To access Private Client Services by Mercer (“PCS”) – Fair Processing Click Here
To access Complaints Handling Procedure Click Here
Private Client Services by Mercer (“PCS”) – Fair Processing Notice
In this document, "PCS", "we", "us", "our" refer to each of PCS entity and/or business division.
References to "MMC Group" refers to Marsh & McLennan Companies, Inc. and its affiliates and subsidiaries, including all PCS entities.
PCS regularly collect and use information which may identify individuals ("personal data"), including insured persons or claimants ("you", "your"). We understand our responsibilities to handle your personal data with care, to keep it secure and to comply with applicable local and international data protection laws.
The purpose of this Fair Processing Notice is to provide a clear explanation of when, why and how we collect and use your personal data ("Policy"). We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you and to allow you to click on a topic to find out more.
Do read this Notice with care. It provides important information about how we use personal data and explains your legal rights. This Notice is not intended to override the terms of any insurance policy you have with insurers or contract you have with us or any rights you might have available under applicable data protection laws.
We may amend this Fair Processing Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. Please regularly check the Notice for updates.
CONTENTS
1. WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
2. WHAT PERSONAL DATA DO WE COLLECT?
3. WHEN DO WE COLLECT YOUR PERSONAL DATA?
4. WHAT DO WE USE YOUR PERSONAL DATA FOR?
5. HOW DO WE USE PERSONAL DATA?
6. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
7. INTERNATIONAL TRANSFERS
8. DATA ANALYTICS
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
10. WHAT ARE YOUR RIGHTS?
11. CONTACT AND COMPLAINTS
APPENDIX 1 - CATEGORIES OF PERSONAL DATA
APPENDIX 2 - LEGAL BASIS FOR PROCESSING
APPENDIX 3 - GLOSSARY
Who is responsible for looking after your personal data?
PCS is the Controller for purposes of complying with General Data Protection Regulation (EU) 2016/679 and laws implementing or supplementing the GDPR following the United Kingdom’s exit from the European Union.
PCS is responsible for looking after your personal data.
1. What personal data do we collect?
Policyholders and related parties. In order to advise, arrange, place and administer insurance policies, we collect information about the policyholder and related parties. This may include background and contact information on the policyholder or their representative, and matters relevant to the management of the insurance policy and assessment of risk. The policyholder may be an individual, company or their representative. The level and type of personal data we collect varies depending on the type of policy that you have. In some instances, it is necessary for us to collect and use Special Categories of Data, such as information about health details. We are required to establish a legal exemption to use your Special Categories of Data - see Section 4 for further details. From time to time, you may need to provide us with the personal data of third parties, for example information of members of your family. Wherever possible, you should take steps to inform the third party that you need to disclose their details to us, identifying PCS as your broker and providing them with a copy of this Fair Processing Notice.
Claimants. If you are making a claim under a policy, we will collect your basic contact details, together with information about the nature of your claim and any previous claims. If you are an Insured Person we will need to check details of the policy you are insured under and your claims history. Depending on the nature of your claim, it may be necessary for us to collect and use Special Categories of Data, such as details of medical illness. We are required to establish a legal exemption to use your Special Categories of Data - see Section 4 for further details.
For more information on what information we collect, please click here.
2. When do we collect your personal data?
Insured Persons
Claimant
3. What we use your personal data for?
Insured Persons. If you are an insured person we will use your personal data to advise you of your risks and arrange your insurance policies for you. The underwriting process may include Profiling, details of which would be available from your insurer. Once your policy has been incepted, we will use your personal data to administer your policy, deal with your queries, manage mid-term amendments and changes to policies and where applicable, manage the renewal process. We will also need to use your personal data for purposes associated with our legal and regulatory obligations as an insurance intermediary.
Claimants. If you are a claimant we will use your personal data to assess the merits of your claim, and potentially to pay out a settlement. We may also need to use your personal data to evaluate the risk of potential fraud. If you are also an Insured Person, we will use personal data related to your claim to inform the renewal process and potentially any future policy applications.
4. How do we use personal data?
We will make sure that we only use your personal data for the purposes set out in Section 3 and in Appendix 2 where we are satisfied that:
Before collecting and/or using any Special Categories of Data we will establish a lawful exemption which will allow us to use that information. This exemption will typically be your explicit consent.
PLEASE NOTE. If you provide your explicit consent to permit us to process your Special Categories of Data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide insurance services to you (and it may not be possible for the insurance cover to continue). This may mean that we will not be able to arrange and place your policies, advise you on your risks, assist you with any policy enquiries or assist you with claims you have made against the policies. If you choose to withdraw your consent we will tell you more about the possible consequences, including the effects of cancellation, (which may include that you have difficulties finding other cover), as well as any associated cancellation fees.
Please click here to find out more about the information we collect and use about you and why.
5. Who do we share your personal data with?
We work with many third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data.
For Insured Persons these third parties may include:
For Claimants this may include:
We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases other insurers. Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser of such businesses.
