Friday, June 5, 2020

Privacy

Effective date: January 31, 2020

Marsh Management Services (“We”) strive to protect the privacy and the confidentiality of personal information that we process, including that of visitors to this website or application (the “Site”). This Privacy Statement explains the personal information we collect about you as a user of this Site, how we use, share, and protect that personal information, and what your rights are with respect to your personal information that we gather.

The Privacy Statement is subject to change at any time. If we make changes to this Privacy Statement, we will update the “Effective date” at the top of this page. Any changes we make to this Privacy Statement become effective immediately, so you should review this Privacy Statement regularly for changes.

The Privacy Statement is incorporated into our . By using this Site, you acknowledge that you have read, understand and accept the Terms of Use, including this Privacy Statement. Please take a moment to familiarize yourself with our privacy practices.

Scope of this Privacy Statement

This Privacy Statement applies solely to data collected in relation to this Site. We gather this information when you

  • Register as an authorized user of this Site
  • Update your account information
  • Visit or use this Site
  • Provide us with the information required to fulfill the services of this Site

What Data Do We Collect?

"Personal information" is information that identifies you as an individual or relates to an identifiable individual. In the course of registering for and using this Site, we collect from you or your employer the following personal information: first and last name, address, email address, user ID, password, employer, and phone number.

We also use temporary session cookies that remain in the cookie file on your browser until you close the browser. These cookies do not track your Internet usage after leaving the Site and do not store your personal information. You can refuse to accept and delete cookies by adjusting your browser settings, but please note that refusing or deleting cookies may impact your browsing experience on the Site, or prevent you from using some of its services.

We may also use programs that monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. Any such information is used only for the purpose of maintaining the security and performance of our company’s networks and computer systems.

How Do We Use the Personal Information We Collect?

We will use the information provided by you in order to:

  • provide you with access to services and products
  • allow you to manage the services and products you requested, including on behalf of insureds
  • respond to your inquiries regarding this Site
  • administer the Site
  • maintain network security and performance and protect against cyber-attacks
  • comply with and enforce applicable laws, industry standards, and our own policies
  • verify your identity
  • register and service your online account
  • contact you when necessary

Who Do We Share Your Data With?

We share or may share your personal information as follows:

  • as necessary to perform the services
    • We may disclose your personal information to insurance carriers and third-party brokers/agents in connection with providing quotes, administering claims, binding coverages, and other services.
  • with affiliates
    • to enable them to provide services to you.
  • as part of a business transfer
    • As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either our company or any of our company’s assets are acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
  • to address legal concerns
    • We may preserve, and have the right to disclose any information about you or your use of this Site, without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of our company or its affiliates, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
  • with agents and service providers
    • We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting this Site, sending e-mail messages, and making phone calls. They may have access to personal information, such as email addresses, needed to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for our company or on our behalf.
  • with your employer in relation to general relationship management and account administration needs

We will not disclose, share, sell, or otherwise use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement. We may also share information that is not reasonably likely to identify you personally for any commercially legitimate business purpose.

What Steps Do We Take to Protect Your Information?

All information we collect in relation to this Site may be stored, and processed in the United States within company-controlled databases. We restrict access to your personal information to employees of ours and our affiliates and to service providers who need to use it to provide this Site and our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

How Long Do We Keep Your Information?

We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and other permitted purpose(s), including retention of personal information required by contract, law or regulation. Our retention periods are based on business, legal and regulatory needs.

Cross–Border Transfer of Personal Information

This Privacy Statement is provided in accordance with and subject to the law of the United States. If you access this Site from a location outside the United States, you agree that your use of this Site is subject to the terms of this Privacy Statement and the Terms of Use.

Transfers of data out of the European Economic Area (EEA). Residents of the EEA should note that, in order to provide our Site and services to you, we may send and store your personal information (also commonly referred to as “personal data”) outside of the EEA, including to the United States. Your personal information will be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country. We will, in all circumstances, safeguard personal information as set out in this Privacy Statement.

Where we transfer personal information from inside the EEA to outside the EEA, we are required to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which are not subject to this approval (see the full list here https://ec.europa.eu/info/law/law-topic/data-protection_en), we will establish legal grounds justifying such transfer, such as MMC Binding Corporate Rules (BCRs), model contractual clauses, or other legal grounds permitted by applicable legal requirements. Our BCRs are a means of transferring personal information internationally within our group companies in compliance with applicable data protection legislation in the EEA. Our BCRs consist of both the Controller and Processor Standards. For further information regarding how our BCR Standards operate, click here. If you have specific questions or concerns you may contact our EU Data Privacy Officer Mary Pothos at GDPRLegal@mmc.com.

Accuracy, Accountability, Openness and Your Rights

Under certain conditions, individuals may have the right to request that we:

  1. provide further details on how we use and process their personal information;
  2. provide a copy of the personal information we maintain about the individual;
  3. update any inaccuracies in the personal information we hold;
  4. delete personal information that we no longer have a legal ground to process; and
  5. restrict how we process the personal information while we consider the individual’s enquiry.

In addition, under certain conditions, individuals have the right to:

  1. where processing is based on consent, withdraw the consent;
  2. object to any processing of personal information that we justify on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
  3. object to direct marketing (including any profiling for such purposes) at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days. If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the data protection regulator in your country. You can also contact our EU Data Privacy Officer, Mary Pothos, at GDPRLegal@mmc.com.

Rights of California Residents

California Consumer Privacy Act (Effective January 1, 2020)

This Privacy Notice is intended to inform you of our policies and practices regarding the collection, use, retention, and disclosure of any personal information that we collect from or about you in connection with the Site. However, we provide the Service pursuant to a contract we have entered into with our corporate client (“Client”), who is the business ultimately responsible for determining how your personal information will be processed. As such, we act as a “service provider” when it comes to handling your personal information, which means all of the personal information that we collect from or about you in connection with the Service is processed under the direction of our Client and governed by our agreement with our Client. We have no direct ownership over your personal information. Instead, our collection, use, sharing, and retention of your personal information collected through the Service is limited to providing the services for which our Client has engaged us.

Accordingly, if you are using the Service in connection with your duties of employment or by virtue of some other relationship with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. This includes any processing performed by Client if we make your personal information available to our Client, as described in this Notice.

Further, in any case where we are acting as a service provider to a Client, if you wish to exercise any rights that may be available to you under certain data privacy laws (for example, the right to access or deletion under the California Consumer Privacy Act if you are a resident of California as described below), you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests, as we do not have any obligation, and, notwithstanding anything in this Privacy Notice to the contrary, may elect not, to respond to your requests.

California Shine the Light Law

Under California’s “Shine the Light” law, Site visitors who are California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information that was shared (if any) and the names and addresses of all third parties with which the personal information was shared (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how our Site handles “do not track” browser signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

Accessing and Correcting Your Information

Keeping your information accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information using the contact information below.

Questions, Requests or Complaints

To submit questions or requests regarding this Privacy Statement or our privacy practices, please email us at privacypolicyinquiries@marsh.com.