MARSH & McLENNAN COMPANIES

MARSH MCLENNAN PRIVACY NOTICE

Effective: December 15, 2022

Job Candidates: Please see our Candidate Privacy Notice available on our careers site.

California Residents: Please see our California Resident Privacy Notice for Commercial Contacts

Clients of Marsh McLennan businesses; Please see the notice available on the relevant business’s homepage

Marsh & McLennan (the “Company”) believes strongly in protecting the privacy of individuals who visit our websites and applications that link to this notice (our “Sites”).  

What Personal Information Do We Collect?

We collect the following categories of personal information in connection with our Sites

  • Contact details (including name, email address, telephone number
  • Corporate affiliation (employer, relationship to our company, business title)
  • Internet or other online activity (search history, interaction with our Sites, data from cookies, web beacons, or pixels, and interactions with marketing emails, ISP, browser details, other Site activity)
  • Online identifiers (such as IP address or device ID)
  • Any other voluntarily provided information in connection with our Sites (e.g., information you enter into a free text form, provide in a survey, or preferences you indicate in advance of an in person meeting such as dietary restrictions)
  • Information that is publicly available or that you consent to making available to companies like ours on corporate social sharing sites.

Information Collected by Automated Means:

We use various online tracking tools to enhance, assess, and market to users of our Sites, including cookies, pixels, and web beacons.  Cookies are small pieces of text that a website places on your computer to help remember information about your visit.  Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages.   Our cookies and web beacons may also come from third-party service providers who have permission to place such tools on our Site, and who are able to collect your online identifiers and information about your interaction with our Sites.  Some third parties may use this information for building profiles of online users, that they use for enriched analytics or cross context behavioral advertising.

We are committed to giving you a choice regarding the use of such technologies. By clicking on the “Manage Cookies” link at the bottom of the website, you can adjust the types of trackers that are used to share your personal information as a result of your interactions on the Site, including by opting out of targeted or cross context advertising and analytics.  Visitors from some jurisdiction will have tracking turned off by default in accordance with local law.  In the U.S. we also recognize the Global Privacy Control.  Please note that on Sites that utilize strictly necessary cookies only, the Cookie Management link may not be available, or it may be called something different if the Site is managed by a third party, such as when we collaborate with you via Microsoft Teams). To learn more about online trackers, please refer to our Cookie Notice. Please note that refusing or deleting cookies may impact your browsing experience on the Site and it may result in the deletion of any preferences you have set.  

How Do We Use the Personal Information We Collect?

We will use the information provided by you in order to respond to your inquiries, provide you with requested information or services, verify your identity where necessary to respond to your request, register you for platform access, and host corporate events.   We also use information collected on our Sites for our own business and legal purposes, including: to administer, analyze, improve, and personalize the Site and our services, to maintain network security and performance and protect against cyber-attacks, to market our and our affiliate’s services, and to comply with and enforce applicable laws, industry standards, contractual commitments, regulatory, law enforcement, civil, or judicial inquiries/subpoenas, and our own policies.

Who Do We Share Your Personal Information With?

We may share your personal information with:

  • Affiliates: To enable them to provide services to you and contact you regarding products and services.
  • Agents and Service Providers: We sometimes engage other companies and individuals to support our services, such as hosting our Sites, providing analytics and marketing offerings, vetting and onboarding our vendors for payment, sending communications, etc.  We may share this data indirectly via third party cookies on our Sites.
  • Business Transfers: As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either the Company itself or any of the Company’s assets were acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.
  • Legal Matters: The Company may preserve, and has the right to disclose any information about you or your use of our Sites without your prior permission if the Company has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of the Company or its clients and affiliates, other users of our Sites, or the public; (b) enforce the terms and conditions that apply to our Sites; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to, audit or investigate a complaint or security threat or any other business or legal interest we have in the operation of our Sites; or (f) comply with applicable law, regulation, legal process, contract, or governmental requests.

How Long Do We Keep Your Personal Information?

We retain personal information for as long as necessary for our business purposes.  How long is appropriate will depend on the type of data and the use to which it has been put.  Our legal department may direct that information be retained for a longer period of time in the event of a litigation hold or as deemed necessary to protect the interests of MMC or as otherwise required by law.

External Links:

Our Sites includes links to other websites operated by third party organizations.  If you access another organization’s website using a link provided, the other organization may collect information from you.  The Company is not responsible for the content or privacy practices of linked websites or their use. You should refer to those websites' privacy policies, terms of use, and practices to determine how they will handle any information they collect from you.

