Mercer Privacy Notice relating to Actuarial Services provided in the United Kingdom
Mercer Limited (Mercer) is committed to safeguarding the privacy of individuals (including past and present scheme members and their dependents and beneficiaries) whose personal information it processes in the course of, and after, providing actuarial services in the United Kingdom (you).
This privacy notice (the Privacy Notice) describes how Mercer (and, where also appointed, the scheme actuary) (together, we, us, our) collect personal information, and how we will use that personal information, in connection with the actuarial services that we provide to our clients, such as pension scheme trustees or participating employers.
If you provide to us the personal information of any third parties, including dependents or other persons who benefit from your pension benefits such as your spouse or partner, we ask that you pass a copy of this Privacy Notice to such individuals and collect their consent to us using such personal information.
We may have or collect additional personal (and other) information about you in relation to other relationships that we have with you. Where we collect this additional personal information as a controller, how we collect and handle this personal information may be set out in other Mercer privacy notices and terms and conditions.
This Privacy Notice covers the following areas:
(1) Our status
When we process your personal information in connection with the actuarial services we provide, we act as independent data controllers alongside relevant trustees or participating employer of your pension scheme (as applicable) to whom we are providing our services who also act as data controllers. We work with our trustee or employer clients to meet our respective obligations under data protection law.
Where a Mercer scheme actuary has been appointed in respect of your pension scheme, the relevant scheme actuary will also act as a data controller in relation to your personal information that he or she processes. To the extent applicable, the information in this Privacy Notice also applies to the processing of your personal information by the scheme actuary. To find out the identity of the relevant scheme actuary, please contact the Trustees of your pension scheme.
This Privacy Notice only applies in relation to the processing of personal information that we undertake as a controller in relation to our actuarial services. It does not apply to activities that we perform as a processor on behalf of our clients (such as pension scheme administration services). Details of such processing will be set out in the privacy notice of your relevant pension scheme trustee and/or employer.
(2) Information we collect about you
We will collect and process some or all of the following personal information about you:
- (a) Information provided by you (or your employer and/or pension scheme trustee on your behalf):
- Date of birth;
- Marital status;
- Beneficiary details (including name, date of birth and contact details of the beneficiary and their relationship to the scheme member);
- Contact details such as address, email address and telephone number;
- Employer name;
- Employment and pensionable service periods;
- Employee benefits;
- Nature and details of current and historic pension arrangements;
- Pension amounts and contributions;
- Bank details;
- National insurance number; and
- Such other information as is required to calculate the amount of benefits payable to you under the pensions scheme and to support the relevant pensions trustee in administering the scheme.
In some instances we will also process categories of sensitive personal information, such as health data and your sexual orientation (Special Category Personal Data). This Special Category Personal Data is not routinely collected by us, and will only be processed where it is necessary to do so in the circumstances (for example, where this impacts your retirement age, or where payment is claimed as a result of ill health).
- (b) Our correspondence
if you contact us, we will typically keep a record of that correspondence.
- (c) Website and communication usage
Details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources you access. Information on how we handle this type of data can be found in our website cookie notice, which can be found here.
(3) How we use your personal information
This section sets out the purposes for which we use personal information that we collect and, in compliance with our obligations under European data protection law, identifies the “legal grounds” (or “use justifications”) which we rely on to process the information (the full description of each of these grounds can be found in Annex 1 to this Privacy Notice).
We may use your personal information for the following purposes:
- (a) Benefit strategy and design and to assist in running the scheme: To advise in relation to the running of our clients’ pension arrangements, including assessing the relevant pension requirements. We also advise on the financial implications of pension arrangements and proposed changes to them and advise on the design and financing of disability income schemes and risk benefit schemes. This activity also includes providing advice to certain executives / high earners and others with benefits above the Lifetime Allowance;
Use justification: legitimate interests (to enable us to perform our contractual obligations), legal obligation. In the limited circumstances where we are required to process Special Category Personal Data, we may rely on substantial public interests (namely that it is necessary for making determinations in connection with the occupational pension scheme) or will rely on your explicit consent.
- (b) Accounting: To prepare calculations in respect of our clients’ pension scheme and post-retirement medical benefit accounting numbers.
