" >

Milliman Personal Data Privacy Policy


Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s use and protection of personal data that individuals and clients residing within the European Economic Area and Switzerland share with us (“Personal Data”). Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, the EU General Data Protection Regulation (GDPR), and other data protection and privacy laws, as applicable.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

How we Collect Aggregate Data

In some instances, Milliman may collect aggregate data through cookies. A "cookie" is a text-only string of data that Milliman sends to the cookie file of the browser on a website visitor’s computer hard disk using Milliman’s web server. Cookies are used to make websites work, or work more efficiently, as well as to provide data to the owners of the website.

Milliman’s website may use both strictly necessary cookies and performance cookies. Strictly necessary cookies enable a website visitor to move from page to page within the website and to use its features. These cookies are deleted when the visitor closes his/her browser. Performance cookies allow Milliman to collect data, including the number of visitors to the website, where they have come to the website from, and the length of time they have spent on the website.

The majority of web browsers accept cookies and similar files, but a visitor can usually change the browser settings to prevent this. However, by doing so, some functionality of the website may be lost.

Processing of Personal Data

We may collect, store and otherwise process Personal Data of employees, officers, partners or other representatives and agents of our clients, business partners, and other individuals (i.e. name, age, date of birth, country of residence, professional and/or private address, e-mail, title and working position, employer, professional interests, professional and/or private telephone number) who enter into a business relationship with Milliman or who receive or request information about products or services from Milliman. Milliman uses this Personal Data for purposes of contract administration, to activate and maintain client accounts, to fulfill requests for or respond to inquiries about Milliman products or services, and to provide offers and information (as permitted by law) about products, services, surveys, or events offered by Milliman or that Milliman thinks may be of interest.

In many circumstances, Milliman will not collect or process your Personal Data without your consent. Milliman will seek your express consent where required by applicable law. You may withdraw your consent at any time by emailing Milliman at data.protection@milliman.com. If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

If a website visitor uses a log-in to access our website, certain criteria such as user data, transactional data, session surveillance, IP data, and pattern recognition may be collected and used by Milliman for authentication purposes.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. If you have consented to the processing of your Personal Data (“opt-in”), Milliman will retain and process your Personal Data until you withdraw your consent (“opt-out”), unless the Personal Data must be kept for administrative, legal or regulatory purposes, as for the management of the right to object, in which case Milliman will keep the minimum amount of Personal Data necessary and only for the time necessary to comply with such purposes. If Milliman has not received your opt-in, Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you want to opt-out from a specific electronic communication service or marketing offer, you can unsubscribe at any time by using the opt-out link on such communication e-mail or send us an e-mail at: data.protection@milliman.com. Unsubscribing from a special service or product information may not automatically end the processing of your Personal Data by us unless we receive a specific e-mail request from you in this respect. Any complaints about un-solicited marketing communication can be sent by e-mail to Milliman at the same e-mail address.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at data.protection@milliman.com, and Milliman will take steps to delete any such Personal Data.

Access and Corrections

As allowed or required by law and consistent with our applicable agreements, you may contact Milliman at any time at data.protection@milliman.com to request a copy of any Personal Data that Milliman has about you, to request that certain Personal Data be corrected, updated, or deleted, or to express any complaints or concerns about Milliman’s use of your Personal Data. It is not technologically possible to change or delete each and every instance of the data Milliman holds on its systems, and some Personal Data may remain in non-erasable forms.

Third-party Links

Milliman’s websites may provide links to other third-party websites that are outside of Milliman’s control and not covered by this Privacy Policy. Milliman is not responsible for the availability, content or accuracy, or privacy practices of other websites, products, services, or goods that may be linked to Milliman’s websites.

Milliman encourages all users of its websites to review the privacy policies posted on these (and all) sites.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared with Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, IT maintenance, and IT security practices, and to provide information about Milliman products, services, or events. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR (adequacy decision or Model Clauses of the European Commission).

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Privacy Shield

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-U.S. Privacy Shield Framework (or the Swiss-U.S. Privacy Shield Framework, as the case may be), as administered by the U.S. Department of Commerce. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and to view Milliman’s certification, please visit https://www.privacyshield.gov/list.

Milliman’s accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Milliman remains responsible and liable under the Privacy Shield Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a Privacy Shield-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by contacting Milliman at: data.protection@milliman.com. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

How to Contact Us

Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email (data.protection@milliman.com). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the EU-U.S. or Swiss-U.S. Privacy Shield Framework and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Local Versions of Milliman Personal Data Privacy Policy

Please note that if you live in a country of the European Union, European Economic Area, or in Switzerland where Milliman has an office, local versions of this Personal Data Privacy Policy are available in your home language by clicking on the respective local Milliman homepage.