Milliman Personal Data Privacy Policy – Milliman GmbH, Austria

English | German

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Austrian affiliate’s (Milliman GmbH) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman GmbH are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman GmbH are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman GmbH may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman GmbH’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman GmbH and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Austria, such authority is the “Österreichische Datenschutzbehörde” (https://www.dsb.gv.at/).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Millimans Datenschutzrichtlinie - Österreich

Letzte Aktualisierung: Mai 2024

Wenn Milliman als Datenverantwortlicher handelt

Milliman, Inc. und ihre verbundenen Unternehmen („Milliman“ oder „Wir“) nehmen den Datenschutz sehr ernst. Die vorliegende Datenschutzrichtlinie bestimmt die Grundsätze, denen Milliman und ihre verbundenen Unternehmen (Milliman GmbH) bei der Verwendung und dem Schutz von personenbezogenen Daten unterliegen, die uns innerhalb des Europäischen Wirtschaftsraums, auf der Insel Man, das Vereinigte Königreich und in der Schweiz lebende Privatpersonen und Kunden („personenbezogene Daten“), nachfolgend „Sie“, übermitteln. Milliman verpflichtet sich zum Umgang mit personenbezogenen Daten gemäß dieser Datenschutzrichtlinie, der EU-Datenschutzgrundverordnung (DSGVO) sowie sonstigen maßgeblichen Datenschutzgesetzen und Vorschriften über Persönlichkeitsrechte, soweit sie anwendbar sind.

Milliman, Inc. und Milliman GmbH sind gemeinsame Kontrollinstanzen für die Verarbeitung personenbezogener Daten, die in dieser Datenschutzrichtlinie beschrieben sind. Das bedeutet, dass Milliman, Inc. und Milliman GmbH beide für die Einhaltung der geltenden Datenschutzgesetze verantwortlich sind.

Datenerfassung

Aggregierte Daten

Wie zahlreiche Unternehmen, überwacht Milliman die Nutzung ihrer Websites durch die Erhebung aggregierter Daten. Dabei werden keine personenbezogenen Daten erhoben. Im typischen Fall erhebt Milliman Daten über die Anzahl der Besucher auf i Website, auf jeder Seite der Website und den Domainnamen des Internet-Serviceproviders des Besuchers. Diese Daten werden zur Verbesserung der Benutzerfreundlichkeit, der Leistungsfähigkeit und der Effizienz von Millimans Website verwendet.

Cookies, Inhalt von Dritten und Do Not Track

Für detailliertere Informationen, die beschreiben, wie Milliman Cookies verwendet und Ihre Wahlmöglichkeiten im Zusammenhang mit der Verwendung und der Ablehnung solcher Cookies, einschließlich Informationen über Inhalte von Dritten auf Millimans Webseite, und wie Milliman auf Do Not Track-Signale in Browsern reagiert, lesen Sie bitte unsere Cookie-Richtlinie, die Sie hier finden.

Verarbeitung von personenbezogenen Daten

Die personenbezogenen Daten, die wir sammeln, variieren je nach Art der angebotenen Dienstleistungen und unserer Interaktionen mit Einzelpersonen. Im Zusammenhang mit der Erfassung von Daten über diese Website, den Marketingaktivitäten von Milliman und der Vertragsverwaltung können wir folgende personenbezogene Daten erfassen, speichern und anderweitig verarbeiten:

• Daten von Besuchern unserer Websites (Vorname, Nachname, Titel, Firma, Telefonnummer, Standort, E-Mail-Adresse, Betreff der Anfrage und die Nachricht), die Informationen über Produkte oder Dienstleistungen von Milliman anfordern, zum Zweck der Verwaltung der Beziehung zu den Besuchern und der Verwaltung der Websites. Rechtsgrundlage für die Verarbeitung solcher personenbezogener Daten ist das berechtigte Interesse von Milliman (Art. 6 (1) Buchstabe (f) DSGVO).
• Daten von Kundenvertretern, Direktoren, Repräsentanten, Angestellten, Geschäftspartnern, Zulieferern, und anderen Vertragsparteien (Name, berufliche Adresse, Titel, E-Mail und andere berufliche Kontaktdaten) für die Vertragsverwaltung. Die beruflichen Kontaktdaten von Kundenvertretern, deren Mitarbeitern und Geschäftspartnern werden auch verwendet, um Kundenkonten zu aktivieren und zu pflegen, einschließlich für Abrechnungszwecke, Due-Diligence-Prüfungen und Konfliktprüfungen, zur Erleichterung der Kommunikation, zur Erfüllung von Anträgen oder zur Beantwortung von Anfragen zu Milliman-Produkten oder -Dienstleistungen und zur Übermittlung von Angeboten und Informationen (soweit gesetzlich zulässig) über Produkte, Dienstleistungen oder Veranstaltungen, die von Milliman angeboten werden oder die nach Ansicht von Milliman von Interesse sein könnten. Rechtsgrundlage für die Verarbeitung personenbezogener Daten ist das berechtigte Interesse von Milliman (Art. 6 (1) Buchstabe (f) DSGVO). Milliman kann sich auf Ihre Zustimmung (Art. 6 (1) Buchstabe (a) GDPR) für die Versendung von Marketingmitteilungen berufen, wenn dies nach den Gesetzen zum Datenschutz und zum Schutz der Privatsphäre erforderlich ist; in diesem Fall werden wir Sie vor der Versendung der Mitteilung um Ihre Zustimmung bitten. Milliman GmbH kann die beruflichen Kontaktdaten der Mitarbeiter seiner Kunden auch zum Zweck der Versendung von Umfragen, Fragebögen oder zum Zweck der Organisation von Wettbewerben verwenden. Für diese Aktivitäten ist die rechtliche Grundlage für die Verarbeitung personenbezogener Daten das legitime Interesse der Milliman GmbH (Art. 6 (1) Buchstabe (f) DSGVO), es sei denn, nach den Gesetzen zum Datenschutz und zum Schutz der Privatspähre ist Ihre vorherige Zustimmung erforderlich. Wir können auch begrenzte persönliche Daten über Sie aus öffentlichen Ressourcen (wie z.B. LinkedIn) sammeln und verarbeiten, einschließlich Ihres Namens/Nachnamens, Ihrer E-Mail-Adresse, Telefonnummer, Unternehmen, Titel/Position, Beruf, berufliche Interessen, damit wir ein potenzielles Interesse an unseren Dienstleistungen einschätzen und Sie zu Marketingzwecken kontaktieren können.

Wenn wir mit Ihnen über die von uns angebotenen oder entwickelten Produkte und Dienstleistungen kommunizieren, erhalten Sie in jeder Mitteilung die Möglichkeit, sich abzumelden und künftige Mitteilungen dieser Art zu verhindern. Wenn Sie nicht möchten, dass wir diese Informationen aus unseren Marketing-E-Mails erfassen, oder wenn Sie Direktmarketing-E-Mails von uns abbestellen möchten, können Sie das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar ist. Kontakt mit uns aufnehmen und es uns schriftlich mitteilen. Wir werden die Verwendung Ihrer personenbezogenen Daten für Direktmarketingzwecke einstellen, sobald Sie uns dazu aufgefordert haben.

Wenn Sie uns personenbezogene Daten einer anderen Person zur Verfügung stellen, ist es Ihre Pflicht, sicherzustellen, dass diese Person der Verarbeitung ihrer personenbezogenen Daten zugestimmt hat oder angemessen über die Verarbeitung ihrer personenbezogenen Daten von Milliman informiert wird.

Sie müssen auch sicherstellen, dass alle uns übermittelten personenbezogenen Daten vollständig, genau, wahr und korrekt sind. Wenn Sie dies nicht tun, kann dies dazu führen, dass wir Ihnen die von Ihnen angeforderten Produkte und Dienstleistungen nicht liefern können.

Es werden keine automatisierten Entscheidungen auf der Grundlage der von Ihnen erfassten personenbezogenen Daten getroffen.

Verbundene Unternehmen und befugte externe Bevollmächtigte

Alle Websites, Produkte und Dienstleistungen von Milliman werden in Zusammenarbeit mit Milliman, Inc., mit Sitz in den USA bereitgestellt. Personenbezogene Daten können zwischen Milliman GmbH und Milliman, Inc. oder anderen Unternehmen, die von Milliman, Inc. kontrolliert werden oder unter gemeinsamer Kontrolle mit Milliman, Inc. stehen und in den USA und/oder Europa ansässig sind, zum Zwecke der Zentralisierung der allgemeinen Unternehmensdienstleistungen von Milliman ausgetauscht werden, einschließlich: Verwaltungsdienste, Vertragsmanagement, Client Relationship Management (CRM), IT-Wartung und Sicherheit, Datenschutz (Verwaltung der Anfragen der betroffenen Personen) und Marketingdienste (Cookie-Verwaltung, Nachverfolgung von Anfragen über das Website-Formular von Milliman, Kommunikation über Produkte, Dienstleistungen oder Veranstaltungen von Milliman). Wir können personenbezogene Daten auch an verbundene Unternehmen weitergeben, die die Handelsmarke MILLIMAN® verwenden. In diesem Fall werden wir von diesen Partnern die Einhaltung dieser Datenschutzrichtlinie verlangen. Bitte beachten Sie, dass wir Ihre persönlichen Daten möglicherweise in ein Land übertragen, in dem nicht die gleichen Datenschutzgesetze wie in Ihrem Heimatland gelten. Milliman stellt jedoch sicher, dass sie selbst und ihre verbundenen Unternehmen personenbezogene Daten in Übereinstimmung mit dieser Datenschutzrichtlinie verarbeiten.

Milliman kann personenbezogene Daten auch an autorisierte Dritte oder Auftragnehmer weitergeben, die Dienstleistungen für Milliman erbringen. Wenn Milliman personenbezogene Daten an Dritte weitergibt, verlangt Milliman, dass diese Dritten sich damit einverstanden erklären, personenbezogene Daten auf der Grundlage der Anweisungen von Milliman und in Übereinstimmung mit dieser Datenschutzrichtlinie zu verarbeiten.

Jegliche Übermittlung personenbezogener Daten unterliegt angemessenen Schutzmaßnahmen, die mit der DSGVO in Einklang stehen und im Kapitel „Übertragung von personenbezogenen Daten über die Grenzen hinweg“ beschrieben werden.

Weitere Offenlegungen

Milliman kann personenbezogene Daten und sonstige damit verbundene Informationen ebenfalls in Beantwortung von Vorladungen, Gerichtsbeschlüssen oder sonstigen gesetzlichen Anforderungen seitens der Behörden sowie für Anforderungen der nationalen Sicherheit oder der Strafverfolgung offenlegen. Milliman darf personenbezogene Daten erfassen und weiterleiten, um im Zusammenhang mit illegalen Handlungen, vermutetem Betrug, Verstößen gegen Millimans Nutzungsbedingungen oder in anderen per Gesetz oder den behördlichen Vorschriften bestimmten Fällen zu ermitteln oder erforderliche Maßnahmen zu ergreifen.

Sicherheit

Milliman speichert personenbezogene Daten auf einem sicheren Server, der per Passwort geschützt ist und von unbefugten Zugriffen durch eine Firewall abgeschirmt ist. Milliman hat Sicherheitsverfahren eingerichtet, die dazu bestimmt sind, die Sicherheit und Integrität aller personenbezogenen Daten zu gewährleisten. Milliman verfügt über geeignete technische und organisatorische Maßnahmen zum Schutz vor der unbefugten oder ungesetzlichen Verarbeitung von personenbezogenen Daten sowie vor dem versehentlichen Verlust oder der Zerstörung oder Beschädigung von personenbezogenen Daten, die von Milliman erfasst oder verarbeitet werden. Wenn Milliman personenbezogene Daten an Dritte weiterleitet, verlangt Milliman, dass diese Dritten über geeignete technische und organisatorische Mittel verfügen, um diese Datenschutzrichtlinie und die geltenden Gesetze zu beachten.

Datenspeicherung

Milliman speichert personenbezogene Daten nur so lange, wie dies zur Erfüllung der in dieser Datenschutzrichtlinie genannten Zwecke notwendig ist, es sei denn per Gesetz ist ein längerer Speicherzeitraum erforderlich oder erlaubt. Milliman wird Ihre personenbezogenen Daten löschen, sobald der Zweck der Erfassung und Verarbeitung derartiger personenbezogener Daten erfüllt ist und die angemessene Dauer der Dokumentation und Backup-Speicherung derartiger personenbezogener Daten abgelaufen ist. Wenn Sie sich vom Erhalt von Marketing-Informationen von uns abgemeldet haben, werden wir Ihre personenbezogenen Daten weiterhin für jeden anderen Zweck aufbewahren, für den wir noch rechtliche Gründe für die Verarbeitung dieser personenbezogenen Daten haben (z.B. zur Erfüllung einer gesetzlichen Verpflichtung oder wenn die Verarbeitung für den Zweck unseres berechtigten Interesses notwendig ist). In bestimmten Fällen, wenn keine anderen rechtlichen Gründe vorliegen, werden wir begrenzte personenbezogene Daten (wie z.B. Ihre E-Mail-Adresse) über Sie speichern, um für die Zukunft sicherstellen zu können, dass solche Marketingmitteilungen nicht mehr an Sie gesendet werden.

Kinder

Millimans Websites, Produkte und Leistungen wenden sich nicht an Kinder, und Milliman erfasst wissentlich keine personenbezogenen Daten von Kindern. Wenn ein Elternteil oder Erziehungsberechtigter erfährt, dass eines seiner Kinder Milliman ohne seine Zustimmung personenbezogene Daten bereitgestellt hat, sollte der Elternteil oder Erziehungsberechtigte, das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar ist, und Milliman wird Maßnahmen ergreifen, um jegliche derartigen personenbezogenen Daten zu löschen.

Links von Dritten

Die Website von Milliman kann Links auf Websites enthalten, die von anderen Unternehmen als uns beherbergt und betrieben werden („Websites von Dritten“), auf die Sie Ihre personenbezogenen Daten (teilweise) exportieren können.

Wir geben Ihre personenbezogenen Daten nicht ohne Ihre ausdrückliche Zustimmung an diese Websites Dritter weiter. Wir weisen darauf hin, dass alle Informationen, die Sie an Websites Dritter weitergeben, nicht mehr unter unserer Kontrolle stehen und nicht mehr der Datenschutzrichtlinie für personenbezogene Daten von Milliman unterliegen.

Sie sollten die Datenschutzpraktiken einer Website von Dritten überprüfen, um zu verstehen, wie diese Webseite von Dritten Ihre personenbezogenen Daten erfasst und verwendet, falls Sie sich entschieden haben, Ihre personenbezogenen Daten an diese weiterzugeben. Wir sind nicht für den Inhalt oder die Leistung dieser Websites von Dritten verantwortlich. Wir sind in keiner Weise verantwortlich oder haftbar für die Art und Weise, mit der eine Website Dritter mit personenbezogenen Daten umgeht, die Sie einer solchen Website Dritter zur Verfügung stellen, und die Nutzung von Websites Dritter erfolgt ausschließlich auf Ihr eigenes Risiko.

Aktualisierungen der Datenschutzbestimmungen

Milliman kann ihre Datenschutzrichtlinie von Zeit zu Zeit ändern. Deshalb bittet Milliman alle betroffenen Personen, diese gelegentlich zu prüfen, um zu gewährleisten, dass Sie die aktuellste Fassung kennen.

Übertragung von personenbezogenen Daten über die nationalen Grenzen hinweg

Milliman ist ein globales Unternehmen, das personenbezogene Daten in Übereinstimmung mit den für solche Übertragungen geltenden Gesetzen über nationale Grenzen hinweg überträgt. Milliman hat angemessene Sicherheitsvorkehrungen getroffen, um sicherzustellen, dass ihre Datenübertragungen angemessen geschützt sind. Die Rechtsgrundlagen von Milliman für die jeweiligen Datenübertragungen sind in dieser Datenschutzrichtlinie dargelegt. Wenn personenbezogene Daten von einem unserer Unternehmen im Europäischen Wirtschaftsraum („EWR“), der Schweiz, der Isle of Man oder dem Vereinigten Königreich in die Vereinigten Staaten oder ein anderes Land außerhalb des EWR oder von Unternehmen im EWR in ein anderes Land außerhalb des EWR übertragen werden, stützen wir uns auf einen oder mehrere der folgenden Rechtsmechanismen, die einen angemessenen Schutz für die Übertragungen gewährleisten: die Angemessenheitsbeschlüsse, die von der Europäischen Kommission auf der Grundlage von Art. 45 DSGVO, den von der Europäischen Kommission genehmigten Standardvertragsklauseln, den EU-US-Datenschutzrahmen (EU-US-DPF), die britische Erweiterung des EU-US-DSGVO und den Schweizer-US-Datenschutzrahmen (Schweizer-US-DPF) oder anderen Übermittlungsmechanismen, die nach den geltenden Datenschutzgesetzen als angemessen gelten. Sie können eine Kopie aller Standardvertragsklauseln in Bezug auf Ihre personenbezogenen Daten anfordern, die wir möglicherweise ausgefertigt haben, indem Sie uns unter den unten angegebenen Kontaktdaten kontaktieren. Milliman verpflichtet sich, mit den Datenschutzbehörden der EU, dem Eidgenössischen Datenschutzbeauftragten, dem Information Commissioner der Insel Man, dem Information Commissioner's Office des Vereinigten Königreichs und jeder anderen relevanten Datenschutzbehörde zusammenzuarbeiten und die Ratschläge dieser Behörden in Bezug auf die Übermittlung personenbezogener Daten von einer unserer Einheiten im EWR, der Schweiz, der Insel Man oder dem Vereinigten Königreich in Länder außerhalb des EWR zu befolgen. Milliman wird alle erforderlichen Folgenabschätzungen durchführen und dabei die Regeln der geltenden Datenschutzgesetze befolgen, um die sichere Übermittlung Ihrer personenbezogenen Daten zu gewährleisten.

Data Privacy Framework

Milliman verpflichtet sich, personenbezogene Daten in Übereinstimmung mit dieser Datenschutzrichtlinie und dem EU-US Data Privacy Framework (EU-US DPF), der britischen Erweiterung des EU-US DPF und dem Swiss-US Data Privacy Framework (Swiss-US DPF), wie vom U.S. Department of Commerce verwaltet, zu behandeln. Milliman hat dem U.S. Department of Commerce bestätigt, dass es die EU-U.S. Data Privacy Framework Grundsätzen (EU-U.S. DPF Grundsätzen) in Bezug auf die Verarbeitung personenbezogener Daten einhält, die sie aus der Europäischen Union unter Berufung auf die EU-U.S. DPF und aus dem Vereinigten Königreich (und Gibraltar) unter Berufung auf die UK Extension to the EU-U.S. DPF erhält. Milliman hat ebenfalls gegenüber dem U.S. Department of Commerce bestätigt, dass es die Swiss-U.S. Data Privacy Framework Grundsätzen (Swiss-U.S. DPF Grundsätzen) in Bezug auf die Verarbeitung personenbezogener Daten, die sie aus der Schweiz unter Berufung auf die Swiss-U.S. DPF erhält, einhält.

Im Falle eines Widerspruchs zwischen den Bestimmungen dieser Datenschutzrichtlinie und den EU-US-DPF-Grundsätzen und/oder den US-Schweizer-DPF-Grundsätzen sind die Grundsätze vorrangig. Um mehr über das Data Privacy Framework (DPF)-Programm zu erfahren und um die Zertifizierung von Milliman einzusehen, besuchen Sie bitte https://www.dataprivacyframework.gov/.

Die Verantwortlichkeit von Milliman für personenbezogene Daten, die Milliman im Rahmen der DPF-Grundsätze erhält und anschließend an einen Dritten weitergibt, ist in den DPF-Grundsätzen beschrieben. Insbesondere bleibt Milliman gemäß den DPF-Grundsätzen verantwortlich und haftbar, wenn von Milliman beauftragte Dritte, die personenbezogenen Daten in einer Weise verarbeiten, die nicht mit den Grundsätzen vereinbar ist, es sei denn, Milliman weist nach, dass sie für das Ereignis, das zu einem Schaden geführt hat, nicht verantwortlich ist. Darüber hinaus hat Milliman, Inc. mit seinen im Europäischen Wirtschaftsraum ansässigen Tochtergesellschaften Datenschutzvereinbarungen auf der Grundlage der von der Europäischen Kommission herausgegebenen EU-Standardvertragsklauseln (die "EU-Standardvertragsklauseln") abgeschlossen.

Wie im Abschnitt "Wie Sie uns kontaktieren können" weiter unten erläutert, ermutigt Milliman jede Person, sich mit uns in Verbindung zu setzen, wenn sie eine Beschwerde im Zusammenhang mit der DPF (oder allgemein mit dem Datenschutz) hat. Das Recht auf Auskunft, Berichtigung, Löschung, Einschränkung der Verarbeitung sowie das Recht auf Datenübertragbarkeit von Personen mit Wohnsitz im Europäischen Wirtschaftsraum oder in der Schweiz kann unter den in der DSGVO festgelegten Bedingungen ausgeübt werden, Sie das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar is. Darüber hinaus haben diese Personen das Recht, jederzeit eine Beschwerde bei einer zuständigen Aufsichtsbehörde einzureichen.

Rechte

Sie haben nach der DSGVO eine Reihe von Rechten in Bezug auf Ihre personenbezogenen Daten, nämlich:

1. Das Recht auf Zugriff nach Art. 15 DSGVO: Sie haben das Recht, von uns eine Bestätigung darüber zu erhalten, ob personenbezogene Daten über Sie verarbeitet werden oder nicht, und, wenn dies der Fall ist, Zugriff auf diese personenbezogenen Daten zu erhalten (einschließlich des Erhalts einer Kopie davon). Weiterhin haben Sie das Recht, sich die Art und Weise und die Zwecke bestätigen zu lassen, in der bzw. zu denen wir Ihre personenbezogenen Daten verarbeiten, damit Sie deren Richtigkeit und die Rechtmäßigkeit der Verarbeitung überprüfen können.
2. Das Recht auf Berichtigung nach Art. 16 DSGVO: Sie haben das Recht, von uns die Berichtigung unrichtiger personenbezogener Daten, die Sie betreffen, zu verlangen, sowie das Recht, unvollständige personenbezogene Daten vervollständigen zu lassen, auch durch die Bereitstellung einer ergänzenden Erklärung
3. Das Recht auf Löschung nach Art. 17 DSGVO: Sie haben das Recht, von uns die unverzügliche Löschung Ihrer personenbezogenen Daten zu verlangen, , (a) wenn Ihre personenbezogenen Daten für den Zweck, für den sie erhoben/verarbeitet wurden, nicht mehr erforderlich sind; (b) wenn Sie Ihre Einwilligung zur Verarbeitung zurückziehen möchten (es sei denn, wir haben einen anderen Rechtsgrund für die Verarbeitung, auf den wir uns berufen können); (c) wenn die Verarbeitung auf unseren berechtigten Interessen beruht und es keine übergeordneten berechtigten Gründe für die Verarbeitung gibt; (d) wenn Ihre personenbezogenen Daten unrechtmäßig verarbeitet wurden.
4. Das Recht auf Einschränkung der Verarbeitung nach Art. 18 DSGVO: Sie haben das Recht, von uns die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten in folgenden Fällen zu erhalten: (a) wenn die Richtigkeit dieser persönlichen Daten von Ihnen angefochten wird (für einen Zeitraum, der es uns ermöglicht, die Richtigkeit Ihrer persönlichen Daten zu überprüfen); (b) wenn die Verarbeitung Ihrer personenbezogenen Daten unrechtmäßig ist, Sie jedoch gegen die Löschung solcher Daten Einspruch erheben und stattdessen eine Beschränkung ihrer Verwendung beantragen; (c) wenn Sie der Ansicht sind, dass wir Ihre personenbezogenen Daten nicht mehr für die Zwecke der Verarbeitung benötigen, sondern diese personenbezogenen Daten für die Begründung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen; (d) wenn Sie der Verarbeitung Ihrer persönlichen Daten aus Gründen des „berechtigten Interesses“ gemäß (iii) oben widersprochen haben, bis wir geprüft haben, ob unsere berechtigten Gründe Ihre eigenen überwiegen.
5. Das Widerspruchsrecht nach Art. 21 DSGVO: Sie haben das Recht, aus Gründen, die sich auf Ihre besondere Situation beziehen, jederzeit gegen die Verarbeitung Ihrer personenbezogenen Daten Widerspruch zu erheben, was sich auf unsere legitimen Interessen stützt, einschließlich der Erstellung von Profilen auf der Grundlage dieser Bestimmungen. Wir werden die personenbezogenen Daten nicht mehr verarbeiten, es sei denn, wir haben zwingende legitime Gründe für die Verarbeitung, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder für die Begründung, Ausübung oder Verteidigung von Rechtsansprüchen. Sie können jederzeit und ohne Angabe von Gründen gegen die Verarbeitung Ihrer personenbezogenen Daten oder für Direktmarketingzwecke Widerspruch einlegen.
6. Das Recht der Datenübertragbarkeit nach Art. 20 DSGVO: Sie haben das Recht, die Sie betreffenden personenbezogenen Daten, die Sie uns zur Verfügung gestellt haben, in einem strukturierten, allgemein verwendeten und maschinenlesbaren Format zu erhalten und diese Daten an einen anderen für die Datenverarbeitung Verantwortlichen zu übermitteln (bitte beachten Sie, dass dies nur gilt, wenn unsere Verarbeitung Ihrer personenbezogenen Daten auf Ihrer Zustimmung beruht und die Verarbeitung mit automatisierten Mitteln erfolgt).
7. Das Recht, sich an eine zuständige Datenschutzaufsichtsbehörde zu wenden (Art. 77 GDPR): Sie haben das Recht, sich an die zuständige Datenschutzaufsichtsbehörde zu wenden - in Österreich ist dies die "Österreichische Datenschutzbehörde" (https://www.dsb.gv.at/).

Bitte beachten Sie, dass jede Verarbeitung Ihrer personenbezogenen Daten vor der Löschung Ihres Kontos bei uns oder Ihre Bitte, dass wir Sie nicht mehr zu Direktmarketingzwecken kontaktieren, unter den dann geltenden gesetzlichen Bestimmungen gültig bleibt.

Sie können jedes Ihrer oben genannten Rechte ausüben, indem Sie das entsprechende Formulars, das Sie hier finden, ausfüllen. Für solche Anfragen nutzt Milliman die Data Subject Access Request-Plattform des Diensteanbieters One Trust. One Trust fungiert als Datenverarbeiter von Milliman. Sie können auch einen Brief an folgende Adresse senden: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Wir werden uns bemühen, eine solche Anfrage so schnell wie möglich zu beantworten, in jedem Fall aber innerhalb von 30 Tagen.

Wie Sie Kontakt mit uns aufnehmen

Milliman kann unter [email protected] kontaktiert werden. Milliman begrüßt Rückmeldungen und Fragen zu dieser Datenschutzrichtlinie. Wenn Sie sich aus irgendeinem Grund mit uns in Verbindung setzen möchten, senden Sie uns bitte eine E-Mail ([email protected]). Beschwerden werden intern in Übereinstimmung mit den Beschwerdeverfahren von Milliman gelöst.

Wenn Sie in der Europäischen Union, im Europäischen Wirtschaftsraum oder in der Schweiz leben und eine Beschwerde über den Umgang mit Ihren personenbezogenen Daten in Übereinstimmung mit den DPF-Grundsätzen haben und Ihre Bemühungen, die Angelegenheit intern zu lösen, nicht zufriedenstellend sind, kann die Beschwerde bei der American Arbitration Association (http://www.adr.org/) eingereicht werden, die als unabhängiger Beschwerdemechanismus zur Beilegung von Beschwerden und Streitigkeiten im Zusammenhang mit der Behandlung personenbezogener Daten ausgewählt wurde, die aus der Europäischen Union, dem Europäischen Wirtschaftsraum oder der Schweiz stammen und gemäß dieser Datenschutzrichtlinie in die USA übermittelt wurden. Unter bestimmten Bedingungen können Sie berechtigt sein, ein verbindliches Schiedsverfahren in Anspruch zu nehmen, wenn andere Streitbeilegungsverfahren ausgeschöpft wurden. Milliman unterliegt den Ermittlungs- und Durchsetzungsbefugnissen der U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman BVBA, Belgium

English | Dutch | French

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Belgian affiliate’s (Milliman BVBA) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman BVBA are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman BVBA are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman BVBA may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman BVBA’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman BVBA and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Belgium, such authority is the “Autorité de protection des données (APD)” (Homepage | Autorité de protection des données<br>Gegevensbeschermingsautoriteit (dataprotectionauthority.be)).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Privacybeleid persoonsgegevens Milliman - België (NL)

Laatst bijgewerkt in mei 2024

Wanneer Milliman handelt als verwerkingsverantwoordelijke

Milliman, Inc. en zijn filialen (“Milliman” of “we”) nemen gegevensbescherming zeer ernstig. Dit privacybeleid bepaalt de beginselen voor het gebruik en de bescherming van persoonsgegevens door het Belgische filiaal (Milliman BVBA), die personen en klanten die verblijven binnen de Europese Economische Ruimte, het eiland Man, Zwitserland en het VK met ons delen (“persoonsgegevens”), hierna “u”. Milliman zet zich in voor het behandelen van persoonsgegevens overeenkomstig dit privacybeleid, de algemene verordening gegevensbescherming van de EU (AVG) en andere wetgevingen inzake gegevensbescherming en privacy, voor zover van toepassing.