6. International transfers
From time to time, we may need to share your personal data with another PCS entity located in another country. Depending on the services we provide to you, we may also transfer your personal data to Insurers, Reinsurers, our Service Providers or Assistance Providers, who may be located outside the country that PCS is located.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
7. Data analytics
We routinely analyse information in our various systems and databases to help improve the way we run our business, to provide a better service and to enhance the accuracy of our risk models. We take steps to protect privacy by aggregating and where appropriate anonymising data fields (particularly in relation to policy information and claim details) before allowing information to be available for analysis.
8. How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 3 of this Notice. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 3 of this Notice. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.
In specific circumstances, we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
In specific circumstances, we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required, we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
9. What are your rights?
You have a number of rights in relation to your personal data.
Where you are a data subject, you may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any Automated Decision Making and Profiling or the basis for international transfers. You may also exercise a right to complain to your Supervisory Authority. These are set out in more detail as follows:
RIGHT |
WHAT THIS MEANS |
Access |
You can ask us to:
|
Rectification |
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it. |
Erasure |
You can ask us to erase your personal data, but only where:
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request. |
Restriction |
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
We can continue to use your personal data following a request for restriction, where:
|
Portability |
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Controller, but in each case only where:
|
Objection |
You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see Section 4), if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. |
Supervisory Authority |
You have a right to lodge a complaint about our processing of your personal data with the local supervisory authority where PCS is located. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your Supervisory Authority at any time. |
To exercise your rights you may contact us as set out in Section 10. Please note the following if you do wish to exercise these rights:
10. Contact and complaints
The primary point of contact for all issues arising from this Notice, including requests to exercise data subject rights, is our Data Protection Contact. The Data Protection Contact can be contacted in the following ways:
(i) Mail:
Data Protection Contact
8 Marina View#09-12
Asia Square Tower 1
Singapore 018960
(ii) Email: PCS_DPO@mercerpcs.com
If you have a complaint or concern about how we use your personal data and/or conduct of our staff, please contact us in the first instance either by mail or email (as provided above) and we will attempt to resolve the issue as soon as possible
APPENDIX 1 - CATEGORIES OF PERSONAL DATA
INFORMATION TYPE |
EXAMPLES OF DETAILS OF INFORMATION THAT WE TYPICALLY CAPTURE |
Insured Person |
|
Contact Details / Personal Attributes / Personal Directory |
Name, address, telephone number, email, age or date of birth, National Identifier, licences e.g. driver or pilot |
Policy Information |
Policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims |
Personal Risk Information/Background Checks |
Gender, marital status, date of birth, claims history, professional history, CV, background/vetting information, claims history Special Categories of Data Health Data – e.g. physical and mental conditions, medical history and procedures, relevant personal habits (e.g. smoking), drug test results Criminal Data – e.g. driving offences, unspent convictions Race or ethnic origin Political affiliations and religion |
Financial Information |
Bank account details (where you are the payer of the policy premium) or card data used for billing, salary or wage details, insured amounts |
Anti-fraud Data |
Name, address, history of fraudulent claims, employment history, details of incident giving rise to claim Special Categories of Data Criminal Data - e.g. unspent convictions
|
Claimant |
|
Contact Details / Personal Attributes / Personal Directory |
Name, address, passport, age or date of birth, National Identifier, email, marital status, birth certificate, death certificate, passport |
Policy Information (excluding third party claimants) |
Policy number, relationship to the policyholder/insured person, details of policy including insured amount, exceptions etc., previous claims |
Claim Details |
Details of incident giving rise to claim, CCTV and video footage, utility bills Special Categories of Data Health Data - e.g. details of injury, medical report, drug test results Criminal Data - e.g. driving offences, police reports |
Financial Information |
Bank account details used for payment, salary details |
Anti-fraud Data |
Name, address, history of fraudulent claims, employment history, details of incident giving rise to claim Special Categories of Data Criminal Data - e.g. unspent convictions |
APPENDIX 2 - LEGAL BASIS FOR PROCESSING
Activity |
Type of information collected |
The basis on which we use the information |
Who we may disclose the information to |
Insured Person |
|||
Set up a record on our systems |
· Contact Details · Policy Information · Personal Risk Information · Marketing |
· Performance of a contract to which the data subject is a party · Legitimate interests (to ensure we have an accurate record of all Insured Persons we cover) |
· Service Providers |
Carry out background, sanction, fraud and credit checks |
· Contact Details · Personal Risk Information · Criminal Data] |
· Legal obligation |
· Service Providers · Credit reference agencies · Anti-fraud databases |
Consider the underwriting submission, assess risk and write policy |
· Personal Risk Information · Health Data · Criminal Data |
· Take steps to enter into a contract with a data subject · Legitimate interests (to determine the likely risk profile and appropriate level, cost and type of cover to extend, if any and to place the policy on behalf of the insured) · Consent, where required by law · Local law exemptions
|
· Insurers · Reinsurers · Service Providers |
Manage renewals |
