Personal Information Collection Statement of Mercer
Mercer commits to comply with the Cybersecurity Law of the P.R.C., the Personal Information Protection Law of the P.R.C. and other applicable laws and regulations in relation to personal information protection, and takes all reasonable and practical measures to safeguard your personal information from unauthorized or illegal access, processing or use during collection, storage, use, processing, transfer, provision, disclosure and/or deletion, etc. (collectively referred to as “processing” or “process”). This Statement is intended to inform you of your and Mercer’s rights and obligations in processing of your personal information, and to specify the purpose, method and scope of processing of such personal information.
1. It is often necessary for your employer (i.e. our Client) (referred to as "Client"), to provide Mercer (hereinafter referred to as "Mercer", "we", "our" or "us") with personal data (collectively referred to as "Personal Information", see details in Article 1.3) about yourselves and Other Data Subjects (as defined hereinafter under Article 1.2) in connection with our business process execution, including delivery of services and/or products, preparation of proposals, provision of quotations, managing claims, client relationship management and conducting internal conflicts checks. In addition, you (as one of the members eligible to Client’s employee health and benefits program) may provide Mercer with Personal Information of yourself and Other Data Subjects when you login on and use this SMART BENEFITS platform (this “Platform”).
1.1 You acknowledge and consent that we process such Personal Information on behalf of Client in accordance with Client’s authorization, instruction or any agreements executed by and between Client and us. The purpose and method of processing such Personal Information is solely determined by Client.
1.2 You acknowledge and confirm (i) your agreement in respect of such Personal Information transfer to Mercer by your employer (i.e. our Client, including Client’s representatives, HR, agent or other Client’s personnel who are in charge of or implement employee health and benefits program on behalf of Client); (ii) your understanding and agreement in respect of Mercer’s rights and obligations of processing of such Personal Information as necessary to carry out our obligations under services and/or potential services of Mercer; and (iii) your agreement to exercising the rights of Data Subject via your employer in respect of access, correction and deletion of such Personal Information in accordance with Article 8.
For the purpose of this Statement, yourself, your dependents (including your children under the age of 14) and other persons related to you are collectively referred to as the “Data Subject(s)”; among which, your dependents (including your children under the age of 14) and other persons related to you are collectively referred to as the “Other Data Subject(s)”.
1.3 The Personal Information as mentioned above that is subject to applicable data protection, privacy and other similar laws may include all data, text, image information and materials provided by Client or yourself to us in any format, which may include the following Personal Information of Data Subject (“Personal Information”, including sensitive personal information):
(i) Data Subject’s copies and other details of identity documents, address and other contact details, information concerning age, marital status, education, heredity, physical or mental health or medical condition/diagnosis, dietary preference;
(ii) Data Subject’s name, photo, gender, identity document, kinship document, mobile phone number, telephone number, email address, job position, job rank, title, salary, department, fax number and WeChat nickname;
(iii) Data Subject’s bank account, pre-existing condition and medical records (medical reports, physical check-up reports), telephone call recording, online communication, documentary proof of consumption (including contracts, documents, invoices) and insurance policies and information relating to your children under the age of 14.
2. You hereby agree and authorize Mercer to collect, use and otherwise process Personal Information for the following purposes:
2.1 client relationship management procedures, including any potential conflict checks as may be required;
2.2 the delivery of services or products to Client;
2.3 those purposes specifically provided for in any particular service or product offered by Mercer;
2.4 conducting marketing and client profiling activities in connection with Mercer’s services and products (including those provided by Mercer, other members of the Marsh & McLennan Group and selected third parties for the purpose of improving our services). You hereby authorize and consent Mercer to process Personal Information for conducting such marketing and profiling activities as mentioned above during or after the service period;
2.5 conducting necessary and appropriate credit assessments and other background checks against Client;
2.6 Mercer’s necessary internal record-keeping;
2.7 collection of outstanding payments from Client;
2.8 prevention of crime (including but not limited to fraud, money-laundering, bribery);
2.9 meeting any legal or regulatory requirements relating to Mercer's provision of services and products and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to Mercer or any member of the Marsh & McLennan Group; and
2.10 purposes relating to any of the above (including but not limited to necessary research, benchmarking and statistical analysis conducted to improve Mercer’s services and products. We will safeguard Personal Information of yours and Other Data Subjects in security on de-identification basis or via other reasonable measures).
