Collection, Use and Disclosure of Personal Information
- Directly from you when you use this website to select and manage your insurance program, or when we communicate such as through email, online chat, instant messages or our call center.
- From third parties (such as your Program Sponsor, insurance companies, brokers or agents, credit agencies, financial institutions, etc.).
- Using cookies or other technologies (such as pixel tags, web beacons, and clear GIFs) as described below.
We collect Personal Information for purposes of:
- Fulfilling a transaction or service authorized by you or on your behalf.
- Allowing you to manage and monitor your insurance program electronically on this website.
- Allowing your Program Sponsor to manage and monitor its s insurance program, including information regarding participation.
- Establishing and maintaining communications with you or others on your behalf.
- Assisting you in the completion of your applications, the assessment of your eligibility for products and services, and the processing and maintenance of your insurance program.
- Responding to your inquiries about applications, accounts and other services.
- Making proposals for future insurance needs;
- Allowing our affiliated companies to notify you of products or services they offer, as first confirmed with your Program Sponsor.
- Allowing parties not affiliated with Marsh to notify you of products and services they offer, as first confirmed with your Program Sponsor.
- Evaluating credit worthiness, monitoring, servicing and collecting your premium and fee payments;
- Sharing with financial institutions where we have joint marketing agreements;
- Updating information with credit bureaus;
- Meeting legal, security, processing and regulatory requirements.
- Processing transactions through service providers.
- Detecting (including surveillance) and preventing fraud, suspicious claims or other illegal activities.
- Compiling statistics for analysis of our business such as developing and improving our products and services, enhancing this website and evaluating the effectiveness of our marketing activities.
General Information We Collect
We generally collect the following information:
- Name, postal address, email address, telephone number, date of birth, marital status, gender, and personal identification numbers.
- Financial information such as banking information, or credit card number.
- Information relating to your payroll and salary, employment, retirement and pension.
- Personal health information, including information regarding past, present or future health or mental condition, insurance claims history, payment for health care, or provision of health care to an individual.
- Other information that may not be publicly available, but necessary to fulfill a transaction authorized by you or on your behalf.
- Information reasonably necessary to evidence your instructions to us concerning your choices and elections in relation to the benefits we administer and the Services we provide.
- Information you provide in on-line or paper applications, or other forms; which may include information indicated above as well as payment records, business and income information;
- Information we acquire from and/or transfer to other persons (such as government agencies, industry associations, auditors, claims adjusters, etc.) to verify your identity and the accuracy of the information you have provided;
- Information about you received from Marsh affiliates, insurers, other intermediaries, third party providers and others for underwriting or claims purposes; and
- Information we receive from reporting agencies.
Website Navigational Information
As you navigate the Site, we may also collect information through the use of commonly-used information-gathering tools, such as cookies (collectively “Website Navigational Information”). Website Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Site (such as the web pages viewed and the links clicked).
There are different kinds of cookies with different functions:
- Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
- Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
- First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Marsh’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either Session or Persistent cookies.
- Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the Third-party’s server and your computer’s hard drive. These cookies are usually Persistent cookies.
The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, Marsh is not compatible with DNT.
- Where strictly necessary to enable you to move around the Site and use its features, such as accessing secure areas of the Site. Without these cookies, services you have asked for, such as obtaining a quote or logging into your account, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
- For performance so that we can understand how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the Site, all of which enables us to see how visitors use the Site in order to improve the way that our Site works. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our Site works.
- To improve functionality by remembering the choices you make (such as your user name, language or the region you are in) and providing enhanced features. For instance, a Site may be able to remember your log in details, so that you do not have to repeatedly sign in to your account when using a particular device to access our Site. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing a video or commenting on an article. The information these cookies collect is usually anonymized. They do not gather any information about you that could be used for advertising or remember where you have been on the internet.
Please consult your web browser's ‘Help’ documentation or visit aboutcookies.org. for more information about how to turn cookies on and off for your browser. You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin. If you choose to block cookies, you may not be able to access all or part of our site and may be unable to use those services or engage in activities that require the placement of cookies.
Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies. Unlike cookies which are stored on the user’s computer hard drive, web beacons are embedded invisibly on the web pages (or in email) and are about the size of the period at the end of this sentence.
Web beacons may be used to deliver or communicate with cookies, to count users who have visited certain pages and to understand usage patterns. We may also receive an anonymous identification number if you come to our site from an online advertisement displayed on a third-party website.
When you visit our Sites, Marsh collects your Internet Protocol (“IP”) addresses to track and aggregate non-Personal Information. For example, Marsh uses IP addresses to monitor the regions from which users navigate the Sites. IP addresses will be stored in such a way so that you cannot be identified from the IP address.
Disclosure of Information to Others
Marsh may share your information with the following parties to assist with managing and running this website, administering your insurance program, or to provide other products or services as requested by you or the Program Sponsor:
- The Program Sponsor and any third parties that are providing services for your Program Sponsor, such as vendors or insurance companies.
- Third parties providing products or services as requested by you or arranged by the Program Sponsor.