· Contact Details · Policy Information · Personal Risk Information · Health Data · Criminal Data |
· Performance of a contract to which the data subject is a party · Legitimate Interests (to determine whether to extend cover for a renewal period, and if so, on what terms and to extend the cover on behalf of the insured) · Consent, where required by law |
· Insurer · Service Providers |
Provide client care, assistance and support |
· Contact Details · Policy Information |
· Performance of a contract to which the data subject is a party · Legitimate interests (to provide support, assistance and advice to customers in respect of their policy) · Consent, where required by law |
· Assistance Providers · Service Providers |
Receive and return premiums and payments |
· Contact Details · Financial Information |
· Performance of a contract to which the data subject is a party · Legitimate interests (to enable the placing of cover with the insurer) |
· Banks · Insurers · Insured/Client · Service Providers |
Marketing |
· Contact Details · Marketing |
· Legitimate interests (to provide information about insurance products or services which may be of interest) · Consent |
· Service Providers |
Comply with legal and regulatory obligations |
· Contact Details · Policy Information · Personal Risk Information · Financial Information |
· Legal obligation |
· Regulators · Law enforcement bodies · Courts |
Claimant |
|||
Receive notification of claim |
· Contact Details · Policy Information · Claim Details |
· Performance of a contract to which the data subject is a party · Legitimate interests (third party claimants) (to maintain an accurate record of all claims received and the identity of claimants) |
· Third Party Administrators · Assistance providers · Service providers |
Assess claim |
· Claim Details · Anti-Fraud Details · Policy Information · Health Data · Criminal Data |
· Performance of a contract to which the data subject is a party · Legitimate interests (to assess the circumstances and validity of a claim) · Consent, where required by law · Establish, exercise or defend legal claims |
· Third Party Administrators · Loss Adjusters · Solicitors · Claims Experts · Insurers · Assistance Providers · Service Providers |
Monitor and detect fraud |
· Contact Details · Claim Details · Anti-fraud Data |
· Legal Obligations |
· Law enforcement bodies · Service Providers |
Settle claim |
· Contact Details · Financial Information |
· Performance of a contract to which the data subject is a party · Legitimate interests (third party claimants) (to settle claims to successful third party claimants) |
· Solicitors · Third Party Administrators · Claimants |
Comply with legal and regulatory obligations |
· Contact Details · Policy Information · Claim Details · Financial Information · Anti-fraud Data |
· Legal obligation |
· Regulators · Law enforcement bodies · Courts |
APPENDIX 3 - GLOSSARY
Assistance Providers: these are a special category of service provider, which we use to help provide you with emergency or other assistance in connection with certain policies. |
Claims Experts: these are experts in a particular field which is relevant to a claim, for example medicine, forensic accountancy, mediation or rehabilitation, who are engaged to help us properly assess the merit and value of a claim, provide advice on its settlement, and advise on the proper treatment of claimants. |
Controller: means a natural or legal person (which determines the means and purposes of processing of personal data). |
EEA means the European Economic Area, which includes all countries in the EU and also Iceland, Liechtenstein and Norway. |
EU means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. |
MMC Group means any subsidiary of Marsh & McLennan Companies, Inc. |
Insured Person: we use this term to refer to both individual policyholders, as well as any individual who benefits from insurance coverage under one of our policies (for example, where an employee benefits from coverage taken out by their employer). |
Loss Adjuster: these are an independent claims specialist which investigates complex or contentious claims on our behalf. |
Personal Data: means information that relates to a living individual. It includes information that may identify a person by name and contact details, or refer to associated information such as account activity, or personal preferences that can directly or indirectly identify an individual. |
Processing: means any and all actions we take with respect to your Personal Data, including (without limitation) managing, viewing, holding, storing, deleting, changing, using and saving. |
Profiling: means using automated processes without human intervention (such as computer programmes) to analyse your personal data in order to evaluate your behaviour or to predict things about you which are relevant in an insurance context, such as your likely risk profile. |
Reinsurers: some policies are insured on a joint or "syndicate" basis. This means that a group of insurers will join together to write a policy. Policies may also be reinsured, which means that the insurer will purchase its own insurance, from a reinsurer, to cover some of the risk the insurer has underwritten in your policy. |
Service Providers: these are a range of third parties to whom we outsource certain functions of our business or with whom we have engaged to provide certain services. For example, we have service providers who provide/support 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data. |
Solicitors: we frequently use solicitors to advise on complex or contentious claims or to provide us with non-claims related legal advice. In addition, if you are a claimant you may be represented by your own solicitor(s). |
Special Categories of Data: means any personal data relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. |
Supervisory Authority: means the supervisory or regulatory authority for data protection in the jurisdiction where we are required to comply with the laws and regulatory requirements. |
Third Party Administrators (or TPAs): these are companies outside the MMC Group which administer the underwriting of policies, the handling of claims, or both, on our behalf. We require all TPAs to ensure that your personal data is handled lawfully, and in accordance with this Policy and our instructions. |
COMPLAINT HANDLING PROCEDURE
Appendix A: Complaints Handling Procedure
All complaints are to be directed to the following:
(i) Mail:
Private Client Services by Mercer Pte. Ltd.
8 Marina View #09-12
Asia Square Tower 1
Singapore 018960
(ii) Email: PCS_DPO@mercerpcs.com
(iii) Contact no: +65 63336311