3. Disclosure. Personal Information provided to Mercer will strictly be kept confidential but you hereby consent and authorize Mercer to provide or disclose such Personal Information to the necessary extent for the purposes stated in Article 2 above to:
3.1 any person to whom Mercer is compelled or required to do so under law or in response to a competent or government agency;
3.2 relevant parties arranging insurance or providing claims services or benefits administration services or wellness services such as insurance companies, health maintenance organizations, agents and service providers (including but not limited to consultants, market research and quality assurance companies);
3.3 members of the Marsh & McLennan Group and their affiliates;
3.4 government agencies and industry regulators;
3.5 Mercer’s auditors, accountants, lawyers or other financial or professional advisers;
3.6 other necessary and appropriate sub-contractors or third party service or product providers for the purposes stated in Article 2 above and Article 7 below;
3.7 Client’s HR, representatives, agent or other Client’s personnel who are in charge of or implement employee health and benefits program on behalf of Client for such personnel to edit, revise, update, download or extract such Personal Information from this Platform; and
3.8 other persons as Client may instruct or require.
4. Mercer values the protection of Personal Information (including sensitive personal information and personal information of minors, if applicable). To provide our services with Client, according to relevant laws and regulations, Mercer will, to the necessary extent, only process sensitive personal information listed under Article 1.3 provided by you with your consent or the information of children under the age of 14 provided by you as his/her parent or guardian with your consent.
5. You hereby further agree to provide Mercer with Personal Information of yourself and Other Data Subjects for the purposes stated in Article 2 above, and hereby consent and authorize your employer (i.e., Client), insurance companies, health maintenance organizations, agents and/or third-party service or product providers to provide to Mercer such Personal Information for the purposes stated in Article 2 above.
You fully understand, acknowledge and hereby consent that Mercer needs certain Personal Information as provided under this Statement to enable us to provide Client with our services. You further represent and warrant that all information supplied by you is accurate, complete and free from violation of others’ rights. Mercer will not be responsible for any liability arising from missing, delayed, incomplete, inaccurate or unauthorized information supplied by you. Failure to provide such Personal information may result in Mercer being unable to provide Client with the services or may result in you being unable to be entitled to the employee health and benefits program or receive employee benefits services and/or products requested.
6. Safeguards. We confirm that we have implemented the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to ensure Personal Information security, to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information.
7. Data Transfer. Where necessary or appropriate for the purposes of data storage or processing or providing Client with our service, you consent (and have obtained necessary consent from Other Data Subjects, if applicable) that we may transfer Personal Information to third party service or product providers or to another member of the Marsh & McLennan Group (“Group”) within or outside the country in which Mercer is established (including but not limited to Australia and U.S.).
Our Group operates data center facilities with data centers housed in each of three key regions – North America (USA and Canada), EMEA (UK and Ireland), and APAC (Australia). In such facilitates, Group owned systems are housed in secured areas to which no other parties have physical or logical access. You may exercise your rights in accordance with Article 8 below in connection with processing of your Personal Information to the overseas recipient according to laws with the contact details: privacyofficer.healthchina@mercer.comprivacyofficer.healthchina@mercer.com.
Before we provide Personal Information outside the territory of China, we will meet the applicable requirements of laws and regulations of the P.R.C. on cross-border transfer of Personal Information and will require overseas recipients to protect Personal Information at the levels not lower than those required by applicable laws and regulations of the P.R.C.
8. Your Rights of Access and Correction. You have rights to request access to and correction of Personal Information supplied by you or Client and held by Mercer and you may:
8.1 check whether Mercer holds or uses Personal Information and request access to or copy of such data;
8.2 request Mercer to correct or supplement any of Personal Information that is inaccurate, incomplete or out-of-date;
8.3 request Mercer to specify or explain its policies and procedures in relation to data and types of Personal Information handled by Mercer;
8.4 communicate to Mercer your decision, restriction or objection to the processing of Personal Information or your objection to the use of Personal Information for marketing purposes whereupon Mercer will not use Personal Information for these purposes;
8.5 request Mercer to delete Personal Information; However, if deleting such Personal Information is technically difficult to achieve, Mercer will stop processing in addition to storing such Personal Information by taking necessary security measures;
8.6 request Mercer to transmit Personal Information to a designated personal information processor; and
8.7 withdraw, in full or in part, your consent given previously.
When you exercise the rights above, please contact your company or organization/your employer first and ask the relevant personnel of your company or organization/your employer to contact us.
In each case subject to any applicable legal restrictions, contractual conditions, reasonable internal policies/procedures, a reasonable time period (in accordance with applicable laws) as well as, in the case of a request raised by you as mentioned above, a reasonable fee may be charged (where permitted under applicable laws and as Mercer may notify you in writing upon receipt of your request).
9. We may retain your Personal Information for the period required to achieve the purposes stated herein, unless the retention period may to be extended in accordance with laws or your requirements. The retention period may vary based on the purpose of processing and the nature of services.
