Effective date: February 1, 2021
Marsh Management Services (“We”) strive to protect the privacy and the confidentiality of personal information that we process, including that of visitors to this website or application (the “Site”). This Privacy Statement explains the personal information we collect about you as a user of this Site, how we use, share, and protect that personal information, and what your rights are with respect to your personal information that we gather.
The Privacy Statement is subject to change at any time. If we make changes to this Privacy Statement, we will update the “Effective date” at the top of this page. Any changes we make to this Privacy Statement become effective immediately, so you should review this Privacy Statement regularly for changes.
The Privacy Statement is incorporated into our Terms of Use. By using this Site, you acknowledge that you have read, understand and accept the , including this Privacy Statement. Please take a moment to familiarize yourself with our privacy practices.
Scope of this Privacy Statement
This Privacy Statement applies solely to data collected in relation to this Site. We gather this information when you
- Register as an authorized user of this Site
- Update your account information
- Visit or use this Site
- Provide us with the information required to fulfill the services of this Site
What Data Do We Collect?
"Personal information" is information that identifies you as an individual or relates to an identifiable individual.
In the course of registering for and using this Site, we collect from you or your employer the following personal information: first and last name, address, email address, user ID, password, employer, and phone number.
We also use various tools to enhance your user experience and track users of the Site, including cookies and web beacons. These tools may collect personal information including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
Cookies are small pieces of text that a website places on your computer to help remember information about your visit. Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages. Neither cookies nor web beacons can read data off your computer's hard drive or collect your personal information. We use information collected from cookies and web beacons to improve your experience and the overall quality of our services. We may also use cookies to collect information from third parties (such as Google) to help advertise our products and services, to analyze the effectiveness of our marketing or the performance of this Site, and to determine whether you may be interested in other products or services. We also use web beacons to help deliver cookies and compile analytics. Our cookies may also come from third-party service providers who have permission to place such tools on our Site.
You can refuse to accept and delete cookies by adjusting your browser setting. Please note that refusing or deleting cookies may impact your browsing experience on the Site, or prevent you from using some of its services, and it may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org. We do not use technology that recognizes do-not-track signals from your browser. You can also opt out of Internet based advertising by installing a browser plugin from the third party where available. For more information about interest-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp. You may also be able to opt out of our use of certain cookies using our Cookie Management Tool, where available, linked at the bottom of the Site.
In addition, in the course of seeking network security and consistent service for all users, software programs may be employed to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. These programs may detect additional information from your computer such as your IP address, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of our networks and computer systems.
We may combine the information you provide us and information we automatically collect with information from public or third-party sources.
How Do We Use the Personal Information We Collect?
We will use the information provided by you in order to:
- provide you with access to services and products
- allow you to manage the services and products you requested, including on behalf of insureds
- respond to your inquiries regarding this Site
- administer the Site
- maintain network security and performance and protect against cyber-attacks
- comply with and enforce applicable laws, industry standards, and our own policies
- verify your identity
- register and service your online account
- contact you when necessary
Who Do We Share Your Data With?
We share or may share your personal information as follows:
- as necessary to perform the services
- We may disclose your personal information to insurance carriers and third-party brokers/agents in connection with providing quotes, administering claims, binding coverages, and other services.
- with affiliates
- to enable them to provide services to you.
- as part of a business transfer
- As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either our company or any of our company’s assets are acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
- to address legal concerns
- We may preserve, and have the right to disclose any information about you or your use of this Site, without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of our company or its affiliates, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.
- with agents and service providers
- We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting this Site, sending e-mail messages, and making phone calls. They may have access to personal information, such as email addresses, needed to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for our company or on our behalf.
- with your employer in relation to general relationship management and account administration needs
We may also share information that is not reasonably likely to identify you personally for any commercially legitimate business purpose.
We will not disclose, share, sell, or otherwise use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Statement.
What Steps Do We Take to Protect Your Information?
All information we collect in relation to this Site may be stored, and processed in the United States within company-controlled databases. We restrict access to your personal information to employees of ours and our affiliates and to service providers who need to use it to provide this Site and our products or services. We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.
