MARSH & McLENNAN COMPANIES

Privacy Notice: MMC.COM

Effective: March 19, 2021

 

 

Marsh & McLennan Companies, Inc. (the “Company”) believes strongly in protecting the privacy of individuals who visit this website.  This Privacy Notice explains what personal information we collect through this Site, how we use, share, and protect that personal information, and what your rights are with respect to your personal information that we gather through the Site.

This Privacy Notice applies solely to personal information collected in connection with www.mmc.com, all web pages within that domain, and any other web pages that link to this Privacy Notice (the “Site”).   This Privacy Notice also does not apply to the websites of our affiliates, who maintain individual privacy policies for their respective websites and services.

What Personal Information Do We Collect?

The information we collect through the Site falls into two categories:

(1)   Information you voluntarily provide to us on the Site.

(2)   Information gathered via automated means as you navigate through the Site.

Information Voluntarily Provided by You:

In the course of using this Site, you may choose to provide us with information to help us serve your needs.  For example, you may complete a submission on the “Contact” page with your name, e-mail address, telephone number, street address, and/or any other information you voluntarily enter in order to ask us a question or request information.  You may also complete a registration for an event and provide us with your contact information, employment details and title, and communication and food preferences. Finally, you may provide us with information about your role, industry, and business contact information when you subscribe to a newsletter.

Information Collected by Automated Means:

We use various tools to enhance the Site user experience and track users of the Site, including cookies and web beacons.  Cookies are small pieces of text that a website places on your computer to help remember information about your visit.  Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages.  Neither cookies nor web beacons can read data off your computer's hard drive or collect your personal information.  We use information collected from cookies and web beacons to improve your experience and the overall quality of our services.  We may also use cookies and web beacons to collect information from third parties (such as Google) to help advertise our products and services, to analyze the effectiveness of our marketing or the performance of this Site, and to determine whether you may be interested in other products or services.  We also use web beacons to help deliver cookies and compile analytics.  Our cookies and web beacons may also come from third-party service providers who have permission to place such tools on our Site.

You can refuse to accept and delete cookies by adjusting your browser setting. You can also opt-out of our use of certain cookies using our cookie management tool linked at the bottom of the Site (note that on Sites that utilize strictly necessary cookies only, the cookie management tool may not be available). To learn more, please refer to our Cookie Notice. Please note that refusing or deleting cookies may impact your browsing experience on the Site, or prevent you from using some of its services, and it may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org.  The Company does not use technology that recognizes do-not-track signals from your browser.  You can also opt out of Internet based advertising by installing a browser plugin from the third party where available.  For more information about interest-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp.

In addition, in the course of seeking network security and consistent service for all users, we use software programs to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance.  These programs may detect additional information from your computer such as your IP address, device identifier, browser type, ISP, addresses from network packets, and other technical information.  Any such information is used only for the purpose of maintaining the security and performance of the Company’s networks and computer systems.

We may combine the information you provide us and information we automatically collected with information from public or third party sources.

How Do We Use the Personal Information We Collect?

We will use the information provided by you in order to respond to your inquiries, provide you with requested information or services, verify your identity where necessary to respond to your request, register you for and host corporate events of MMC and our affiliates.  For example, we may send you electronic or written materials or, if you supply us with your telephone number, you may receive telephone contact from us in response to your request.  We also use information collected on this Site for our own business and legal purposes, including: to administer, analyze, improve, and personalize the Site and our services, to maintain network security and performance and protect against cyber-attacks, to market our and our affiliate’s services, and to comply with and enforce applicable laws, industry standards, and our own policies.

We work with our business partners to collect information about the use of the Site.  Our business partners collect information such as how often users visit the Site and what pages users visited prior to visiting the site.  We use this information to maintain and improve the site.  We may partner with Google Analytics in these activities.  For information about how Google uses the information, see Google’s Terms of Service and the Google Privacy Notice.  You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

Who Do We Share Your Personal Information With?

We will not disclose, share, sell, or otherwise use your personal information without your consent, except to the extent required by law, in accordance with your instructions, or as identified in this Privacy Notice.  We may share your personal information with:

·       Affiliates: To enable them to provide services to you and contact you regarding products and services.

·       Agents and Service Providers: We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf, such as hosting this Site, sending e-mail messages, and making phone calls. They may have access to personal information, such as email addresses, needed to perform their functions, but are contractually restricted from using such personal information for purposes other than providing services for the Company or on our behalf.

·       Business Transfers: As we continue to develop our business, we might sell or buy assets. In such transactions, user information generally is one of the transferred business assets. Also, if either the Company itself or any of the Company’s assets were acquired (including through bankruptcy proceedings), your personal information may be one of the transferred assets.