10. The person to whom written requests for access to Personal Information or correction and/or deletion of Personal Information or for information regarding policies and procedures and types of Personal Information handled by Mercer is:
Email: privacyofficer.healthchina@mercer.comprivacyofficer.healthchina@mercer.com
1. It is often necessary for your employer (i.e. our Client) (referred to as "Client"), to provide Mercer (hereinafter referred to as "Mercer", "we", "our" or "us") with personal data (collectively referred to as "Personal Information", see details in Article 1.3) about yourselves and Other Data Subjects (as defined hereinafter under Article 1.2) in connection with our business process execution, including delivery of services and/or products, preparation of proposals, provision of quotations, managing claims, client relationship management and conducting internal conflicts checks. In addition, you (as one of the members eligible to Client’s employee health and benefits program) may provide Mercer with Personal Information of yourself and Other Data Subjects when you login on and use this SMART BENEFITS platform (this “Platform”).
1.1 You acknowledge and consent that we process such Personal Information on behalf of Client in accordance with Client’s authorization, instruction or any agreements executed by and between Client and us. The purpose and method of processing such Personal Information is solely determined by Client.
1.2 You acknowledge and confirm (i) your agreement in respect of such Personal Information transfer to Mercer by your employer (i.e. our Client, including Client’s representatives, HR, agent or other Client’s personnel who are in charge of or implement employee health and benefits program on behalf of Client); (ii) your understanding and agreement in respect of Mercer’s rights and obligations of processing of such Personal Information as necessary to carry out our obligations under services and/or potential services of Mercer; and (iii) your agreement to exercising the rights of Data Subject via your employer in respect of access, correction and deletion of such Personal Information in accordance with Article 8.
For the purpose of this Statement, yourself, your dependents (including your children under the age of 14) and other persons related to you are collectively referred to as the “Data Subject(s)”; among which, your dependents (including your children under the age of 14) and other persons related to you are collectively referred to as the “Other Data Subject(s)”.
1.3 The Personal Information as mentioned above that is subject to applicable data protection, privacy and other similar laws may include all data, text, image information and materials provided by Client or yourself to us in any format, which may include the following Personal Information of Data Subject (“Personal Information”, including sensitive personal information):
(i) Data Subject’s copies and other details of identity documents, address and other contact details, information concerning age, marital status, education, heredity, physical or mental health or medical condition/diagnosis, dietary preference;
(ii) Data Subject’s name, photo, gender, identity document, kinship document, mobile phone number, telephone number, email address, job position, job rank, title, salary, department, fax number and WeChat nickname;
(iii) Data Subject’s bank account, pre-existing condition and medical records (medical reports, physical check-up reports), telephone call recording, online communication, documentary proof of consumption (including contracts, documents, invoices) and insurance policies and information relating to your children under the age of 14.
2. You hereby agree and authorize Mercer to collect, use and otherwise process Personal Information for the following purposes:
2.1 client relationship management procedures, including any potential conflict checks as may be required;
2.2 the delivery of services or products to Client;
2.3 those purposes specifically provided for in any particular service or product offered by Mercer;
2.4 conducting marketing and client profiling activities in connection with Mercer’s services and products (including those provided by Mercer, other members of the Marsh & McLennan Group and selected third parties for the purpose of improving our services). You hereby authorize and consent Mercer to process Personal Information for conducting such marketing and profiling activities as mentioned above during or after the service period;
2.5 conducting necessary and appropriate credit assessments and other background checks against Client;
2.6 Mercer’s necessary internal record-keeping;
2.7 collection of outstanding payments from Client;
2.8 prevention of crime (including but not limited to fraud, money-laundering, bribery);
2.9 meeting any legal or regulatory requirements relating to Mercer's provision of services and products and to make disclosure under the requirements of any applicable law, regulation, direction, court order, by-law, guideline, circular, code applicable to Mercer or any member of the Marsh & McLennan Group; and
2.10 purposes relating to any of the above (including but not limited to necessary research, benchmarking and statistical analysis conducted to improve Mercer’s services and products. We will safeguard Personal Information of yours and Other Data Subjects in security on de-identification basis or via other reasonable measures).
3. Disclosure. Personal Information provided to Mercer will strictly be kept confidential but you hereby consent and authorize Mercer to provide or disclose such Personal Information to the necessary extent for the purposes stated in Article 2 above to:
3.1 any person to whom Mercer is compelled or required to do so under law or in response to a competent or government agency;
3.2 relevant parties arranging insurance or providing claims services or benefits administration services or wellness services such as insurance companies, health maintenance organizations, agents and service providers (including but not limited to consultants, market research and quality assurance companies);
3.3 members of the Marsh & McLennan Group and their affiliates;
3.4 government agencies and industry regulators;
3.5 Mercer’s auditors, accountants, lawyers or other financial or professional advisers;
3.6 other necessary and appropriate sub-contractors or third party service or product providers for the purposes stated in Article 2 above and Article 7 below;
3.7 Client’s HR, representatives, agent or other Client’s personnel who are in charge of or implement employee health and benefits program on behalf of Client for such personnel to edit, revise, update, download or extract such Personal Information from this Platform; and
3.8 other persons as Client may instruct or require.
