Mercer Australia Privacy Policy
Introduction
This Privacy Policy describes how Mercer and its subsidiaries (collectively, the Company), collect, use, share, retain, transfer and otherwise process information relating to identified or identifiable individuals (Personal Information), and the rights you may have regarding your Personal Information. We believe that it is important for you to understand how we process Personal Information and encourage you to take a moment to familiarise yourself with our privacy practices outlined below.
We handle Personal Information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Please note that in some instances we act on behalf of and under the instructions of clients, or other third parties who are responsible for determining how and why your Personal Information is collected and used. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information in these contexts.
Personal Information We Collect
| Category | Examples |
Biographical identifiers |
Name, date of birth, age, place of birth, gender |
Contact information |
Home address, telephone number, personal email address |
Identification information |
Tax File Number government issued identification number, driver’s licence number, passport information, bank account details |
Professional or employment-related information |
Employer or group, relationship to our company, job title, business contact details, employee ID, salary and remuneration arrangements and employment history and other information collected during the recruitment process |
Sensitive Personal Information |
Racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional trade or association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information, or biometric information |
Financial Information |
Payment card number and related bank account number and account details, income, billing and payment information, and other financial information |
Benefit and Pension Information |
Benefit elections, superannuation information, date of retirement and matters concerning your benefits such as contributions and details of third parties such as power of attorney |
Insurable Risk Information |
Criminal records data, including driving offences, vehicle information, health information, injury or disability information, relevant personal habits, medical history, historical information about the insurance quotes and coverages obtained, and claims information and history, each to the extent relevant to the risk being insured |
Inferred Information |
Profile reflecting a person's preferences, characteristics, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes |
Internet or other similar network activity |
Browsing and search history, interaction with a website, application, or advertisement, data from cookies or web beacons, login credentials, domain names, and interactions with our emails, including when you read and respond to emails, ISP (Internet Service Provider), browser details, other website activity, online identifiers (including IP address or device ID) |
Any other voluntarily-provided information |
Information regarding partners and dependents (including minor dependents), emergency contact details, restrictive covenants, geolocation, marketing and communication preferences, information related to company-sponsored events that you have attended, and your feedback or survey responses where you choose to identify yourself |
We collect Personal Information that is reasonably necessary to provide the requested products or services. The Company strives to minimise the Personal Information it collects and will only collect the minimum required to provide the requested products or services. Should you refuse to provide such required Personal Information, the Company may not be able to provide the products or services offered.
You have no legal obligation to provide us with any Personal Information when you use the products or services, and the provision of Personal Information is solely based on your free will. However, should you refuse to provide such required Personal Information, the Company may not be able to provide the products or services offered.
How We Collect Personal Information
Data Provided by You, Your Representatives or Third Parties
- Directly from you or your family members, online, face to face, by telephone, or in written correspondence, including where data is submitted on your behalf (where the person submitting has your permission to do so). For example, we may collect data when you visit a website, enrol in benefits, request a quote, call a service centre, or otherwise give us information;
- Your representatives, including your employer, association, or group or benefit program/plan sponsor;
- In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
- Other insurance market participants, such as insurers, reinsurers, appointed loss adjusters and other intermediaries;
- Credit reference agencies (to the extent the Company is participating in any underwriting activities);
- Anti-fraud databases and other third-party databases, including sanctions lists;
- Government agencies, such as vehicle registration authorities and tax authorities;
- Claim forms;
- Resources that provide publicly-available information;
- Business information and research tools;
- Selected third parties who provide us with details of potential customers;
- Third parties who introduce business to us; and
- Vetting and data validation agencies and other professional advisory service providers in connection with our marketing or business development activities.
If you supply us with Personal Information about other people (e.g., family members, beneficiaries, or dependents), you should ensure that you are authorised to provide that information and, where appropriate, that the individual has been made aware of this Privacy Policy.
If you communicate with us, please note that we may monitor or record communications, including to comply with applicable legal or regulatory obligations.
Collection by Automated Means
Anonymity and Pseudonymity
You have the option of not identifying yourself or using a pseudonym when dealing with us. Where it is lawful and practicable to do so, we will allow you to do this, unless we are required or authorised by Australian law, or a court or tribunal order, to identify you.