How Long Do We Keep Your Information?
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and other permitted purpose(s), including retention of personal information required by contract, law or regulation. Our retention periods are based on business, legal and regulatory needs.
Cross–Border Transfer of Personal Information
This Privacy Statement is provided in accordance with and subject to the law of the United States. If you access this Site from a location outside the United States, you agree that your use of this Site is subject to the terms of this Privacy Statement and the Terms of Use.
Transfers of data out of the European Economic Area (EEA). Residents of the EEA should note that, in order to provide our Site and services to you, we may send and store your personal information (also commonly referred to as “personal data”) outside of the EEA, including to the United States. Your personal information will be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country. We will, in all circumstances, safeguard personal information as set out in this Privacy Statement.
Where we transfer personal information from inside the EEA to outside the EEA, we are required to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which are not subject to this approval (see the full list here https://ec.europa.eu/info/law/law-topic/data-protection_en), we will establish legal grounds justifying such transfer, such as MMC Binding Corporate Rules (BCRs), model contractual clauses, or other legal grounds permitted by applicable legal requirements. Our BCRs are a means of transferring personal information internationally within our group companies in compliance with applicable data protection legislation in the EEA. Our BCRs consist of both the Controller and Processor Standards.
For further information regarding how our BCR Standards operate, click here. If you have specific questions or concerns you may contact our EU Data Privacy Officer at GDPRLegal@mmc.com.
Accuracy, Accountability, Openness and Your Rights
Under certain conditions, individuals may have the right to request that we:
- provide further details on how we use and process their personal information;
- provide a copy of the personal information we maintain about the individual;
- update any inaccuracies in the personal information we hold;
- delete personal information that we no longer have a legal ground to process; and
- restrict how we process the personal information while we consider the individual’s enquiry.
In addition, under certain conditions, individuals have the right to:
- where processing is based on consent, withdraw the consent;
- object to any processing of personal information that we justify on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
- object to direct marketing (including any profiling for such purposes) at any time.
These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days.
If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the data protection regulator in your country. You can also contact our EU Data Privacy Officer at GDPRLegal@mmc.com.
Rights of California Residents
California Consumer Privacy Act
This Privacy Statement is intended to inform you of our policies and practices regarding the collection, use, retention, and disclosure of any personal information that we collect from or about you in connection with the Site. However, we provide the Service pursuant to a contract we have entered into with our corporate client (“Client”), who is the business ultimately responsible for determining how your personal information will be processed. As such, we act as a “service provider” when it comes to handling your personal information, which means all of the personal information that we collect from or about you in connection with the Service is processed under the direction of our Client and governed by our agreement with our Client. We have no direct ownership over your personal information. Instead, our collection, use, sharing, and retention of your personal information collected through the Service is limited to providing the services for which our Client has engaged us.
Accordingly, if you are using the Service in connection with your duties of employment or by virtue of some other relationship with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. This includes any processing performed by Client if we make your personal information available to our Client, as described in this Privacy Statement.
Further, in any case where we are acting as a service provider to a Client, if you wish to exercise any rights that may be available to you under certain data privacy laws (for example, the right to access or deletion under the California Consumer Privacy Act if you are a resident of California as described below), you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests, as we do not have any obligation, and, notwithstanding anything in this Privacy Statement to the contrary, may elect not, to respond to your requests.
California Shine the Light Law
Under California’s “Shine the Light” law, Site visitors who are California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes. Such a notice will include a list of the categories of personal information that was shared (if any) and the names and addresses of all third parties with which the personal information was shared (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. In addition, under this law you are entitled to be advised how our Site handles “do not track” browser signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.
Accessing and Correcting Your Information
Keeping your information accurate and up-to-date is very important. Inaccurate or incomplete information could impact our ability to deliver relevant services to you. Please let us know about any changes that may be required to your personal information using the contact information below.
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Statement or our privacy practices, please email us at privacypolicyinquiries@marsh.com.