4. Mercer values the protection of Personal Information (including sensitive personal information and personal information of minors, if applicable). To provide our services with Client, according to relevant laws and regulations, Mercer will, to the necessary extent, only process sensitive personal information listed under Article 1.3 provided by you with your consent or the information of children under the age of 14 provided by you as his/her parent or guardian with your consent.
5. You hereby further agree to provide Mercer with Personal Information of yourself and Other Data Subjects for the purposes stated in Article 2 above, and hereby consent and authorize your employer (i.e., Client), insurance companies, health maintenance organizations, agents and/or third-party service or product providers to provide to Mercer such Personal Information for the purposes stated in Article 2 above.
You fully understand, acknowledge and hereby consent that Mercer needs certain Personal Information as provided under this Statement to enable us to provide Client with our services. You further represent and warrant that all information supplied by you is accurate, complete and free from violation of others’ rights. Mercer will not be responsible for any liability arising from missing, delayed, incomplete, inaccurate or unauthorized information supplied by you. Failure to provide such Personal information may result in Mercer being unable to provide Client with the services or may result in you being unable to be entitled to the employee health and benefits program or receive employee benefits services and/or products requested.
6. Safeguards. We confirm that we have implemented the appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations to ensure Personal Information security, to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information.
7. Data Transfer. Where necessary or appropriate for the purposes of data storage or processing or providing Client with our service, you consent (and have obtained necessary consent from Other Data Subjects, if applicable) that we may transfer Personal Information to third party service or product providers or to another member of the Marsh & McLennan Group (“Group”) within or outside the country in which Mercer is established (including but not limited to Australia and U.S.).
Our Group operates data center facilities with data centers housed in each of three key regions – North America (USA and Canada), EMEA (UK and Ireland), and APAC (Australia). In such facilitates, Group owned systems are housed in secured areas to which no other parties have physical or logical access. You may exercise your rights in accordance with Article 8 below in connection with processing of your Personal Information to the overseas recipient according to laws with the contact details: privacyofficer.healthchina@mercer.comprivacyofficer.healthchina@mercer.com.
Before we provide Personal Information outside the territory of China, we will meet the applicable requirements of laws and regulations of the P.R.C. on cross-border transfer of Personal Information and will require overseas recipients to protect Personal Information at the levels not lower than those required by applicable laws and regulations of the P.R.C.
8. Your Rights of Access and Correction. You have rights to request access to and correction of Personal Information supplied by you or Client and held by Mercer and you may:
8.1 check whether Mercer holds or uses Personal Information and request access to or copy of such data;
8.2 request Mercer to correct or supplement any of Personal Information that is inaccurate, incomplete or out-of-date;
8.3 request Mercer to specify or explain its policies and procedures in relation to data and types of Personal Information handled by Mercer;
8.4 communicate to Mercer your decision, restriction or objection to the processing of Personal Information or your objection to the use of Personal Information for marketing purposes whereupon Mercer will not use Personal Information for these purposes;
8.5 request Mercer to delete Personal Information; However, if deleting such Personal Information is technically difficult to achieve, Mercer will stop processing in addition to storing such Personal Information by taking necessary security measures;
8.6 request Mercer to transmit Personal Information to a designated personal information processor; and
8.7 withdraw, in full or in part, your consent given previously.
When you exercise the rights above, please contact your company or organization/your employer first and ask the relevant personnel of your company or organization/your employer to contact us.
In each case subject to any applicable legal restrictions, contractual conditions, reasonable internal policies/procedures, a reasonable time period (in accordance with applicable laws) as well as, in the case of a request raised by you as mentioned above, a reasonable fee may be charged (where permitted under applicable laws and as Mercer may notify you in writing upon receipt of your request).
9. We may retain your Personal Information for the period required to achieve the purposes stated herein, unless the retention period may to be extended in accordance with laws or your requirements. The retention period may vary based on the purpose of processing and the nature of services.
10. The person to whom written requests for access to Personal Information or correction and/or deletion of Personal Information or for information regarding policies and procedures and types of Personal Information handled by Mercer is:
Email: privacyofficer.healthchina@mercer.comprivacyofficer.healthchina@mercer.com