US Privacy Notice

  
Effective: December 7, 2022

Personal Information Processing

This chart describes the Personal Information (PI) we process and the purposes for processing, as well as the sources of that PI, and the types of third parties with whom we may share the PI.

Categories of PI

  • Examples/Description
    • Social security number 
    • Driver’s license number 
    • State identification card number 
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers

  • Examples/Description
    • Employee ID  
    • Account name/number  
    • Insurance policy number 
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers

  • Examples/Description
    • Honorifics   
    • Company or school name   
    • Title   
    • Alias  
    • Mailing address   
    • Email address  
    • Telephone and fax numbers  
    • Contact information for related individuals (household or job) 
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers

  • Examples/Description
    • Marital status  
    • Race  
    • Religion  
    • National origin  
    • Veteran status  
    • Gender  
    • Age  
    • Physical or mental disability  
    • Sexual orientation  
    • Beneficiaries/Dependents
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

  • Examples/Description
    • Financial account numbers   
    • Insurance account numbers   
    • Payment card data   
    • Consumer reporting data
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers

  • Examples/Description
    • Patient records, clinical trial records   
    • Information about a consumer’s diagnosis or treatment for health conditions   
    • Information about payment for healthcare services   
    • Data collected by a healthcare provider or health insurance company subject to HIPAA or CMIA  
    • Disability status
    • Medical fitness for work records  
    • Inferred data (health) 
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

  • Examples/Description
    • Any policy documentation or information submitted in order to obtain quotes
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

  • Examples/Description
    • Titles  
    • CV/work history  
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

  • Examples/Description
    • Purchase history  
    • Service records  
    • Personal property  
    • Customer service records  
    • Communication preferences   
    • Shopping preferences  
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

  • Examples/Description
    • Call center recordings
    • Voicemails
  • Categories of Sources of PI
    • Directly from you (or from a current or former plan member who named you as a beneficiary)
    • Your employer, plan sponsor or their administrator
    • Third Party Suppliers
    • Insurance carriers and/or agents and brokers
  • Business or Commercial Purpose for Collection of PI
    • Quotation/Inception of service 
    • Policy Administration/Claims Processing 
    • Providing the service(s) to the client 
    • Marketing analytics and direct marketing 
    • Communicate with individuals 
  • Categories of third parties with whom we share the PI
    • Client/Employer 
    • Non-client business partners (i.e. received from TPA/MGA/Agent/Broker) 
    • Vendor/service providers 

Your Rights Under Certain US State Privacy Laws

Under certain state privacy laws, residents of the applicable states may have the following rights regarding their personal information.  These rights are subject to exceptions.  

Please note that, in many cases, we collect personal information on behalf of our commercial clients, pursuant to a contract.  In such circumstances, we act as a “service provider” or “processor” to our clients under applicable privacy laws, and are thus obligated to process personal information in accordance with clients’ instructions. Accordingly, in any case where we are acting as a service provider or processor to a client, if you or your authorized agent wish to exercise any of the below rights, you should direct your request to our client, who is the party responsible for receiving, assessing, and responding to your requests. If you submit a request directly to us in a scenario where we only process your information as a service provider or processor, we may be required to deny your request.  If you are not certain what our role is with respect to your personal information, please contact us through one of the methods described at the end of this Privacy Notice.  

When required, we will respond to most requests within 45 days, unless it is reasonably necessary for us to extend our response time.

  1. Right to Confirm or Access Information

    You may have the right to confirm whether we process your personal information or what information we process, and to obtain a copy of that information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another business without hindrance.

    If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction (with various exceptions):

    • The categories of personal information we have collected about you in the last 12 months.
    • The categories of sources for the personal information we have collected about you in the last 12 months.
    • Our business or commercial purpose for collecting that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you.
    • If we sold your personal information for a business purpose, a list of the personal information types that each category of recipient purchased.
    • If we disclosed your personal information to a third party for a business purpose, a list of the personal information types that each category of recipient received.
  2. Right to Delete Personal Information

    You may have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.  If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will determine if retaining the information is permitted or required under law.