It is important to note that in some circumstances, we will need to collect personal information or otherwise identify you to provide our products or services or to comply with our legal obligations. If you choose not to provide this information or identify yourself, we may not be able to provide you with the relevant products or services, or you may not be able to receive accurate or appropriate advice.
Interactions With Third Parties
External Links
Collection by Third Parties
How We Use the Personal Information We Collect
We will only use Personal Information for the purposes for which it was collected, for related purposes that you would reasonably expect, or as otherwise permitted or required by law.
We may use Personal Information we collect:
Purpose |
Description of Use |
To conduct our business |
We use Personal Information as necessary to conduct our business, including to verify your identity, respond to your queries and complaints, communicate with you, process transactions, establish an online account, provide superannuation, pension and investment administration services, provide consulting services, manage and assess claims, manage applications for employment and any subsequent employment, or carry out our contractual obligations. |
To provide you with marketing material where permissible under applicable law |
We may use your contact details to send you information about products, services, and insights we think might be of interest to you. These communications may be sent by email, text, post, or phone in accordance with your marketing preferences and applicable Australian laws, including those relating to data protection and electronic communication. As a result, the basis on which we contact you will vary depending on who you are and our relationship with you. Regardless of the basis on which we share our marketing communications with you, we will comply with Australian law and provide an option for you to unsubscribe at any time in which case we will stop sending you our marketing communications. You can also change your marketing preferences by contacting us at privacy@mmc.com Please note that, even if you opt-out of receiving marketing communications, we may still send you communications in connection with the products or services we provide to you. For further information, please see the ‘Direct Marketing’ section below. |
For research, data analytics and development purposes |
We may analyse Personal Information together with information from other clients to create insights, reports, and other analytics to better understand and improve the quality of our offering; market our advice, products, and services; and evaluate the effectiveness of our marketing activities, websites, and overall service. Please note that we may de-identify Personal Information such that it is not associated with any particular client or individual. |
To log and monitor certain activities and maintain network security and performance, and protect against cyber attacks |
We log and monitor communications and transactions to ensure service quality, compliance with procedures and legal requirements, and to combat fraud. We also use Personal Information as necessary to maintain network security, monitor website performance, and protect our systems against cyber-attacks. |
To maintain our websites and ensure website content is relevant |
We use Personal Information as necessary to maintain our websites and ensure that content from our websites is presented in the most effective manner for you and for your device. |
To reorganise or make changes to our business |
As necessary if we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation. |
In connection with legal or regulatory obligations |
We use Personal Information to comply with our regulatory disclosure requirements or as part of dialogue with our regulators as applicable. |
For Fraud, Anti-Money Laundering and Sanctions Screenings |
When establishing or maintaining client relationships for the provision of certain services we use Personal Information for the purposes of carrying out fraud, anti-money laundering or sanctions checks. |
Profiling and Automated Decision Making
The Company may use Personal Information to analyse information and identify patterns or trends to support our business activities and the provision of our products and services.
In most cases, decisions are made with human involvement. To the extent we engage in the automated processing of your Personal Information, we will do so in accordance with Australian laws.
Direct Marketing
We may use your Personal Information to provide you with information about products or services which we think would be of interest to you. We may also share your Personal Information with the Company so that they can provide you with information about their products or services. These may be sent by email or post, or, in some circumstances, we may telephone you to explain this information to you.
We take care to ensure that our marketing activities comply with all applicable legal requirements, including the Spam Act 2003 (Cth). Where required by law, we will obtain your consent before sending marketing communications.
You can opt out of receiving marketing communications, at any time. You can do this by clicking on the "unsubscribe" link in any marketing email or by contacting us at privacy@mmc.com.
Please note that, even if you opt out of receiving marketing messages, we may still send you other communications in connection with the products or services we provide to you.
