Last updated September 2023
Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.
The Personal Data we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Data of:
- visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR).
- clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, including for billing purposes, due diligence and conflict checks, to facilitate the communication, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Data is Milliman’s legitimate interest (Art. 6 (1) letter (f) GDPR). Milliman may rely on your consent (Art. 6 (1) letter (a) GDPR) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman S.A. may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests. For those activities, the legal basis for the processing of Personal Data is Milliman S.A.’s legitimate interest (Art. 6 (1) letter (f) GDPR), unless data protection and privacy laws require your prior consent. We may also collect and process limited Personal Data about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.
When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at [email protected] requesting the same. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.
If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Data by Milliman.
You should also ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested.
No automated decision-making is undertaken based on the Personal Data collected from you.
All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman S.A. and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., located in the U.S. and/or Europe, for the purposes of the centralisation of Milliman’s General Corporate Services, including: administrative services, contract management, Client Relationship Management (CRM), IT-maintenance and security, data privacy (management of data subjects’ request) and marketing services (cookie management, inquiry tracking via Milliman’s website form, communication regarding Milliman’s products, services, or events).
Any transfers of Personal Data are subject to appropriate safeguards that are compliant with the GDPR, as is described in the section “Transfer of Personal Data Across Borders”.
Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such Personal Data.
Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.
Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates located in the European Economic Area based on the EU Standard Contractual Clauses issued by the European Commission (the “EU Standard Contractual Clauses”).
As further explained in the "How to Contact Us" section below, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint. Any right of access, rectification, erasure, restriction of the processing as well as the right to data portability of individuals domiciled in the European Economic Area or Switzerland may be exercised under the conditions set forth in the GDPR by contacting Milliman at: [email protected]. Furthermore, these individuals will have the right to lodge a complaint with a competent supervisory authority at any time.
Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.
You can exercise any of your rights as stated above, by sending us a request to [email protected] or to: Milliman S.A.Data Protection Officer, 14 Avenue de la Grande Armée, F-75017 Paris. We will endeavor to respond to any such request as soon as possible, and in any event within 30 days.