Mercer Privacy Notice relating to Career Workforce products
Mercer Limited (Mercer) is committed to safeguarding the privacy of individuals whose personal information it processes in the course of providing services (you).
This privacy notice (the Privacy Notice) describes how Mercer and its affiliates processing personal information within the European Economic Area (the EEA) and the United Kingdom (we, us, our) collect personal information, and how we will use that personal information, in connection with the career workforce products (“Workforce Products”) that we provide to our clients.
We may have or collect additional personal (and other) information about you in relation to other relationships that we have with you. Where we collect this additional personal information as a controller, how we collect and handle this personal information may be set out in other Mercer privacy notices and terms and conditions.
This Privacy Notice covers the following areas:
(1) Our status
When we process personal information in connection with our workforce products, we act as an independent data controller alongside clients in their capacity as an employer to whom we are providing our Workforce Products and who also acts as a data controller (“Workforce Product Clients”). We work with these Workforce Product Clients to meet our respective obligations under data protection law.
This Privacy Notice only applies in relation to the processing of personal information that we undertake as a controller in relation to our career Workforce Products, both in terms of processing of personal data of representatives of our Workforce Product Clients and the personal data of the employees of those Workforce Product Clients. It does not apply to activities that we perform in relation to services other than the provision of Workforce Products including where we act as a processor on behalf of our clients (such as pension scheme administration services). Details of such processing will be set out in the privacy notice of your relevant pension scheme trustee and/or employer.
(2) Information we collect about you
We will collect and process some or all of the following personal information about you:
(a) Information provided by you (or your employer on your behalf) or from publically available sources:
- Year of birth;
- Email address and contact telephone number;
- Employee ID;
- Job title and employment grade;
- Employment location and office address;
- Employer name;
- Employment periods;
- Employee performance;
- Employee benefits;
- Salary and remuneration arrangements;
- Short and long term incentive payouts and targets;
- Pension and other benefit amounts;
- Company cars;
- Business travel information;
- Educational background
(b) Our correspondence
If you contact us, we will typically keep a record of that correspondence.
(c) Website and communication usage
Details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources you access. Information on how we handle this type of data can be found in our website cookie notice, which can be found here.
(3) How we use your personal information
This section sets out the purposes for which we use personal information that we collect and, in compliance with our obligations under European data protection law, identifies the “legal grounds” (or “use justifications”) which we rely on to process the information (the full description of each of these grounds can be found in Annex 1 to this Notice.
We may use your personal information for the following purposes:
(a) Compensation, Benefit and Human Resources Benchmarking and Analysis: For the production of our Workforce Analytics (Comptryx) and Mercer Remuneration and Policy Surveys and Guides with the aim of providing products and services to our employer clients in respect of job matching, gender equality, organization design and industry remuneration and compensation benchmarking.
Use justification: (i) our legitimate interests which are: (a) to enable us to provide professional, timely and efficient services to our clients; (b) to ensure our client relationships are well managed; (ii) the legitimate interests of our clients and their employees which are to use international remuneration, mobility and other workforce benchmarking information to establish and benefit from fair pay and employment practices.
(b) Data analytics: To conduct benchmarking, modelling and data analytics in relation to remuneration and human resources in the context of providing services, information and reporting to our clients.
Use justification: our legitimate interests which are: (a) to enable us to provide professional, timely and efficient services to our clients; (b) to ensure our client relationships are well managed; and (c) to ensure our service offering to clients is continuously improved and updated as required to continue to provide those services to the best possible standard.
(c) Legal and regulatory compliance: To undertake such other activities as are required in order to meet our ongoing regulatory, legal and compliance obligations, including the prevention and detection of crime, for fraud detection purposes, anti-money laundering and sanctions checks and in order to liaise with statutory bodies.
Use justification: (i) legal obligation; and (ii) our legitimate interests which are: (a) to protect our business interests in providing our services in compliance with requests, demands and guidance from our regulators; and (b) to ensure our service offering to clients is amended as required to continue to provide those services in accordance with current regulatory guidance and best practice principles.
(d) Effective communication with our clients: To conduct our business, including to respond to our clients’ queries and to otherwise communicate with our clients, including to inform them of changes to our services and products and to handle claims.
Use justification: (i) the legitimate interests of our clients to receive information about their services; or (ii) our legitimate interests which are: (a) to keep our clients informed about relevant services; (b) to ensure our service offering, and any changes to that offering, is communicated to clients using the most appropriate and effective method; (c) to enable us to provide professional, timely and efficient services to our clients; and (d) to ensure our client relationships are well managed.
(e) Legal claims: To establish, exercise or defend legal claims, or potential legal claims.
Use justification: our legitimate interests which are (a) to defend ourselves against legal or regulatory claims brought against us or our affiliates; or (b) to enforce our legal rights including the commencement and carrying out of legal and court proceedings, where necessary; and (c) to recover any payments due to us.
(f) Reorganise or make changes to our business: To share data as part of any due diligence process, or following a sale or reorganisation, in the event that we: (i) are subject to negotiations for the sale of all or part of our business to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation.
