Milliman Global Data Privacy Policy
Last updated September 2023
Milliman, Inc. and its affiliates (“Milliman”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s use and protection of personal information that individuals and clients share with us (“Personal Data”) as well as describing the rights of individuals regarding their Personal Data. This Privacy Policy applies to Milliman’s data collection and use through this website and through its business operations.
Additional specific rules may apply in various jurisdictions. For a list of those jurisdiction-specific privacy policies, please click here.
For individuals and clients residing outside of the United States who seek to transfer Personal Data from the EEA, the Isle of Man, Switzerland or the United Kingdom to the United States, please refer to our Data Privacy Framework Notice here. Milliman as an organization is committed to handling Personal Data in accordance with this Privacy Policy and applicable data protection and privacy laws worldwide including, but not limited to, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
Collection of Data
Aggregate Data
Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.
Cookies, Third Party Embedded Content and Do Not Track
For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.
Processing of Personal Data
As we describe below in this Privacy Policy, we may collect, store and otherwise process Personal Data of visitors to our websites, employees, officers, partners or other representatives and agents of our clients, business partners, and other individuals.This Privacy Policy does not apply to the collection and processing of Personal Data of job applicants and candidates or employees and non-employee workers. The processing of such Personal Data is subject to specific privacy policies and notices that are communicated to individuals in the context of their candidacy, employment or working relationship with Milliman.
In certain situations, where required by applicable law, Milliman will seek your express consent to collect or process your Personal Data. You may withdraw that consent at any time by emailing Milliman at [email protected]. If you provide us with Personal Data of another individual that requires consent, it is your duty to make sure that the individual has consented to or is appropriately informed about the processing of their Personal Data by Milliman.
The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect the following categories of Personal Data (subject to applicable legal requirements and jurisdiction-specific privacy policies):
Name, contact information and other identifiers:
Visitors to our websites: we may collect the first name, last name, title, company, phone number, location, email address, subject of the request and message given for the purpose of the management of the relationship with clients and the administration of the website.
Clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract: we may collect the name, professional address, title, email and other professional contact details, for contract administration purposes, to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. Milliman may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests.
Personal Data from public resources:
We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.
Personal Data Collection on Milliman’s Proprietary Platforms
For some unique services, Milliman hosts and maintains its own proprietary software platforms (“Platforms”). These Platforms allow Milliman to offer enhanced services and specialized products to our customers. In some cases these software platforms may require the submission of Personal Data by customers. In cases where our data collection is materially different than described in this Privacy Policy, and may be subject to local data privacy laws, we will provide additional information regarding such data collection on the applicable Platforms.
Affiliates and Authorized Third-Party Agents
All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).
Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.
Any transfers of Personal Data are subject to appropriate safeguards that are compliant with jurisdiction-specific privacy laws.
Other Disclosures
Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.
Security
Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organizational measures in place to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organizational measures in place to comply with this Privacy Policy and applicable laws.
Data Retention
Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of a legitimate interest of us). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.
If you want to opt-out from a specific electronic communication service or marketing offer, you can unsubscribe at any time by using the opt-out link on such communication e-mail or send us an e-mail at: [email protected]. Unsubscribing from a special service or product information may not automatically end the processing of your Personal Data by us unless we receive a specific e-mail request from you in this respect. Any complaints about un-solicited marketing communication can be sent by e-mail to Milliman at the same e-mail address.
Children
Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.
Third-party Links
Milliman’s websites may provide links to other third-party websites that are outside of Milliman’s control and not covered by this Privacy Policy. Milliman is not responsible for the availability, content or accuracy, or privacy practices of other websites, products, services, or goods that may be linked to Milliman’s websites. Milliman encourages all users of its websites to review the privacy policies posted on these (and all) sites.
Policy Updates
Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.
How to Contact Us
If for any reason you wish to contact us, exercise your rights, or file a complaint, please refer to the jurisdiction-specific privacy policy. You may also send an email to [email protected]. Complaints will be resolved internally in accordance with Milliman’s complaints procedures.
If you reside in California and have questions about the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, see the jurisdiction-specific privacy policies here.