- Agents and contractors who provide products services on behalf of you or the Program Sponsor, or who help manage and run this website.
- Other Marsh Companies that provide services for your Program Sponsor.
- To notify you or allow our affiliated companies to notify you of certain products or services offered by our affiliated companies or others.
- For legal, claims settlement and valuation services.
- To update information with credit bureaus and insurance reporting agencies;
- To process transactions through data processing service providers.
- If the information is a credit card number, to process credit card payments—through third party payment processing, clearing and settlement systems in association with various banks.
- To other financial institutions with whom we have joint marketing agreements.
If required, or permitted to do so by law, we will disclose your Personal Information to third parties without obtaining your prior approval or providing you with notice thereof. In that connection, because a number of the service providers we use are located inside the US, including certain Marsh affiliates, your Personal Information may be processed and stored inside the US; and the US government, courts or law enforcement or regulatory agencies may be able to obtain disclosure of your Personal Information under US laws.
In the event Marsh, or substantially all of its assets, is acquired, or in the unlikely event that Marsh goes out of business or enters bankruptcy, your personal information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that an acquirer of Marsh or any of its assets may continue to use your information as set forth in this policy.
Your knowledge of and consent to Marsh’s collection, use and disclosure of your personal information is critical. We rely on the following actions by you as indications of your consent to our existing and future personal information practices:
- Your voluntary provision of personal information to us directly, or through another representative for the purpose fulfilling a service or product transaction authorized by you or on your behalf (including information previously provided to Marsh or Marsh’s agents and contractors);
- Your consent or acknowledgement obtained through this website or contained within a written, verbal or electronic application or claims process; or
- Your verbal consent solicited by Marsh (or our agent) for a specified purpose.
You further expressly consent to such processing taking place in such locations that Marsh deems appropriate. This may include processing of your data within the geographical boundaries of the United States of America, or its protectorates, or in other countries.
Your consent may be given through your authorized representative such as a legal guardian, agent or holder of a power of attorney.
Subject to certain legal or contractual restrictions, and with reasonable notice, you may withdraw this consent at any time. Marsh will inform you of the consequences of withdrawing your consent. In some cases, refusing to provide certain Personal Information or withdrawing consent for Marsh to collect, use or disclose your Personal Information could mean that we cannot provide requested products, services, or information for you.
Note that, there are a number of instances where Marsh does not require your consent to engage in the processing or disclosure of Personal Information. Marsh may not solicit your consent for the processing or transfer of Personal information for those purposes which have a statutory basis, such as:
- The transfer or processing is necessary for the performance of a contract between you and Marsh (or one of its affiliates);
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Marsh (or one of its affiliates) and a third party;
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
- The transfer or processing is required by applicable law.
If you wish to withdraw your consent please refer to the Questions or to Withdraw Consent section below.
Limiting Collection and Retention of Personal Information
Marsh will only collect, use, or disclose Personal Information that is necessary for the identified purposes, or as permitted by law. If we require Personal Information for any other purpose, you will be notified of the new purpose, and subject to your consent, that new purpose will become an identified purpose.
Marsh will collect Personal Information by fair and lawful means. Generally, we will retain Personal Information only as long as necessary for the fulfillment of the identified purposes. Some Personal Information may be retained for longer periods as required by law, contract, or auditing requirements.
We restrict access to Personal Information about clients, within our organization, to those employees of ours, and our affiliates, who need to know that information in order to provide products or services to our clients. We have in place safeguards appropriate to the sensitivity of the information we maintain regarding clients and participants. Safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Information. These safeguards include physical, technical, and managerial measures to keep your Personal Information protected from unauthorized access. They include, but are not limited to, the encryption of communications via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols. However, due to the nature of the Internet and related technology, we cannot absolutely guarantee the security of your Personal or Confidential Information, and Marsh expressly disclaims any such obligation. Further, it is your obligation to protect the security of any access credentials you have for this website. Marsh is not responsible for any breach of security caused by your compromise of your own access credentials.
Accuracy, Accountability, Openness and Customer Access
Our knowing about changes to some of your Personal Information (e.g. insured location address) may be key to providing relevant services. Please keep us informed of changes to your Personal Information.
Questions or to Withdraw Consent
You have the right to access your Personal Information and request rectification of any Personal Information in the file that may be obsolete, incomplete, or incorrect.
You may also withdraw your consent to any use or disclosure of your Personal Information (which may limit or terminate the products and services that Marsh provides to you) by writing or sending an email to us at the above address. We will need to validate the identity of anyone making such a request to ensure that we do not provide your information to anyone who does not have the right to such information.
Normally we will respond to access requests within 30 days.
California's "Shine the Light" Law
California Civil Code Section 1798.83 requires any operator of a website to permit its California-resident customers to request and obtain from the operator a list of what personal information the operator disclosed to third parties for direct marketing purposes, for the preceding calendar year; and the addresses and names of such third parties. Marsh does not share any personal information collected from this site with third parties for their direct marketing purposes.
Last updated: May 2, 2018