Verzamelen van gegevens

Geaggregeerde gegevens

Zoals veel bedrijven ziet Milliman toe op het gebruik van zijn websites door het verzamelen van geaggregeerde gegevens. Er worden geen persoonsgegevens verzameld tijdens dit proces. Milliman verzamelt doorgaans gegevens over het aantal bezoekers van de website en van elke webpagina, en over de oorspronkelijke domeinnaam van de internetprovider van de gebruiker. Deze gegevens worden gebruikt om het gebruiksgemak, de prestaties en de efficiëntie van de website van Milliman te verbeteren.

Cookies, Ingesloten inhoud van derden en Do not track-instellingen

Voor meer gedetailleerde informatie over het gebruik van cookies door Milliman en over uw keuzes met betrekking tot het gebruik van deze keuzes en de opt-outmogelijkheden, met inbegrip van informatie over ingesloten inhoud van derden op de website van Milliman en hoe Milliman op Do Not Track-signalen in browsers reageert, kunt u ons Cookiebeleid raadplegen. Klik hier.

Verwerking van persoonsgegevens

De persoonsgegevens die wij verzamelen, zijn afhankelijk van de aard van de geleverde diensten en onze interacties met personen. In het kader van de gegevensverzameling via deze website, de marketingactiviteiten van Milliman en het contractbeheer, kunnen wij persoonsgegevens verzamelen, opslaan en anderszins verwerken van:

- bezoekers van onze websites (voornaam, achternaam, titel, bedrijf, telefoonnummer, locatie, e-mailadres, onderwerp van het verzoek en doorgestuurd bericht) die informatie over producten of diensten van Milliman opvragen, voor het beheer van de relatie tussen de bezoekers en de beheerders van de website. De rechtsgrond voor de verwerking van persoonsgegevens is het rechtmatige belang van Milliman (art. 6, lid 1, onder f), AVG).

- vertegenwoordigers van klanten, ambtenaren, agenten en werknemers, zakenpartners, leveranciers, partijen bij een overeenkomst (naam, professioneel adres, titel, e-mail en andere professionele contactgegevens) voor contractbeheer. De professionele contactgegevens van de vertegenwoordigers van cliënten, hun werknemers en zakenpartners worden ook gebruikt om cliëntenaccounts te activeren en te onderhouden, onder andere voor facturatiedoeleinden, due diligence en conflictcontroles, om de communicatie te vergemakkelijken, om verzoeken in te willigen of te reageren op vragen over Milliman-producten of -diensten en om aanbiedingen en informatie te verstrekken (voor zover wettelijk toegestaan) over producten, diensten of evenementen die door Milliman worden aangeboden of waarvan Milliman denkt dat ze interessant kunnen zijn.

De rechtsgrond voor de verwerking van persoonsgegevens is het rechtmatige belang van Milliman (art. 6, lid 1, onder f), AVG). Milliman kan zich op uw toestemming beroepen (art. 6, lid 1, onder a), AVG) voor de verzending van marketingcommunicatie wanneer dit wordt vereist door de wetgeving inzake gegevensbescherming en privacy. In dergelijk geval zullen wij u vooraf om toestemming vragen voor de verzending van die communicatie. Milliman BVBA kan ook de professionele contactgegevens van de werknemers van zijn klanten gebruiken voor het versturen van enquêtes en vragenlijsten, of het organiseren van wedstrijden. De rechtsgrond voor de verwerking van persoonsgegevens is het rechtmatige belang van Milliman BVBA (art. 6, lid 1, onder f), AVG), tenzij de wetgeving inzake gegevensbescherming en privacy uw voorafgaande toestemming vereist. We kunnen ook persoonsgegevens over u verzamelen en verwerken uit openbare bronnen (zoals LinkedIn), waaronder uw naam/achternaam, e-mailadres, telefoonnummer, organisatie, titel/positie, beroep, professionele belangen, om ons in staat te stellen mogelijke interesse in onze diensten te beoordelen en contact met u op te nemen voor marketingdoeleinden.

Wanneer we met u communiceren over de producten en diensten die we aanbieden of ontwikkelen, krijgt u in elke communicatie de mogelijkheid om zich af te melden als u dergelijke communicatie in de toekomst niet meer wenst te ontvangen. Als u niet wilt dat wij uw persoonsgegevens voor onze marketingmails verzamelen, of als u zich wilt afmelden voor direct-marketingmededelingen, het toepasselijke formulier invullen dat beschikbaar is onder het hoofdstuk “Rechten”. Op uw verzoek zullen we uw persoonsgegevens niet langer gebruiken voor direct-marketingdoeleinden.

Als u ons persoonsgegevens van een andere persoon verstrekt, is het uw plicht om ervoor te zorgen dat deze persoon toestemming heeft gegeven voor of naar behoren is geïnformeerd over de verwerking van zijn/haar persoonsgegevens door Milliman.

U moet er tevens voor zorgen dat alle persoonsgegevens die u aan ons verstrekt volledig, nauwkeurig, waarheidsgetrouw en correct zijn. Als u dit niet doet, kan dit ertoe leiden dat wij niet in staat zijn om de door u gevraagde producten en diensten te leveren.

Er worden geen geautomatiseerde beslissingen genomen op basis van uw verzamelde persoonsgegevens.

Filialen en gemachtigde derde partijen

Alle websites, producten en diensten van Milliman worden aangeboden in samenwerking met Milliman, Inc., gevestigd in de VS. Alle Persoonsgegevens kunnen gedeeld worden tussen Milliman SAS en Milliman, Inc. of andere entiteiten die gecontroleerd worden door of onder gemeenschappelijke controle staan met Milliman, Inc, voor vestigingen in de VS en/of Europa, met het oog op de centralisatie van de algemene bedrijfsdiensten van Milliman, waaronder: administratieve diensten, contractbeheer, Client Relationship Management (CRM), IT-onderhoud, marketing en IT-beveiligingspraktijken, met het oog op het beheer en de beveiliging van de website, gegevensprivacy (beheer van verzoeken van betrokkenen) en om informatie te verstrekken over Millimanmarketingdiensten (cookiebeheer, onderzoek bijhouden via het websiteformulier van Milliman, communicatie over producten, diensten of evenementen van Milliman. ).

Milliman kan ook persoonsgegevens delen met geautoriseerde derde partijen of aannemers die Milliman diensten verlenen. Als Milliman persoonsgegevens deelt met een derde partij, vereist Milliman dat die derde partij ermee instemt om persoonsgegevens te verwerken op basis van de instructies van Milliman en in overeenstemming met dit privacybeleid.

Elke overdracht van persoonsgegevens is onderworpen aan passende veiligheidsmaatregelen die voldoen aan de AVG zoals beschreven in het hoofdstuk “Overdracht van persoonsgegevens over nationale grenzen heen”.

Andere openbaarmakingen

Milliman kan ook persoonsgegevens en andere gerelateerde informatie openbaren naar aanleiding van dagvaardingen, gerechtelijke bevelen of andere wettelijke verzoeken van openbare autoriteiten, en ten behoeve van de nationale veiligheid of rechtshandhaving. Milliman kan persoonsgegevens verzamelen en delen om onderzoek te doen of actie te ondernemen met betrekking tot illegale activiteiten, vermoedelijke fraude, schendingen van de gebruiksvoorwaarden van Milliman, of indien anders verplicht door de wet- of regelgeving.

Beveiliging

Milliman bewaart de persoonsgegevens op een server die is beveiligd met een wachtwoord en is beschermd tegen ongeautoriseerde toegang door een firewall. Milliman beschikt over een veiligheidsbeleid dat is bedoeld om de veiligheid en integriteit van alle persoonsgegevens te verzekeren. Milliman beschikt over gepaste technische en organisatorische maatregelen ter bescherming tegen ongeautoriseerde of onwettige verwerking van persoonsgegevens en tegen onopzettelijk verlies of vernietiging van, of schade aan, persoonsgegevens die worden bijgehouden of verwerkt door Milliman. Als Milliman persoonsgegevens doorstuurt naar een derde partij, vereist Milliman dat die derde partij over gepaste technische en organisatorische maatregelen beschikt om dit privacybeleid en de toepasselijke wetgeving na te leven.

Bewaring van gegevens

Milliman houdt persoonsgegevens maar zo lang bij als nodig om de in dit privacybeleid omschreven doelen te vervullen, tenzij de wet een langere bewaarperiode vereist of niet verbiedt. Milliman zal uw persoonsgegevens verwijderen zodra het doel waarvoor de persoonsgegevens worden verzameld, bereikt is, en de termijn voor documentatie en opslag van dergelijke persoonsgegevens verstreken is. Als u zich heeft afgemeld voor het ontvangen van marketinginformatie, zullen wij uw persoonsgegevens bijhouden voor andere doeleinden waarvoor er nog steeds gronden bestaan die de verwerking van die persoonsgegevens rechtvaardigen (bijvoorbeeld om te voldoen aan een wettelijke verplichting of wanneer de verwerking noodzakelijk is in het kader van onze rechtmatige belangen). In bepaalde gevallen, en als er geen andere rechtsgronden bestaan, zullen wij beperkte persoonsgegevens (zoals uw e-mailadres) over u bewaren, om te garanderen dat u dergelijke marketingcommunicatie niet meer ontvangt.

Kinderen

De websites, producten en diensten van Milliman zijn niet gericht op kinderen en Milliman verzamelt niet bewust persoonsgegevens van kinderen. Als een ouder of wettelijke voogd vaststelt dat zijn of haar kind persoonsgegevens heeft verstrekt aan Milliman zonder zijn of haar toestemming, moet de ouder of wettelijke voogd het toepasselijke formulier invullen dat beschikbaar is onder het hoofdstuk “Rechten”, en zal Milliman maatregelen treffen om dergelijke persoonsgegevens te verwijderen.

Links van derde partijen

De website van Milliman kan links aanbieden naar websites van derden die niet door ons worden gehost of beheerd (“website van derden“) en waarnaar u (een deel van) uw persoonsgegevens kunt exporteren.

We delen uw persoonsgegevens niet met deze websites van derden zonder uw uitdrukkelijke toestemming. Let op: alle informatie die u aan websites van derden verstrekt, wordt niet langer door ons beheerd en is niet langer onderworpen aan het privacybeleid inzake persoonsgegevens van Milliman.

U moet het privacybeleid van een dergelijke website van een derde aandachtig lezen voor informatie over de wijze van verzameling en gebruik van uw persoonsgegevens door die website, mocht u hebben besloten om uw persoonsgegevens te delen. We zijn niet verantwoordelijk voor de inhoud en de prestaties van deze websites van derden. Wij zijn op geen enkele wijze verantwoordelijk of aansprakelijk voor de manier waarop een website van een derde omgaat met de persoonsgegevens die u aan die website heeft verstrekt. Het gebruik van websites van derden is strikt op eigen risico.

Beleidsupdates

Milliman kan zijn privacybeleid zo nu en dan wijzigen. Milliman vraagt alle betrokken personen daarom om het beleid regelmatig te controleren om ervoor te zorgen dat ze op de hoogte zijn van de meest recente versie.

Overdracht van persoonsgegevens over nationale grenzen heen

Milliman is een wereldwijd opererend bedrijf dat persoonsgegevens over nationale grenzen heen overdraagt in overeenstemming met de wetten die op dergelijke overdrachten van toepassing zijn. Milliman heeft passende voorzorgsmaatregelen getroffen om ervoor te zorgen dat zijn gegevensoverdrachten voldoende worden beschermd. De rechtsgrondslagen van Milliman voor de respectieve gegevensoverdrachten worden uiteengezet in dit privacybeleid. Wanneer persoonsgegevens worden overgedragen van een van onze entiteiten in de Europese Economische Ruimte (“EER”), Zwitserland, het eiland Man of het Verenigd Koninkrijk naar de Verenigde Staten of een ander land buiten de EER, of van entiteiten in de EER naar een ander land buiten de EER, vertrouwen we op een of meer van de volgende juridische mechanismen die voldoende waarborgen bieden voor de overdrachten: de adequaatheidsbesluiten die door de Europese Commissie zijn genomen op basis van art. 45 AVG, de door de Europese Commissie goedgekeurde modelcontractbepalingen, het EU-VS Data Privacy Framework (EU-VS DPF), de UK Extension to the EU-VS DPF en het Swiss-US Data Privacy Framework (Swiss-US DPF), of een ander toepasselijk overdrachtsmechanisme dat door de toepasselijke wetgeving inzake gegevensbescherming als adequaat wordt beschouwd. U kunt een kopie opvragen van alle standaard contractuele clausules met betrekking tot uw Persoonsgegevens die we hebben uitgevoerd door contact met ons op te nemen via onderstaande gegevens. Milliman verplicht zich om samen te werken met de gegevensbeschermingsautoriteiten van de EU, de Zwitserse Federal Data Protection Information Commissioner, de Isle of Man Information Commissioner, de Information Commissioner's Office van het Verenigd Koninkrijk en elke andere relevante gegevensbeschermingsautoriteit, en om te voldoen aan het advies van dergelijke autoriteiten, met betrekking tot Persoonsgegevens die worden overgedragen van een van onze entiteiten in de EER, Zwitserland, het Isle of Man of het Verenigd Koninkrijk, naar landen buiten de EER. Milliman zal alle noodzakelijke effectbeoordelingen uitvoeren, volgens de regels van de toepasselijke wetgeving inzake gegevensbescherming en zo de veilige overdracht van uw Persoonsgegevens garanderen.

Data Privacy Framework

Milliman verbindt zich ertoe Persoonsgegevens te behandelen in overeenstemming met dit Privacybeleid en het EU-VS Data Privacy Framework (EU-VS DPF), de UK Extension to the EU-VS DPF en het Swiss-US Data Privacy Framework (Swiss-US DPF), zoals beheerd door het Amerikaanse Ministerie van Handel. Milliman heeft aan het Amerikaanse Ministerie van Handel verklaard dat het zich houdt aan de principes van het EU-VS Data Privacy Framework (EU-VS DPF Principes) met betrekking tot de verwerking van persoonlijke gegevens ontvangen van de Europese Unie in vertrouwen op het EU-VS DPF en van het Verenigd Koninkrijk (en Gibraltar) in vertrouwen op de UK Extension to the EU-U.S. DPF. Milliman heeft aan het Amerikaanse Ministerie van Handel verklaard dat het zich houdt aan de Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) met betrekking tot de verwerking van persoonsgegevens ontvangen uit Zwitserland in afhankelijkheid van de Swiss-U.S. DPF.

In geval van tegenstrijdigheid tussen de voorwaarden van dit Privacybeleid en de EU-VS DPF-beginselen en/of de Zwitsers-Amerikaanse DPF-beginselen, gelden de beginselen. Ga voor meer informatie over het DPF-programma (Data Privacy Framework) en de certificering van Milliman naar https://www.dataprivacyframework.gov/.

De verantwoordelijkheid van Milliman voor Persoonsgegevens die het bedrijf ontvangt onder de DPF-principes en vervolgens doorgeeft aan een derde partij wordt beschreven in de DPF-principes. Milliman blijft in het bijzonder verantwoordelijk en aansprakelijk volgens de DPF-principes als derden die door Milliman zijn ingeschakeld de Persoonsgegevens verwerken op een manier die niet in overeenstemming is met de Principes, tenzij Milliman bewijst dat het niet verantwoordelijk is voor de gebeurtenis die tot schade heeft geleid. Bovendien heeft Milliman, Inc. gegevensbeschermingsovereenkomsten opgesteld met zijn filialen in de Europese Economische Ruimte, gebaseerd op de Standaard Contractuele Clausules van de EU uitgegeven door de Europese Commissie (de "Standaard Contractuele Clausules van de EU").

Zoals verder uitgelegd in de paragraaf "Hoe contact met ons opnemen" hieronder, moedigt Milliman iedereen aan om contact met ons op te nemen als ze een DPF-gerelateerde (of algemene privacy-gerelateerde) klacht hebben. Elk recht op toegang, rectificatie, uitwissing, beperking van de verwerking en het recht op gegevensoverdraagbaarheid van personen die gedomicilieerd zijn in de Europese Economische Ruimte of Zwitserland, kan uitgeoefend worden onder de voorwaarden van de GDPR door het formulier in te vullen dat beschikbaar is onder “Rechten”. Bovendien hebben deze personen het recht om op elk moment een klacht in te dienen bij een bevoegde toezichthoudende autoriteit.

Rechten

De AVG voorziet in een aantal rechten met betrekking tot uw persoonsgegeven:

1. het recht van inzage op grond van artikel 15 van de AVG: u heeft het recht om van ons uitsluitsel te verkrijgen over het al dan niet verwerken van u betreffende persoonsgegevens en, wanneer dat het geval is, om inzage te verkrijgen in die persoonsgegevens (onder andere door het verkrijgen van een kopie) en de wijze waarop en de doeleinden waarvoor wij uw persoonsgegevens verwerken, zodat u de juistheid en de rechtmatigheid van de verwerking kunt controleren.
2. het recht van inzage op grond van artikel 15 van de AVG u heeft het recht om van ons uitsluitsel te verkrijgen over het al dan niet verwerken van u betreffende persoonsgegevens en, wanneer dat het geval is, om inzage te verkrijgen in die persoonsgegevens (onder andere door het verkrijgen van een kopie) en de wijze waarop en de doeleinden waarvoor wij uw persoonsgegevens verwerken, zodat u de juistheid en de rechtmatigheid van de verwerking kunt controleren.
3. het recht op rectificatie op grond van artikel 16 van de AVG: u heeft het recht om van ons onverwijld rectificatie van u betreffende onjuiste persoonsgegevens te verkrijgen, en het recht vervollediging van onvolledige persoonsgegevens te verkrijgen, onder meer door een aanvullende verklaring te verstrekken.
4. (iii) het recht op gegevenswissing op grond van artikel 17 van de AVG: het recht om uw Persoonsgegevens zonder onnodige vertraging van ons te laten wissen wanneer (a) uw persoonsgegevens niet langer nodig zijn voor de doeleinden waarvoor zij zijn verzameld/verwerkt; (b) u uw toestemming waarop de verwerking berust, wilt intrekken (tenzij er een andere rechtsgrond voor de verwerking bestaat); (c) de verwerking gebaseerd is op ons rechtmatige belang en er geen prevalerende dwingende gerechtvaardigde gronden voor de verwerking zijn; (d) uw persoonsgegevens onrechtmatig zijn verwerkt;
5. het recht op beperking van de verwerking op grond van artikel 18 van de AVG: u heeft het recht van ons de beperking van de verwerking van uw persoonsgegevens te verkrijgen indien (a) u de juistheid van de persoonsgegevens betwist (gedurende een periode die ons in staat stelt de juistheid van de persoonsgegevens te controleren); (b) de verwerking van uw persoonsgegevens onrechtmatig is en u zich verzet tegen het wissen van de persoonsgegevens en in de plaats daarvan om beperking van het gebruik ervan verzoekt; (c) u van mening bent dat we uw persoonsgegevens niet meer nodig hebben voor de verwerkingsdoeleinden, maar deze nodig heeft voor de instelling, uitoefening of onderbouwing van een rechtsvordering; (d) u bezwaar heeft gemaakt tegen de verwerking van uw persoonsgegevens op grond van “rechtmatige belangen” overeenkomstig (iii), in afwachting van het antwoord op de vraag of onze gerechtvaardigde gronden zwaarder wegen dan de uwe.
6. het recht van bezwaar op grond van artikel 21 van de AVG: u u heeft het recht om, op grond van uw specifieke situatie, te allen tijde bezwaar te maken tegen de verwerking van uw persoonsgegevens, wat gebaseerd is op onze legitieme belangen, inclusief profilering op basis van deze bepalingen. We staken de verwerking van de persoonsgegevens tenzij we dwingende gerechtvaardigde gronden voor de verwerking aanvoeren die zwaarder wegen dan uw belangen, rechten en vrijheden of verband houden met de instelling, uitoefening of onderbouwing van een rechtsvordering. U kunt te allen tijde en zonder opgave van redenen bezwaar maken tegen de verwerking van uw persoonsgegevens ten behoeve van direct marketing.
7. het recht op overdraagbaarheid van gegevens op grond van artikel 20 van de AVG: u heeft het recht de u betreffende persoonsgegevens, die u aan ons heeft verstrekt, in een gestructureerde, gangbare en machineleesbare vorm te verkrijgen, en die gegevens aan een andere verwerkingsverantwoordelijke over te dragen (let op: dit geldt alleen als onze verwerking van uw persoonsgegevens gebaseerd is op uw toestemming en als de verwerking wordt uitgevoerd op geautomatiseerde wijze.).
8. het recht om klacht in te dienen bij een toezichthoudende autoriteit (artikel 77 van de AVG): u heeft het recht een klacht in te dienen bij de bevoegde toezichthoudende autoriteit - in België is dat de “Gegevensbeschermingsautoriteit” (www.gegevensbeschermingsautoriteit.be).

Let op: elke verwerking van uw persoonsgegevens voorafgaand aan de verwijdering van uw account of uw verzoek om niet langer te worden gecontacteerd voor direct-marketingdoeleinden, zal geldig blijven volgens de dan geldende gerechtvaardigde gronden.

U kunt al uw rechten uitoefenen zoals hierboven vermeld, door het formulier in te vullen dat hier beschikbaar is. Voor dergelijke verzoeken gebruikt Milliman het Data Subject Access Request-platform van de dienstverlener One Trust. One Trust treedt op als de gegevensverwerker van Milliman. U kunt ook een brief sturen naar : Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Parijs. We zullen proberen zo snel mogelijk, en in ieder geval binnen 30 dagen, op een dergelijk verzoek te reageren.

Hoe contact opnemen met ons

Milliman kan gecontacteerd worden op [email protected]. Milliman verwelkomt feedback en vragen over dit Privacybeleid. Als u om welke reden dan ook contact met ons wilt opnemen, stuur dan een e-mail ([email protected]). Klachten worden intern opgelost in overeenstemming met de klachtenprocedures van Milliman.

Als u in de Europese Unie, Europese Economische Ruimte of Zwitserland woont en een klacht hebt over de behandeling van uw Persoonsgegevens in overeenstemming met de DPF-principes en uw pogingen om de zaak intern op te lossen niet bevredigend zijn, kan de klacht worden voorgelegd aan de American Arbitration Association (http://www.adr.org/), die is geselecteerd als het onafhankelijke verhaalmechanisme voor het oplossen van klachten en geschillen met betrekking tot de behandeling van Persoonsgegevens die afkomstig zijn uit de Europese Unie, Europese Economische Ruimte of Zwitserland en die naar de VS zijn overgedragen onder dit Privacybeleid. Onder bepaalde voorwaarden kunt u een beroep doen op bindende arbitrage wanneer andere procedures voor het oplossen van geschillen zijn uitgeput. Milliman is onderworpen aan de onderzoeks- en handhavingsbevoegdheden van de Amerikaanse Federal Trade Commission (FTC).

Politique de protection des Données personnelles de Milliman –Milliman BVBA, Belgique

Dernière mise à jour : Mai 2024

Lorsque Milliman agit en tant que responsable du traitement des données

Milliman, Inc. et ses sociétés affiliées (« Milliman » ou « nous ») prennent très au sérieux la protection des données. La présente politique de protection des données fixe les principes qui régissent l’utilisation et la protection par la filiale belge (Milliman BVBA) des données personnelles que les personnes physiques et les clients résidant dans l’Espace Économique Européen, sur l’île de Man, en Suisse et au Royaume-Uni (ci-après « vous ») partagent avec nous (les « Données personnelles »). Milliman s’est engagée à traiter les Données personnelles conformément aux dispositions de la présente Politique de protection des données, au bouclier de protection des données Union Européenne-États-Unis, au Règlement Général sur la Protection des Données (RGPD) et aux autres lois relatives à la protection des données et au respect de la vie privée, le cas échéant.

Milliman, Inc. et Milliman BVBA sont coresponsables du traitement des Données personnelles qui est décrit dans la présente politique de protection des données personnelles. Ainsi, Milliman, Inc. et Milliman BVBA sont tous deux responsables du respect des lois applicables en matière de protection des données.

Collecte des Données

Données agrégées

Comme de nombreuses entreprises, Milliman surveille l’utilisation de ses sites web en recueillant des données agrégées. Aucune Donnée personnelle n’est collectée de cette façon. En règle générale, Milliman collecte des données concernant le nombre de visiteurs ayant consulté son site web ou chacune de ses pages web ainsi que les noms de domaine des fournisseurs d’accès à Internet de ses visiteurs. Ces données servent à améliorer la fonctionnalité du site web de Milliman, ses performances et son efficacité.

Cookies, contenu tiers intégré et do not track

Pour obtenir des informations plus détaillées concernant les cookies utilisés par Milliman ainsi que les possibilités d’utilisation ou de refus des cookies, avec notamment des informations sur le contenu tiers intégré sur le site web de Milliman et la façon dont Milliman répond aux signaux do not track des navigateurs, veuillez consulter notre Politique en matière de cookies disponible ici.

Traitement des Données personnelles

Les Données personnelles que nous collectons varient en fonction de la nature des services fournis et de nos interactions avec les personnes. En ce qui concerne la collecte des données au travers du site web ou dans le cadre des activités de marketing et de gestion des contrats de Milliman, nous pouvons collecter, stocker et traiter d’une autre manière les Données personnelles des personnes suivantes :

- les visiteurs de nos sites web (prénom, nom de famille, fonction, société, numéro de téléphone, localisation, adresse e-mail, sujet de la demande et message envoyé) qui demandent des renseignements sur des produits ou des services fournis par Milliman, dans le but de gérer la relation avec ces visiteurs et d’administrer le site web. La base juridique du traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD).

- les représentants, les dirigeants, les agents et collaborateurs, les partenaires commerciaux, les fournisseurs ou les parties à un contrat (nom, adresse professionnelle, fonction, e-mail et autres coordonnées professionnelles), dans le but d’assurer la gestion des contrats. Les coordonnées professionnelles des représentants des clients, de leurs collaborateurs et de leurs partenaires commerciaux sont également utilisées pour activer les comptes clients et les maintenir actifs, y compris à des fins de facturation, de diligence raisonnable et de vérification des conflits, afin de faciliter la communication entre les parties, pour satisfaire les demandes ou répondre aux questions concernant des produits ou des services fournis par Milliman et pour communiquer des offres ou des informations (conformément à la loi) sur les produits, les services ou les évènements proposés par Milliman ou susceptibles, selon Milliman, de présenter un intérêt. La base juridique pour le traitement des Données personnelle est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD). Milliman peut se fonder sur votre consentement (Art. 6 (1) lettre (a) du RGPD) pour envoyer des communications marketing lorsque les lois sur la protection des données et le respect de la vie privée l’exigent et dans ce cas, nous vous demanderons votre consentement avant d’envoyer la communication. Milliman BVBA peut également utiliser les coordonnées professionnelles des collaborateurs de ses clients dans le but d’envoyer des sondages et des questionnaires ou dans le but d’organiser des concours. Concernant ces activités, la base juridique pour le traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD), à moins que la législation relative à la protection des données et au respect de la vie privée exige un consentement préalable de votre part. Nous pouvons également collecter et traiter des Données personnelles limitées vous concernant que nous obtenons auprès de sources publiques (comme LinkedIn), notamment votre prénom, votre nom de famille, votre adresse e-mail, votre numéro de téléphone, votre organisation, votre fonction ou votre poste, votre profession et vos centres d’intérêts professionnels, dans le but de pouvoir évaluer un potentiel intérêt pour nos services et de vous contacter à des fins de marketing.

Lorsque nous communiquons avec vous à propos des produits et des services que nous proposons ou que nous développons, vous avez la possibilité, dans chaque communication, de vous désabonner et d’éviter à l’avenir les communications de ce type. Si vous ne souhaitez pas que nous collections vos Données personnelles à partir de nos e-mails marketing ou si vous souhaitez vous désabonner de nos communications de marketing direct, vous pouvez remplir le formulaire disponible dans la section « Droits ». Nous cesserons d’utiliser vos Données personnelles à des fins de marketing une fois que vous nous l’aurez demandé.

Si vous nous fournissez les Données personnelles d’une autre personne, il est de votre devoir de vous assurer que cette personne a accepté le traitement de ses Données personnelles par Milliman ou qu’elle en a été correctement informée.

Vous devez également vous assurer que toutes les Données personnelles que vous nous fournissez sont complètes, précises, véridiques et exactes. En cas contraire, il est possible que nous ne soyons pas en mesure de vous fournir les produits et les services que vous avez demandés.

Vous devez également vous assurer que toutes les Données personnelles qui nous sont soumises sont complètes, exactes, véridiques et correctes. Si vous ne le faites pas, nous pourrions ne pas être en mesure de vous fournir les produits et services que vous avez demandés.

Aucune prise de décision automatisée n’est prise à partir des Données personnelles que nous collectons auprès de vous.

Sociétés affiliées et mandataires tiers autorisés

Tous les sites web, les produits et les services de Milliman sont fournis en collaboration avec la société Milliman, Inc., implantée aux États-Unis. Toutes les Données personnelles peuvent être partagées par Milliman BVBA et Milliman, Inc., situés aux États-Unis et/ou en Europe, à des fins de centralisation des services généraux de Milliman, y compris les services administratifs, la gestion de contrats, la gestion des relations avec les clients (CRM), la maintenance informatique, le marketing et les pratiques de sécurité informatique, à des fins de gestion et de sécurité du site Internet , de la confidentialité des données (gestion des demandes des personnes concernées) et pour fournir des informations sur les services de marketing de Milliman (gestion des cookies, suivi des demandes via le formulaire du site Internet de Milliman, communication concernant les produits, les services ou les événements de Milliman).