Use justification: our legitimate interests which are to allow us to change our business.
(g) To provide you with marketing material: To provide you with updates and offers, where you have chosen to receive these. We may use your personal information to provide you with information about products or services which we think would be of interest to you. We may also share your personal information with our affiliates within the March & McLennan Companies, Inc (“MMC”) corporate group (“MMC Affiliates”) so that they can provide you with information about their products and services. These may be sent by email, SMS, phone, fax or post.
Within MMC, we operate under a number of brands and you may receive such communications from our different trading names, such as, Mercer, Mercer Marsh Benefits (MMB), Darwin, Marsh, Marsh Commercial, Marsh Networks and others.
We take care to ensure that our marketing activities comply with all applicable EEA and UK legal requirements. In some cases, this may mean that we ask for your consent in advance of us or MMC Affiliates sending you marketing materials.
In all cases, you can always opt out of receiving marketing communications from us or MMC Affiliates, at any time. We will always provide an option to unsubscribe or opt-out of further communication on any electronic marketing communications sent to you or you may opt out by contacting us as set out below.
Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we provide to you.
Use justification: (i) consent; (ii) the legitimate interests of our clients and their employees which are to receive information about the most up-to-date, accurate and secure services we can offer; and (iii) our legitimate interest which are (a) to keep our clients informed about relevant services and (b) to ensure our client relationships are well managed.
(4) Who we share your personal information with
We may share your personal information with the following categories of recipients:
(a) Our clients, such as your employer or former employer and their respective service providers or such other third parties as they instruct us to release the personal data to on their behalf;
(b) Law enforcement bodies, third party agencies and sanctions lists, in connection with the prevention or detection of criminal activities, including fraud;
(c) Public authorities, regulators and government bodies (such as HMRC), where this is necessary for us to comply with our legal and regulatory obligations;
(d) Advisers, including legal advisers, loss adjusters and claims investigators, in connection with the investigation, exercise or defence of legal claims;
(e) Our MMC Affiliates and our commercial partners who are licensed to market our products in other territories.
(f) Third parties (and their advisers) in the event of a sale or reorganisation of our business;
(g) Third party suppliers to whom we have outsourced certain activities, who process personal information on our behalf.
(5) How we protect your personal information
Security over the internet
We maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
All personal information that we hold is stored on our, or our third party suppliers’, secure servers and only accessed and used subject to our security policies and standards.
Export outside the EEA and the United Kingdom
Your personal information may be accessed by our staff, affiliates or suppliers in, transferred to, and/or stored at, a destination outside the country in which you are located. We will, in all circumstances, safeguard personal information as set out in this Privacy Notice.
Where we transfer personal information from inside the EEA or the United Kingdom to outside the EEA or the United Kingdom, we are required to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA and the United Kingdom have been approved by the European Commission or the United Kingdom Government as providing essentially equivalent protections to EEA or United Kingdom data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions (see the full EEA list here). In countries which are not subject to this approval, we will establish legal grounds justifying such transfer, such as MMC Binding Corporate Rules (see here for MMC’s BCR Summary), model contractual clauses, or other legal grounds permitted by applicable legal requirements.
Please contact us as set out below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
(6) Your Rights
If you have any questions or concerns about how your personal information is handled in connection with your employment, we recommend that you first contact your employer. However, under certain conditions, you have the right to ask us to:
a) provide you with further details on the use we make of your information;
b) provide you with a copy of information that you have provided to us;
c) update any inaccuracies in the personal information we hold; and
d) delete any personal information that we no longer have a lawful ground to use,
e) object to any processing that we justify on the basis of our “legitimate interests” unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
f) object to direct marketing (including any profiling for such purposes);
g) restrict how we use your information whilst we consider your inquiry; and
h) where processing is based on consent, you have the right to withdraw your consent by contacting us at the contact details below or as indicated when consent was given.
You can exercise these rights by contacting us as set out in the “contacting us” section below. Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the data protection regulator in your country.
(7) Contacting Us
If you have any question about how your personal information is handled, we recommend that you contact your employer in the first instance.
If you have any questions in relation to this Privacy Notice, please contact our Data Protection Officer at email@example.com or at:
Data Protection Officer
Marsh & McLennan Companies, Inc.
Tower Place West
(8) Changes to Our Privacy Notice
We may change our Privacy Notice from time to time in the future. If we change this Privacy Notice, we will update the date the Privacy Notice was last changed below. If these changes are material, we will take reasonable steps to notify you of the changes.
This Privacy Notice was last updated in September 2022.
These are the principal legal grounds that justify our use of your information:
Consent: where you have consented to our use of your information you will have been presented with a consent form in relation to any such use and may withdraw your consent as indicated by such form or by emailing us at firstname.lastname@example.org.
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Substantial public interest: where your information is necessary for: (i) the purposes of making a determination in connection with an occupational pension scheme; (ii) fraud prevention purposes; (iii) insurance purposes; or (iv) some other purpose that applicable data protection law considers to represent a substantial public interest, in each case subject to applicable conditions.