably necessary to provide services to you, on our behalf, on behalf of your employer, or to comply with or as permitted by applicable law.
We may disclose and/or process your personal information without your prior permission, as permitted by law, including instances when we have a good faith belief that it is necessary to: (a) protect the legal rights, safety, and security of our company, our affiliates and business partners, and users of our site; (b) enforce the Terms of Use; (c) respond to claims of suspected or actual illegal activity; (d) respond to an audit or investigate a complaint or security threat; or (e) comply with law or legal process, or a request for cooperation by a government or other entity. We may also share information that is not reasonably likely to identify you personally for any commercially legitimate business purpose.
What Steps Do We Take to Protect Your Information?
All information that you submit through this Site is collected, stored, and processed in the United States within Company-controlled databases. We restrict access to your personal information to employees of ours and our affiliates and to service providers who need to use it to provide this Site and our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
How Long Do We Keep Your Information?
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and other permitted purpose(s), including retention of personal information required by contract, law or regulation. Our retention periods are based on business, legal and regulatory needs with information that is no longer needed either de-identified or securely destroyed.
Cross–Border Transfer of Personal Information
This Privacy Statement is provided in accordance with and subject to U.S. law. If you access this Site from a location outside the United States, you agree that your use of this Site is subject to the terms of this Privacy Statement and the Terms of Use.
Rights of California Residents
California Consumer Privacy Act
This Privacy Statement is intended to inform you of our policies and practices regarding the collection, use, retention, and disclosure of any personal information that we collect from or about you in connection with the Site. However, we provide the Service pursuant to a contract we have entered into with our corporate client (“Client”), who is the business ultimately responsible for determining how your personal information will be processed. As such, we act as a “service provider” when it comes to handling your personal information, which means all of the personal information that we collect from or about you in connection with the Service is processed under the direction of our Client and governed by our agreement with our Client. We have no direct ownership over your personal information. Instead, our collection, use, sharing, and retention of your personal information collected through the Service is limited to providing the services for which our Client has engaged us.
Accordingly, if you are using the Service in connection with your duties of employment or by virtue of some other relationship with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. This includes any processing performed by Client if we make your personal information available to our Client, as described in this Privacy Statement.
Further, in any case where we are acting as a service provider to a Client, if you wish to exercise any rights that may be available to you under certain data privacy laws (for example, the right to access or deletion under the California Consumer Privacy Act if you are a resident of California as described below), you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests, as we do not have any obligation, and, notwithstanding anything in this Privacy Statement to the contrary, may elect not, to respond to your requests.
California Shine the Light Law
Under California’s “Shine the Light” law, Site visitors who are California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information that was shared (if any) and the names and addresses of all third parties with which the personal information was shared (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how our Site handles “do not track” browser signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.
Accessing and Correcting Your Information
Keeping your information accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information using the contact information below..
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Statement or our privacy practices, please email us at PrivacyPolicyInquiries@marsh.com.