Nous pouvons également partager les Données personnelles avec des sociétés affiliées qui utilisent la marque MILLIMAN®, auquel cas nous exigerons à ces sociétés affiliées qu’elles respectent la présente politique de protection des données. Veuillez noter que nous pouvons transférer vos Données personnelles vers un pays qui n’a pas les mêmes lois sur la protection des données que votre pays d’origine. Toutefois, Milliman s’assurera que ses différentes unités et sociétés affiliées traiteront les Données à caractère personnel conformément à la présente politique de protection des données.

Milliman peut également partager les Données personnelles avec des mandataires ou des sous-traitants tiers autorisés qui fournissent des services à Milliman. Si Milliman partage des Données personnelles avec un tiers, Milliman exige que ce tiers s’engage à traiter les Données personnelles en suivant les instructions données par Milliman et en se conformant aux dispositions de la présente politique de protection des données.

Tout transfert de Données personnelles est soumis à des mesures de protection appropriées qui répondent aux exigences du RGPD, comme plus précisément décrit dans la section « Transfert transfrontalier de Données personnelles ».

Autres divulgations

Milliman peut également divulguer des Données personnelles et d’autres informations connexes en réponse à des assignations en justice, à des décisions de justice ou à d’autres demandes légales émanant des autorités publiques, ainsi que pour satisfaire à des exigences de sécurité nationale ou d’application de la loi. Milliman peut collecter et partager des Données personnelles afin d’enquêter ou de prendre des mesures en cas d’activités illégales, de soupçons de fraude, de violation des Conditions générales d’utilisation de Milliman ou pour d’autres raisons prévues par la loi ou la réglementation.

Sécurité

Milliman stocke les Données personnelles sur un serveur sécurisé, protégé par un mot de passe, et protégé contre tout accès non autorisé par un pare-feu. Milliman a mis en place des politiques de sécurité visant à assurer la sécurité et l'intégrité de toutes les Données personnelles. Milliman dispose de mesures techniques et organisationnelles appropriées pour se protéger contre le traitement non autorisé ou illégal des Données personnelles et contre toute perte ou destruction accidentelle des Données Personnelles détenues ou traitées par Milliman ou contre tout dommage causé aux Données personnelles. Si Milliman transmet des Données personnelles à un tiers, Milliman exige que ce tiers dispose de mesures techniques et organisationnelles appropriées pour se conformer à la présente Politique de protection des données personnelles et aux lois applicables.

Conservation des Données

Milliman conserve les Données personnelles aussi longtemps que nécessaire pour atteindre les objectifs décrits dans la présente Politique de protection des données, sauf si une période de conservation plus longue est requise ou n’est pas interdite par la loi. Milliman supprimera vos Données personnelles dès que l’objectif de la collecte et du traitement de ces Données personnelles aura été rempli et dès que la durée prévue pour la documentation et la sauvegarde de ces Données personnelles sera arrivée à expiration. Si vous vous êtes désabonné de nos informations marketing, nous continuerons à conserver vos Données personnelles à toute autre fin pour laquelle nous disposons encore d’une base juridique permettant de traiter ces Données personnelles (par exemple pour se conformer à une obligation légale ou lorsque le traitement est nécessaire en raison d’un intérêt légitime de notre part). Dans certains cas, lorsqu’il n’existe aucune autre base juridique, nous conserverons dans nos registres des Données personnelles limitées vous concernant (comme votre adresse e-mail), afin de pouvoir garantir qu’aucune communication marketing ne vous soit envoyée à l’avenir.

Enfants

Les sites web, les produits et les services de Milliman ne s'adressent pas aux enfants et Milliman ne collecte pas sciemment des Données personnelles auprès des enfants. Si un parent ou un tuteur devait apprendre que son enfant avait fourni des Données personnelles à Milliman sans son consentement, le parent ou le tuteur légal devra remplir le formulaire disponible dans la section « Droits » et Milliman prendra les dispositions qui s’imposent pour supprimer ces Données personnelles.

Liens vers les sites tiers

Le site web de Milliman peut contenir des liens vers des sites web qui sont hébergés et exploités par d’autres sociétés (« Sites web tiers ») et vers lesquels vous pouvez exporter (une partie de) vos Données personnelles.

Nous ne divulguons pas vos Données personnelles à ces Sites web tiers sans votre consentement explicite. Veuillez noter que les informations que vous divulguez à des Sites web tiers échappent à notre contrôle et qu’elles ne sont plus couvertes par la Politique de Milliman sur la protection des Données personnelles.

Nous vous invitons à consulter les pratiques de ces Sites web tiers en matière de protection des données afin de savoir comment vos Données personnelles seront collectées et utilisées si vous décidez de les divulguer. Nous ne sommes pas responsables du contenu ou du fonctionnement de ces Sites web tiers. Nous ne sommes en aucun cas responsables de la manière dont un Site web tiers traite les Données personnelles que vous décidez de lui fournir et l’utilisation des Sites web tiers s’effectue exclusivement à vos risques et périls.

Actualisation de la Politique

Milliman peut modifier sa politique de Protection des Données personnelles à tout moment. Milliman demande, par conséquent, à toutes les personnes concernées de bien vouloir périodiquement s’assurer qu’elles ont connaissance de la dernière version applicable.

Transfert transfrontalier de Données personnelles

Milliman est une entreprise internationale qui transfère des Données personnelles au-delà des frontières nationales conformément aux lois qui s'appliquent à ces transferts. Milliman a mis en place des garanties appropriées pour s'assurer que ses transferts de données sont protégés de manière adéquate. Les fondements juridiques de Milliman pour les transferts de données respectifs sont décrits dans la présente politique de protection des Données personnelles. Lorsque des Données personnelles sont transférées d'une de nos entités dans l'Espace Economique Européen ("EEE"), en Suisse, sur l'Ile de Man ou au Royaume-Uni vers les Etats-Unis ou un autre pays en dehors de l'EEE, ou d'entités dans l'EEE vers un autre pays en dehors de l'EEE, nous nous appuyons sur un ou plusieurs des mécanismes juridiques suivants qui fournissent des garanties adéquates pour les transferts : les décisions d'adéquation adoptées par la Commission Européenne sur la base de l'Art. 45 GDPR, les clauses contractuelles types approuvées par la Commission européenne, le cadre de protection des données UE-États-Unis (EU-US DPF), l'extension britannique du cadre de protection des données UE-États-Unis et le cadre de protection des données Suisse-États-Unis (Swiss-US DPF), ou tout autre mécanisme de transfert jugé adéquat par les lois applicables en matière de protection des Données. Vous pouvez demander une copie de toute clause contractuelle standard relative à vos Données personnelles que nous aurions exécutée en nous contactant aux coordonnées ci-dessous. Milliman s'engage à coopérer avec les autorités de protection des Données de l'UE, le Commissaire fédéral suisse à la protection des données, le Commissaire à l'information de l'Île de Man, le Bureau du Commissaire à l'information du Royaume-Uni et toute autre autorité de protection des données concernée, et à se conformer aux conseils donnés par ces autorités, en ce qui concerne les données personnelles transférées de l'une de nos entités de l'EEE, de la Suisse, de l'Île de Man ou du Royaume-Uni vers des pays situés en dehors de l'EEE. Milliman procédera à toutes les évaluations d'impact nécessaires, conformément aux règles prévues par les lois applicables en matière de protection des données, garantissant ainsi la sécurité du transfert de vos données à caractère personnel.

Cadre du bouclier de Protection des Données (EU – US DPF)

Milliman s'engage à traiter les Données personnelles conformément à la présente politique de confidentialité et au cadre de protection des données UE-États-Unis (EU-US DPF), à l'extension britannique du cadre de protection des données UE-États-Unis et au cadre de protection des données Suisse-États-Unis (Swiss-US DPF), tels qu'administrés par le ministère du Commerce des États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre UE-États-Unis de protection des données personnelles (principes du DPF UE-États-Unis) en ce qui concerne le traitement des données personnelles reçues de l'Union européenne en vertu du DPF UE-États-Unis et du Royaume-Uni (et de Gibraltar) en vertu de l'extension britannique du DPF UE-États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre de protection des données Suisse-États-Unis (principes du DPF Suisse-États-Unis) en ce qui concerne le traitement des données à caractère personnel reçues de la Suisse en vertu du DPF Suisse-États-Unis.

En cas de conflit entre les termes de la présente Politique de protection des données personnelles et les principes du DPF UE-États-Unis et/ou les principes du DPF Suisse-États-Unis, les principes prévaudront. Pour en savoir plus sur le programme Data Privacy Framework (DPF) et pour consulter la certification de Milliman, veuillez consulter le site https://www.dataprivacyframework.gov/.

La responsabilité de Milliman à l'égard des Données personnelles qu'elle reçoit dans le cadre du EU-US DPF et qu’elle transfert ensuite à des tiers est décrite dans les Principes du EU-US DPF. En particulier, Milliman est et restera responsable en vertu des principes du Bouclier de protection si des tiers engagés par Milliman traitent les Données personnelles d'une manière non conforme aux Principes du EU -US DPF , à moins que Milliman puisse prouver qu'elle n'est pas responsable de l’événement à l’origine des préjudices. Par ailleurs, Milliman, Inc. a conclu des accords de protection des données avec ses sociétés affiliées situées dans l'Espace économique européen qui s’appuient sur les Clauses contractuelles types de l'UE édictées par la Commission européenne (les « Clauses contractuelles types de l’Union européenne »).

Comme indiqué en détail ci-après dans la section intitulée « Comment nous contacter », Milliman incite fortement toute personne à nous contacter si elle a une plainte à déposer au sujet du EU-US DPF (ou une plainte liée à sa vie privée). Tout droit d'accès, de rectification, d'effacement, de restriction du traitement ainsi que le droit à la portabilité des données des personnes physiques domiciliées dans l'Espace économique européen ou en Suisse peuvent être exercés dans les conditions prévues par le RGPD en remplissant le formulaire disponible dans la section « Droits ». En outre, ces personnes auront le droit de déposer, à tout moment, une plainte auprès d'une autorité de surveillance compétente.

Droits

En vertu du RGPD, vous disposez d’une série de droits concernant vos Données personnelles, à savoir :

1. le droit d’accès prévu par l’art. 15 du RGPD : vous avez le droit d’obtenir de notre part la confirmation que des Données personnelles vous concernant sont ou ne sont pas traitées et, lorsqu’elles le sont, l’accès auxdites données (y compris au moyen d’une copie), à la manière dont nous les traitons et aux finalités du traitement afin que vous puissiez vérifier l’exactitude et la licéité de ce traitement.
2. le droit de rectification prévu par l’art. 16 du RGPD : vous avez le droit d’obtenir de notre part la rectification des Données personnelles vous concernant qui sont inexactes, ainsi que le droit d’obtenir que les données personnelles incomplètes soient complétées, y compris en fournissant une déclaration complémentaire.
3. le droit à l’effacement prévu par l’art. 17 du RGPD : le droit d’obtenir de notre part l’effacement de vos Données personnelles dans les meilleurs délais lorsque (a) vos Données personnelles ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été collectées ou traitées ; (b) vous souhaitez retirer votre consentement au traitement (sauf lorsqu’il existe un autre fondement juridique pour le traitement sur lequel nous pourrions nous baser) ; (c) le traitement est fondé sur nos intérêts légitimes et qu’il n’existe pas de motif légitime impérieux pour le traitement ; (d) vos Données personnelles ont fait l’objet d’un traitement illicite ;
4. le droit à la limitation du traitement prévu par l’art. 18 du RGPD : vous avez le droit d’obtenir de notre part la limitation du traitement de vos Données personnelles lorsque (a) vous contestez l’exactitude des Données personnelles (pendant une durée nous permettant de vérifier l’exactitude de vos Données personnelles) ; (b) le traitement de vos Données personnelles est illicite et vous vous opposez à leur effacement et exigez à la place la limitation de leur utilisation ; (c) vous considérez que nous n’avons plus besoin de vos Données personnelles aux fins du traitement mais que celles-ci vous sont encore nécessaires pour la constatation, l’exercice ou la défense de droits en justice ; (d) vous vous êtes opposé au traitement de vos Données personnelles sur la base d’un « intérêt légitime » en vertu du (iii) ci-dessus, pendant que nous vérifions si nos motifs légitimes prévalent sur les vôtres.
5. le droit d’opposition prévu par l’art. 21 du RGPD : vous avez le droit de vous opposer à tout moment, pour des raisons tenant à votre situation particulière, à un traitement de vos Données personnelles fondé sur nos intérêts légitimes, y compris un profilage fondé sur ces dispositions. Nous ne traiterons plus les Données personnelles, à moins que nous ne justifions qu’il existe des motifs légitimes et impérieux pour le traitement qui prévalent sur vos intérêts et vos libertés, ou pour la constatation, l’exercice ou la défense de droits en justice. Vous pouvez vous opposer à tout moment et sans motif au traitement de vos Données personnelles à des fins de marketing direct.
6. le droit à la portabilité des données prévu par l’art. 20 du RGPD : vous avez le droit de recevoir les Données personnelles vous concernant et que vous nous avez fournies dans un format structuré, couramment utilisé et lisible par machine, et vous avez le droit de transmettre ces données à un autre responsable du traitement (veuillez noter que cette disposition s’applique uniquement lorsque le traitement de vos Données personnelles est fondé sur votre consentement et que le traitement est effectué à l’aide de procédés automatisés).
7. le droit d’introduire une réclamation auprès d’une autorité de contrôle compétente en matière de protection des données (art. 77 du RGPD) : vous avez le droit d’introduire une réclamation auprès de l’autorité de contrôle compétente en matière de protection des données. En Belgique, cette autorité est la “Gegevensbeschermingsautoriteit” (www.gegevensbeschermingsautoriteit.be).

Veuillez noter que tout traitement de vos Données personnelles qui aurait été effectué avant la suppression de votre compte chez nous ou avant une demande de votre part exigeant que nous ne vous contactions plus à des fins de marketing direct restera valable conformément aux bases juridiques en vigueur à la date correspondante.

Vous pouvez exercer vos droits indiqués ci-dessus en remplissant le formulaire applicable disponible ici. Pour ces demandes, Milliman utilise la plateforme du prestataire de services One Trust. One Trust agit en tant que sous-traitant des données de Milliman. Vous pouvez également envoyer une lettre à : Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Nous nous efforcerons de répondre à votre demande dès que possible et dans tous les cas dans les 30 jours suivant votre demande.

Comment nous contacter

Milliman peut être contacté à l’adresse : [email protected]. Milliman accueille avec plaisir les commentaires et les questions sur la présente Politique de protection des données personnelles. Si, pour quelque raison que ce soit, vous souhaitez nous contacter, veuillez nous envoyer un courrier électronique ([email protected]). Les plaintes seront résolues en interne conformément aux procédures de plainte de Milliman.

Si vous habitez dans un pays membre de l'Union européenne, dans l'Espace économique européen ou en Suisse et que vous souhaitez déposer une plainte au sujet du traitement de vos Données personnelles conformément au cadre du EU – US DPF et si vos efforts pour obtenir en interne la résolution de votre problème sont restés vains, vous pourrez soumettre votre plainte à l'American Arbitration Association (http://www.adr.org/), qui a été choisie en tant que mécanisme de recours indépendant pour traiter les plaintes et régler les litiges relatifs au traitement des Données personnelles qui proviennent de l'Union européenne, de l'Espace économique européen ou de la Suisse et qui sont transmises aux États-Unis en vertu de la présente Politique de protection des données personnelles. Sous certaines conditions, vous aurez également le droit de recourir à l’arbitrage contraignant si les autres procédures de règlement des litiges ont été épuisées. Milliman est soumise aux pouvoirs d'enquête et d'exécution de la Federal Trade Commission (FTC) [Commission fédérale du commerce des États-Unis].

Milliman Personal Data Privacy Policy- Milliman Consultoria Atuarial LTDA, Brazil

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s and the Brazilian affiliate’s (Milliman Consultoria Atuarial LTDA) use and protection of personal data that individuals and clients residing within the territory of Brazil share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the Brazilian General Protection Data Law (LGPD), the Brazilian Internet Law, the Brazilian Consumers Right Law, and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Consultoria Atuarial LTDA are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Consultoria Atuarial LTDA are both responsible for the compliance with applicable data protection laws and therefore fully liable for any Personal Data under the terms of the LGPD and applicable laws of the land on privacy.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Item I of Art. 10 of the LGDP).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Item I of Art. 10 of LGPD). Milliman may rely on your consent (Item I of Art. 10 of LGPD) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman’s legitimate interest (Item I of Art. 10 of LGPD), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes. Data from public resources are those available in public platforms that are structured to permit automated processing and that are available to any person without any registration requirement.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Consultoria Atuarial LTDA and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that it and its affiliates will process Personal Data in compliance with this Privacy Policy, the laws of the LGPD and laws of the land on privacy, and for implementing technical measures to prevent leakage of Personal Data.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the LGPD and the laws of the land on personal data protection. Those can be made available at Milliman’s premises by contacting us at [email protected].

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.

Sensitive Personal Data

Milliman’s policy is to process Sensitive Personal Data in conformity with the LGPD and with your prior and explicit consent. Processing will be limited and directly related to the purposes for which it was accessed, stored and used. The legal basis for the processing of Sensitive Personal Data is set out by Art. 11 to 13 of the LGPD.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Privacy Shield

Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the LGPD and the laws of the land on privacy and, in the case of data transfers to the United States, the EU-U.S. Privacy Shield Framework (or the Swiss-U.S. Privacy Shield Framework, as the case may be), as administered by the U.S. Department of Commerce. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles and the LGPD, the LGPD shall govern. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and to view Milliman’s certification, please visit: https://www.privacyshield.gov/list.

Milliman’s accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Milliman remains responsible and liable under the Privacy Shield Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the Brazilian territory.

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a Privacy Shield-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the Brazilian territory may be exercised under the conditions set forth in the LGPD by contacting Milliman at: [email protected]. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

You have a number of rights under the LGPD in relation to your Personal Data, namely:

1. the right of access pursuant to Art. 18, I and II of the LGPD: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 18, III of the LGPD: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 18, VI of the LGPD: the right to obtain from us the erasure of your Personal Data delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18, IV of the LGPD: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 18, IX of the LGPD: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on point our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 18, V of the LGPD: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority pursuant to Paragraph 1 of Art. 18 of the LGPD: you have the right to appeal to the competent data protection supervisory authority - in Brazil it is called the National Authority for the Protection of Data (ANPD). Please note that any processing of your Personal Data prior to the deletion of your account with us or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above by sending a request to Brazil’s Data Protection Officer (DPO), Joao Longo, at [email protected]. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

You may contact the DPO regarding this policy at [email protected].

If you live in the Brazilian territory and you have a complaint regarding the handling of your Personal Data in accordance with the LGPD and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://go.adr.org/privacyshield.html), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data under the LGPD and the laws of the land and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Information Privacy Policy- Milliman Shanghai Co., Ltd, China

Last Updated – December 2023

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing use and protection of personal information that website visitors, prospective/current clients (“you”) residing within China share with us (“Personal Information”). Milliman is committed to handling Personal Information in accordance with this Privacy Policy, the Personal Information Protection Law (“PIPL”), and any other data protection and privacy laws, as applicable (“Applicable Laws”).

Milliman, Inc. having its address at 1301 5th Ave, Seattle, WA 98101, USA and Milliman (Shanghai) Co. Ltd (“Milliman China”) having it address at 1106D No. 288 Xiang Cheng Road Pudong, Shanghai 200122 are Personal Information Handlers with respect to the processing of Personal Information described in this Privacy Policy. This means that Milliman, Inc. and Milliman China are both responsible for the compliance with Applicable Laws. The Personal Information Handlers can be contacted at [email protected] in relation to any queries.

Collection of Information/Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Information is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers please review our Cookie Policy which can be found here.

Processing of Personal Information

As we describe below in this Privacy Policy, we may collect, store and otherwise process Personal Information of visitors to our websites, employees, officers, partners or other representatives and agents of our clients, business partners, and other individuals.This Privacy Policy does not apply to the collection and processing of Personal Information of job applicants and candidates or employees and non-employee workers. The processing of such Personal Information is subject to specific privacy policies and notices that are communicated to individuals in the context of their candidacy, employment or working relationship with Milliman.

The Personal Information we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect following categories of Personal Information.

Name, contact information and other identifiers:

Visitors to our website https://cn.milliman.com/ :we may collect the first name, last name, title, company, phone number, location, email address, subject of the request and message given for the purpose of the management of the relationship with clients and the administration of the website.-Clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email address and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, formal communications in relation to the scope of contract, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. Milliman may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests.

Personal Information from public resources:

We may also collect and process limited Personal Information about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

Milliman may rely on your consent for the sending above mentioned marketing communications when so required as per PIPL, in which case we will seek your consent prior to the sending of the communication.. When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Information for our marketing emails, you have the right to withhold your consent. If you wish to withdraw your consent or unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Information for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Information of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Information by Milliman.

You should also ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making, including profiling, is undertaken based on the Personal Information collected from you.

Personal Information Collection on Milliman’s Proprietary Platforms

For some unique services, Milliman hosts and maintains its own proprietary software platforms (“Platforms”). These Platforms allow Milliman to offer enhanced services and specialized products to our customers. In some cases these software platforms may require the submission of Personal Information by customers. In cases where our data collection is materially different than described in this Privacy Policy, and may be subject to local data privacy laws, we will provide additional information regarding such data collection on the applicable Platforms.

Methods of Processing

We process your Personal Information by means of the following methods:

• Manual processing: We may employ manual processing without the use of computers or automated tools, e.g., generating, consulting, storage, etc. of hard copy documents.
• Automated processing: We may use computers and other electronic and automated means of processing, e.g., use of software, storage of data in electronic format on our servers or in the cloud, etc.

Transfer of Your Personal Information to Affiliates and Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., U.S.A and Milliman India Private Limited, India. Personal Information as specified under this Privacy policy may be shared between Milliman China and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc. ( “Data Recipients”), for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. You can exercise your rights with respect to the above Data Recipients by reaching out on the contact information as stated in the section “How to Contact Us” of the Privacy Policy.

Milliman has taken all reasonable and appropriate measures (technical, organisational and contractual) to provide an adequate level of data protection for any Personal Information collected, processed, transferred, and shared globally by us. As Milliman Inc. will be processing your Personal Information as a Personal Information Handler, and your Personal Information is being transferred to a country outside China for the purposes as described above, we will ensure that we have obtained your consent to such cross-border transfer when legally required and that we comply with relevant regulatory requirements prescribed under Applicable Laws.

Milliman also may share Personal Information with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Information with a third party, Milliman requires that those third parties agree to process Personal Information based on Milliman’s instructions and in compliance with this Privacy Policy.

Please note that in accordance with PIPL, we will be conducting a Personal Information Protection Impact Assessment prior to making any such data transfers, to assess the impact on personal rights, and security risks of the transfer; and to ensure that the protection measures adopted are legal, effective, and compatible with the degree of risk. We ensure that we take all necessary steps for the protection of your Personal Information in accordance with the requirements prescribed under the PIPL law.

Other Disclosures

Milliman may also disclose Personal Information and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Information in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Information on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Information. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Information and against accidental loss or destruction of, or damage to, Personal Information held or processed by Milliman. If Milliman forwards Personal Information to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and Applicable Laws.

Data Retention

Milliman retains Personal Information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required under Applicable Laws. If you have unsubscribed from receiving marketing information from us, we will continue to retain your Personal Information as long it is necessary to comply with mandatory retention requirements prescribed under Applicable Laws and we will maintain limited Personal Information (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Information from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Information without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Information.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Information

We do not disclose your Personal Information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Information should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Information that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all concerned person to check it occasionally to ensure that they are aware of the most recent version.

Rights

We are committed to ensuring that any Personal Information that we collect about you is accurate, complete, and up to date and is required for the purposes for which it was collected.

You have specific rights in relation to the way that we use your Personal Information under Applicable Laws. These include the right to:

• be informed: you may ask us to confirm what Personal Information we hold and process about you at any time.
• access your Personal Information: you have the right to request a copy of the Personal Information held about you. However, the request may be assessed on the basis of “reasonableness” with consideration given to the difficulty, practicality, and expense of providing the requested information.
• ask to correct: you are entitled to have any inaccurate or incomplete Personal Information held about you corrected or amended;
• object to the processing of your Personal Information: this right enables you to object to us processing your Personal Information, unless we can demonstrate compelling legitimate grounds for the processing which override your interests and rights. This right does not apply where we are processing your Personal Information for the performance of your contract or for compliance with a legal obligation.
• restrict processing: you have the right to request, at any time, that we restrict the processing of your Personal Information where you believe the Personal Information, we hold about you is inaccurate, or our processing is unlawful.
• request data portability: under certain circumstances, we can provide you with your Personal Information in a structured, commonly used, machine readable form which provides the ability to move, copy or transfer your Personal Information to another service; and
• ask for the deletion of your Personal Information: you have the right to have your Personal Information erased (also referred to as the right to be forgotten) where, for example, retaining your Personal Information is no longer necessary in relation to the purpose for which it was originally collected/processed, where you have withdrawn consent, subject to there being no overriding legal bases or legal requirement for continuing to hold your Personal Information.

Please note that we do not use your Personal Information for any automated individual decision-making.

Any enquiries or any request to exercise your rights may be sent by email to: [email protected].

Where we process your Personal Information based on your consent, you can withdraw your consent at any time. However, your withdrawal of consent only applies to how we use your Personal Information in the future and not to processing activities we have done in the past.

If you do not provide your Personal Information, provide it inaccurately or require us to delete it, then we may not be able to provide you with the product or services you have requested.

How to Contact Us

If you have any questions or feedback relating to your Personal Information or about this Privacy Policy, please contact Milliman’s Data Protection Officer at [email protected].

Milliman Personal Data Privacy Policy – Milliman Limited, Cyprus

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Cypriot affiliate’s (Milliman Limited) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Limited are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Limited’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Cyprus, such authority is the “Office of the Commissioner for Personal Data Protection (Γραφείο Επιτρόπου Δεδομένων Προσωπικού Χαρακτήρα)” (Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (dataprotection.gov.cy)).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman SARL, France

English | French

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the French affiliate’s (Milliman SARL) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman SARL are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman SARL are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman SARL may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman SARL’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman SARL and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed;
4. the right to restriction of processing pursuant to Art. 18 GDPR: (iyou have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in France, such authority is the “Commission Nationale de l’Informatique et des Libertés” (www.cnil.fr).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Politique de protection des Données personnelles de Milliman – Milliman Sàrl, France

Dernière mise à jour : Mai 2024

Lorsque Milliman agit en tant que responsable du traitement des données

Milliman, Inc. et ses sociétés affiliées (« Milliman » ou « nous ») prennent très au sérieux la protection des données. La présente politique de protection des données fixe les principes qui régissent l’utilisation et la protection par la filiale française (Milliman Sàrl) des données personnelles que les personnes physiques et les clients résidant dans l’Espace Économique Européen, sur l’île de Man, en Suisse et au Royaume-Uni (ci-après « vous ») partagent avec nous (les « Données personnelles »). Milliman s’est engagée à traiter les Données personnelles conformément aux dispositions de la présente Politique de protection des données, au bouclier de protection des données Union Européenne-États-Unis, au Règlement Général sur la Protection des Données (RGPD) et aux autres lois relatives à la protection des données et au respect de la vie privée, le cas échéant.

Milliman, Inc. et Milliman Sàrl sont coresponsables du traitement des Données personnelles qui est décrit dans la présente politique de protection des données personnelles. Ainsi, Milliman, Inc. et Milliman Sàrl sont tous deux responsables du respect des lois applicables en matière de protection des données.

Collecte des Données

Données agrégées

Comme de nombreuses entreprises, Milliman surveille l’utilisation de ses sites web en recueillant des données agrégées. Aucune Donnée personnelle n’est collectée de cette façon. En règle générale, Milliman collecte des données concernant le nombre de visiteurs ayant consulté son site web ou chacune de ses pages web ainsi que les noms de domaine des fournisseurs d’accès à Internet de ses visiteurs. Ces données servent à améliorer la fonctionnalité du site web de Milliman, ses performances et son efficacité.

Cookies, contenu tiers intégré et do not track

Pour obtenir des informations plus détaillées concernant les cookies utilisés par Milliman ainsi que les possibilités d’utilisation ou de refus des cookies, avec notamment des informations sur le contenu tiers intégré sur le site web de Milliman et la façon dont Milliman répond aux signaux do not track des navigateurs, veuillez consulter notre Politique en matière de cookies disponible ici.

Traitement des Données personnelles

Les Données personnelles que nous collectons varient en fonction de la nature des services fournis et de nos interactions avec les personnes. En ce qui concerne la collecte des données au travers du site web ou dans le cadre des activités de marketing et de gestion des contrats de Milliman, nous pouvons collecter, stocker et traiter d’une autre manière les Données personnelles des personnes suivantes :

- les visiteurs de nos sites web (prénom, nom de famille, fonction, société, numéro de téléphone, localisation, adresse e-mail, sujet de la demande et message envoyé) qui demandent des renseignements sur des produits ou des services fournis par Milliman, dans le but de gérer la relation avec ces visiteurs et d’administrer le site web. La base juridique du traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD).