Use justification: legitimate interests (to enable us to perform our contractual obligations), legal obligation.
- (c) Funding, Valuation and Liability Management: To determine and place values on members’ expected future pension benefits entitlements, in terms of individual transfer values and also the overall value of the liabilities of the pension scheme. To advise on the suitability of pension scheme funding and investment strategies, including the financial implications of such strategies. We may also advise on liability management options (such as insurance options, bulk annuities and member option exercises), bulk transfer calculations, or the pension aspects of mergers, acquisitions or other corporate restructures.
Use justification: legitimate interests (to enable us to perform our contractual obligations), legal obligation. In the limited circumstances where we are required to process Special Category Personal Data, we may rely on substantial public interests (namely that it is necessary for making determinations in connection with the occupational pension scheme or for insurance purposes). In other circumstances, we will rely on your explicit consent.
- (d) Scheme actuary duties: In respect of the scheme actuary, to undertake the activities (including valuation activities and other activities mentioned above) that are required of a scheme actuary by law.
Use justification: legitimate interests (to enable us to perform our contractual obligations), legal obligation. In the limited circumstances where we are required to process Special Category Personal Data, we may rely on substantial public interests (namely that it is necessary for making determinations in connection with the occupational pension scheme). In other circumstances, we will rely on your explicit consent.
- (e) Regulatory compliance: To undertake such other activities as are required in order to meet our ongoing regulatory, legal and compliance obligations, including the prevention and detection of crime, for fraud detection purposes, anti-money laundering and sanctions checks and in order to liaise with statutory bodies including HMRC, the Pension Protection Fund, the Pensions Regulator and the Pensions Ombudsman.
- Use justification: legitimate interests (to enable us to perform our contractual obligations and to cooperate with our regulators), legal obligation. In the limited circumstances where we are required to process Special Category Personal Data, we may rely on substantial public interests (namely that it is necessary for making determinations in connection with the occupational pension scheme or where it is necessary for fraud prevention purposes). In other circumstances, we will rely on your explicit consent.
- (f) Data analytics: To conduct benchmarking, modelling and data analytics in order to better understand issues relevant for assessing pensions and insured liabilities, such as life expectancy, and to better understand and improve the quality of, and to market, Mercer’s advice, products and services. The output of such analytics will not identify particular clients or individuals.
Use justification: Legitimate interests (to enable us to perform our contractual obligations and allow us to improve our service), legal obligation. In the limited circumstances where we are required to process Special Category Personal Data, we will typically rely on the member’s explicit consent (unless another ground applies in the circumstances).
- (g) To communicate effectively with our clients: To conduct our business, including to respond to our clients’ queries and to otherwise communicate with our clients, including to inform them of changes to our services and products and to handle claims.
Use justification: legitimate interests (to enable us to perform our obligations and provide our services to you), legal obligations, legal claims.
- (h) To reorganise or make changes to our business: To share data as part of any due diligence process, or following a sale or reorganisation, in the event that we: (i) are subject to negotiations for the sale of all or part of our business to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation.
Use justification: Legitimate interests (in order to allow us to change or business).
- (i) To provide you with marketing material: To provide you with updates and offers, where you have chosen to receive these. We may use your personal information to provide you with information about products or services which we think would be of interest to you. We may also share your personal information with our affiliates within the March & McLennan Companies, Inc (“MMC”) corporate group (“MMC Affiliates”) so that they can provide you with information about their products and services. These may be sent by email, SMS, phone, fax or post.
Within MMC, we operate under a number of brands and you may receive such communications from our different trading names, such as, Mercer, Mercer Marsh Benefits (MMB), Darwin, Marsh, Marsh Commercial, Marsh Networks and others.
- We take care to ensure that our marketing activities comply with all applicable EEA and UK legal requirements. In some cases, this may mean that we ask for your consent in advance of us or MMC Affiliates sending you marketing materials.
- In all cases, you can always opt out of receiving marketing communications from us or MMC Affiliates, at any time. We will always provide an option to unsubscribe or opt-out of further communication on any electronic marketing communications sent to you or you may opt out by contacting us as set out below.
- Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we provide to you.