Who We Disclose Personal Information To
Categories of third parties |
Purpose for Disclosure |
Insurers, third-party agents, and other third parties |
As necessary to provide our products and services. |
Your employer, association, superannuation fund trustee, administrator, or benefit program sponsor (when applicable) |
Assist in the administration of financial products and services and as otherwise necessary to provide our contracted services. |
Affiliates |
Assist in providing our products and services and, where permitted by law, enable them to provide services to you or contact you regarding additional products and services. |
Agents or third-party service providers (including professional advisers, IT hosting providers, payment processors, registry providers, recruiters and employment screening providers) |
Perform functions or services for us or on our behalf. Such third parties are contractually restricted from using Personal Information for purposes other than providing services for us or on our behalf. |
Marketing partners and other third parties engaged by us or our clients |
As permitted by law to provide you with information about our products, services, events, or insights. |
Potential partners or successor entities |
In the context of mergers, acquisitions, bankruptcies, asset sales or other transactions where a third party assumes control of all or part of our assets. |
Website analytics and advertising companies |
To improve our products and services, for general operations and business needs, and to help us to improve user experiences on our websites and personalise content, measure the performance and use of content on our websites, and derive insights about the audiences who visit our websites and review content. |
Anti-fraud databases, supervisory or regulatory authorities, law enforcement and other third parties |
As necessary to prevent fraud, communicate with supervisory or regulatory authorities, protect, enforce and defend the legal rights, safety, and security of our Company, our affiliates and business partners, and users of any website; respond to claims of suspected or actual illegal activity; respond to an audit or inquiry, or investigate a complaint or security threat; or comply with applicable law, regulation, legal process, or governmental request. |
Steps We Take to Protect Personal Information
Our Company strives to comply with all applicable cybersecurity and data protection laws. With these goals in mind, the Company has a dedicated Chief Information Security Officer (CISO) and a Global Chief Privacy Officer (GCPO). The CISO is responsible for managing a Global Information Security team and a comprehensive cybersecurity program. As part of our cybersecurity program, we have implemented commercially reasonable physical, administrative, and technical safeguards to protect your Personal Information from unauthorised access, use, alteration, and deletion.
The GCPO leads and oversees a Privacy Center of Excellence and a Data Protection Officer Network responsible for implementing our comprehensive global privacy program. The Data Protection Officer Network connects our Data Protection Officers across the world and seeks to implement our privacy program consistently and thoroughly wherever we process data, including in Australia. You can find the name and contact information for the Data Protection Officer in your jurisdiction by emailing us at privacy@mmc.com.
Access And Correction
Please note that we may need to use your Personal Information to verify your identity prior to fulfilling any of the below:
- Access
You may ask us to provide you with a copy of the Personal Information that we hold about you.
- Correction
You may ask us to correct any in the Personal Information that we hold about you if it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If you wish to request access to or correction of your Personal Information, please submit a Data Subject Rights Request via this portal or contact us using the details set out below.
Cross-border Transfers
As a global company operating across more than 80 countries, there are circumstances in which we will have to transfer Personal Information outside Australia. Specifically, we may transfer data to offer, administer, and manage the products or services provided to you, and to enhance the efficiency of our business operations. When we disclose Personal Information to overseas recipients, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles in relation to that information.
Below is a list of countries outside Australia where in the course of business, we may disclose Personal Information:
- United Kingdom
- United States
- India
- New Zealand
- Bermuda
- Singapore
- Poland
- Malaysia
- Philippines
- Ireland
- Luxembourg
- Canada
- Germany
- Portugal
- Sweden
- Hong Kong
- Thailand
- Philippines
Retention of Your Personal Information
Our products, services, and regulatory obligations are complex, and thus our retention periods for Personal Information vary. We consider the following obligations when setting retention periods for Personal Information and the records we maintain:
- the need to retain information to accomplish the business purposes or contractual obligations for which it was collected;
- our duties to carry out our clients’ instructions with respect to Personal Information we process on their behalf;
- our duties to comply with mandatory legal and regulatory record-keeping requirements;
- our backup and disaster recovery procedures; and
- other legal impacts such as the applicable statute of limitations periods.
Based on the factors above, we may retain Personal Information beyond the period for which we provide products or services to you. When we no longer need to retain Personal Information, our company policies require us to take reasonable steps to destroy or de-identify the information.
Questions or Concerns
If you have any questions about this Privacy Policy, the Company’s privacy practices, or wish to make a complaint about how we have handled your Personal Information, you may contact us using the details below.
We will investigate your complaint and respond within a reasonable period.
You can contact us by:
- Email – privacy.australia@marsh.com
- Phone – 1300 136 202
- Post – GPO Box 4303, Melbourne VIC 3001
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner on 1300 363 992.