- les représentants, les dirigeants, les agents et collaborateurs, les partenaires commerciaux, les fournisseurs ou les parties à un contrat (nom, adresse professionnelle, fonction, e-mail et autres coordonnées professionnelles), dans le but d’assurer la gestion des contrats. Les coordonnées professionnelles des représentants des clients, de leurs collaborateurs et de leurs partenaires commerciaux sont également utilisées pour activer les comptes clients et les maintenir actifs, y compris à des fins de facturation, de diligence raisonnable et de vérification des conflits, afin de faciliter la communication entre les parties, pour satisfaire les demandes ou répondre aux questions concernant des produits ou des services fournis par Milliman et pour communiquer des offres ou des informations (conformément à la loi) sur les produits, les services ou les évènements proposés par Milliman ou susceptibles, selon Milliman, de présenter un intérêt. La base juridique pour le traitement des Données personnelle est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD). Milliman peut se fonder sur votre consentement (Art. 6 (1) lettre (a) du RGPD) pour envoyer des communications marketing lorsque les lois sur la protection des données et le respect de la vie privée l’exigent et dans ce cas, nous vous demanderons votre consentement avant d’envoyer la communication. Milliman Sàrl peut également utiliser les coordonnées professionnelles des collaborateurs de ses clients dans le but d’envoyer des sondages et des questionnaires ou dans le but d’organiser des concours. Concernant ces activités, la base juridique pour le traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD), à moins que la législation relative à la protection des données et au respect de la vie privée exige un consentement préalable de votre part. Nous pouvons également collecter et traiter des Données personnelles limitées vous concernant que nous obtenons auprès de sources publiques (comme LinkedIn), notamment votre prénom, votre nom de famille, votre adresse e-mail, votre numéro de téléphone, votre organisation, votre fonction ou votre poste, votre profession et vos centres d’intérêts professionnels, dans le but de pouvoir évaluer un potentiel intérêt pour nos services et de vous contacter à des fins de marketing.

Lorsque nous communiquons avec vous à propos des produits et des services que nous proposons ou que nous développons, vous avez la possibilité, dans chaque communication, de vous désabonner et d’éviter à l’avenir les communications de ce type. Si vous ne souhaitez pas que nous collections vos Données personnelles à partir de nos e-mails marketing ou si vous souhaitez vous désabonner de nos communications de marketing direct, vous pouvez remplir le formulaire disponible dans la section « Droits ». Nous cesserons d’utiliser vos Données personnelles à des fins de marketing une fois que vous nous l’aurez demandé.

Si vous nous fournissez les Données personnelles d’une autre personne, il est de votre devoir de vous assurer que cette personne a accepté le traitement de ses Données personnelles par Milliman ou qu’elle en a été correctement informée.

Vous devez également vous assurer que toutes les Données personnelles que vous nous fournissez sont complètes, précises, véridiques et exactes. En cas contraire, il est possible que nous ne soyons pas en mesure de vous fournir les produits et les services que vous avez demandés.

Vous devez également vous assurer que toutes les Données personnelles qui nous sont soumises sont complètes, exactes, véridiques et correctes. Si vous ne le faites pas, nous pourrions ne pas être en mesure de vous fournir les produits et services que vous avez demandés.

Aucune prise de décision automatisée n’est prise à partir des Données personnelles que nous collectons auprès de vous.

Sociétés affiliées et mandataires tiers autorisés

Tous les sites web, les produits et les services de Milliman sont fournis en collaboration avec la société Milliman, Inc., implantée aux États-Unis. Toutes les Données personnelles peuvent être partagées par Milliman Sàrl et Milliman, Inc., situés aux États-Unis et/ou en Europe, à des fins de centralisation des services généraux de Milliman, y compris les services administratifs, la gestion de contrats, la gestion des relations avec les clients (CRM), la maintenance informatique, le marketing et les pratiques de sécurité informatique, à des fins de gestion et de sécurité du site Internet , de la confidentialité des données (gestion des demandes des personnes concernées) et pour fournir des informations sur les services de marketing de Milliman (gestion des cookies, suivi des demandes via le formulaire du site Internet de Milliman, communication concernant les produits, les services ou les événements de Milliman).

Nous pouvons également partager les Données personnelles avec des sociétés affiliées qui utilisent la marque MILLIMAN®, auquel cas nous exigerons à ces sociétés affiliées qu’elles respectent la présente politique de protection des données. Veuillez noter que nous pouvons transférer vos Données personnelles vers un pays qui n’a pas les mêmes lois sur la protection des données que votre pays d’origine. Toutefois, Milliman s’assurera que ses différentes unités et sociétés affiliées traiteront les Données à caractère personnel conformément à la présente politique de protection des données.

Milliman peut également partager les Données personnelles avec des mandataires ou des sous-traitants tiers autorisés qui fournissent des services à Milliman. Si Milliman partage des Données personnelles avec un tiers, Milliman exige que ce tiers s’engage à traiter les Données personnelles en suivant les instructions données par Milliman et en se conformant aux dispositions de la présente politique de protection des données.

Tout transfert de Données personnelles est soumis à des mesures de protection appropriées qui répondent aux exigences du RGPD, comme plus précisément décrit dans la section « Transfert transfrontalier de Données personnelles ».

Autres divulgations

Milliman peut également divulguer des Données personnelles et d’autres informations connexes en réponse à des assignations en justice, à des décisions de justice ou à d’autres demandes légales émanant des autorités publiques, ainsi que pour satisfaire à des exigences de sécurité nationale ou d’application de la loi. Milliman peut collecter et partager des Données personnelles afin d’enquêter ou de prendre des mesures en cas d’activités illégales, de soupçons de fraude, de violation des Conditions générales d’utilisation de Milliman ou pour d’autres raisons prévues par la loi ou la réglementation.

Sécurité

Milliman stocke les Données personnelles sur un serveur sécurisé, protégé par un mot de passe, et protégé contre tout accès non autorisé par un pare-feu. Milliman a mis en place des politiques de sécurité visant à assurer la sécurité et l'intégrité de toutes les Données personnelles. Milliman dispose de mesures techniques et organisationnelles appropriées pour se protéger contre le traitement non autorisé ou illégal des Données personnelles et contre toute perte ou destruction accidentelle des Données Personnelles détenues ou traitées par Milliman ou contre tout dommage causé aux Données personnelles. Si Milliman transmet des Données personnelles à un tiers, Milliman exige que ce tiers dispose de mesures techniques et organisationnelles appropriées pour se conformer à la présente Politique de protection des données personnelles et aux lois applicables.

Conservation des Données

Milliman conserve les Données personnelles aussi longtemps que nécessaire pour atteindre les objectifs décrits dans la présente Politique de protection des données, sauf si une période de conservation plus longue est requise ou n’est pas interdite par la loi. Milliman supprimera vos Données personnelles dès que l’objectif de la collecte et du traitement de ces Données personnelles aura été rempli et dès que la durée prévue pour la documentation et la sauvegarde de ces Données personnelles sera arrivée à expiration. Si vous vous êtes désabonné de nos informations marketing, nous continuerons à conserver vos Données personnelles à toute autre fin pour laquelle nous disposons encore d’une base juridique permettant de traiter ces Données personnelles (par exemple pour se conformer à une obligation légale ou lorsque le traitement est nécessaire en raison d’un intérêt légitime de notre part). Dans certains cas, lorsqu’il n’existe aucune autre base juridique, nous conserverons dans nos registres des Données personnelles limitées vous concernant (comme votre adresse e-mail), afin de pouvoir garantir qu’aucune communication marketing ne vous soit envoyée à l’avenir.

Enfants

Les sites web, les produits et les services de Milliman ne s'adressent pas aux enfants et Milliman ne collecte pas sciemment des Données personnelles auprès des enfants. Si un parent ou un tuteur devait apprendre que son enfant avait fourni des Données personnelles à Milliman sans son consentement, le parent ou le tuteur légal devra remplir le formulaire disponible dans la section « Droits » et Milliman prendra les dispositions qui s’imposent pour supprimer ces Données personnelles.

Liens vers les sites tiers

Le site web de Milliman peut contenir des liens vers des sites web qui sont hébergés et exploités par d’autres sociétés (« Sites web tiers ») et vers lesquels vous pouvez exporter (une partie de) vos Données personnelles.

Nous ne divulguons pas vos Données personnelles à ces Sites web tiers sans votre consentement explicite. Veuillez noter que les informations que vous divulguez à des Sites web tiers échappent à notre contrôle et qu’elles ne sont plus couvertes par la Politique de Milliman sur la protection des Données personnelles.

Nous vous invitons à consulter les pratiques de ces Sites web tiers en matière de protection des données afin de savoir comment vos Données personnelles seront collectées et utilisées si vous décidez de les divulguer. Nous ne sommes pas responsables du contenu ou du fonctionnement de ces Sites web tiers. Nous ne sommes en aucun cas responsables de la manière dont un Site web tiers traite les Données personnelles que vous décidez de lui fournir et l’utilisation des Sites web tiers s’effectue exclusivement à vos risques et périls.

Actualisation de la Politique

Milliman peut modifier sa politique de Protection des Données personnelles à tout moment. Milliman demande, par conséquent, à toutes les personnes concernées de bien vouloir périodiquement s’assurer qu’elles ont connaissance de la dernière version applicable.

Transfert transfrontalier de Données personnelles

Milliman est une entreprise internationale qui transfère des Données personnelles au-delà des frontières nationales conformément aux lois qui s'appliquent à ces transferts. Milliman a mis en place des garanties appropriées pour s'assurer que ses transferts de données sont protégés de manière adéquate. Les fondements juridiques de Milliman pour les transferts de données respectifs sont décrits dans la présente politique de protection des Données personnelles. Lorsque des Données personnelles sont transférées d'une de nos entités dans l'Espace Economique Européen ("EEE"), en Suisse, sur l'Ile de Man ou au Royaume-Uni vers les Etats-Unis ou un autre pays en dehors de l'EEE, ou d'entités dans l'EEE vers un autre pays en dehors de l'EEE, nous nous appuyons sur un ou plusieurs des mécanismes juridiques suivants qui fournissent des garanties adéquates pour les transferts : les décisions d'adéquation adoptées par la Commission Européenne sur la base de l'Art. 45 GDPR, les clauses contractuelles types approuvées par la Commission européenne, le cadre de protection des données UE-États-Unis (EU-US DPF), l'extension britannique du cadre de protection des données UE-États-Unis et le cadre de protection des données Suisse-États-Unis (Swiss-US DPF), ou tout autre mécanisme de transfert jugé adéquat par les lois applicables en matière de protection des Données. Vous pouvez demander une copie de toute clause contractuelle standard relative à vos Données personnelles que nous aurions exécutée en nous contactant aux coordonnées ci-dessous. Milliman s'engage à coopérer avec les autorités de protection des Données de l'UE, le Commissaire fédéral suisse à la protection des données, le Commissaire à l'information de l'Île de Man, le Bureau du Commissaire à l'information du Royaume-Uni et toute autre autorité de protection des données concernée, et à se conformer aux conseils donnés par ces autorités, en ce qui concerne les données personnelles transférées de l'une de nos entités de l'EEE, de la Suisse, de l'Île de Man ou du Royaume-Uni vers des pays situés en dehors de l'EEE. Milliman procédera à toutes les évaluations d'impact nécessaires, conformément aux règles prévues par les lois applicables en matière de protection des données, garantissant ainsi la sécurité du transfert de vos données à caractère personnel.

Cadre du bouclier de Protection des Données (EU – US DPF)

Milliman s'engage à traiter les Données personnelles conformément à la présente politique de confidentialité et au cadre de protection des données UE-États-Unis (EU-US DPF), à l'extension britannique du cadre de protection des données UE-États-Unis et au cadre de protection des données Suisse-États-Unis (Swiss-US DPF), tels qu'administrés par le ministère du Commerce des États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre UE-États-Unis de protection des données personnelles (principes du DPF UE-États-Unis) en ce qui concerne le traitement des données personnelles reçues de l'Union européenne en vertu du DPF UE-États-Unis et du Royaume-Uni (et de Gibraltar) en vertu de l'extension britannique du DPF UE-États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre de protection des données Suisse-États-Unis (principes du DPF Suisse-États-Unis) en ce qui concerne le traitement des données à caractère personnel reçues de la Suisse en vertu du DPF Suisse-États-Unis.

En cas de conflit entre les termes de la présente Politique de protection des données personnelles et les principes du DPF UE-États-Unis et/ou les principes du DPF Suisse-États-Unis, les principes prévaudront. Pour en savoir plus sur le programme Data Privacy Framework (DPF) et pour consulter la certification de Milliman, veuillez consulter le site https://www.dataprivacyframework.gov/.

La responsabilité de Milliman à l'égard des Données personnelles qu'elle reçoit dans le cadre du EU-US DPF et qu’elle transfert ensuite à des tiers est décrite dans les Principes du EU-US DPF. En particulier, Milliman est et restera responsable en vertu des principes du Bouclier de protection si des tiers engagés par Milliman traitent les Données personnelles d'une manière non conforme aux Principes du EU -US DPF , à moins que Milliman puisse prouver qu'elle n'est pas responsable de l’événement à l’origine des préjudices. Par ailleurs, Milliman, Inc. a conclu des accords de protection des données avec ses sociétés affiliées situées dans l'Espace économique européen qui s’appuient sur les Clauses contractuelles types de l'UE édictées par la Commission européenne (les « Clauses contractuelles types de l’Union européenne »).

Comme indiqué en détail ci-après dans la section intitulée « Comment nous contacter », Milliman incite fortement toute personne à nous contacter si elle a une plainte à déposer au sujet du EU-US DPF (ou une plainte liée à sa vie privée). Tout droit d'accès, de rectification, d'effacement, de restriction du traitement ainsi que le droit à la portabilité des données des personnes physiques domiciliées dans l'Espace économique européen ou en Suisse peuvent être exercés dans les conditions prévues par le RGPD en remplissant le formulaire disponible dans la section « Droits ». En outre, ces personnes auront le droit de déposer, à tout moment, une plainte auprès d'une autorité de surveillance compétente.

Droits

En vertu du RGPD, vous disposez d’une série de droits concernant vos Données personnelles, à savoir :

1. le droit d’accès prévu par l’art. 15 du RGPD : vous avez le droit d’obtenir de notre part la confirmation que des Données personnelles vous concernant sont ou ne sont pas traitées et, lorsqu’elles le sont, l’accès auxdites données (y compris au moyen d’une copie), à la manière dont nous les traitons et aux finalités du traitement afin que vous puissiez vérifier l’exactitude et la licéité de ce traitement.
2. le droit de rectification prévu par l’art. 16 du RGPD : vous avez le droit d’obtenir de notre part la rectification des Données personnelles vous concernant qui sont inexactes, ainsi que le droit d’obtenir que les données personnelles incomplètes soient complétées, y compris en fournissant une déclaration complémentaire.
3. le droit à l’effacement prévu par l’art. 17 du RGPD : le droit d’obtenir de notre part l’effacement de vos Données personnelles dans les meilleurs délais lorsque (a) vos Données personnelles ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été collectées ou traitées ; (b) vous souhaitez retirer votre consentement au traitement (sauf lorsqu’il existe un autre fondement juridique pour le traitement sur lequel nous pourrions nous baser) ; (c) le traitement est fondé sur nos intérêts légitimes et qu’il n’existe pas de motif légitime impérieux pour le traitement ; (d) vos Données personnelles ont fait l’objet d’un traitement illicite ;
4. le droit à la limitation du traitement prévu par l’art. 18 du RGPD : vous avez le droit d’obtenir de notre part la limitation du traitement de vos Données personnelles lorsque (a) vous contestez l’exactitude des Données personnelles (pendant une durée nous permettant de vérifier l’exactitude de vos Données personnelles) ; (b) le traitement de vos Données personnelles est illicite et vous vous opposez à leur effacement et exigez à la place la limitation de leur utilisation ; (c) vous considérez que nous n’avons plus besoin de vos Données personnelles aux fins du traitement mais que celles-ci vous sont encore nécessaires pour la constatation, l’exercice ou la défense de droits en justice ; (d) vous vous êtes opposé au traitement de vos Données personnelles sur la base d’un « intérêt légitime » en vertu du (iii) ci-dessus, pendant que nous vérifions si nos motifs légitimes prévalent sur les vôtres.
5. le droit d’opposition prévu par l’art. 21 du RGPD : vous avez le droit de vous opposer à tout moment, pour des raisons tenant à votre situation particulière, à un traitement de vos Données personnelles fondé sur nos intérêts légitimes, y compris un profilage fondé sur ces dispositions. Nous ne traiterons plus les Données personnelles, à moins que nous ne justifions qu’il existe des motifs légitimes et impérieux pour le traitement qui prévalent sur vos intérêts et vos libertés, ou pour la constatation, l’exercice ou la défense de droits en justice. Vous pouvez vous opposer à tout moment et sans motif au traitement de vos Données personnelles à des fins de marketing direct.
6. le droit à la portabilité des données prévu par l’art. 20 du RGPD : vous avez le droit de recevoir les Données personnelles vous concernant et que vous nous avez fournies dans un format structuré, couramment utilisé et lisible par machine, et vous avez le droit de transmettre ces données à un autre responsable du traitement (veuillez noter que cette disposition s’applique uniquement lorsque le traitement de vos Données personnelles est fondé sur votre consentement et que le traitement est effectué à l’aide de procédés automatisés).
7. le droit d’introduire une réclamation auprès d’une autorité de contrôle compétente en matière de protection des données (art. 77 du RGPD) : vous avez le droit d’introduire une réclamation auprès de l’autorité de contrôle compétente en matière de protection des données. En France, cette autorité est la Commission Nationale de l’Informatique et des Libertés (www.cnil.fr).

Veuillez noter que tout traitement de vos Données personnelles qui aurait été effectué avant la suppression de votre compte chez nous ou avant une demande de votre part exigeant que nous ne vous contactions plus à des fins de marketing direct restera valable conformément aux bases juridiques en vigueur à la date correspondante.

Vous pouvez exercer vos droits indiqués ci-dessus en remplissant le formulaire applicable disponible ici. Pour ces demandes, Milliman utilise la plateforme du prestataire de services One Trust. One Trust agit en tant que sous-traitant des données de Milliman. Vous pouvez également envoyer une lettre à : Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Nous nous efforcerons de répondre à votre demande dès que possible et dans tous les cas dans les 30 jours suivant votre demande.

Comment nous contacter

Milliman peut être contacté à l’adresse : [email protected]. Milliman accueille avec plaisir les commentaires et les questions sur la présente Politique de protection des données personnelles. Si, pour quelque raison que ce soit, vous souhaitez nous contacter, veuillez nous envoyer un courrier électronique ([email protected]). Les plaintes seront résolues en interne conformément aux procédures de plainte de Milliman.

Si vous habitez dans un pays membre de l'Union européenne, dans l'Espace économique européen ou en Suisse et que vous souhaitez déposer une plainte au sujet du traitement de vos Données personnelles conformément au cadre du EU – US DPF et si vos efforts pour obtenir en interne la résolution de votre problème sont restés vains, vous pourrez soumettre votre plainte à l'American Arbitration Association (http://www.adr.org/), qui a été choisie en tant que mécanisme de recours indépendant pour traiter les plaintes et régler les litiges relatifs au traitement des Données personnelles qui proviennent de l'Union européenne, de l'Espace économique européen ou de la Suisse et qui sont transmises aux États-Unis en vertu de la présente Politique de protection des données personnelles. Sous certaines conditions, vous aurez également le droit de recourir à l’arbitrage contraignant si les autres procédures de règlement des litiges ont été épuisées. Milliman est soumise aux pouvoirs d'enquête et d'exécution de la Federal Trade Commission (FTC) [Commission fédérale du commerce des États-Unis].

Milliman Personal Data Privacy Policy – Milliman SAS, France

English | French

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the French affiliate’s (Milliman SAS) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman SAS are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman SAS are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman SAS may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman SAS’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman SAS and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in France, such authority is the “Commission Nationale de l’Informatique et des Libertés” (www.cnil.fr).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Politique de protection des Données personnelles de Milliman – Milliman SAS, France

Dernière mise à jour : Mai 2024

Lorsque Milliman agit en tant que responsable du traitement des données

Milliman, Inc. et ses sociétés affiliées (« Milliman » ou « nous ») prennent très au sérieux la protection des données. La présente politique de protection des données fixe les principes qui régissent l’utilisation et la protection par la filiale française (Milliman SAS) des données personnelles que les personnes physiques et les clients résidant dans l’Espace Économique Européen, sur l’île de Man, en Suisse et au Royaume-Uni (ci-après « vous ») partagent avec nous (les « Données personnelles »). Milliman s’est engagée à traiter les Données personnelles conformément aux dispositions de la présente Politique de protection des données, au bouclier de protection des données Union Européenne-États-Unis, au Règlement Général sur la Protection des Données (RGPD) et aux autres lois relatives à la protection des données et au respect de la vie privée, le cas échéant.

Milliman, Inc. et Milliman SAS sont coresponsables du traitement des Données personnelles qui est décrit dans la présente politique de protection des données personnelles. Ainsi, Milliman, Inc. et Milliman SAS sont tous deux responsables du respect des lois applicables en matière de protection des données.

Collecte des Données

Données agrégées

Comme de nombreuses entreprises, Milliman surveille l’utilisation de ses sites web en recueillant des données agrégées. Aucune Donnée personnelle n’est collectée de cette façon. En règle générale, Milliman collecte des données concernant le nombre de visiteurs ayant consulté son site web ou chacune de ses pages web ainsi que les noms de domaine des fournisseurs d’accès à Internet de ses visiteurs. Ces données servent à améliorer la fonctionnalité du site web de Milliman, ses performances et son efficacité.

Cookies, contenu tiers intégré et do not track

Pour obtenir des informations plus détaillées concernant les cookies utilisés par Milliman ainsi que les possibilités d’utilisation ou de refus des cookies, avec notamment des informations sur le contenu tiers intégré sur le site web de Milliman et la façon dont Milliman répond aux signaux do not track des navigateurs, veuillez consulter notre Politique en matière de cookies disponible ici.

Traitement des Données personnelles

Les Données personnelles que nous collectons varient en fonction de la nature des services fournis et de nos interactions avec les personnes. En ce qui concerne la collecte des données au travers du site web ou dans le cadre des activités de marketing et de gestion des contrats de Milliman, nous pouvons collecter, stocker et traiter d’une autre manière les Données personnelles des personnes suivantes :

- les visiteurs de nos sites web (prénom, nom de famille, fonction, société, numéro de téléphone, localisation, adresse e-mail, sujet de la demande et message envoyé) qui demandent des renseignements sur des produits ou des services fournis par Milliman, dans le but de gérer la relation avec ces visiteurs et d’administrer le site web. La base juridique du traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD).

- les représentants, les dirigeants, les agents et collaborateurs, les partenaires commerciaux, les fournisseurs ou les parties à un contrat (nom, adresse professionnelle, fonction, e-mail et autres coordonnées professionnelles), dans le but d’assurer la gestion des contrats. Les coordonnées professionnelles des représentants des clients, de leurs collaborateurs et de leurs partenaires commerciaux sont également utilisées pour activer les comptes clients et les maintenir actifs, y compris à des fins de facturation, de diligence raisonnable et de vérification des conflits, afin de faciliter la communication entre les parties, pour satisfaire les demandes ou répondre aux questions concernant des produits ou des services fournis par Milliman et pour communiquer des offres ou des informations (conformément à la loi) sur les produits, les services ou les évènements proposés par Milliman ou susceptibles, selon Milliman, de présenter un intérêt. La base juridique pour le traitement des Données personnelle est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD). Milliman peut se fonder sur votre consentement (Art. 6 (1) lettre (a) du RGPD) pour envoyer des communications marketing lorsque les lois sur la protection des données et le respect de la vie privée l’exigent et dans ce cas, nous vous demanderons votre consentement avant d’envoyer la communication. Milliman SAS peut également utiliser les coordonnées professionnelles des collaborateurs de ses clients dans le but d’envoyer des sondages et des questionnaires ou dans le but d’organiser des concours. Concernant ces activités, la base juridique pour le traitement des Données personnelles est l’intérêt légitime de Milliman (Art. 6 (1) lettre (f) du RGPD), à moins que la législation relative à la protection des données et au respect de la vie privée exige un consentement préalable de votre part. Nous pouvons également collecter et traiter des Données personnelles limitées vous concernant que nous obtenons auprès de sources publiques (comme LinkedIn), notamment votre prénom, votre nom de famille, votre adresse e-mail, votre numéro de téléphone, votre organisation, votre fonction ou votre poste, votre profession et vos centres d’intérêts professionnels, dans le but de pouvoir évaluer un potentiel intérêt pour nos services et de vous contacter à des fins de marketing.

Lorsque nous communiquons avec vous à propos des produits et des services que nous proposons ou que nous développons, vous avez la possibilité, dans chaque communication, de vous désabonner et d’éviter à l’avenir les communications de ce type. Si vous ne souhaitez pas que nous collections vos Données personnelles à partir de nos e-mails marketing ou si vous souhaitez vous désabonner de nos communications de marketing direct, vous pouvez remplir le formulaire disponible dans la section « Droits ». Nous cesserons d’utiliser vos Données personnelles à des fins de marketing une fois que vous nous l’aurez demandé.

Si vous nous fournissez les Données personnelles d’une autre personne, il est de votre devoir de vous assurer que cette personne a accepté le traitement de ses Données personnelles par Milliman ou qu’elle en a été correctement informée.

Vous devez également vous assurer que toutes les Données personnelles que vous nous fournissez sont complètes, précises, véridiques et exactes. En cas contraire, il est possible que nous ne soyons pas en mesure de vous fournir les produits et les services que vous avez demandés.

Vous devez également vous assurer que toutes les Données personnelles qui nous sont soumises sont complètes, exactes, véridiques et correctes. Si vous ne le faites pas, nous pourrions ne pas être en mesure de vous fournir les produits et services que vous avez demandés.

Aucune prise de décision automatisée n’est prise à partir des Données personnelles que nous collectons auprès de vous.

Sociétés affiliées et mandataires tiers autorisés

Tous les sites web, les produits et les services de Milliman sont fournis en collaboration avec la société Milliman, Inc., implantée aux États-Unis. Toutes les Données personnelles peuvent être partagées par Milliman SAS et Milliman, Inc., situés aux États-Unis et/ou en Europe, à des fins de centralisation des services généraux de Milliman, y compris les services administratifs, la gestion de contrats, la gestion des relations avec les clients (CRM), la maintenance informatique, le marketing et les pratiques de sécurité informatique, à des fins de gestion et de sécurité du site Internet , de la confidentialité des données (gestion des demandes des personnes concernées) et pour fournir des informations sur les services de marketing de Milliman (gestion des cookies, suivi des demandes via le formulaire du site Internet de Milliman, communication concernant les produits, les services ou les événements de Milliman).

Nous pouvons également partager les Données personnelles avec des sociétés affiliées qui utilisent la marque MILLIMAN®, auquel cas nous exigerons à ces sociétés affiliées qu’elles respectent la présente politique de protection des données. Veuillez noter que nous pouvons transférer vos Données personnelles vers un pays qui n’a pas les mêmes lois sur la protection des données que votre pays d’origine. Toutefois, Milliman s’assurera que ses différentes unités et sociétés affiliées traiteront les Données à caractère personnel conformément à la présente politique de protection des données.

Milliman peut également partager les Données personnelles avec des mandataires ou des sous-traitants tiers autorisés qui fournissent des services à Milliman. Si Milliman partage des Données personnelles avec un tiers, Milliman exige que ce tiers s’engage à traiter les Données personnelles en suivant les instructions données par Milliman et en se conformant aux dispositions de la présente politique de protection des données.

Tout transfert de Données personnelles est soumis à des mesures de protection appropriées qui répondent aux exigences du RGPD, comme plus précisément décrit dans la section « Transfert transfrontalier de Données personnelles ».

Autres divulgations

Milliman peut également divulguer des Données personnelles et d’autres informations connexes en réponse à des assignations en justice, à des décisions de justice ou à d’autres demandes légales émanant des autorités publiques, ainsi que pour satisfaire à des exigences de sécurité nationale ou d’application de la loi. Milliman peut collecter et partager des Données personnelles afin d’enquêter ou de prendre des mesures en cas d’activités illégales, de soupçons de fraude, de violation des Conditions générales d’utilisation de Milliman ou pour d’autres raisons prévues par la loi ou la réglementation.

Sécurité

Milliman stocke les Données personnelles sur un serveur sécurisé, protégé par un mot de passe, et protégé contre tout accès non autorisé par un pare-feu. Milliman a mis en place des politiques de sécurité visant à assurer la sécurité et l'intégrité de toutes les Données personnelles. Milliman dispose de mesures techniques et organisationnelles appropriées pour se protéger contre le traitement non autorisé ou illégal des Données personnelles et contre toute perte ou destruction accidentelle des Données Personnelles détenues ou traitées par Milliman ou contre tout dommage causé aux Données personnelles. Si Milliman transmet des Données personnelles à un tiers, Milliman exige que ce tiers dispose de mesures techniques et organisationnelles appropriées pour se conformer à la présente Politique de protection des données personnelles et aux lois applicables.

Conservation des Données

Milliman conserve les Données personnelles aussi longtemps que nécessaire pour atteindre les objectifs décrits dans la présente Politique de protection des données, sauf si une période de conservation plus longue est requise ou n’est pas interdite par la loi. Milliman supprimera vos Données personnelles dès que l’objectif de la collecte et du traitement de ces Données personnelles aura été rempli et dès que la durée prévue pour la documentation et la sauvegarde de ces Données personnelles sera arrivée à expiration. Si vous vous êtes désabonné de nos informations marketing, nous continuerons à conserver vos Données personnelles à toute autre fin pour laquelle nous disposons encore d’une base juridique permettant de traiter ces Données personnelles (par exemple pour se conformer à une obligation légale ou lorsque le traitement est nécessaire en raison d’un intérêt légitime de notre part). Dans certains cas, lorsqu’il n’existe aucune autre base juridique, nous conserverons dans nos registres des Données personnelles limitées vous concernant (comme votre adresse e-mail), afin de pouvoir garantir qu’aucune communication marketing ne vous soit envoyée à l’avenir.

