Milliman Personal Data Privacy Policy


Where Milliman is Acting as a Data Controller

Milliman, Inc. and its affiliates (“Milliman”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s use and protection of personal data that individuals and clients residing within the European Economic Area and Switzerland share with us (“Personal Data”). Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the EU-U.S. Privacy Shield, the EU General Data Protection Regulation (GDPR), and other data protection and privacy laws, as applicable.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies

In some instances, Milliman may collect data through cookies. A "cookie" is a text-only string of data that Milliman sends to the cookie file of the browser on a website visitor’s computer hard disk using Milliman’s web server. Cookies are used to make websites work, or work more efficiently, as well as to provide data to the owners of the website.

Milliman’s website may use both required cookies and analytics and performance cookies.

Required cookies enable a website visitor to move from page to page within the website and to use its features. These cookies are deleted when the visitor closes his/her browser.

Analytics and performance cookies allow Milliman’s third-party agents to collect data, including the number of visitors to the website, where they have come to the website from, and the length of time they have spent on the website. Milliman uses the following third-party agents for website performance tracking, and you can learn more about their privacy policies and how to opt-out of their cookies by clicking on these links:

Google Analytics: http://www.google.com/analytics/learn/privacy.html
AI Media group: https://aimediagroup.com//user/themes/aimedia/docs/privacy.pdf  

The majority of web browsers accept cookies and similar files, but a visitor can usually change the browser settings to prevent this. However, by doing so, some functionality of the website may be lost. Please visit https://www.aboutcookies.org/ to learn more about cookies and how to control them. We rely on your consent, to the extent required by law, to use non-required cookies that may contain your Personal Data. To change your cookie preferences, click here.

Third-Party Embedded Content and Do Not Track

Milliman websites may feature content (such as buttons, widgets, and other embedded features or content) embedded by third parties that rely on cookies or similar technologies. You can learn more about the privacy policies of these third-party content providers and how to opt-out of their cookies by clicking the appropriate link below:

Facebook and Instagram: https://www.facebook.com/policies/cookies/
Google Inc. and YouTube: https://policies.google.com/privacy
LinkedIn: https://privacy.linkedin.com/
Twitter: https://twitter.com/en/privacy

Please note that Milliman websites currently do not respond to Do Not Track signals in browsers.

Processing of Personal Data

We may collect, store and otherwise process Personal Data of visitors to our websites, employees, officers, partners or other representatives and agents of our clients, business partners, job candidates, and other individuals (i.e. name, age, date of birth, country of residence, professional and/or private address, e-mail, title and working position, employer, professional interests, professional and/or private telephone number, previous work experience, skills, referral information, and other information voluntarily submitted, and, for job candidates applying for positions in the United States, ethnicity, disability and veteran status) who enter into a business relationship or apply for a job with Milliman or who receive or request information about products or services from Milliman. Milliman uses this Personal Data for purposes of contract administration, to activate and maintain client accounts, to fulfill requests for or respond to inquiries about Milliman products or services, to analyze how its websites are used and how they are performing, to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest, and to facilitate the recruitment process.

In many circumstances, Milliman will not collect or process your Personal Data without your consent. Milliman will seek your express consent where required by applicable law. You may withdraw your consent at any time by emailing Milliman at data.protection@milliman.com. If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman. If a website visitor uses a log-in to access our website, certain criteria such as user data, transactional data, session surveillance, IP data, and pattern recognition may be collected and used by Milliman for authentication purposes.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. If you have consented to the processing of your Personal Data (“opt-in”), Milliman will retain and process your Personal Data until you withdraw your consent (“opt-out”), unless the Personal Data must be kept for administrative, legal or regulatory purposes, as for the management of the right to object, in which case Milliman will keep the minimum amount of Personal Data necessary and only for the time necessary to comply with such purposes. If Milliman has not received your opt-in, Milliman will delete your Personal Data once the purpose of the collection and processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you want to opt-out from a specific electronic communication service or marketing offer, you can unsubscribe at any time by using the opt-out link on such communication e-mail or send us an e-mail at: data.protection@milliman.com. Unsubscribing from a special service or product information may not automatically end the processing of your Personal Data by us unless we receive a specific e-mail request from you in this respect. Any complaints about un-solicited marketing communication can be sent by e-mail to Milliman at the same e-mail address.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at data.protection@milliman.com, and Milliman will take steps to delete any such Personal Data.

Access and Corrections

As allowed or required by law and consistent with our applicable agreements, you may contact Milliman at any time at data.protection@milliman.com to request a copy of any Personal Data that Milliman has about you, to request that certain Personal Data be corrected, updated, or deleted, or to express any complaints or concerns about Milliman’s use of your Personal Data. It is not technologically possible to change or delete each and every instance of the data Milliman holds on its systems, and some Personal Data may remain in non-erasable forms.

Third-party Links

Milliman’s websites may provide links to other third-party websites that are outside of Milliman’s control and not covered by this Privacy Policy. Milliman is not responsible for the availability, content or accuracy, or privacy practices of other websites, products, services, or goods that may be linked to Milliman’s websites.

Milliman encourages all users of its websites to review the privacy policies posted on these (and all) sites.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Affiliates and Authorized Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared with Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., including all affiliated entities using the MILLIMAN® mark, for purposes of centralization of Milliman’s administrative, IT maintenance, and IT security practices, and to provide information about Milliman products, services, or events. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR (adequacy decision or Model Clauses of the European Commission).

Privacy Shield

Milliman is committed to handling Personal Data in accordance with this Privacy Policy and the EU-U.S. Privacy Shield Framework (or the Swiss-U.S. Privacy Shield Framework, as the case may be), as administered by the U.S. Department of Commerce. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and to view Milliman’s certification, please visit https://www.privacyshield.gov/list.

Milliman’s accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Milliman remains responsible and liable under the Privacy Shield Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).

As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a Privacy Shield-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by contacting Milliman at: data.protection@milliman.com. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.

How to Contact Us

Milliman welcomes feedback and questions on this Privacy Policy. If for any reason you wish to contact us, please send an email (data.protection@milliman.com). Complaints will be resolved internally in accordance with Milliman’s complaints procedures.

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the EU-U.S. or Swiss-U.S. Privacy Shield Framework and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (http://go.adr.org/privacyshield.html), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. Under certain conditions, you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).