- Use justification: consent and legitimate interest (to keep you updated with news in relation to our products and services).
(4) Who we share your personal information with
We may share your personal information with the following categories of recipients:
- (a) Our clients, such as your employer, former employer or the relevant pension scheme trustees and their respective service providers or such other third parties as they instruct us to release the personal data to on their behalf;
- (b) Insurance and reinsurance companies;
- (c) Law enforcement bodies, third party agencies and sanctions lists, in connection with the prevention or detection of criminal activities, including fraud;
- (d) Public authorities, regulators and government bodies (such as the Pensions Ombudsman, Pensions Regulator and HMRC), where this is necessary for us to comply with our legal and regulatory obligations;
- (e) Advisers, including legal advisers, loss adjusters and claims investigators, in connection with the investigation, exercise or defence of legal claims;
- (f) Third parties (and their advisers) in the event of a sale or reorganisation of our business;
- (g) Third party suppliers to whom we have outsourced certain activities, who process personal information on our behalf.
(5) How we protect your personal information
Security over the internet
We maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
All personal information that we hold is stored on our, or our third party suppliers’, secure servers and only accessed and used subject to our security policies and standards.
Export outside the United Kingdom
Your personal information may be accessed by staff, affiliates or suppliers in, transferred to, and/or stored at, a destination outside the United Kingdom, whose data protection law may be of a lower standard than those in the United Kingdom. We will, in all circumstances, safeguard personal information as set out in this Privacy Notice.
Where we transfer personal information from inside the United Kingdom to outside the United Kingdom, we are required to take specific measures to safeguard the relevant personal information. Certain countries outside the United Kingdom have been approved by the United Kingdom Government as providing essentially equivalent protections to United Kingdom data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions (see the full list here https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/#adequacy). In countries which are not subject to this approval, we will establish legal grounds justifying such transfer, such as MMC’s Binding Corporate Rules, model contractual clauses, or other legal grounds permitted by applicable legal requirements.
Please contact us as set out below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain personal information for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information is retained) or securely destroyed.
(6) Your Rights
If you have any questions or concerns about how your personal information is handled in connection with your pension scheme, we recommend that you first contact your pension scheme trustee or the relevant participating employer of your pension scheme (as applicable). However, under certain conditions, you have the right to ask us to:
- a) provide you with further details on the use we make of your information;
- b) provide you with a copy of information that you have provided to us;
- c) update any inaccuracies in the personal information we hold; and
- d) delete any personal information that we no longer have a lawful ground to use,
- e) object to any processing that we justify on the basis of our “legitimate interests” unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
- f) object to direct marketing (including any profiling for such purposes);
- g) restrict how we use your information whilst we consider your inquiry; and
- h) where processing is based on consent, you have the right to withdraw your consent by contacting us at the contact details below or as indicated when consent was given.
You can exercise these rights by contacting us as set out in the “contacting us” section below. Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office.
(7) Contacting us
If you have any question about how your personal information is handled, we recommend that you contact your pension scheme trustee or the relevant participating employer of your pension scheme (as applicable) in the first instance.
If you have any questions in relation to this Privacy Notice, please contact our Data Protection Officer at firstname.lastname@example.org or at:
Data Protection Officer
Marsh & McLennan Companies, Inc.
Tower Place West
(8) Changes to Our Privacy Notice
We may change our Privacy Notice from time to time in the future. If we change this Privacy Notice, we will update the date the Privacy Notice was last changed below. If these changes are material, we will take reasonable steps to notify you of the changes.
This Privacy Notice was last updated in July 2021.
These are the principal legal grounds that justify our use of your information:
|Consent: where you have consented to our use of your information you will have been presented with a consent form in relation to any such use and may withdraw your consent as indicated by such form or by emailing us at email@example.com.
|Contract performance: where your information is necessary to enter into or perform our contract with you.
|Legal obligation: where we need to use your information to comply with our legal obligations.
|Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
|Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
|Substantial public interest: where your information is necessary for: (i) the purposes of making a determination in connection with an occupational pension scheme; (ii) fraud prevention purposes; (iii) insurance purposes; or (iv) some other purpose that applicable data protection law considers to represent a substantial public interest, in each case subject to applicable conditions.