    If no retention conditions apply, we will delete your personal information from our records and direct our service providers to do the same.

  3. Right to Correct Personal Information
    You may have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.  If you submit a valid and verifiable request and we can confirm your identity and/or authority to make the request, we will use commercially reasonable efforts to correct the inaccurate information.
  4. Right to Limit Processing of SPI
    We process sensitive personal information solely as necessary in performance of the Services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation.  Because we do not process your Sensitive Personal Information for other purposes, we do not provide any mechanism for you to limit our processing of such information.
  5. Right to Opt-out of Profiling
    We do not engage in automated processing of personal Information to make decisions that produce a legal or other significant effect.  Because we do not engage in such automated processing, we do not provide a mechanism for you to limit our processing of personal information in such a manner.
  6. Right to Non-Discrimination

    You may exercise your rights under law without discrimination.  For example, unless applicable law provides an exception, we will not:

    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    We may offer you financial incentives to provide us with personal information that is reasonably related to the information’s value.  This could result in different prices, rates, or quality levels for our products or services.  Any financial incentive we offer will be described in written terms that explain the material aspects of the financial incentive program.  You must opt-in to any financial incentive program and may revoke your consent at any time by contacting us as indicated below.

  7. Direct Marketing and Do Not Track Signals

    Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes.  Such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any). The notice will cover the preceding calendar year. To obtain such a notice, please contact us as described below. 

    In addition, under this law you are entitled to be advised how we handle “Do Not Track” browser signals.  Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.

How to exercise the above rights

To exercise your rights described above, or to appeal our decision with respect to such rights, please submit a verifiable consumer request to us by visiting our online privacy rights portal by clicking here. Alternatively, you may call us at 1-855-518-4620.

*Please note that, as described above, in certain cases we may collect your personal information as a service provider pursuant to a contract we have with a commercial client to provide the Service.  In any case where we are acting as a service provider to a client, you should direct your requests to exercise your rights available under data privacy laws to our client, who is the party responsible for receiving, assessing, and responding to your requests.  

Only you or a person legally authorized to act on your behalf may make a verifiable consumer request related to your personal information. To designate an authorized agent we may require you to verify your identity or confirm with us directly that you have provided permission to your authorized agent, or we will rely on a power of attorney you have provided to your authorized agent.

You may make a verifiable consumer request for access or deletion no more than twice within a 12-month period. The verifiable request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Depending on the nature of your request and the sensitivity of the information, we may ask you to confirm various data elements we already have on file such as your mailing address and phone number, or, in case of sensitive personal information, we may require you to submit a copy of a government issued identification.

and

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You will not be required to create an account with us in order to submit a verifiable request, though we may communicate with you about your request via a pre-established account if applicable.  However, in order to safeguard the personal information in our possession, if we cannot verify your identity or authority to act on another’s behalf, we will be unable to comply with your request.  We will process and retain personal information you provide when submitting a verifiable request only to confirm your identity or authority, or to fulfill your request.

Right to Opt Out of Sale

Additionally, you have the right to opt out of the sale of your personal information or the sharing of your personal information for cross context behavioral advertising or targeting purposes. To opt out of disclosures of your personal information to third parties that may be considered “selling” or “sharing” under applicable law, please click on the “Manage Cookies” link at the bottom of this webpage and ensure the toggles for “Advertising” and “Analytics” trackers are set to “No”.

Minors

We do not knowingly collect personal information from children under 13.  If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our files as quickly as possible.  If you believe that we may have collected information from a child under 13, please contact us at the email address provided below.

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”).  However, we never knowingly sell or share the personal information of minors under 16 years of age, and would not do so in the future without affirmative authorization of the consumer if between 13 to 16 years of age, or the parent or guardian of a consumer less than 13 years of age.

Questions, Requests or Complaints

To submit general questions, requests, complaints, or appeals regarding this Privacy Notice or our privacy practices, please contact us at privacycoordinator@mercer.com.
Last Updated: December 7, 2022