Applicability of This Privacy Notice to International Users:

This Privacy Notice is provided in accordance with and subject to U.S. law.  If you access our Sites from a location outside of the United States, you agree that your use of this Site is subject to the terms of this Privacy Notice and you recognize and accept that your personal information may be transferred to and processed in the U.S. and other countries that may not be deemed to provide the same level of data protection as your home country and that may have been deemed to have inadequate data privacy laws under the laws of your jurisdiction.  We commit to ensuring lawful transfer mechanisms with respect to onward transfers of your personal information.

Privacy Rights in some Jurisdictions

Certain jurisdictions extend enhanced personal information rights to residents of or persons located in the jurisdiction. You may have some or all of the following rights in relation to the personal information we collect about or from you, depending on the jurisdiction and our reason for processing your information:

  • Right of access: You may ask us to confirm whether we are processing your personal information and the specific pieces of personal information we have collected and, if necessary, provide you with a copy of that personal information (along with certain other details).
  • Right to correct: If the personal information we hold about you is inaccurate or incomplete, you may be entitled to request to have it corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
  • Right to delete: You may have a right in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), to request that we delete or remove your personal information.
  • Right to restrict/limit processing: You may have a right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.
  • Right to data portability: You may have the right to receive a copy of personal information we've obtain from you, where technically feasible, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you may have the right to withdraw that consent. If you withdraw your consent, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you.
  • Right to lodge a complaint: If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you may report it to the relevant supervisory or regulatory authority. You may contact us as provided at the bottom of this Privacy Notice if you would like to receive contact information for your local authority.
  • Right to Opt in or out of Sale or Sharing for Cross-Context Advertising: If you visit one of our Sites, we may share your internet or other electronic network activity information for analytics or cross-context targeted advertising purposes utilizing advertising cookies. Please click on the “Manage Cookies” link at the bottom of our webpage, where you will find instructions on how to manage cookies and other online trackers that may collect and share personal information in a manner that could be considered a sale or sharing under applicable law.
  • Right to Non-Discrimination: You may exercise your rights under law without discrimination.

Please note that some of these rights may be limited where we have an overriding legitimate interest or legal, regulatory or contractual obligation to continue to process the personal information, or where the personal information may be exempt under applicable law.

California residents should review our California Resident Privacy Notice for Commercial Contacts for how to exercise their rights.  Clients and contacts of our businesses should review the relevant business’s privacy notice for how to exercise rights with respect to those business’s collection practices.  Candidates should review our Candidate Privacy Notice  for how to exercise their rights.  All other inquiries may be sent to the contact below.

Binding Corporate Rules:

Marsh McLennan's EU Binding Corporate Rules – or EU BCR – are a means of transferring personal data internationally within the Company group in compliance with applicable data protection legislation in the European Economic Area (EEA).  The Information Commissioner’s Office (ICO), the local Supervisory Authority in the United Kingdom, formally approved them on October 6, 2017.  Following Brexit and in accordance with the requirement to identify a new, EU Supervisory Authority to replace the ICO as our lead Supervisory Authority, we successfully completed the transition of our EU BCR to the Irish Data Protection Commission (Irish DPC).  Our EU BCR consist of both Controller and Processor Standards.  For further information regarding how our EU BCR operate, click here. For a list of entities that have agreed to be bound by Marsh & McLennan Companies’ EU BCR, click here.

Following Brexit, the ICO issued an authorisation under Directive 95/46/EC to confirm that holders of EU BCRs are automatically eligible for a UK BCR under paragraph 9, Part 3, Schedule 21 to the DPA 2018 (as amended from 1 January 2021). Marsh McLennan’s UK Binding Corporate Rules – or UK BCRs – are a means of transferring personal data internationally within the Company group in compliance with applicable data protection legislation in the United Kingdom. Our UK BCRs are supervised by the ICO. Our UK BCRs consist of both Controller and Processor Standards. For further information regarding how our UK BCR operate, click here. For a list of entities that have agreed to be bound by Marsh McLennan’s UK BCR, click here.

Children:

This Site it not intended for children, and we do not knowingly collect, use, or disclose information of children under the age of thirteen (13) without the consent of their parents or legal guardians.  In an instance where such information was collected, it would be purely accidental and unintentional.

Changes to Privacy Notice

The Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the date at the top of this page.  Any changes we make to this Privacy Notice become effective immediately when we post the revised Privacy Notice on this page.  

Questions or Concerns?

If you have any questions, concerns, or complaints about this Privacy Notice, or our privacy practices in general, email us at Privacy@mmc.com.