Enfants

Les sites web, les produits et les services de Milliman ne s'adressent pas aux enfants et Milliman ne collecte pas sciemment des Données personnelles auprès des enfants. Si un parent ou un tuteur devait apprendre que son enfant avait fourni des Données personnelles à Milliman sans son consentement, le parent ou le tuteur légal devra remplir le formulaire disponible dans la section « Droits » et Milliman prendra les dispositions qui s’imposent pour supprimer ces Données personnelles.

Liens vers les sites tiers

Le site web de Milliman peut contenir des liens vers des sites web qui sont hébergés et exploités par d’autres sociétés (« Sites web tiers ») et vers lesquels vous pouvez exporter (une partie de) vos Données personnelles.

Nous ne divulguons pas vos Données personnelles à ces Sites web tiers sans votre consentement explicite. Veuillez noter que les informations que vous divulguez à des Sites web tiers échappent à notre contrôle et qu’elles ne sont plus couvertes par la Politique de Milliman sur la protection des Données personnelles.

Nous vous invitons à consulter les pratiques de ces Sites web tiers en matière de protection des données afin de savoir comment vos Données personnelles seront collectées et utilisées si vous décidez de les divulguer. Nous ne sommes pas responsables du contenu ou du fonctionnement de ces Sites web tiers. Nous ne sommes en aucun cas responsables de la manière dont un Site web tiers traite les Données personnelles que vous décidez de lui fournir et l’utilisation des Sites web tiers s’effectue exclusivement à vos risques et périls.

Actualisation de la Politique

Milliman peut modifier sa politique de Protection des Données personnelles à tout moment. Milliman demande, par conséquent, à toutes les personnes concernées de bien vouloir périodiquement s’assurer qu’elles ont connaissance de la dernière version applicable.

Transfert transfrontalier de Données personnelles

Milliman est une entreprise internationale qui transfère des Données personnelles au-delà des frontières nationales conformément aux lois qui s'appliquent à ces transferts. Milliman a mis en place des garanties appropriées pour s'assurer que ses transferts de données sont protégés de manière adéquate. Les fondements juridiques de Milliman pour les transferts de données respectifs sont décrits dans la présente politique de protection des Données personnelles. Lorsque des Données personnelles sont transférées d'une de nos entités dans l'Espace Economique Européen ("EEE"), en Suisse, sur l'Ile de Man ou au Royaume-Uni vers les Etats-Unis ou un autre pays en dehors de l'EEE, ou d'entités dans l'EEE vers un autre pays en dehors de l'EEE, nous nous appuyons sur un ou plusieurs des mécanismes juridiques suivants qui fournissent des garanties adéquates pour les transferts : les décisions d'adéquation adoptées par la Commission Européenne sur la base de l'Art. 45 GDPR, les clauses contractuelles types approuvées par la Commission européenne, le cadre de protection des données UE-États-Unis (EU-US DPF), l'extension britannique du cadre de protection des données UE-États-Unis et le cadre de protection des données Suisse-États-Unis (Swiss-US DPF), ou tout autre mécanisme de transfert jugé adéquat par les lois applicables en matière de protection des Données. Vous pouvez demander une copie de toute clause contractuelle standard relative à vos Données personnelles que nous aurions exécutée en nous contactant aux coordonnées ci-dessous. Milliman s'engage à coopérer avec les autorités de protection des Données de l'UE, le Commissaire fédéral suisse à la protection des données, le Commissaire à l'information de l'Île de Man, le Bureau du Commissaire à l'information du Royaume-Uni et toute autre autorité de protection des données concernée, et à se conformer aux conseils donnés par ces autorités, en ce qui concerne les données personnelles transférées de l'une de nos entités de l'EEE, de la Suisse, de l'Île de Man ou du Royaume-Uni vers des pays situés en dehors de l'EEE. Milliman procédera à toutes les évaluations d'impact nécessaires, conformément aux règles prévues par les lois applicables en matière de protection des données, garantissant ainsi la sécurité du transfert de vos données à caractère personnel.

Cadre du bouclier de Protection des Données (EU – US DPF)

Milliman s'engage à traiter les Données personnelles conformément à la présente politique de confidentialité et au cadre de protection des données UE-États-Unis (EU-US DPF), à l'extension britannique du cadre de protection des données UE-États-Unis et au cadre de protection des données Suisse-États-Unis (Swiss-US DPF), tels qu'administrés par le ministère du Commerce des États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre UE-États-Unis de protection des données personnelles (principes du DPF UE-États-Unis) en ce qui concerne le traitement des données personnelles reçues de l'Union européenne en vertu du DPF UE-États-Unis et du Royaume-Uni (et de Gibraltar) en vertu de l'extension britannique du DPF UE-États-Unis. Milliman a certifié au ministère américain du commerce qu'elle adhère aux principes du cadre de protection des données Suisse-États-Unis (principes du DPF Suisse-États-Unis) en ce qui concerne le traitement des données à caractère personnel reçues de la Suisse en vertu du DPF Suisse-États-Unis.

En cas de conflit entre les termes de la présente Politique de protection des données personnelles et les principes du DPF UE-États-Unis et/ou les principes du DPF Suisse-États-Unis, les principes prévaudront. Pour en savoir plus sur le programme Data Privacy Framework (DPF) et pour consulter la certification de Milliman, veuillez consulter le site https://www.dataprivacyframework.gov/.

La responsabilité de Milliman à l'égard des Données personnelles qu'elle reçoit dans le cadre du EU-US DPF et qu’elle transfert ensuite à des tiers est décrite dans les Principes du EU-US DPF. En particulier, Milliman est et restera responsable en vertu des principes du Bouclier de protection si des tiers engagés par Milliman traitent les Données personnelles d'une manière non conforme aux Principes du EU -US DPF , à moins que Milliman puisse prouver qu'elle n'est pas responsable de l’événement à l’origine des préjudices. Par ailleurs, Milliman, Inc. a conclu des accords de protection des données avec ses sociétés affiliées situées dans l'Espace économique européen qui s’appuient sur les Clauses contractuelles types de l'UE édictées par la Commission européenne (les « Clauses contractuelles types de l’Union européenne »).

Comme indiqué en détail ci-après dans la section intitulée « Comment nous contacter », Milliman incite fortement toute personne à nous contacter si elle a une plainte à déposer au sujet du EU-US DPF (ou une plainte liée à sa vie privée). Tout droit d'accès, de rectification, d'effacement, de restriction du traitement ainsi que le droit à la portabilité des données des personnes physiques domiciliées dans l'Espace économique européen ou en Suisse peuvent être exercés dans les conditions prévues par le RGPD en remplissant le formulaire disponible dans la section « Droits ». En outre, ces personnes auront le droit de déposer, à tout moment, une plainte auprès d'une autorité de surveillance compétente.

Droits

En vertu du RGPD, vous disposez d’une série de droits concernant vos Données personnelles, à savoir :

1. le droit d’accès prévu par l’art. 15 du RGPD : vous avez le droit d’obtenir de notre part la confirmation que des Données personnelles vous concernant sont ou ne sont pas traitées et, lorsqu’elles le sont, l’accès auxdites données (y compris au moyen d’une copie), à la manière dont nous les traitons et aux finalités du traitement afin que vous puissiez vérifier l’exactitude et la licéité de ce traitement.
2. le droit de rectification prévu par l’art. 16 du RGPD : vous avez le droit d’obtenir de notre part la rectification des Données personnelles vous concernant qui sont inexactes, ainsi que le droit d’obtenir que les données personnelles incomplètes soient complétées, y compris en fournissant une déclaration complémentaire.
3. le droit à l’effacement prévu par l’art. 17 du RGPD : le droit d’obtenir de notre part l’effacement de vos Données personnelles dans les meilleurs délais lorsque (a) vos Données personnelles ne sont plus nécessaires au regard des finalités pour lesquelles elles ont été collectées ou traitées ; (b) vous souhaitez retirer votre consentement au traitement (sauf lorsqu’il existe un autre fondement juridique pour le traitement sur lequel nous pourrions nous baser) ; (c) le traitement est fondé sur nos intérêts légitimes et qu’il n’existe pas de motif légitime impérieux pour le traitement ; (d) vos Données personnelles ont fait l’objet d’un traitement illicite ;
4. le droit à la limitation du traitement prévu par l’art. 18 du RGPD : vous avez le droit d’obtenir de notre part la limitation du traitement de vos Données personnelles lorsque (a) vous contestez l’exactitude des Données personnelles (pendant une durée nous permettant de vérifier l’exactitude de vos Données personnelles) ; (b) le traitement de vos Données personnelles est illicite et vous vous opposez à leur effacement et exigez à la place la limitation de leur utilisation ; (c) vous considérez que nous n’avons plus besoin de vos Données personnelles aux fins du traitement mais que celles-ci vous sont encore nécessaires pour la constatation, l’exercice ou la défense de droits en justice ; (d) vous vous êtes opposé au traitement de vos Données personnelles sur la base d’un « intérêt légitime » en vertu du (iii) ci-dessus, pendant que nous vérifions si nos motifs légitimes prévalent sur les vôtres.
5. le droit d’opposition prévu par l’art. 21 du RGPD : vous avez le droit de vous opposer à tout moment, pour des raisons tenant à votre situation particulière, à un traitement de vos Données personnelles fondé sur nos intérêts légitimes, y compris un profilage fondé sur ces dispositions. Nous ne traiterons plus les Données personnelles, à moins que nous ne justifions qu’il existe des motifs légitimes et impérieux pour le traitement qui prévalent sur vos intérêts et vos libertés, ou pour la constatation, l’exercice ou la défense de droits en justice. Vous pouvez vous opposer à tout moment et sans motif au traitement de vos Données personnelles à des fins de marketing direct.
6. le droit à la portabilité des données prévu par l’art. 20 du RGPD : vous avez le droit de recevoir les Données personnelles vous concernant et que vous nous avez fournies dans un format structuré, couramment utilisé et lisible par machine, et vous avez le droit de transmettre ces données à un autre responsable du traitement (veuillez noter que cette disposition s’applique uniquement lorsque le traitement de vos Données personnelles est fondé sur votre consentement et que le traitement est effectué à l’aide de procédés automatisés).
7. le droit d’introduire une réclamation auprès d’une autorité de contrôle compétente en matière de protection des données (art. 77 du RGPD) : vous avez le droit d’introduire une réclamation auprès de l’autorité de contrôle compétente en matière de protection des données. En France, cette autorité est la Commission Nationale de l’Informatique et des Libertés (www.cnil.fr).

Veuillez noter que tout traitement de vos Données personnelles qui aurait été effectué avant la suppression de votre compte chez nous ou avant une demande de votre part exigeant que nous ne vous contactions plus à des fins de marketing direct restera valable conformément aux bases juridiques en vigueur à la date correspondante.

Vous pouvez exercer vos droits indiqués ci-dessus en remplissant le formulaire applicable disponible ici. Pour ces demandes, Milliman utilise la plateforme du prestataire de services One Trust. One Trust agit en tant que sous-traitant des données de Milliman. Vous pouvez également envoyer une lettre à : Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Nous nous efforcerons de répondre à votre demande dès que possible et dans tous les cas dans les 30 jours suivant votre demande.

Comment nous contacter

Milliman peut être contacté à l’adresse : [email protected]. Milliman accueille avec plaisir les commentaires et les questions sur la présente Politique de protection des données personnelles. Si, pour quelque raison que ce soit, vous souhaitez nous contacter, veuillez nous envoyer un courrier électronique ([email protected]). Les plaintes seront résolues en interne conformément aux procédures de plainte de Milliman.

Si vous habitez dans un pays membre de l'Union européenne, dans l'Espace économique européen ou en Suisse et que vous souhaitez déposer une plainte au sujet du traitement de vos Données personnelles conformément au cadre du EU – US DPF et si vos efforts pour obtenir en interne la résolution de votre problème sont restés vains, vous pourrez soumettre votre plainte à l'American Arbitration Association (http://www.adr.org/), qui a été choisie en tant que mécanisme de recours indépendant pour traiter les plaintes et régler les litiges relatifs au traitement des Données personnelles qui proviennent de l'Union européenne, de l'Espace économique européen ou de la Suisse et qui sont transmises aux États-Unis en vertu de la présente Politique de protection des données personnelles. Sous certaines conditions, vous aurez également le droit de recourir à l’arbitrage contraignant si les autres procédures de règlement des litiges ont été épuisées. Milliman est soumise aux pouvoirs d'enquête et d'exécution de la Federal Trade Commission (FTC) [Commission fédérale du commerce des États-Unis].

Milliman Personal Data Privacy Policy – Germany

English | German

Last updated May 2024

The Switzerland privacy policy is available here.

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the German affiliate’s (Milliman GmbH) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman GmbH are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman GmbH are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman GmbH may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman GmbH’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman GmbH and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Germany, such authority is the “Bundesbeauftragte für Datenschutz und Informationsfreiheit” (www.datenschutzkonferenz-online.de) and “Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen” ([email protected]).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Millimans Datenschutzrichtlinie - Deutschland

Letzte Aktualisierung: Mai 2024

Wenn Milliman als Datenverantwortlicher handelt

Milliman, Inc. und ihre verbundenen Unternehmen („Milliman“ oder „Wir“) nehmen den Datenschutz sehr ernst. Die vorliegende Datenschutzrichtlinie bestimmt die Grundsätze, denen Milliman und ihre verbundenen Unternehmen (Milliman GmbH) bei der Verwendung und dem Schutz von personenbezogenen Daten unterliegen, die uns innerhalb des Europäischen Wirtschaftsraums, auf der Insel Man, das Vereinigte Königreich und in der Schweiz lebende Privatpersonen und Kunden („personenbezogene Daten“), nachfolgend „Sie“, übermitteln. Milliman verpflichtet sich zum Umgang mit personenbezogenen Daten gemäß dieser Datenschutzrichtlinie, der EU-Datenschutzgrundverordnung (DSGVO) sowie sonstigen maßgeblichen Datenschutzgesetzen und Vorschriften über Persönlichkeitsrechte, soweit sie anwendbar sind.

Milliman, Inc. und Milliman GmbH sind gemeinsame Kontrollinstanzen für die Verarbeitung personenbezogener Daten, die in dieser Datenschutzrichtlinie beschrieben sind. Das bedeutet, dass Milliman, Inc. und Milliman GmbH beide für die Einhaltung der geltenden Datenschutzgesetze verantwortlich sind.

Datenerfassung

Aggregierte Daten

Wie zahlreiche Unternehmen, überwacht Milliman die Nutzung ihrer Websites durch die Erhebung aggregierter Daten. Dabei werden keine personenbezogenen Daten erhoben. Im typischen Fall erhebt Milliman Daten über die Anzahl der Besucher auf i Website, auf jeder Seite der Website und den Domainnamen des Internet-Serviceproviders des Besuchers. Diese Daten werden zur Verbesserung der Benutzerfreundlichkeit, der Leistungsfähigkeit und der Effizienz von Millimans Website verwendet.

Cookies, Inhalt von Dritten und Do Not Track

Für detailliertere Informationen, die beschreiben, wie Milliman Cookies verwendet und Ihre Wahlmöglichkeiten im Zusammenhang mit der Verwendung und der Ablehnung solcher Cookies, einschließlich Informationen über Inhalte von Dritten auf Millimans Webseite, und wie Milliman auf Do Not Track-Signale in Browsern reagiert, lesen Sie bitte unsere Cookie-Richtlinie, die Sie hier finden.

Verarbeitung von personenbezogenen Daten

Die personenbezogenen Daten, die wir sammeln, variieren je nach Art der angebotenen Dienstleistungen und unserer Interaktionen mit Einzelpersonen. Im Zusammenhang mit der Erfassung von Daten über diese Website, den Marketingaktivitäten von Milliman und der Vertragsverwaltung können wir folgende personenbezogene Daten erfassen, speichern und anderweitig verarbeiten:

• Daten von Besuchern unserer Websites (Vorname, Nachname, Titel, Firma, Telefonnummer, Standort, E-Mail-Adresse, Betreff der Anfrage und die Nachricht), die Informationen über Produkte oder Dienstleistungen von Milliman anfordern, zum Zweck der Verwaltung der Beziehung zu den Besuchern und der Verwaltung der Websites. Rechtsgrundlage für die Verarbeitung solcher personenbezogener Daten ist das berechtigte Interesse von Milliman (Art. 6 (1) Buchstabe (f) DSGVO).
• Daten von Kundenvertretern, Direktoren, Repräsentanten, Angestellten, Geschäftspartnern, Zulieferern, und anderen Vertragsparteien (Name, berufliche Adresse, Titel, E-Mail und andere berufliche Kontaktdaten) für die Vertragsverwaltung. Die beruflichen Kontaktdaten von Kundenvertretern, deren Mitarbeitern und Geschäftspartnern werden auch verwendet, um Kundenkonten zu aktivieren und zu pflegen, einschließlich für Abrechnungszwecke, Due-Diligence-Prüfungen und Konfliktprüfungen, zur Erleichterung der Kommunikation, zur Erfüllung von Anträgen oder zur Beantwortung von Anfragen zu Milliman-Produkten oder -Dienstleistungen und zur Übermittlung von Angeboten und Informationen (soweit gesetzlich zulässig) über Produkte, Dienstleistungen oder Veranstaltungen, die von Milliman angeboten werden oder die nach Ansicht von Milliman von Interesse sein könnten. Rechtsgrundlage für die Verarbeitung personenbezogener Daten ist das berechtigte Interesse von Milliman (Art. 6 (1) Buchstabe (f) DSGVO). Milliman kann sich auf Ihre Zustimmung (Art. 6 (1) Buchstabe (a) GDPR) für die Versendung von Marketingmitteilungen berufen, wenn dies nach den Gesetzen zum Datenschutz und zum Schutz der Privatsphäre erforderlich ist; in diesem Fall werden wir Sie vor der Versendung der Mitteilung um Ihre Zustimmung bitten. Milliman GmbH kann die beruflichen Kontaktdaten der Mitarbeiter seiner Kunden auch zum Zweck der Versendung von Umfragen, Fragebögen oder zum Zweck der Organisation von Wettbewerben verwenden. Für diese Aktivitäten ist die rechtliche Grundlage für die Verarbeitung personenbezogener Daten das legitime Interesse der Milliman GmbH (Art. 6 (1) Buchstabe (f) DSGVO), es sei denn, nach den Gesetzen zum Datenschutz und zum Schutz der Privatspähre ist Ihre vorherige Zustimmung erforderlich. Wir können auch begrenzte persönliche Daten über Sie aus öffentlichen Ressourcen (wie z.B. LinkedIn) sammeln und verarbeiten, einschließlich Ihres Namens/Nachnamens, Ihrer E-Mail-Adresse, Telefonnummer, Unternehmen, Titel/Position, Beruf, berufliche Interessen, damit wir ein potenzielles Interesse an unseren Dienstleistungen einschätzen und Sie zu Marketingzwecken kontaktieren können.

Wenn wir mit Ihnen über die von uns angebotenen oder entwickelten Produkte und Dienstleistungen kommunizieren, erhalten Sie in jeder Mitteilung die Möglichkeit, sich abzumelden und künftige Mitteilungen dieser Art zu verhindern. Wenn Sie nicht möchten, dass wir diese Informationen aus unseren Marketing-E-Mails erfassen, oder wenn Sie Direktmarketing-E-Mails von uns abbestellen möchten, können Sie das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar ist. Wir werden die Verwendung Ihrer personenbezogenen Daten für Direktmarketingzwecke einstellen, sobald Sie uns dazu aufgefordert haben.

Wenn Sie uns personenbezogene Daten einer anderen Person zur Verfügung stellen, ist es Ihre Pflicht, sicherzustellen, dass diese Person der Verarbeitung ihrer personenbezogenen Daten zugestimmt hat oder angemessen über die Verarbeitung ihrer personenbezogenen Daten von Milliman informiert wird.

Sie müssen auch sicherstellen, dass alle uns übermittelten personenbezogenen Daten vollständig, genau, wahr und korrekt sind. Wenn Sie dies nicht tun, kann dies dazu führen, dass wir Ihnen die von Ihnen angeforderten Produkte und Dienstleistungen nicht liefern können.

Es werden keine automatisierten Entscheidungen auf der Grundlage der von Ihnen erfassten personenbezogenen Daten getroffen.

Verbundene Unternehmen und befugte externe Bevollmächtigte

Alle Websites, Produkte und Dienstleistungen von Milliman werden in Zusammenarbeit mit Milliman, Inc., mit Sitz in den USA bereitgestellt. Personenbezogene Daten können zwischen Milliman GmbH und Milliman, Inc. oder anderen Unternehmen, die von Milliman, Inc. kontrolliert werden oder unter gemeinsamer Kontrolle mit Milliman, Inc. stehen und in den USA und/oder Europa ansässig sind, zum Zwecke der Zentralisierung der allgemeinen Unternehmensdienstleistungen von Milliman ausgetauscht werden, einschließlich: Verwaltungsdienste, Vertragsmanagement, Client Relationship Management (CRM), IT-Wartung und Sicherheit, Datenschutz (Verwaltung der Anfragen der betroffenen Personen) und Marketingdienste (Cookie-Verwaltung, Nachverfolgung von Anfragen über das Website-Formular von Milliman, Kommunikation über Produkte, Dienstleistungen oder Veranstaltungen von Milliman). Wir können personenbezogene Daten auch an verbundene Unternehmen weitergeben, die die Handelsmarke MILLIMAN® verwenden. In diesem Fall werden wir von diesen Partnern die Einhaltung dieser Datenschutzrichtlinie verlangen. Bitte beachten Sie, dass wir Ihre persönlichen Daten möglicherweise in ein Land übertragen, in dem nicht die gleichen Datenschutzgesetze wie in Ihrem Heimatland gelten. Milliman stellt jedoch sicher, dass sie selbst und ihre verbundenen Unternehmen personenbezogene Daten in Übereinstimmung mit dieser Datenschutzrichtlinie verarbeiten.

Milliman kann personenbezogene Daten auch an autorisierte Dritte oder Auftragnehmer weitergeben, die Dienstleistungen für Milliman erbringen. Wenn Milliman personenbezogene Daten an Dritte weitergibt, verlangt Milliman, dass diese Dritten sich damit einverstanden erklären, personenbezogene Daten auf der Grundlage der Anweisungen von Milliman und in Übereinstimmung mit dieser Datenschutzrichtlinie zu verarbeiten.

Jegliche Übermittlung personenbezogener Daten unterliegt angemessenen Schutzmaßnahmen, die mit der DSGVO in Einklang stehen und im Kapitel „Übertragung von personenbezogenen Daten über die Grenzen hinweg“ beschrieben werden.

Weitere Offenlegungen

Milliman kann personenbezogene Daten und sonstige damit verbundene Informationen ebenfalls in Beantwortung von Vorladungen, Gerichtsbeschlüssen oder sonstigen gesetzlichen Anforderungen seitens der Behörden sowie für Anforderungen der nationalen Sicherheit oder der Strafverfolgung offenlegen. Milliman darf personenbezogene Daten erfassen und weiterleiten, um im Zusammenhang mit illegalen Handlungen, vermutetem Betrug, Verstößen gegen Millimans Nutzungsbedingungen oder in anderen per Gesetz oder den behördlichen Vorschriften bestimmten Fällen zu ermitteln oder erforderliche Maßnahmen zu ergreifen.

Sicherheit

Milliman speichert personenbezogene Daten auf einem sicheren Server, der per Passwort geschützt ist und von unbefugten Zugriffen durch eine Firewall abgeschirmt ist. Milliman hat Sicherheitsverfahren eingerichtet, die dazu bestimmt sind, die Sicherheit und Integrität aller personenbezogenen Daten zu gewährleisten. Milliman verfügt über geeignete technische und organisatorische Maßnahmen zum Schutz vor der unbefugten oder ungesetzlichen Verarbeitung von personenbezogenen Daten sowie vor dem versehentlichen Verlust oder der Zerstörung oder Beschädigung von personenbezogenen Daten, die von Milliman erfasst oder verarbeitet werden. Wenn Milliman personenbezogene Daten an Dritte weiterleitet, verlangt Milliman, dass diese Dritten über geeignete technische und organisatorische Mittel verfügen, um diese Datenschutzrichtlinie und die geltenden Gesetze zu beachten.

Datenspeicherung

Milliman speichert personenbezogene Daten nur so lange, wie dies zur Erfüllung der in dieser Datenschutzrichtlinie genannten Zwecke notwendig ist, es sei denn per Gesetz ist ein längerer Speicherzeitraum erforderlich oder erlaubt. Milliman wird Ihre personenbezogenen Daten löschen, sobald der Zweck der Erfassung und Verarbeitung derartiger personenbezogener Daten erfüllt ist und die angemessene Dauer der Dokumentation und Backup-Speicherung derartiger personenbezogener Daten abgelaufen ist. Wenn Sie sich vom Erhalt von Marketing-Informationen von uns abgemeldet haben, werden wir Ihre personenbezogenen Daten weiterhin für jeden anderen Zweck aufbewahren, für den wir noch rechtliche Gründe für die Verarbeitung dieser personenbezogenen Daten haben (z.B. zur Erfüllung einer gesetzlichen Verpflichtung oder wenn die Verarbeitung für den Zweck unseres berechtigten Interesses notwendig ist). In bestimmten Fällen, wenn keine anderen rechtlichen Gründe vorliegen, werden wir begrenzte personenbezogene Daten (wie z.B. Ihre E-Mail-Adresse) über Sie speichern, um für die Zukunft sicherstellen zu können, dass solche Marketingmitteilungen nicht mehr an Sie gesendet werden.

Kinder

Millimans Websites, Produkte und Leistungen wenden sich nicht an Kinder, und Milliman erfasst wissentlich keine personenbezogenen Daten von Kindern. Wenn ein Elternteil oder Erziehungsberechtigter erfährt, dass eines seiner Kinder Milliman ohne seine Zustimmung personenbezogene Daten bereitgestellt hat, sollte der Elternteil oder Erziehungsberechtigte , das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar ist, und Milliman wird Maßnahmen ergreifen, um jegliche derartigen personenbezogenen Daten zu löschen.

Links von Dritten

Die Website von Milliman kann Links auf Websites enthalten, die von anderen Unternehmen als uns beherbergt und betrieben werden („Websites von Dritten“), auf die Sie Ihre personenbezogenen Daten (teilweise) exportieren können.

Wir geben Ihre personenbezogenen Daten nicht ohne Ihre ausdrückliche Zustimmung an diese Websites Dritter weiter. Wir weisen darauf hin, dass alle Informationen, die Sie an Websites Dritter weitergeben, nicht mehr unter unserer Kontrolle stehen und nicht mehr der Datenschutzrichtlinie für personenbezogene Daten von Milliman unterliegen.

Sie sollten die Datenschutzpraktiken einer Website von Dritten überprüfen, um zu verstehen, wie diese Webseite von Dritten Ihre personenbezogenen Daten erfasst und verwendet, falls Sie sich entschieden haben, Ihre personenbezogenen Daten an diese weiterzugeben. Wir sind nicht für den Inhalt oder die Leistung dieser Websites von Dritten verantwortlich. Wir sind in keiner Weise verantwortlich oder haftbar für die Art und Weise, mit der eine Website Dritter mit personenbezogenen Daten umgeht, die Sie einer solchen Website Dritter zur Verfügung stellen, und die Nutzung von Websites Dritter erfolgt ausschließlich auf Ihr eigenes Risiko.

Aktualisierungen der Datenschutzbestimmungen

Milliman kann ihre Datenschutzrichtlinie von Zeit zu Zeit ändern. Deshalb bittet Milliman alle betroffenen Personen, diese gelegentlich zu prüfen, um zu gewährleisten, dass Sie die aktuellste Fassung kennen.

Übertragung von personenbezogenen Daten über die nationalen Grenzen hinweg

Milliman ist ein globales Unternehmen, das personenbezogene Daten in Übereinstimmung mit den für solche Übertragungen geltenden Gesetzen über nationale Grenzen hinweg überträgt. Milliman hat angemessene Sicherheitsvorkehrungen getroffen, um sicherzustellen, dass ihre Datenübertragungen angemessen geschützt sind. Die Rechtsgrundlagen von Milliman für die jeweiligen Datenübertragungen sind in dieser Datenschutzrichtlinie dargelegt. Wenn personenbezogene Daten von einem unserer Unternehmen im Europäischen Wirtschaftsraum („EWR“), der Schweiz, der Isle of Man oder dem Vereinigten Königreich in die Vereinigten Staaten oder ein anderes Land außerhalb des EWR oder von Unternehmen im EWR in ein anderes Land außerhalb des EWR übertragen werden, stützen wir uns auf einen oder mehrere der folgenden Rechtsmechanismen, die einen angemessenen Schutz für die Übertragungen gewährleisten: die Angemessenheitsbeschlüsse, die von der Europäischen Kommission auf der Grundlage von Art. 45 DSGVO, den von der Europäischen Kommission genehmigten Standardvertragsklauseln, den EU-US-Datenschutzrahmen (EU-US-DPF), die britische Erweiterung des EU-US-DSGVO und den Schweizer-US-Datenschutzrahmen (Schweizer-US-DPF) oder anderen Übermittlungsmechanismen, die nach den geltenden Datenschutzgesetzen als angemessen gelten. Sie können eine Kopie aller Standardvertragsklauseln in Bezug auf Ihre personenbezogenen Daten anfordern, die wir möglicherweise ausgefertigt haben, indem Sie uns unter den unten angegebenen Kontaktdaten kontaktieren. Milliman verpflichtet sich, mit den Datenschutzbehörden der EU, dem Eidgenössischen Datenschutzbeauftragten, dem Information Commissioner der Insel Man, dem Information Commissioner's Office des Vereinigten Königreichs und jeder anderen relevanten Datenschutzbehörde zusammenzuarbeiten und die Ratschläge dieser Behörden in Bezug auf die Übermittlung personenbezogener Daten von einer unserer Einheiten im EWR, der Schweiz, der Insel Man oder dem Vereinigten Königreich in Länder außerhalb des EWR zu befolgen. Milliman wird alle erforderlichen Folgenabschätzungen durchführen und dabei die Regeln der geltenden Datenschutzgesetze befolgen, um die sichere Übermittlung Ihrer personenbezogenen Daten zu gewährleisten.