·       Legal Matters: The Company may preserve, and has the right to disclose any information about you or your use of this Site without your prior permission if the Company has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of the Company or its affiliates, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) respond to claims that any content violates the rights of third parties; (d) respond to claims of suspected or actual illegal activity; (e) respond to an audit or investigate a complaint or security threat; or (f) comply with applicable law, regulation, legal process, or governmental requests.

What Steps Do We Take to Protect Your Personal Information?

This Site and all information that you submit through this Site is collected, stored, and processed in the United States.  We restrict access to your personal information to those employees of ours, and our affiliates, and to those service providers who need to use it to provide this Site and our products or services.  We have implemented physical, administrative, and technical safeguards to protect your personal information from unauthorized access.  However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

How Long Do We Keep Your Personal Information?

We will not retain personal information for longer than is necessary.  How long is appropriate will depend on the type of data and the use to which it has been put.  In general, we retain information for not less than seven (7) years to comply with local tax reporting and employment regulations and good business practice.  Our legal department may direct that information be retained for a longer period of time in the event of a litigation hold or as deemed necessary to protect the interests of MMC or as otherwise required by law.

Some Other Matters

Accessing and Correcting Your Information:

Keeping your information accurate and up-to-date is very important.  Inaccurate or incomplete information could affect our ability to deliver relevant services to you.  Please let us know about any changes that may be required to your personal information using the contact information below.

External Links:

This Site includes links to other websites operated by third party organizations.  If you access another organization’s website using a link provided, the other organization may collect information from you.  The Company is not responsible for the content or privacy practices of linked websites or their use.  Once you have left this Site via such a link (you can tell where you are by checking the URL in the location bar on your browser), you should refer to those websites' privacy policies, terms of use, and practices to determine how they will handle any information they collect from you.

For Company Career Candidates:

If you are or were a job applicant to MMC or one of our affiliates, a separate notice linked from our careers site addresses how we handle your personal information.

Applicability of This Privacy Notice to International Users:

This Privacy Notice is provided in accordance with and subject to U.S. law.  If you access this Site from a location outside of the United States, you agree that your use of this Site is subject to the terms of this Privacy Notice and the Terms of Use and you recognize and accept that your personal information may be transferred to and processed in the U.S. and other countries that may not be deemed to provide the same level of data protection as your home country and that may have been deemed to have inadequate data privacy laws under the laws of your jurisdiction.

Binding Corporate Rules:

Marsh McLennan's EU Binding Corporate Rules – or EU BCR – are a means of transferring personal data internationally within the Company group in compliance with applicable data protection legislation in the European Economic Area (EEA).  The Information Commissioner’s Office (ICO), the local Supervisory Authority in the United Kingdom, formally approved them on October 6, 2017.  Following Brexit and in accordance with the requirement to identify a new, EU Supervisory Authority to replace the ICO as our lead Supervisory Authority, we successfully completed the transition of our EU BCR to the Irish Data Protection Commission (Irish DPC).  Our EU BCR consist of both Controller and Processor Standards.  For further information regarding how our EU BCR operate, click here. For a list of entities that have agreed to be bound by Marsh & McLennan Companies’ EU BCR, click here.

Following Brexit, the ICO issued an authorisation under Directive 95/46/EC to confirm that holders of EU BCRs are automatically eligible for a UK BCR under paragraph 9, Part 3, Schedule 21 to the DPA 2018 (as amended from 1 January 2021). Marsh McLennan’s UK Binding Corporate Rules – or UK BCRs – are a means of transferring personal data internationally within the Company group in compliance with applicable data protection legislation in the United Kingdom. Our UK BCRs are supervised by the ICO. Our UK BCRs consist of both Controller and Processor Standards. For further information regarding how our UK BCR operate, click here. For a list of entities that have agreed to be bound by Marsh McLennan’s UK BCR, click here.

Children:

This Site it not intended for children, and we do not knowingly collect, use, or disclose information of children under the age of thirteen (13) without the consent of their parents or legal guardians.  In an instance where such information was collected, it would be purely accidental and unintentional.

Rights of California Residents:

If you are a resident of California, please review our California Resident Privacy Notice, which supplements this Privacy Notice.

Changes to Privacy Notice

The Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the date at the top of this page.  Any changes we make to this Privacy Notice become effective immediately when we post the revised Privacy Notice on this Site.  We recommend that you review this Privacy Statement regularly for changes.

Questions or Concerns?

If you have any questions, concerns, or complaints about this Privacy Notice, or our privacy practices in general, email us at Privacy@mmc.com, with a subject line of “WEBSITE”, or write to us at:

Marsh McLennan
Corporate Communications
Attn: Chief Privacy Officer
1166 Avenue of Americas
New York, New York 10036-2774
USA