Data Privacy Framework

Milliman verpflichtet sich, personenbezogene Daten in Übereinstimmung mit dieser Datenschutzrichtlinie und dem EU-US Data Privacy Framework (EU-US DPF), der britischen Erweiterung des EU-US DPF und dem Swiss-US Data Privacy Framework (Swiss-US DPF), wie vom U.S. Department of Commerce verwaltet, zu behandeln. Milliman hat dem U.S. Department of Commerce bestätigt, dass es die EU-U.S. Data Privacy Framework Grundsätzen (EU-U.S. DPF Grundsätzen) in Bezug auf die Verarbeitung personenbezogener Daten einhält, die sie aus der Europäischen Union unter Berufung auf die EU-U.S. DPF und aus dem Vereinigten Königreich (und Gibraltar) unter Berufung auf die UK Extension to the EU-U.S. DPF erhält. Milliman hat ebenfalls gegenüber dem U.S. Department of Commerce bestätigt, dass es die Swiss-U.S. Data Privacy Framework Grundsätzen (Swiss-U.S. DPF Grundsätzen) in Bezug auf die Verarbeitung personenbezogener Daten, die sie aus der Schweiz unter Berufung auf die Swiss-U.S. DPF erhält, einhält.

Im Falle eines Widerspruchs zwischen den Bestimmungen dieser Datenschutzrichtlinie und den EU-US-DPF-Grundsätzen und/oder den US-Schweizer-DPF-Grundsätzen sind die Grundsätze vorrangig. Um mehr über das Data Privacy Framework (DPF)-Programm zu erfahren und um die Zertifizierung von Milliman einzusehen, besuchen Sie bitte https://www.dataprivacyframework.gov/.

Die Verantwortlichkeit von Milliman für personenbezogene Daten, die Milliman im Rahmen der DPF-Grundsätze erhält und anschließend an einen Dritten weitergibt, ist in den DPF-Grundsätzen beschrieben. Insbesondere bleibt Milliman gemäß den DPF-Grundsätzen verantwortlich und haftbar, wenn von Milliman beauftragte Dritte, die personenbezogenen Daten in einer Weise verarbeiten, die nicht mit den Grundsätzen vereinbar ist, es sei denn, Milliman weist nach, dass sie für das Ereignis, das zu einem Schaden geführt hat, nicht verantwortlich ist. Darüber hinaus hat Milliman, Inc. mit seinen im Europäischen Wirtschaftsraum ansässigen Tochtergesellschaften Datenschutzvereinbarungen auf der Grundlage der von der Europäischen Kommission herausgegebenen EU-Standardvertragsklauseln (die "EU-Standardvertragsklauseln") abgeschlossen.

Wie im Abschnitt "Wie Sie uns kontaktieren können" weiter unten erläutert, ermutigt Milliman jede Person, sich mit uns in Verbindung zu setzen, wenn sie eine Beschwerde im Zusammenhang mit der DPF (oder allgemein mit dem Datenschutz) hat. Das Recht auf Auskunft, Berichtigung, Löschung, Einschränkung der Verarbeitung sowie das Recht auf Datenübertragbarkeit von Personen mit Wohnsitz im Europäischen Wirtschaftsraum oder in der Schweiz kann unter den in der DSGVO festgelegten Bedingungen ausgeübt werden, indem Sie das entsprechende Formular ausfüllen, das unter der Rubrik “Rechte“ verfügbar is. Darüber hinaus haben diese Personen das Recht, jederzeit eine Beschwerde bei einer zuständigen Aufsichtsbehörde einzureichen.

Rechte

Sie haben nach der DSGVO eine Reihe von Rechten in Bezug auf Ihre personenbezogenen Daten, nämlich:

1. Das Recht auf Zugriff nach Art. 15 DSGVO: Sie haben das Recht, von uns eine Bestätigung darüber zu erhalten, ob personenbezogene Daten über Sie verarbeitet werden oder nicht, und, wenn dies der Fall ist, Zugriff auf diese personenbezogenen Daten zu erhalten (einschließlich des Erhalts einer Kopie davon). Weiterhin haben Sie das Recht, sich die Art und Weise und die Zwecke bestätigen zu lassen, in der bzw. zu denen wir Ihre personenbezogenen Daten verarbeiten, damit Sie deren Richtigkeit und die Rechtmäßigkeit der Verarbeitung überprüfen können.
2. Das Recht auf Berichtigung nach Art. 16 DSGVO: Sie haben das Recht, von uns die Berichtigung unrichtiger personenbezogener Daten, die Sie betreffen, zu verlangen, sowie das Recht, unvollständige personenbezogene Daten vervollständigen zu lassen, auch durch die Bereitstellung einer ergänzenden Erklärung
3. Das Recht auf Löschung nach Art. 17 DSGVO: Sie haben das Recht, von uns die unverzügliche Löschung Ihrer personenbezogenen Daten zu verlangen, , (a) wenn Ihre personenbezogenen Daten für den Zweck, für den sie erhoben/verarbeitet wurden, nicht mehr erforderlich sind; (b) wenn Sie Ihre Einwilligung zur Verarbeitung zurückziehen möchten (es sei denn, wir haben einen anderen Rechtsgrund für die Verarbeitung, auf den wir uns berufen können); (c) wenn die Verarbeitung auf unseren berechtigten Interessen beruht und es keine übergeordneten berechtigten Gründe für die Verarbeitung gibt; (d) wenn Ihre personenbezogenen Daten unrechtmäßig verarbeitet wurden.
4. Das Recht auf Einschränkung der Verarbeitung nach Art. 18 DSGVO: Sie haben das Recht, von uns die Einschränkung der Verarbeitung Ihrer personenbezogenen Daten in folgenden Fällen zu erhalten: (a) wenn die Richtigkeit dieser persönlichen Daten von Ihnen angefochten wird (für einen Zeitraum, der es uns ermöglicht, die Richtigkeit Ihrer persönlichen Daten zu überprüfen); (b) wenn die Verarbeitung Ihrer personenbezogenen Daten unrechtmäßig ist, Sie jedoch gegen die Löschung solcher Daten Einspruch erheben und stattdessen eine Beschränkung ihrer Verwendung beantragen; (c) wenn Sie der Ansicht sind, dass wir Ihre personenbezogenen Daten nicht mehr für die Zwecke der Verarbeitung benötigen, sondern diese personenbezogenen Daten für die Begründung, Ausübung oder Verteidigung von Rechtsansprüchen benötigen; (d) wenn Sie der Verarbeitung Ihrer persönlichen Daten aus Gründen des „berechtigten Interesses“ gemäß (iii) oben widersprochen haben, bis wir geprüft haben, ob unsere berechtigten Gründe Ihre eigenen überwiegen.
5. Das Widerspruchsrecht nach Art. 21 DSGVO: Sie haben das Recht, aus Gründen, die sich auf Ihre besondere Situation beziehen, jederzeit gegen die Verarbeitung Ihrer personenbezogenen Daten Widerspruch zu erheben, was sich auf unsere legitimen Interessen stützt, einschließlich der Erstellung von Profilen auf der Grundlage dieser Bestimmungen. Wir werden die personenbezogenen Daten nicht mehr verarbeiten, es sei denn, wir haben zwingende legitime Gründe für die Verarbeitung, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder für die Begründung, Ausübung oder Verteidigung von Rechtsansprüchen. Sie können jederzeit und ohne Angabe von Gründen gegen die Verarbeitung Ihrer personenbezogenen Daten oder für Direktmarketingzwecke Widerspruch einlegen.
6. Das Recht der Datenübertragbarkeit nach Art. 20 DSGVO: Sie haben das Recht, die Sie betreffenden personenbezogenen Daten, die Sie uns zur Verfügung gestellt haben, in einem strukturierten, allgemein verwendeten und maschinenlesbaren Format zu erhalten und diese Daten an einen anderen für die Datenverarbeitung Verantwortlichen zu übermitteln (bitte beachten Sie, dass dies nur gilt, wenn unsere Verarbeitung Ihrer personenbezogenen Daten auf Ihrer Zustimmung beruht und die Verarbeitung mit automatisierten Mitteln erfolgt).
7. Das Recht, sich an eine zuständige Datenschutzaufsichtsbehörde zu wenden (Art. 77 GDPR): Sie haben das Recht, sich an die zuständige Datenschutzaufsichtsbehörde zu wenden - in Deutschland ist dies die „Bundesbeauftragte für Datenschutz und Informationsfreiheit“ (www.datenschutzkonferenz-online.de) und die „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“ (https://www.dsb.gv.at/).

Bitte beachten Sie, dass jede Verarbeitung Ihrer personenbezogenen Daten vor der Löschung Ihres Kontos bei uns oder Ihre Bitte, dass wir Sie nicht mehr zu Direktmarketingzwecken kontaktieren, unter den dann geltenden gesetzlichen Bestimmungen gültig bleibt.

Sie können jedes Ihrer oben genannten Rechte ausüben, indem Sie das entsprechende Formulars, das Sie hier finden, ausfüllen. Für solche Anfragen nutzt Milliman die Data Subject Access Request-Plattform des Diensteanbieters One Trust. One Trust fungiert als Datenverarbeiter von Milliman. Sie können auch einen Brief an folgende Adresse senden: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Wir werden uns bemühen, eine solche Anfrage so schnell wie möglich zu beantworten, in jedem Fall aber innerhalb von 30 Tagen.

Wie Sie Kontakt mit uns aufnehmen

Milliman kann unter [email protected] kontaktiert werden. Milliman begrüßt Rückmeldungen und Fragen zu dieser Datenschutzrichtlinie. Wenn Sie sich aus irgendeinem Grund mit uns in Verbindung setzen möchten, senden Sie uns bitte eine E-Mail ([email protected]). Beschwerden werden intern in Übereinstimmung mit den Beschwerdeverfahren von Milliman gelöst.

Wenn Sie in der Europäischen Union, im Europäischen Wirtschaftsraum oder in der Schweiz leben und eine Beschwerde über den Umgang mit Ihren personenbezogenen Daten in Übereinstimmung mit den DPF-Grundsätzen haben und Ihre Bemühungen, die Angelegenheit intern zu lösen, nicht zufriedenstellend sind, kann die Beschwerde bei der American Arbitration Association (http://www.adr.org/) eingereicht werden, die als unabhängiger Beschwerdemechanismus zur Beilegung von Beschwerden und Streitigkeiten im Zusammenhang mit der Behandlung personenbezogener Daten ausgewählt wurde, die aus der Europäischen Union, dem Europäischen Wirtschaftsraum oder der Schweiz stammen und gemäß dieser Datenschutzrichtlinie in die USA übermittelt wurden. Unter bestimmten Bedingungen können Sie berechtigt sein, ein verbindliches Schiedsverfahren in Anspruch zu nehmen, wenn andere Streitbeilegungsverfahren ausgeschöpft wurden. Milliman unterliegt den Ermittlungs- und Durchsetzungsbefugnissen der U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy- Milliman India Private Limited, India

Last updated July 2020

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Indian affiliates’ (Milliman India Private Ltd and Milliman Advisors LLP) use and protection of personal data that individuals and clients residing within India share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the (Indian) Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Indian data privacy laws”), and other data protection and privacy laws, as applicable.

Milliman, Inc. and the Milliman Indian affiliates are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and the Milliman Indian affiliates are each responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (including as provided under Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (including as provided under Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. The Milliman Indian affiliates may also use professional contact details of their clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is the Milliman Indian affiliates’ legitimate interest (including as provided under Art. 6 (1) letter (f) GDPR), unless data protection and privacy law require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman’s Indian affiliates and Milliman, Inc., or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that it and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR (adequacy decision or Model Clauses of the European Commission). Those can be made available at Milliman’s premises, by contacting us at [email protected].

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have the following rights under the Indian data privacy laws in relation to your Personal Data, namely:

1. the right of access: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to [email protected]. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

If you have any complaint regarding the handling of your Personal Data, you may contact Milliman’s Data Protection Officer at [email protected].

Milliman Personal Data Privacy Policy – Milliman Ltd, Ireland

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Irish affiliate’s (Milliman Ltd) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Ltd are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Ltd are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Ltd may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Ltd’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Ltd and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Ireland, such authority is the “Data Protection Commissioner” (www.dataprotection.ie).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman Limited, Isle of Man

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Manx affiliate’s (Milliman Limited) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the Manx Data Protection Act of 2018 and its secondary legislation including the Data Protection (Application of the GDPR) Order 2018 (GDPR Order) and the Data Protection (Application of the LED) Order 2018 (LED Order) as amended from time to time, the GDPR and LED Implementing Regulations 2018 and the Data Protection (Application of GDPR)(Amendment) Order 2019 (together the “Legislation”) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Limited are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the GDPR Order).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the GDPR Order). Milliman may rely on your consent (Art. 6 (1) letter (a) of the GDPR Order) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Limited’s legitimate interest (Art. 6 (1) letter (f) of the GDPR Order), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the Legislation, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

You have a number of rights under the Legislation in relation to your Personal Data, namely:

1. the right of access pursuant to Art. 15  of the GDPR Order, Art. 14 of the LED Order and Art. 43 of the Implementing Regulations: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 of the GDPR Order, Art. 16 of the LED Order and Art. 45 (1) (a) and (b) of the Implementing Regulations: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 of the GDPR Order, Art. 16 of the LED Order and Art. 45 (1) (c) of the Implementing Regulations: the right to obtain from us the erasure of your Personal Data without delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 (1) of the GDPR Order and Art. 16 of the LED Order and Art. 45 (3) of the Implementing Regulations: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art.21 (1) (2) of the GDPR Order: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including decisions based on automated processing, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 (1) of the GDPR Order: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent or on a contract and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 of the GDPR Order) and Art. 45 (7) (a) of the Implementing Regulations: you have the right to appeal to the competent data protection supervisory authority - in the Isle of Man, such authority is the “Information Commissioner” (www.inforights.im).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman S.R.L., Italy

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Italian affiliate’s (Milliman S.R.L.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman S.R.L. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman S.R.L. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman S.R.L. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman S.R.L.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman S.R.L. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Italy, such authority is the “Garante per la Protezione dei Dati Personali” (www.garanteprivacy.it).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy- Milliman Inc., Japan

Last updated June 2020

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s and the Japan affiliate’s (Milliman Japan) use and protection of personal data that individuals and clients residing within Japan share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU-U.S. Privacy Shield, the EU General Data Protection Regulation (GDPR), and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Japan are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Japan are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Japan may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Japan’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy law require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Japan and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR (adequacy decision or Model Clauses of the European Commission). Those can be made available at Milliman’s premises, by contacting us at [email protected].

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Privacy Shield

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-U.S. Privacy Shield Framework (or the Swiss-U.S. Privacy Shield Framework, as the case may be), as administered by the U.S. Department of Commerce. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and to view Milliman’s certification, please visit: https://www.privacyshield.gov/list. Milliman’s accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Milliman remains responsible and liable under the Privacy Shield Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage.

Rights

You have a number of rights under the GDPR in relation to your Personal Data, namely:

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed;
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on point our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to [email protected]. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

Milliman’s Data Protection Officer can be contacted at [email protected].

Milliman Personal Data Privacy Policy- Milliman Korea Co., Ltd., Korea

Last updated June 2020

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Korean affiliate’s (Milliman Korea) use and protection of personal data that individuals and clients residing within South Korea share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the Korean Personal Information Protection Act (KPIPA), and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Korea are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Korea are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 15(1)(vi) of KPIPA).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 15(1)(vi) of KPIPA). Milliman may rely on your consent (Art. 15(1)(i) of KPIPA) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Korea may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Korea’s legitimate interest (Art. 15(1)(vi) of KPIPA), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

No automated decision-making, including profiling, is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Korea and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that it and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the KPIPA. Those can be made available at Milliman’s premises, by contacting us at [email protected].

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have a number of rights under the KPIPA and the Korean Credit Information Use and Protection Act (KCIUPA) in relation to your Personal Data and credit information, namely:

1. the right of access pursuant to Art. 35 of KPIPA: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification and erasure pursuant to Art. 36 of KPIPA: you have the right to request rectification or erasure of Personal Data concerning you.
3. the right to suspension of processing pursuant to Art. 37 of KPIPA: you have the right to request suspension of processing your Personal Data. Nonetheless, such request may be denied if (a) a special provision exists in law or processing of your Personal Data is required to comply with other legal obligations; (b) there is a concern that such request might cause bodily harm or damage the life of a third party or if it could violate a third party’s property rights or other benefits; (c) a public institution cannot perform its task as prescribed in other law without processing your Personal Data; or (d) it is impossible to perform the agreed upon task without processing your Personal Data, assuming that you have not explicitly expressed your intent to terminate the contract.
4. the right to withdrawal of consent pursuant to Art. 39-7 of KPIPA: you have the right to withdraw your consent to collect, use, and provide Personal Data at any time. Said provision becomes effective as of August 5, 2020.
5. the right to transfer credit information pursuant to Art. 33-2 of KCIUPA (effective August 5, 2020): if Personal Data includes credit information, the owner of credit information has the right to request transfer of its personal credit information to (a) the owner of credit information; (b) personal credit information management company; (c) credit information provider/user prescribed by a Presidential Decree; (d) personal credit rating company; (e) other entity prescribed by a Presidential Decree.
   
   If Personal Data includes credit information, the scope of transferable personal credit information is determined by a Presidential Decree considering: (a) information directly collected from the owner of credit information by the credit information provider/user; (b) information directly provided to the credit information provider/user by the owner of credit information; and (c) information created in transactions between the credit information provider/user and the owner of credit information.
   
   If Personal Data includes credit information, transferable personal credit information shall not be information newly generated or processed by credit information provider/user.
   
   Upon receipt of transfer request of personal credit information, the credit information provider/user shall, without delay, transfer personal credit information through a secured and credible data processing unit, despite other applicable laws such as Act on Real Name Financial Transactions and Confidentiality, Framework Act on National Taxes, Framework Act on Local Taxes, KPIPA, etc.
   
   The credit information provider/user that transferred personal credit information may not need to notify the owner of credit information.
   
   The credit information provider/user may deny or suspend credit information owner’s transfer request for reasons prescribed by a Presidential Decree, such as when the identity of the credit information owner cannot be verified.
6. the right to appeal to a competent data protection supervisory authority (Art. 62 of KPIPA): anyone who suffers infringement on the rights or interests involving his/her Personal Data in the course of processing Personal Data by a controller may report such infringement to the Minister of the Interior and Safety.
   
   The Minister of the Interior and Safety may designate a specialized institution to efficiently receive and handle the claim reports, as prescribed by Presidential Decree. In such cases, such specialized institution shall establish and operate a personal information infringement call center, namely, Privacy Call Center.

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to [email protected]. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

If you have any questions or feedback relating to your Personal Data or about this Privacy Policy, please contact Milliman’s Data Protection Officer at [email protected].

Milliman Personal Data Privacy Policy – Milliman S.A., Luxembourg

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Luxembourg affiliate’s (Milliman S.A.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman S.A. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman S.A. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman S.A. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman S.A.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman S.A. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Luxembourg, such authority is the “National Commission for Data Protection (Commission Nationale pour la Protection des Données – CNPD)” (National Data Protection Commission - Luxembourg (public.lu)) .

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Netherlands, Milliman B.V.

______________________________________________________________________________________________________________

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Dutch affiliate’s (Milliman B.V.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman B.V. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman B.V. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman B.V. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman B.V. legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman B.V.and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Netherlands, such authority is the “Autoriteit Persoonsgegevens” (www.autoriteitpersoonsgegevens.nl).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Netherlands, Milliman Financial Strategies B.V.

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Dutch affiliate’s (Milliman Financial Strategies B.V.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Financial Strategies B.V.  are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Financial Strategies B.V.  are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Financial Strategies B.V may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Financial Strategies B.V ’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Financial Strategies B.V and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in the Netherlands, such authority is the “Autoriteit Persoonsgegevens”. (www.autoriteitpersoonsgegevens.nl).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Netherlands, Milliman Pensioenen B.V.

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Dutch affiliate’s (Milliman Pensioenen B.V.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Pensioenen B.V. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Pensioenen B.V. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Pensioenen B.V. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Pensioenen B.V.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Pensioenen B.V.and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in the Netherlands, such authority is the “Autoriteit Persoonsgegevens” (www.autoriteitpersoonsgegevens.nl).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman Sp. Z.o.o., Poland

English | Polish

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Polish affiliate’s (Milliman Sp. Z.o.o.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Sp. Z.o.o are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Sp. Z.o.o are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Sp. Z.o.o.  may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Sp. Z.o.o. ’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Sp. Z.o.o. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Poland, such authority is the “Office of Personal Data Protection” (www.uodo.gov.pl/).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Zasady ochrony prywatności firmy Milliman – Polska (PL)

Ostatnia aktualizacja maj 2024

Gdy firma Milliman działa jako Administrator danych

Firma Milliman, Inc. i jej spółki stowarzyszone i zależne (zwane dalej „Milliman” lub „my”) bardzo poważnie traktują ochronę danych. Niniejsze zasady ochrony prywatności dotyczącą wykorzystywania i ochrony przez polską spółkę zależną (Milliman Sp. z o.o.) danych osobowych, które osoby fizyczne i klienci zamieszkujący na terenie Europejskiego Obszaru Gospodarczego, na Wyspie Man, w Szwajcarii i Wielkiej Brytanii udostępniają naszej firmie („Dane osobowe”). Firma Milliman zobowiązuje się do przetwarzania Danych osobowych zgodnie z niniejszymi zasadami ochrony prywatności, ogólnym rozporządzeniem o ochronie danych Unii Europejskiej (RODO) oraz wszelkimi innymi mającymi zastosowanie przepisami dotyczącymi ochrony danych i prywatności.

Firmy Milliman, Inc. i Milliman Sp. z.o.o. są współadministratorami w odniesieniu do przetwarzania Danych osobowych opisanych w niniejszych zasadach ochrony prywatności. Oznacza to, że firmy Milliman, Inc. i Milliman Sp. z o.o. ponoszą odpowiedzialność za zapewnienie zgodności z obowiązującymi przepisami dotyczącymi ochrony danych.

Zbieranie danych

Dane zbiorcze

Tak jak wiele innych firm, Milliman monitoruje sposób, w jaki użytkownicy korzystają z jej witryn internetowych, poprzez zbieranie danych zbiorczych. W ramach tego procesu nie są zbierane żadne Dane osobowe. W typowym przypadku Milliman zbiera dane na temat liczby osób odwiedzających witrynę, dla każdej strony z osobna, a także nazwę domeny dostawcy usług internetowych odwiedzającego, z której pochodzi ruch. Dane te są wykorzystywane do poprawy użyteczności, wydajności i skuteczności witryny Milliman.

Pliki cookie, treści osadzone innych firm i brak śledzenia

Aby uzyskać bardziej szczegółowe informacje określające, w jaki sposób firma Milliman korzysta z plików cookie oraz w jaki sposób może podejmować decyzje dotyczące korzystania i rezygnacji z otrzymywania plików cookie, a także informacje na temat treści umieszczanych przez osoby trzecie na stronie internetowej Milliman oraz reakcji firmy Milliman na sygnały zakazu śledzenia w przeglądarkach, zapraszamy do zapoznania się z naszą Polityką dotyczącą plików cookie, która jest dostępna tutaj.

Przetwarzanie danych osobowych

Dane osobowe gromadzone przez naszą firmę różnią się w zależności od charakteru świadczonych usług i naszych interakcji z poszczególnymi osobami. W ramach gromadzenia danych za pośrednictwem tej strony internetowej, a także działań marketingowych i zarządzania usługami firmy Milliman, możemy zbierać, przechowywać i przetwarzać Dane osobowe:

- osób odwiedzających nasze strony internetowe (takie jak imię i nazwisko, stanowisko, firma, numer telefonu, lokalizacja, adres e-mail, przedmiot zapytania i przekazana wiadomość), które przesyłają zapytania dotyczące informacji o produktach lub usługach firmy Milliman, w celu zarządzania relacjami z osobami odwiedzającymi i zarządzania witryną internetową. Podstawą prawną przetwarzania danych osobowych jest uzasadniony interes firmy Milliman (art. 6 ust. 1 lit. f przepisów RODO).

- przedstawicieli klientów, urzędników, agentów i pracowników, partnerów biznesowych, dostawców, stron umowy (imię i nazwisko, adres służbowy, stanowisko, adres e-mail i inne służbowe dane kontaktowe), do celów związanych z zarządzaniem umową. Służbowe dane kontaktowe przedstawicieli klientów, ich pracowników i partnerów biznesowych są również wykorzystywane do aktywacji i prowadzenia kont klientów, w tym do celów rozliczeniowych, dokonywania należytej staranności i kontroli konfliktów, w celu ułatwienia komunikacji, wypełniania żądań lub odpowiadania na zapytania dotyczące produktów lub usług Milliman oraz w celu dostarczania ofert i informacji (zgodnie z prawem) o produktach, usługach lub wydarzeniach oferowanych przez Milliman lub które zdaniem Milliman mogą być interesujące.Podstawą prawną przetwarzania danych osobowych jest uzasadniony interes firmy Milliman (art. 6 (1) litera (f) przepisów RODO). Firma Milliman może polegać na udzielonej przez Państwa zgodzie (art. 6 (1) litera (a) przepisów RODO) w celu przesyłania wiadomości marketingowych, jeżeli wymagają tego przepisy o ochronie danych i prywatności – w takim przypadku prześlemy do Państwa zapytanie dotyczące wyrażenia zgody na wysyłanie takich wiadomości. Milliman Sp. z o.o. może również wykorzystywać służbowe dane kontaktowe pracowników swoich klientów w celu wysyłania ankiet, kwestionariuszy lub organizowania konkursów. W przypadku tych działań podstawą prawną przetwarzania danych osobowych jest uzasadniony interes firmy Milliman Sp. z o.o. (art. 6 (1) litera (f) przepisów RODO), chyba że przepisy dotyczące ochrony danych i prywatności wymagają Państwa uprzedniej zgody. Możemy również gromadzić i przetwarzać dotyczące Państwa ograniczone Dane osobowe pochodzące z zasobów publicznych (takich jak LinkedIn), takie jak imię i nazwisko, adres e-mail, numer telefonu, firma, tytuł/stanowisko, zawód, zainteresowania zawodowe, aby umożliwić nam ocenę potencjalnego zainteresowania naszymi usługami i w celu kontaktowania się z Państwem w celach marketingowych.

Kiedy kontaktujemy się z Państwem w sprawie produktów i usług, które oferujemy lub opracowujemy, w ramach każdej komunikacji mają Państwo możliwość anulowania subskrypcji i uniknięcia dalszej takiej komunikacji w przyszłości. Jeśli nie chcą Państwo, abyśmy gromadzili Państwa dane osobowe na potrzeby naszych marketingowych wiadomości e-mail lub zamierzają Państwo zrezygnować z otrzymywania bezpośredniej komunikacji marketingowej od naszej firmy, prosimy o wypełnienie ić odpowiedniego formularza dostępnegoy w sekcji ”Prawa”. Po otrzymaniu takiego wniosku zaprzestaniemy wykorzystywania Państwa Danych osobowych do celów marketingu bezpośredniego.

Jeśli przekazują nam Państwo Dane osobowe innej osoby, Państwa obowiązkiem jest upewnienie się, że osoby te wyraziły zgodę lub zostały odpowiednio poinformowane o przetwarzaniu ich danych osobowych przez firmę Milliman.

Powinni również Państwo upewnić się, że wszystkie przekazane nam dane osobowe są kompletne, dokładne, prawdziwe i prawidłowe. Brak przestrzegania tego zalecenia może spowodować, że nie będziemy w stanie dostarczyć Państwu produktów i usług, których dotyczy Państwa zapytanie. Żadne czynności dotyczące zautomatyzowanego podejmowania decyzji nie są podejmowane na podstawie uzyskanych od Państwa Danych osobowych.

Podmioty stowarzyszone i autoryzowani przedstawiciele zewnętrzni

Wszystkie witryny internetowe, produkty i usługi firmy Milliman są świadczone we współpracy z Milliman, Inc., z siedzibą w USA. Wszelkie Dane osobowe mogą być udostępniane pomiędzy Milliman SAS a Milliman, Inc. lub innymi podmiotami kontrolowanymi przez Milliman, Inc. lub znajdującymi się pod wspólną kontrolą z Milliman, Inc., zlokalizowanymi w Stanach Zjednoczonych i/lub Europie, w celu centralizacji ogólnych usług korporacyjnych Milliman, w tym: usług administracyjnych, zarządzania umowami, zarządzania relacjami z klientami (CRM), utrzymania i bezpieczeństwa IT, prywatności danych (zarządzanie żądaniami osób, których dane dotyczą) i usług marketingowych (zarządzanie plikami cookie, śledzenie zapytań za pośrednictwem formularza internetowego Milliman, komunikacja dotycząca produktów, usług lub wydarzeń Milliman). Możemy również udostępniać Dane osobowe podmiotom stowarzyszonym korzystającym ze znaku towarowego MILLIMAN® – w takim przypadku będziemy wymagać od takich podmiotów stowarzyszonych przestrzegania niniejszych Zasad ochrony prywatności. Informujemy, że możemy przesyłać Państwa Dane osobowe do krajów, w których nie obowiązują takie same przepisy dotyczące ochrony danych, jak w Państwa kraju. Niemniej jednak firma Milliman zapewnia, że zarówno ona sama, jak i jej podmioty stowarzyszone będą przetwarzać Dane osobowe zgodnie z niniejszymi Zasadami ochrony prywatności.

Firma Milliman może również udostępniać Dane osobowe autoryzowanym przedstawicielom zewnętrznym lub podwykonawcom, którzy wykonują usługi dla firmy Milliman. Jeśli firma Milliman udostępnia Dane osobowe stronie trzeciej, Milliman wymaga, aby dane strony trzecie wyraziły zgodę na przetwarzanie Danych osobowych w sposób zgodny z zaleceniami firmy Milliman i postanowieniami niniejszych Zasad ochrony prywatności.

Wszelkie przekazywanie danych osobowych podlega odpowiednim zabezpieczeniom zgodnym z przepisami RODO, zgodnie z opisem w sekcji „Przekazywanie danych osobowych przez granice państwowe”.

Pozostałe ujawnienia

Firma Milliman może także ujawniać Dane osobowe i powiązane informacje w odpowiedzi na nakaz sądowy, orzeczenie sądu oraz inne nakazy prawne wydane przez organy publiczne, a także w celu spełnienia wymogów związanych z bezpieczeństwem narodowym i egzekwowaniem prawa. Firma Milliman może zbierać i udostępniać Dane osobowe w celu prowadzenia dochodzenia i podejmowania działań związanych z łamaniem prawa, podejrzeniem oszustwa, naruszeniem Warunków użytkowania Milliman oraz innych określonych przepisami prawa.

Bezpieczeństwo

Milliman przechowuje dane osobowe na serwerze zabezpieczonym hasłem i strzeżonym przed nieautoryzowanym dostępem poprzez zaporę sieciową. Milliman stosuje zasady bezpieczeństwa opracowane w celu zapewnienia bezpieczeństwa i nienaruszalności Danych osobowych. Milliman podejmuje stosowne środki techniczne i organizacyjne w celu ochrony przed nieautoryzowanym i bezprawnym przetwarzaniem Danych osobowych oraz przypadkową utratą, zniszczeniem lub uszkodzeniem Danych osobowych posiadanych i przetwarzanych przez Milliman. Jeśli Milliman przekazuje Dane osobowe stronie trzeciej, Milliman wymaga, aby taka strona trzecia dysponowała właściwymi środkami technicznymi i organizacyjnymi, które muszą być zgodne z niniejszymi Zasadami ochrony prywatności i obowiązującymi przepisami.

Przechowywanie danych

Milliman przechowuje Dane osobowe tylko dopóki są one niezbędne do celów określonych w niniejszych Zasadach ochrony prywatności, chyba że dłuższy okres przechowywania jest wymagany lub dopuszczony prawnie. Państwa Dane osobowe zostaną usunięte przez firmę Milliman natychmiast po zrealizowaniu celu, w jakim zostały zebrane i przetworzone i gdy upłynie odpowiedni czas przechowywania dokumentacji i kopii zapasowych Danych osobowych. Jeśli zrezygnują Państwo z otrzymywania od nas informacji marketingowych, będziemy nadal przechowywać Państwa dane osobowe w dowolnym innym celu, w odniesieniu do którego nadal mamy podstawy prawne do przetwarzania takich Danych osobowych (na przykład w celu wypełnienia obowiązku prawnego lub gdy przetwarzanie jest konieczne do celów związanych z uzasadnionym interesem naszej firmy). W niektórych przypadkach, jeśli nie istnieją inne podstawy prawne, będziemy przechowywać dokumentację zawierającą ograniczone Dane osobowe (takie jak adres e-mail) na Państwa temat, aby mieć pewność, że komunikacja marketingowa nie będzie już wysyłana do Państwa.

Dzieci

Witryny, produkty i usługi Milliman nie są przeznaczone dla dzieci, a Milliman nie zbiera świadomie Danych osobowych dzieci. Jeśli rodzic lub opiekun prawny dowie się, że dziecko samowolnie dostarczyło firmie Milliman swoje Dane osobowe, powinien skontaktować się z Milliman, wypełnić odpowiedni formularz dostępny w sekcji ”Prawa”, a Milliman podejmie kroki w celu usunięcia wszelkich takich Danych osobowych.

Odnośniki prowadzące do stron trzecich

Na witrynach Milliman mogą znajdować się odnośniki prowadzące do witryn podmiotów innych niż nasza firma („Witryny stron trzecich”), którym przekazujemy (część) Państwa Danych osobowych.

Nie ujawniamy Państwa Danych osobowych na tych stronach internetowych osób trzecich bez Państwa wyraźnej zgody. Należy pamiętać, że wszelkie informacje, które przekazują Państwo stronom trzecim, nie znajdują się już pod naszą kontrolą i nie podlegają Zasadom ochrony prywatności firmy Milliman.

Należy zapoznać się z zasadami dotyczącymi ochrony prywatności wszystkich takich Witryn stron trzecich, aby zrozumieć, w jaki sposób każda z Witryn gromadzi i wykorzystuje Państwa Dane osobowe, gdyby zdecydowali się Państwo przekazać im swoje Dane osobowe. Nasza firma nie ponosi odpowiedzialności za treść ani działanie takich Witryn stron trzecich. Nie ponosimy żadnej odpowiedzialności za sposób, w jaki Witryna strony trzeciej traktuje wszelkie dane osobowe, które zdecydują się Państwo udostępnić na takiej Witrynie. Ponoszą Państwo we własnym zakresie całość ryzyka dotyczącego korzystania z Witryn stron trzecich.

Uaktualnienie Zasad

Milliman może od czasu do czasu zmieniać niniejsze Zasady ochrony prywatności. Z związku z tym Milliman zwraca się do wszystkich zainteresowanych z prośbą o okresowe sprawdzanie najnowszej ich wersji.

Przekazywanie danych osobowych przez granice państwowe

Milliman jest globalną firmą, która przekazuje dane osobowe przez granice państwowe zgodnie z przepisami prawa dotyczącymi przypadków takiego przekazania. Firma Milliman wprowadziła odpowiednie zabezpieczenia, których celem jest zapewnienie odpowiedniej ochrony przekazywanych danych. Podstawy prawne przekazywania danych przez firmę Milliman przedstawiono w niniejszych Zasadach ochrony prywatności. Jeśli dane osobowe są przekazywane z jednego z podmiotów w Europejskim Obszarze Gospodarczym („EOG”), Szwajcarii, na Wyspie Man lub w Wielkiej Brytanii do Stanów Zjednoczonych lub innego kraju poza EOG lub z podmiotów w EOG do innego kraju poza EOG, opieramy się na jednym lub kilku następujących mechanizmach prawnych, które zapewniają odpowiednie zabezpieczenia dla przekazywania danych: decyzjach o odpowiedniej ochronie danych przyjętych przez Komisję Europejską na podstawie art. 45 RODO, zatwierdzonych przez Komisję Europejską standardowych klauzulach umownych, ramy ochrony prywatności danych UE-USA (EU-US DPF), brytyjskie rozszerzenie ram ochrony prywatności danych UE-USA (UK Extension to the EU-US DPF) oraz szwajcarsko-amerykańskie ramy ochrony prywatności danych (Swiss-US DPF) lub jakikolwiek inny obowiązujący mechanizm przekazywania danych uznany za odpowiedni zgodnie z obowiązującymi przepisami o ochronie danych. Użytkownik może poprosić o kopię wszelkich standardowych klauzul umownych dotyczących jego Danych osobowych, których jesteśmy stroną, kontaktując się z nami przy użyciu poniższych danych. Milliman zobowiązuje się do współpracy z organami ochrony danych UE, szwajcarskim federalnym komisarzem ds. ochrony danych, komisarzem ds. informacji na Wyspie Man, brytyjskim biurem komisarza ds. informacji i wszelkimi innymi właściwymi organami ochrony danych oraz do przestrzegania zaleceń udzielanych przez takie organy w odniesieniu do Danych osobowych przekazywanych z jednego z naszych podmiotów w EOG, Szwajcarii, na Wyspie Man lub w Wielkiej Brytanii do krajów spoza EOG. Milliman przeprowadzi wszelkie niezbędne oceny wpływu, przestrzegając zasad wynikających z obowiązujących przepisów o ochronie danych, a tym samym gwarantując bezpieczne przekazywanie Danych osobowych użytkownika.

Ramy ochrony prywatności

Firma Milliman zobowiązuje się do przetwarzania Danych osobowych zgodnie z niniejszą Polityką prywatności i Ramami ochrony prywatności danych UE-USA (EU-US DPF), brytyjskim rozszerzeniem ram ochrony prywatności danych UE-USA (UK Extension to the EU-US DPF) oraz Ramami ochrony prywatności danych Szwajcaria-USA (Swiss-US DPF), zarządzanymi przez Departament Handlu USA. Milliman zaświadczył Departamentowi Handlu USA, że przestrzega Zasad ramowych ochrony prywatności danych UE-USA (Zasady DPF UE-USA) w odniesieniu do przetwarzania danych osobowych otrzymanych z Unii Europejskiej w oparciu o DPF UE-USA oraz ze Zjednoczonego Królestwa (i Gibraltaru) w oparciu o Rozszerzenie brytyjskie do DPF UE-USA. Firma Milliman poświadczyła Departamentowi Handlu Stanów Zjednoczonych, że przestrzega zasad Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) w odniesieniu do przetwarzania danych osobowych otrzymanych ze Szwajcarii w oparciu o Swiss-U.S. DPF.

W przypadku sprzeczności między warunkami niniejszej Polityki prywatności a Zasadami DPF UE-USA i/lub Zasadami DPF Szwajcaria-USA, obowiązują te Zasady. Aby dowiedzieć się więcej o programie Data Privacy Framework (DPF) i zapoznać się z certyfikacją Milliman, odwiedź stronę https://www.dataprivacyframework.gov/.

Odpowiedzialność Milliman za Dane osobowe, które otrzymuje zgodnie z Zasadami DPF, a następnie przekazuje stronie trzeciej, jest opisana w Zasadach DPF. W szczególności Milliman pozostaje odpowiedzialny i ponosi odpowiedzialność zgodnie z Zasadami DPF, jeśli strony trzecie zaangażowane przez Milliman przetwarzają Dane osobowe w sposób niezgodny z Zasadami, chyba że Milliman udowodni, że nie ponosi odpowiedzialności za zdarzenie powodujące jakąkolwiek szkodę. Ponadto firma Milliman, Inc. zawarła umowy o ochronie danych ze swoimi podmiotami stowarzyszonymi zlokalizowanymi w Europejskim Obszarze Gospodarczym w oparciu o standardowe klauzule umowne UE wydane przez Komisję Europejską ("standardowe klauzule umowne UE").

Jak wyjaśniono dalej w sekcji "Jak się z nami skontaktować" poniżej, Milliman zachęca każdą osobę do skontaktowania się z nami w przypadku skargi związanej z DPF (lub ogólnej skargi związanej z prywatnością). Wszelkie prawa dostępu, sprostowania, usunięcia, ograniczenia przetwarzania, a także prawo do przenoszenia danych osób fizycznych zamieszkałych w Europejskim Obszarze Gospodarczym lub Szwajcarii mogą być wykonywane na warunkach określonych w RODO poprzez kontakt z Milliman wypełniając odpowiedni formularz dostępny w sekcji ”Prawa”. Ponadto osoby te będą miały prawo do złożenia skargi do właściwego organu nadzorczego w dowolnym momencie.

Prawa

Mają Państwo liczne prawa określone przepisami RODO w odniesieniu do Państwa danych osobowych, a mianowicie:

1. prawo uzyskania dostępu zgodnie z postanowieniami Art. 15 przepisów RODO: mają Państwo prawo uzyskać od nas potwierdzenie, czy nasza firma przetwarza Państwa Dane osobowe oraz – jeśli tak jest – dostęp do takich danych osobowych (w tym także poprzez uzyskanie kopii) oraz informacje dotyczące sposobu i celów, dla których przetwarzamy Państwa dane osobowe, aby mogli Państwo zweryfikować ich dokładność i zgodność z przepisami dotyczącymi przetwarzania.
2. prawo do sprostowania danych zgodnie z art. 16 przepisów RODO: mają Państwo prawo do zażądania od naszej firmy sprostowania niedokładnych danych osobowych, które Państwa dotyczą, a także prawo do uzupełnienia niekompletnych danych osobowych, w tym poprzez złożenie dodatkowego oświadczenia..
3. prawo do usunięcia danych zgodnie z art. 17 przepisów RODO: prawo do uzyskania od nas usunięcia danych osobowych bez zbędnej zwłoki, w przypadku gdy (a) dane osobowe nie są już konieczne do celów, dla których zostały zgromadzone/były przetwarzane; (b) chcą Państwo wycofać swoją zgodę na przetwarzanie danych (z wyjątkiem przypadków, gdy nasza firma ma inną podstawę prawną ich przetwarzania, z której możemy skorzystać); (c) jeżeli przetwarzanie odbywa się na podstawie naszych uzasadnionych interesów i nie ma nadrzędnych uzasadnionych podstaw przetwarzania; (d) jeżeli Państwa dane osobowe były przetwarzane w sposób niezgodny z prawem;.
4. prawo do ograniczenia przetwarzania zgodnie z art. 18 przepisów RODO: mają Państwo prawo zażądania od naszej firmy ograniczenia przetwarzania Państwa danych osobowych, jeżeli (a) kwestionują Państwo prawidłowość takich danych osobowych (po upływie pewnego okresu, podczas którego będziemy mogli zweryfikować prawidłowość Państwa danych osobowych); (b) przetwarzanie Państwa danych osobowych jest niezgodne z prawem, ale sprzeciwiają się Państwo usunięciu takich danych i zamiast tego żądają Państwo ograniczenia ich wykorzystania; (c) uważają Państwo, że nie potrzebujemy już Państwa danych osobowych do celów przetwarzania, ale potrzebujemy takich Danych osobowych do ustalenia, dochodzenia lub obrony roszczeń prawnych; (d) wyrazili Państwo sprzeciw wobec przetwarzania Państwa danych osobowych na podstawie „uzasadnionego interesu” zgodnie z postanowieniami punktu (iii) powyżej, w oczekiwaniu na weryfikację przez naszą firmę, czy nasze uzasadnione podstawy przetwarzania mają znaczenie nadrzędne wobec Państwa praw..
5. prawo do wyrażenia sprzeciwu zgodnie z art. 21 przepisów RODO: mają Państwo prawo wyrażenia w dowolnym momencie – z przyczyn związanych z Państwa szczególną sytuacją – sprzeciwu wobec przetwarzania Państwa Danych osobowych w oparciu o uzasadniony interes naszej firmy, w tym także w odniesieniu do profilowania prowadzonego w oparciu o te postanowienia. Nasza firma nie będzie dłużej przetwarzać Państwa Danych osobowych, chyba że będziemy mieć uzasadnione podstawy przetwarzania, nadrzędne w wobec Państwa interesów, praw i wolności lub w celu ustalenia, wykonania lub obrony roszczeń prawnych. Mogą Państwo wyrazić sprzeciw wobec przetwarzania Państwa danych osobowych lub ich wykorzystywania w celach marketingu bezpośredniego w dowolnym momencie, bez podania przyczyny..
6. prawo do przenoszenia danych zgodnie z art. 20 przepisów RODO: mają Państwo prawo do otrzymania dotyczących Państwa Danych osobowych, które przekazali Państwo naszej firmie, w ustrukturyzowanym, powszechnie używanym i nadającym się do odczytu maszynowego formacie oraz do przesłania takich Danych innemu administratorowi danych (należy pamiętać, że dotyczy to wyłącznie przetwarzania przez naszą firmę Państwa danych osobowych w oparciu o Państwa zgodę, a przetwarzanie odbywa się w sposób zautomatyzowany)..
7. prawo do odwołania się do właściwego organu nadzoru w zakresie ochrony danych (art. 77 przepisów RODO): mają Państwo prawo złożenia odwołania do właściwego organu nadzoru w zakresie ochrony danych – w Polsce takim organem jest „Urząd Ochrony Danych Osobowych” (www.uodo.gov.pl).

Należy pamiętać, że wszelkie operacje przetwarzania Państwa danych osobowych, przeprowadzone przed usunięciem konta w naszej firmie lub przesłaniem wniosku dotyczącego zaprzestania dalszych kontaktów z Państwem w celach marketingu bezpośredniego, pozostaną ważne na podstawie obowiązujących wówczas podstaw prawnych.

Mogą Państwo skorzystać z dowolnego ze swoich praw określonych powyżej, wypełniając odpowiedni formularz tutaj. Do rozpatrzenia takich wniosków Milliman korzysta z platformy Data Subject Access Request dostawcy usług One Trust. One Trust działa jako podmiot przetwarzający dane Milliman.

Mogą Państwo również wysłać list na adres: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. Dołożymy wszelkich starań, aby odpowiedzieć na każdy taki wniosek tak szybko, jak to możliwe, a w każdym razie w ustawowym terminie 30 dni..

W jaki sposób skontaktować się z naszą firmą

Z firmą Milliman można skontaktować się pod adresem [email protected]. Milliman z przyjemnością przyjmuje informacje zwrotne i pytania dotyczące niniejszej Polityki prywatności. Jeśli z jakiegokolwiek powodu chcecie się Państwo z nami skontaktować, prosze wysłać wiadomość e-mail na adres [email protected]). Skargi będą rozwiązywane wewnętrznie zgodnie z procedurami Milliman dotyczącymi skarg.

Jeśli zamieszkują Państwo na terenie Unii Europejskiej, Europejskiego Obszaru Gospodarczego lub Szwajcarii i mają skargę dotyczącą postępowania z jego Danymi Osobowymi zgodnie z Zasadami DPF, a Wasze starania zmierzające do wewnętrznego rozwiązania sprawy są niezadowalające, skarga może zostać przekazana do Amerykańskiego Stowarzyszenia Arbitrażowego (http://www.adr.org/), które zostało wybrane jako niezależny mechanizm odwoławczy do rozstrzygania skarg i sporów związanych z przetwarzaniem Danych Osobowych pochodzących z Unii Europejskiej, Europejskiego Obszaru Gospodarczego lub Szwajcarii i przekazanych do USA na mocy niniejszej Polityki Prywatności. Pod pewnymi warunkami możecie Państwo być uprawnieni do powołania się na wiążący arbitraż po wyczerpaniu innych procedur rozstrzygania sporów. Milliman podlega uprawnieniom dochodzeniowym i egzekucyjnym Federalnej Komisji Handlu Stanów Zjednoczonych (FTC).

Milliman Personal Data Privacy Policy – Romania

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Romanian affiliate’s (Milliman S.R.L.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman S.R.L. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman S.R.L. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman S.R.L. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman S.R.L.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman S.R.L. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Romania, such authority is the “National Supervisory Authority for Personal Data Processing (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal)” (Home page (dataprotection.ro)).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy- Milliman Private Limited, Singapore

______________________________________________________________________________________________________________

Last updated June 2020

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman's and the Singapore affiliate’s (Milliman Private Limited) collection, use, disclosure, processing and protection of Personal Data (as defined below) that individuals and clients residing within Singapore share with us, hereafter “you.” Milliman is committed to handling Personal Data in accordance with this Privacy Policy, Singapore's Personal Data Protection Act (Act 26 of 2012) (“PDPA”), and other data protection and privacy laws, as applicable.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

In this Privacy Policy, "Personal Data" means any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. By providing any Personal Data in the course of interacting with us, including via this website, in connection with Milliman’s marketing activities or contract administration, you agree and consent to the collection, use, disclosure and processing of your Personal Data for the purposes and in the manner set out in this Privacy Policy. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may, to the extent permitted by law or with your consent, collect, use, disclose, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website;.

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest.

Furthermore, where permitted by applicable data protection and privacy laws, Milliman may also collect, use, disclose, store or otherwise process (i) your Personal Data for the sending of marketing communications; and (ii) professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, texts and/or SMS, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Private Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the PDPA and/or any other applicable data protection and privacy laws. Those can be made available at Milliman’s premises, by contacting us at [email protected].

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

Depending on the applicable law, you have a number of rights under the PDPA or such other applicable data protection and privacy laws in relation to your Personal Data, including:

1. the right to make an access or a correction request: If you wish to make (a) a request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below. Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
2. the right to withdraw your consent: The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
   
   If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Milliman may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with Milliman, and your being in breach of your contractual obligations or undertakings. Milliman's legal rights and remedies in such event are expressly reserved.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclosure without consent is permitted or required under applicable laws, and any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights, by sending us a request to [email protected]. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

If you:

1. have any questions or feedback relating to your Personal Data or about this Privacy Policy;
2. would like to withdraw your consent to any use of your Personal Data as set out in this Privacy Policy; or
3. would like to obtain access and make correction to your Personal Data records,

please contact Milliman’s Data Protection Officer at [email protected].

Please note that if your Personal Data has been provided to us by a third party (e.g. your employer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to Milliman on your behalf.

This Privacy Policy shall be governed in all respects by the laws of Singapore.

Milliman Personal Information Privacy Policy – Milliman (Pty) Limited, South Africa

______________________________________________________________________________________________________________

Last updated May 2024

Where Milliman is Acting as a Responsible Party

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the South Africa affiliate ("Milliman (Pty) Limited") use and protection of personal data that individuals and clients share with us (“Personal Information”), hereafter “you”. Milliman is committed to handling Personal Information in accordance with this Privacy Policy, the Protection of Personal Information Act, 2013 ("POPIA") and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman (Pty) Limited are joint-responsible parties with respect to the processing of Personal Information described in this Privacy Policy. This means that Milliman, Inc. and Milliman (Pty) Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Information is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Information

The Personal Information we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Information of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Information is Milliman’s legitimate interest (Section 11(1)(d) and (f) of POPIA).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Information is Milliman’s legitimate interest (Section 11(1) d and (f) of POPIA). Milliman may rely on your consent (Section 11(1)(a) of POPIA) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman (Pty) Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organising contests. For those activities, the legal basis for the processing of Personal Information is Milliman (Pty) Limited’s legitimate interest (Section 11(1)(f) of POPIA), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Information about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organisation, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Information of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Information by Milliman.

You should also ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Information collected from you.

Affiliates and Authorised Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Information may be shared between Milliman (Pty) Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Information with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Information to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Information in compliance with this Privacy Policy.

Milliman also may share Personal Information with authorised third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Information with a third party, Milliman requires that those third parties agree to process Personal Information based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Information are subject to appropriate safeguards that are compliant with POPIA.

Other Disclosures

Milliman may also disclose Personal Information and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Information in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Information on a secure server that is password protected and shielded from unauthorised access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Information. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Information and against accidental loss or destruction of, or damage to, Personal Information held or processed by Milliman. If Milliman forwards Personal Information to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Information once the purpose of the collection and processing of such Personal Information has been fulfilled and the adequate duration for documentation and backup storage of such Personal Information has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Information for any other purpose for which we still have legal grounds for processing such Personal Information (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Information (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Information.

We do not disclose your Personal Information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Information Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Information should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Information that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have a number of rights under POPIA in relation to your Personal Information, namely:

1. the right of access pursuant to section 23(1) of POPIA: you have the right to obtain from us confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Information and the manner in which, and the purposes for which we process your Personal Information, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to section 24 of POPIA: you have the right to obtain from us the rectification of inaccurate Personal Information concerning you, and the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to section 24 of POPIA: you have the right to obtain from us the erasure of your Personal Information without undue delay where (a) your Personal Information is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Information has been unlawfully processed.
4. the right to restriction of processing pursuant to section 11(2)(b) of POPIA: you have the right to obtain from us the restriction of processing of your Personal Information where (a) the accuracy of such Personal Information is contested by you (for such period as will enable us to verify the accuracy of your Personal Information); (b) the processing of your Personal Information is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Information for the purposes of the processing, but require such Personal Information for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Information on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to section 11(3) of POPIA: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Information, which is based on point our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Information unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Information or direct marketing purposes at any time, without giving reason.
6. the right to institute civil proceedingsregarding any alleged interference with the protection of your Personal Information as provided in section 99 POPIA.
7. the right to complain to the Information Regulator in terms of section 74 of POPIA: you have the right to complain to the competent data protection supervisory authority - in South Africa such authority is the Information Regulator .

Please note that any processing of your Personal Information prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

Milliman Personal Data Privacy Policy – Milliman Consultants and Actuaries S.L., Spain

English | Spanish

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Spanish affiliate’s (Milliman Consultants and Actuaries S.L.) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Consultants and Actuaries S.L. are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Consultants and Actuaries S.L. are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Consultants and Actuaries S.L. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Consultants and Actuaries S.L.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal insubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do ch may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Consultants and Actuaries S.L. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Spain, such authority is the “Agencia Española de Protección de Datos” (Agencia Española de Protección de Datos | AEPD)

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Política de Privacidad de Datos Personales de Milliman - España (ESP)

Última actualización: mayo de 2024

Cuando Milliman actúa como Responsable del tratamiento

Milliman, Inc. y sus filiales ("Milliman" o "nosotros") se toman muy en serio la privacidad de los datos. Esta Política de Privacidad establece los principios que rigen el uso y la protección de los Datos Personales que los individuos y clientes residentes en el Espacio Económico Europeo, la Isla de Man, Suiza y el Reino Unido comparten con nosotros ("Datos Personales"), en adelante "usted". Milliman se compromete a tratar los Datos Personales de acuerdo con esta Política de Privacidad, el Reglamento General de Protección de Datos de la UE (RGPD) y otras leyes de protección de datos y privacidad, según corresponda.

Milliman, Inc. y Milliman Consultants and Actuaries S.L. son corresponsables del tratamiento de los Datos Personales descritos en esta Política de Privacidad. Esto significa que tanto Milliman, Inc. como Milliman Consultants and Actuaries S.L. son responsables del cumplimiento de las leyes de protección de datos aplicables.

Recogida de datos

Datos agregados

Al igual que muchas empresas, Milliman supervisa el uso de sus sitios web mediante la recopilación de datos agregados. En este proceso no se recogen Datos Personales. Normalmente, Milliman recoge datos sobre el número de visitantes del sitio web, de cada página web y el nombre del dominio de origen del proveedor de servicios de Internet del visitante. Estos datos se utilizan para mejorar la usabilidad, el rendimiento y la eficacia del sitio web de Milliman.

Cookies, contenido incrustado de terceros y Do Not Track

Para obtener información más detallada sobre el uso de cookies por parte de Milliman y las opciones que usted tiene en relación con el uso y la exclusión de dichas cookies, incluida la información sobre el contenido de terceros insertado en el sitio web de Milliman y la forma en que Milliman responde a las señales Do Not Track en los navegadores, consulte nuestra Política de Cookies, que puede encontrar aquí.

Tratamiento de Datos Personales

Los Datos Personales que recogemos varían en función de la naturaleza de los servicios prestados y de nuestras interacciones con las personas. En el contexto de la recopilación de datos a través de este sitio web, las actividades de marketing de Milliman y la administración de contratos, podemos recoger, almacenar y tratar de otro modo los Datos Personales de:

- los visitantes de nuestros sitios web (nombre, apellido, cargo, empresa, número de teléfono, ubicación, dirección de correo electrónico, objeto de la solicitud y mensaje enviado) que solicitan información sobre productos o servicios de Milliman, con el fin de gestionar la relación con los visitantes y la administración del sitio web. La base legal sobre la que se desarrolla el tratamiento de los Datos Personales es el interés legítimo de Milliman (Art. 6 (1) letra (f) RGPD).

- los representantes de los clientes, los directivos, los agentes y los empleados, los socios comerciales, los proveedores y las partes de un contrato (nombre, dirección profesional, cargo, correo electrónico y otros datos de contacto profesionales) con fines de administración de contratos. Los datos de contacto profesionales de los representantes de los clientes, sus empleados y socios comerciales también se utilizan para activar y mantener las cuentas de los clientes, incluso con fines de facturación, diligencia debida y comprobación de posibles conflictos de interés, para facilitar la comunicación, para satisfacer solicitudes o responder a consultas sobre productos o servicios de Milliman y para proporcionar ofertas e información (según permita la ley) sobre productos, servicios o eventos ofrecidos por Milliman o que Milliman considere que puedan ser de su interés. La base legal sobre la que se desarrolla el tratamiento de los Datos Personales es el interés legítimo de Milliman (Art. 6 (1) letra (f) RGPD). Milliman puede basarse en su consentimiento (Art. 6 (1) letra (a) RGPD) para el envío de comunicaciones de marketing cuando así lo requieran las leyes de protección de datos y privacidad, en cuyo caso le pediremos su consentimiento antes de enviar la comunicación. Milliman Consultants and Actuaries S.L. también puede utilizar los datos de contacto profesionales de los empleados de sus clientes con el fin de enviar encuestas, cuestionarios o para organizar concursos. Para estas actividades, la base legal sobre la que se desarrolla el tratamiento de los Datos Personales es el interés legítimo de Milliman Consultants and Actuaries S.L. (Art. 6 (1) letra (f) RGPD), a menos que la ley de protección de datos y privacidad requiera su consentimiento previo. También podemos recoger y tratar determinados Datos Personales sobre usted a partir de recursos públicos (como LinkedIn), incluyendo su nombre/apellido, dirección de correo electrónico, número de teléfono, organización, título/posición, profesión, intereses profesionales, para permitirnos evaluar un posible interés en nuestros servicios y ponernos en contacto con usted con fines de marketing.

Cuando nos comuniquemos con usted en relación con los productos y servicios que ofrecemos o desarrollamos, se le dará la oportunidad en cada comunicación de darse de baja y evitar futuras comunicaciones de ese tipo. Si no desea que recopilemos sus Datos Personales para nuestros correos electrónicos de marketing, o si desea darse de baja de nuestras comunicaciones de marketing directo, puede rellenar el formulario correspondiente disponible en la sección «Derechos». Dejaremos de utilizar sus Datos Personales para fines de marketing directo una vez que nos lo haya solicitado.

Si usted nos proporciona Datos Personales de otra persona, es su deber asegurarse de que estas personas han consentido o están debidamente informadas sobre el tratamiento de sus Datos Personales por parte de Milliman.

También debe asegurarse de que todos los Datos Personales que nos envía están completos, son precisos, verdaderos y correctos. Si no lo hace, es posible que no podamos ofrecerle los productos y servicios que ha solicitado.

No se lleva a cabo ninguna toma de decisiones automatizada sobre la base de los Datos Personales recogidos de usted.

Afiliados y Agentes Terceros Autorizados

Todos los sitios web, productos y servicios de Milliman se proporcionan en cooperación con Milliman, Inc. ubicada en EE.UU. Cualquier Dato Personal podrá ser compartido entre Milliman SAS y Milliman, Inc. u otras entidades controladas por, o bajo control común con, Milliman, Inc, ubicadas en EE.UU. y/o Europa, a efectos de la centralización de los Servicios Corporativos Generales de Milliman, incluyendo: servicios administrativos, gestión de contratos, Gestión de la Relación con el Cliente (CRM), mantenimiento informático y seguridad, privacidad de los datos (gestión de la solicitud de los interesados) y servicios de marketing (gestión de cookies, seguimiento de consultas a través del formulario de la página web de Milliman, comunicación relativa a los productos, servicios o eventos de Milliman).

Milliman también puede compartir Datos Personales con terceros agentes o contratistas autorizados que realizan servicios para Milliman. Si Milliman comparte Datos Personales con un tercero, Milliman requiere que dichos terceros se comprometan a tratar los Datos Personales en base a las instrucciones de Milliman y en cumplimiento de esta Política de Privacidad.

Todas las transferencias de Datos Personales están sujetas a las salvaguardias adecuadas de acuerdo con lo establecido en el RGPD, como se describe en la sección "Transferencias de Datos Personales a través de las fronteras nacionales".

Otras divulgaciones

Milliman también puede revelar Datos Personales y otra información relacionada en respuesta a citaciones, órdenes judiciales u otras solicitudes legales de las autoridades públicas, y para cumplir con los requisitos de seguridad nacional o en aplicación de la ley. Milliman puede recoger y compartir Datos Personales para investigar o tomar medidas en relación con actividades ilegales, sospechas de fraude, violaciones de las Condiciones de Uso de Milliman, o según lo requiera la ley o la normativa.

Seguridad

Milliman almacena los Datos Personales en un servidor seguro, protegido por contraseña y protegido del acceso no autorizado por un cortafuegos. Milliman cuenta con políticas de seguridad destinadas a garantizar la seguridad e integridad de todos los Datos Personales. Milliman dispone de medidas técnicas y organizativas adecuadas para proteger los Datos Personales contra el tratamiento no autorizado o ilegal y contra la pérdida o destrucción accidental o el daño de los Datos Personales conservados o tratados por Milliman. Si Milliman transmite Datos Personales a terceros, Milliman exige que dichos terceros dispongan de las medidas técnicas y organizativas adecuadas para cumplir con la presente Política de Privacidad y la legislación aplicable.

Conservación de datos

Milliman conserva los Datos Personales sólo durante el tiempo necesario para cumplir con los propósitos descritos en esta Política de Privacidad, a menos que se requiera un período de retención más largo o que no esté prohibido por la ley. Milliman eliminará sus Datos Personales una vez que se haya cumplido la finalidad de la recogida y el tratamiento de dichos Datos Personales y haya transcurrido el plazo adecuado para la documentación y el almacenamiento de reserva de dichos Datos Personales. Si usted se ha dado de baja de la recepción de información de marketing por nuestra parte, seguiremos conservando sus Datos Personales para cualquier otro propósito para el que todavía tengamos motivos legales para tratar dichos Datos Personales (como por ejemplo, para cumplir con una obligación legal o cuando el tratamiento sea necesario para el propósito de nuestro interés legítimo). En algunos casos, si no existen otros fundamentos jurídicos, mantendremos registrados determinados Datos Personales (como su dirección de correo electrónico) sobre usted, para poder garantizar que en el futuro ya no se le envíen dichas comunicaciones de marketing.

Niños

Los sitios web, productos y servicios de Milliman no están dirigidos a los niños, y Milliman no recoge a sabiendas Datos Personales de niños. Si un progenitor o tutor legal se da cuenta de que su hijo ha proporcionado Datos Personales a Milliman sin su consentimiento, el progenitor o tutor legal debe rellenar el formulario correspondiente disponible en la sección «Derechos», y Milliman tomará medidas para eliminar dichos Datos Personales.

Enlaces de terceros

La página web de Milliman puede contener enlaces a páginas web alojadas y gestionadas por empresas distintas a nosotros ("páginas web de terceros") a las que usted puede exportar (parte de) sus Datos Personales.

No revelamos sus Datos Personales a estas páginas web de terceros sin su consentimiento explícito. Tenga en cuenta que cualquier información que revele a las páginas web de terceros ya no está bajo nuestro control y ya no está sujeta a la Política de Privacidad de Datos Personales de Milliman.

Usted debe revisar las prácticas de la Política de Privacidad de cualquier página web de terceros para entender cómo ésta recoge y utiliza sus Datos Personales en caso de que usted haya decidido revelarles sus Datos Personales. No somos responsables del contenido ni del funcionamiento de estas páginas web de terceros. No somos en absoluto responsables de la forma en que una página web de terceros trate los Datos Personales que usted decida proporcionar a dicha página web de terceros, y el uso de las páginas web de terceros es estrictamente por su cuenta y riesgo.

Actualizaciones de la Política de Privacidad

Milliman puede cambiar su Política de Privacidad de vez en cuando. Por lo tanto, Milliman pide a todas las personas interesadas que la revisen ocasionalmente para asegurarse de que conocen la versión más reciente.

Transferencias de Datos Personales a través de las fronteras nacionales

Milliman es una empresa global que transfiere Datos Personales a través de las fronteras nacionales en cumplimiento de las leyes que se aplican a dichas transferencias. Milliman ha establecido las salvaguardias apropiadas para garantizar que sus transferencias de datos estén adecuadamente protegidas. Las bases legales de Milliman para las respectivas transferencias de datos se describen en esta Política de Privacidad. Cuando los Datos Personales se transfieren desde una de nuestras entidades en el Espacio Económico Europeo ("EEE"), Suiza, la Isla de Man o el Reino Unido a los Estados Unidos o a otro país fuera del EEE, o desde entidades en el EEE a otro país fuera del EEE, nos basamos en uno o más de los siguientes mecanismos legales que proporcionan garantías adecuadas para las transferencias: las decisiones de adecuación adoptadas por la Comisión Europea sobre la base del Art. 45 del RGPD, las Cláusulas Contractuales Tipo aprobadas por la Comisión Europea, el Marco de Privacidad de Datos UE-EE.UU. (DPF UE-EE.UU.), la Extensión del Reino Unido al DPF UE-EE.UU., y el Marco de Privacidad de Datos Suiza-EE.UU. (DPF Suiza-EE.UU.), o cualquier otro mecanismo de transferencia aplicable considerado adecuado por las leyes de protección de datos aplicables. Puede solicitar una copia de las cláusulas contractuales tipo relativas a sus Datos Personales que hayamos suscrito poniéndose en contacto con nosotros a través de los datos que figuran más abajo. Milliman se compromete a cooperar con las autoridades de protección de datos de la UE, el Comisionado Federal Suizo de Protección de Datos, el Comisionado de Información de la Isla de Man, la Oficina del Comisionado de Información del Reino Unido y cualquier otra autoridad pertinente de protección de datos, y a cumplir con el asesoramiento dado por dichas autoridades, en relación con los Datos Personales transferidos desde una de nuestras entidades en el EEE, Suiza, la Isla de Man o el Reino Unido, a países fuera del EEE. Milliman llevará a cabo las evaluaciones de impacto necesarias, siguiendo las normas de las leyes de protección de datos aplicables y garantizando así la transferencia segura de sus Datos Personales.

Marco de Privacidad de Datos

Milliman se compromete a tratar los Datos Personales de acuerdo con la presente Política de Privacidad y el Marco de Privacidad de Datos UE-EE.UU. (DPF UE-EE.UU.), la Extensión del Reino Unido al DPF UE-EE.UU., y el Marco de Privacidad de Datos Suiza-EE.UU. (DPF Suiza-EE.UU.), administrados por el Departamento de Comercio de EE.UU. Milliman ha certificado al Departamento de Comercio de EE.UU. que se adhiere a los Principios del Marco de Privacidad de Datos UE-EE.UU. (Principios DPF UE-EE.UU.) en relación con el tratamiento de los datos personales recibidos de la Unión Europea en virtud del DPF UE-EE.UU. y del Reino Unido (y Gibraltar) en virtud de la Extensión del Reino Unido al DPF UE-EE.UU.. Milliman ha certificado al Departamento de Comercio de EE.UU. que se adhiere a los Principios del Marco de Privacidad de Datos Suiza-EE.UU. (Principios DPF Suiza-EE.UU.) con respecto al tratamiento de datos personales recibidos de Suiza en virtud del DPF Suiza-EE.UU.

En caso de conflicto entre los términos de la presente Política de Privacidad y los Principios DPF UE-EE.UU. y/o los Principios DPF Suiza-EE.UU., prevalecerán los Principios. Para obtener más información sobre el programa Marco de Privacidad de Datos (DPF) y ver la certificación de Milliman, visite https://www.dataprivacyframework.gov/.

La responsabilidad de Milliman sobre los Datos Personales que recibe en virtud de los Principios DPF y que posteriormente transfiere a un tercero se describe en los Principios DPF. En particular, Milliman sigue siendo responsable en virtud de los Principios DPF si los terceros contratados por Milliman tratan los Datos Personales de manera incompatible con los Principios, a menos que Milliman demuestre que no es responsable del hecho que haya dado lugar a cualquier daño. Además, Milliman, Inc. ha establecido acuerdos de protección de datos con sus filiales situadas en el Espacio Económico Europeo basados en las Cláusulas Contractuales Tipo de la UE emitidas por la Comisión Europea (las "Cláusulas Contractuales Tipo de la UE").

Como se explica con más detalle en la sección "Cómo ponerse en contacto con nosotros" que figura más adelante, Milliman anima a cualquier persona a ponerse en contacto con nosotros en caso de que tenga una reclamación relacionada con el DPF (o relacionada con la privacidad en general). Cualquier derecho de acceso, rectificación, supresión, limitación del tratamiento, así como el derecho a la portabilidad de los datos de las personas físicas domiciliadas en el Espacio Económico Europeo o en Suiza, podrá ejercerse en las condiciones establecidas en el GDPR rellenando el formulario correspondiente disponible en la sección «Derechos». Además, estas personas tendrán derecho a presentar una reclamación ante una autoridad de control competente en cualquier momento.

Derechos

Usted tiene una serie de derechos en virtud del RGPD en relación con sus Datos Personales, a saber:

1. el derecho de acceso de acuerdo con el Art. 15 del RGPD: tiene derecho a que le confirmemos si se están tratando o no Datos Personales que le conciernen y, en tal caso, a acceder (incluso a obtener una copia) a dichos Datos Personales, así como a la forma y los fines para los que tratamos sus Datos Personales, de modo que pueda verificar su exactitud y la legalidad del tratamiento.
2. el derecho de rectificación de conformidad con el Art. 16 RGPD: tiene derecho a obtener de nosotros la rectificación de los Datos Personales inexactos que le conciernen, así como el derecho a que se completen los Datos Personales incompletos, incluso mediante el suministro de una declaración complementaria.
3. el derecho a la supresión de conformidad con el Art. 17 del RGPD el derecho a obtener de nosotros la supresión de sus Datos Personales sin demora indebida cuando (a) sus Datos Personales ya no sean necesarios para los fines para los que fueron recogidos/tratados; (b) usted desee retirar su consentimiento para el tratamiento (excepto cuando tengamos otro fundamento jurídico para el tratamiento en el que podamos basarnos); (c) cuando el tratamiento se base en nuestros intereses legítimos y no existan motivos legítimos imperativos para el tratamiento; (d) cuando sus Datos Personales hayan sido tratados ilegalmente
4. el derecho a la limitación del tratamiento de acuerdo con el Art. 18 RGPD: usted tiene derecho a obtener de nosotros la limitación del tratamiento de sus Datos Personales cuando (a) usted impugne la exactitud de dichos Datos Personales (durante el período que nos permita verificar la exactitud de sus Datos Personales); (b) el tratamiento de sus Datos Personales sea ilegal, pero usted se opone a la eliminación de dichos datos y, en cambio, solicita la restricción de su uso; (c) usted considere que ya no necesitamos sus Datos Personales para los fines del tratamiento, pero nosotros los necesitamos para el establecimiento, ejercicio de reclamaciones legales o defensa frente a las mismas; (d) usted se ha opuesto al tratamiento de sus Datos Personales por motivos de "interés legítimo" de acuerdo con el punto (iii) anterior, a la espera de que verifiquemos si nuestros motivos legítimos prevalecen sobre los suyos.
5. el derecho de oposición de acuerdo con el Art. 21 del RGPD: tiene derecho a oponerse, por motivos relacionados con su situación particular, en cualquier momento al tratamiento de sus Datos Personales, que se basa en nuestros intereses legítimos, incluida la elaboración de perfiles basada en dichas disposiciones. Dejaremos de tratar los Datos Personales a menos que tengamos motivos legítimos imperiosos para el tratamiento que prevalezcan sobre sus intereses, derechos y libertades o para el establecimiento, ejercicio de reclamaciones legales o defensa frente a las mismas. Usted puede oponerse al tratamiento de sus Datos Personales o a los fines de la comercialización directa en cualquier momento, sin necesidad de indicar el motivo.
6. el derecho a la portabilidad de los datos de acuerdo con el Art. 20 del RGPD: tiene derecho a recibir los Datos Personales que le conciernen y que nos ha facilitado en un formato estructurado, de uso común y lectura mecánica, y a transmitirlos a otro responsable del tratamiento (tenga en cuenta que esto solo se aplica cuando nuestro tratamiento de sus Datos Personales se basa en su consentimiento, y el tratamiento se lleva a cabo por medios automatizados).
7. el derecho a recurrir a una autoridad de control competente en materia de protección de datos (art. 77 del RGPD): tiene derecho a recurrir a la autoridad de control competente en materia de protección de datos - en España, dicha autoridad es la "Agencia Española de Protección de Datos" (https://www.aepd.es/es).

Tenga en cuenta que cualquier tratamiento de sus Datos Personales anterior a la eliminación de su cuenta con nosotros, o su solicitud de que dejemos de ponernos en contacto con usted con fines de marketing directo seguirá siendo válida en virtud de los fundamentos jurídicos vigentes en ese momento.

Puede ejercer cualquiera de los derechos antes mencionados, rellenando el formulario correspondiente disponible aquí. Para estas solicitudes, Milliman utiliza la plataforma de solicitud de acceso de datos (Data Subject Access Request platform) del proveedor de servicios One Trust. One Trust actúa como encargado de datos de Milliman. También puede enviar una carta a: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 París. Nos esforzaremos por responder a dicha solicitud lo antes posible y, en cualquier caso, en un plazo de 30 días.

Cómo contactar con nosotros

Puede ponerse en contacto con Milliman en [email protected]. Milliman agradece sus comentarios y preguntas sobre esta Política de Privacidad. Si por cualquier motivo desea ponerse en contacto con nosotros, envíe un correo electrónico ([email protected]). Las reclamaciones se resolverán internamente de acuerdo con los procedimientos de reclamación de Milliman.

Si Ud. reside en la Unión Europea, el Espacio Económico Europeo o Suiza y tiene una reclamación relativa al tratamiento de sus Datos Personales de acuerdo con los Principios DPF y sus esfuerzos por resolver el asunto internamente no son satisfactorios, la reclamación podrá ser presentada ante la Asociación Americana de Arbitraje (http://www.adr.org/), que ha sido seleccionada como mecanismo de recurso independiente para resolver reclamaciones y disputas relativas al tratamiento de Datos Personales originados en la Unión Europea, el Espacio Económico Europeo o Suiza y transferidos a EE.UU. en virtud de la presente Política de Privacidad. En determinadas condiciones, puede tener derecho a invocar un arbitraje vinculante cuando se hayan agotado otros procedimientos de resolución de litigios. Milliman está sujeta a los poderes de investigación y ejecución de la Comisión Federal de Comercio de EE.UU. (FTC).

Data Privacy Policy – Milliman AG, Switzerland

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Swiss affiliate’s (Milliman AG) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the New Federal Act on Data Protection as amended from time to time (the “Act”) and its ordinances and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman AG are jointly controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman AG are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest .

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest. Milliman may rely on your consent (Art. 6 (6) and (7) of the Act) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman AG may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman AG’s legitimate interest, unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman AG and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the Act, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

You have a number of rights under the Act in relation to your Personal Data, namely:

1. the right of access to information pursuant to Art. 25 to 27 of the Act: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 32 (1) of the Act: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 32 (2) (c) of the Act: the right to obtain from us the erasure of your Personal Data without delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 29 and 32 (2) of the Act: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of legitimate interest as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 32 (2) of the Act: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 28 of the Act: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority : you have the right to appeal to the competent data protection supervisory authority – in Switzerland, such authority is the “Eidgenössischer Datenschutz-und Öffentlichkeitsbeauftraget” (www.edoeb.admin.ch).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy- Milliman Aktueryal ve Stratejik Danismanlik Limited Sirketi, Turkey

______________________________________________________________________________________________________________

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the Turkish affiliate’s (Milliman Aktueryal Ve Stratejik Danişmanlik Limited Şirketi) use and protection of Personal Data that individuals and clients residing in Turkey share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the Turkish data protection law no 6698 (the “Law”) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Aktueryal Ve Stratejik Danişmanlik Limited Şirketi are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Aktueryal Ve Stratejik Danişmanlik Limited Şirketi are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 5 (2) letter (f) of the Law).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 5 (2) letter (f) of the Law). Milliman may also rely on your consent (Art. 5 (1) of the Law) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Aktueryal ve Stratejik Danışmanlık Limited Şirketi may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Aktueryal Ve Stratejik Danişmanlik Limited Şirketi’s legitimate interest (Art. 5 (2) letter (f) of the Law), unless data protection and privacy law require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Aktueryal Ve Stratejik Danişmanlik Limited Şirketi and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events). We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy..

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman, located in and outside of Turkey. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the Law.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have a number of rights under the Law in relation to your Personal Data, namely:

1. the right to learn whether Personal Data are processed or not, to request information if Personal Data are processed, to learn the purpose of the processing and to know the third parties to whom the Personal Data is transferred, pursuant to Art. 11 of the Law: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing. You have the right to know the third parties to whom your Personal Data is transferred in country or abroad.
2. the right to rectification pursuant to Art. 11 of the Law: you have the right to obtain from the us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete Personal Data completed, including by means of providing a supplementary statement. Where your Personal Data is transferred to third parties, you have a right to request from us the notification of the rectification of inaccurate Personal Data to third parties to whom your Personal Data have been transferred.
3. the right to erasure pursuant to Art. 11 of the Law: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed; You have right to request from us the notification of the erasure of your Personal Data to third parties to whom your Personal Data have been transferred.
4. the right to object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems pursuant to Art. 11 of the Law.
5. the right to request compensation for the damage arising from the unlawful processing of your Personal Data pursuant to Art. 11 of the Law before the competent data protection supervisory authority - in Turkey, such authority is the Data Protection Board “Kişisel Verileri Koruma Kurumu” or “KVKK” (www.kvkk.gov.tr).

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected].Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

Milliman Personal Data Privacy Policy- Milliman Limited, United Arab Emirates

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the way in which Milliman Limited, an affiliate of Milliman located in the Dubai International Financial Centre, United Arab Emirates ("DIFC") uses and protects Personal Data that individuals share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, DIFC Data Protection Law No. 5 of 2020 (the "DP Law") and other data privacy legislation, as applicable.

Milliman, Inc. and Milliman Limited are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Limited are both responsible for the compliance with the DP Law and other applicable data privacy legislation.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to: (i) the website; (ii) each web page; and (iii) the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with you. All processing (i.e., use) of your personal information is justified by a "lawful basis" for processing. In most cases, processing will be justified on the basis that:

• the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g., where you request certain services as an individual client, or where we help advise your employer or service provider on fulfilling an obligation to you under a contract);
• the processing is necessary for us to comply with a relevant legal obligation (e.g., where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
• the processing is necessary for the performance of a task carried out in the public interest (e.g., background checks for anti-money laundering and terrorist financing purposes); or
• the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of our processing activities in connection with the provision of our services, the collection of Personal Data via our website, and also for the purposes of most client on-boarding, administration and relationship management activities).

In the context of the collection of data through this website, as well as through Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data relating to:

• visitors to our websites who request information about products or services. This may include (but is not limited to) your first name, last name, title, company, phone number, location, email address, subject of the request and message given. We collect and process this information because we have a legitimate business interest in managing our relationship with visitors and to assist with the administration of the website.
• client representatives, officers, agents and employees, business partners, parties to a contract for contract administration purposes. This may include (but is not limited to) your name, professional address, title, email and other professional contact details. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to enquiries about our products or services and to provide offers and other information about our products, services, and events that we think may be of interest to you. We collect and process this information because we have a legitimate business interest in managing our relationship with you. Milliman may also rely on your consent for the sending of marketing communications when so required by applicable data privacy legislation, in which case we will ask your consent prior to our sending the communication to you. Milliman Limited may also use the professional contact details of its clients’ employees for the purpose of sending surveys or questionnaires. In all instances, we collect and process this information because we have a legitimate business interest in managing our relationship with you and for the proper administration of our business. We may also collect and process limited Personal Data about you which is collected from public resources (such as LinkedIn) including your name, email address, telephone number, organisation, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that those individuals have already consented to or are appropriately informed about the processing of their Personal Data by Milliman, in accordance with the terms of this Privacy Policy.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

In all instances, where the basis for processing your Personal Data is based on consent, you may withdraw your consent at any time.

Affiliates and Authorised Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data privacy protections as may be afforded in the DIFC.

However, Milliman ensures that where we do so, for such transfers we obtain contractual commitments (such as the Standard Contractual Clauses) from them in order to protect your personal information or put in place other adequate safeguards to protect your Personal Data.

Milliman also may share Personal Data with authorised third-party agents or contractors that perform services for Milliman, located in and outside of the UAE. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

In all cases, any transfers of Personal Data out of the DIFC are subject to appropriate safeguards that are compliant with the DP Law.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data to investigate or to take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorised access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable data privacy laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or as directed by law. Milliman will delete your Personal Data once the purpose of the collection and processing has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing (such as for the purposes of complying with a legal obligation or when the processing is necessary for a legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so to ensure that such marketing communications are no longer sent to you in the future.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

This website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (all or part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your consent. Note that any information you disclose to Third Party Websites is no longer under our control and no longer subject to this Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change the terms of this Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have a number of rights under the DP Law in relation to your Personal Data, namely:

1. the right of access: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification: you may ask us to correct inaccurate Personal Data concerning you and may ask us to update or amend any incomplete Personal Data completed. You can do this by providing a supplementary statement.
3. the right to erasure: you may ask us to delete your Personal Data delay where: (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for processing that we may rely on); (c) you object to the processing of your Personal Data and we have no overriding legitimate grounds to continue to process it; or (d) where your Personal Data has been unlawfully processed.
4. the right to restrict the processing of your Personal Data: you may ask us to restrict the processing of your Personal Data where: (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such Personal Data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; or (d) you have exercised the right to object, and verification of our overriding grounds is pending.
5. the right to object: you have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data, which is based on our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data for direct marketing purposes at any time, without giving reason.
6. the right to data portability: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller. Please note this applies only where our processing of your Personal Data is based on your consent, or the performance of a contract and the processing is carried out by automated means.
7. the right to appeal to a competent data protection supervisory authority: you have the right to appeal to the competent data protection supervisory authority - in the DIFC, such authority is the “DIFC Commissioner of Data Protection”.

Please note that any processing of your Personal Data which occurs prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

Milliman Personal Data Privacy Policy – Milliman Consulting Limited, United Kingdom

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the UK affiliate’s (Milliman Consulting Limited) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (together the “UK GDPR”) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Consulting Limited are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Consulting Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) of the UK GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Consulting Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Consulting Limited’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between  Milliman Consulting Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 of the UK GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 of the UK GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 of the UK GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 of the UK GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 of the UK GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling (Art. 22 of the UK GDPR) based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 of the UK GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 of the UK GDPR and Part 6 of the Data Protection Act): you have the right to appeal to the competent data protection supervisory authority - in the United-Kingdom, such authority is the “Information Commissioners’ Office” (www.ico.org.uk).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman Financial Strategies Limited, United Kingdom

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the UK affiliate’s (Milliman Financial Strategies Limited) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (together the “UK GDPR”) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman Financial Strategies Limited are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Financial Strategies Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) of the UK GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman Financial Strategies Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman Financial Strategies Limited’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman Financial Strategies Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 of the UK GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 of the UK GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 of the UK GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 of the UK GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 of the UK GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling (Art. 22 of the UK GDPR) based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 of the UK GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 of the UK GDPR and Part 6 of the Data Protection Act): you have the right to appeal to the competent data protection supervisory authority - in the United-Kingdom, such authority is the “Information Commissioners’ Office” (www.ico.org.uk).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Milliman Personal Data Privacy Policy – Milliman LLP, United Kingdom

Last updated May 2024

Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the UK affiliate’s (Milliman LLP) use and protection of personal data that individuals and clients residing within the European Economic Area, the Isle of Man, Switzerland and the UK, share with us (“Personal Data”), hereafter “you”. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (together the “UK GDPR”) and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman LLP are joint-controllers with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman LLP are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:

- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR).

- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) of the UK GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman LLP may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman LLP’s legitimate interest (Art. 6 (1) letter (f) of the UK GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may fill out the applicable form available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman LLP and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance  and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should fill out the applicable form available under the section “Rights”, and Milliman will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to Milliman Personal Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Data to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Transfers of Personal Data across National Borders

Milliman is a global company that transfers Personal Data across national borders in compliance with the laws that apply to such transfers. Milliman has put in place appropriate safeguards to ensure its data transfers are adequately protected. Milliman’s legal bases for respective data transfers are outlined in this Privacy Policy. When Personal Data is transferred from one of our entities in the European Economic Area (“EEA”), Switzerland, the Isle of Man or the United Kingdom to the United States or another country outside of the EEA, or from entities in the EEA to another country outside of the EEA, we rely on one or more of the following legal mechanisms which provide adequate safeguards for the transfers: the adequacy decisions adopted by the European Commission on the basis of Art. 45 GDPR, the European Commission-approved Standard Contractual Clauses, the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), or any other applicable transfer mechanism deemed as adequate by applicable data protection laws. You can request a copy of any standard contractual clauses relating to your Personal Data that we may have executed by contacting us using the details below. Milliman commits to cooperate with the EU data protection authorities, the Swiss Federal Data Protection Information Commissioner, the Isle of Man Information Commissioner, the UK Information Commissioner’s Office and any other relevant data protection authority, and to comply with the advice given by such authorities, with regard to Personal Data transferred from one of our entities in the EEA, Switzerland, the Isle of Man or the United Kingdom, to countries outside of the EEA. Milliman will conduct any necessary impact assessments, following the rules under applicable data protection laws and thus guaranteeing the safe transfer of your Personal Data.

Data Privacy Framework

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by filling out the applicable form available under the section “Rights”. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

Rights

1. the right of access pursuant to Art. 15 of the UK GDPR: you have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing.
2. the right to rectification pursuant to Art. 16 of the UK GDPR: you have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. the right to erasure pursuant to Art. 17 of the UK GDPR: the right to obtain from us the erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Data has been unlawfully processed.
4. the right to restriction of processing pursuant to Art. 18 of the UK GDPR: you have the right to obtain from us the restriction of processing of your Personal Data where (a) the accuracy of such Personal Data is contested by you (for such period as will enable us to verify the accuracy of your Personal Data); (b) the processing of your Personal Data is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Data for the purposes of the processing, but require such Personal Data for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 of the UK GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Data, which is based on our legitimate interests, including profiling (Art. 22 of the UK GDPR) based on those provisions. We shall no longer process the Personal Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Data or direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 of the UK GDPR: you have the right to receive Personal Data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Data is based on your consent, and the processing is carried out by automated means).
7. the right to appeal to a competent data protection supervisory authority (Art. 77 of the UK GDPR and Part 6 of the Data Protection Act 2018): you have the right to appeal to the competent data protection supervisory authority - in the United-Kingdom, such authority is the “Information Commissioners’ Office” (www.ico.org.uk).

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the applicable form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. You may also send a letter to: Milliman Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.

How to Contact Us

 Milliman can be contacted at [email protected]. Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email ([email protected]). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://www.adr.org/), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

USA (All States)

California