Data Privacy Policy – Australia
Last updated December 2024At Milliman, we take data privacy very seriously. This policy sets out the principles governing Milliman and its affiliate in Australia’s collection, use, disclosure, transfer (“Processing”) and protection of personal Information (as defined below) that website visitors, prospective clients and clients residing within Australia (“you”) share with us. Milliman is committed to handling personal information in accordance with this Privacy Policy, The Privacy Act 1988, and any other applicable data protection and privacy laws.
1. What is an “Australian link”?
Milliman Australia Pty Ltd is deemed to have an “Australian link” by virtue of the fact that it is incorporated in Australia. Other members of the Milliman Group of companies will be deemed to have an Australian link, and will therefore be bound by this policy, if and to the extent that they carry on business in Australia or collect or hold any personal information in Australia.
2. What is "personal information"?
The Privacy Act 1988 (Cth) (Act) defines "personal information" as information or an opinion about an identified individual or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
If information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this privacy policy.
3. What information do we collect?
The personal information we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through our website, Milliman’s marketing activities and contract administration:
(a) we may collect, store and process the personal information of visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website;
(b) we may also collect, store and process the personal information of clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes;
(c) we may collect, store and process the personal information of the professional contact details of clients’ representatives, their employees and business partners in order to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services, and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest;
(d) we may also use professional contact details of clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests, unless there is a legal requirement to obtain prior consent; and
(e) we may also collect and process limited personal information about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes;
(f) without limiting sub-paragraph (e) above, we assume that if you use our services, you consent to the receipt of direct marketing material regarding the products and services we offer or develop. We will only use your personal information in this regard if we have collected such information directly from you, and if it is material of a type which you would reasonably expect to receive from us. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature. An alternative means of opting out is by reaching out to us by filling out the data subject request form as available under the section “Rights”. We will cease using your personal information for direct marketing purposes once you have requested us to do so.
In each case, however, this information will only be subject to this policy, and to protection under the Privacy Act, if it is in fact possible to identify you from that information.
4. How we collect your personal information
By voluntarily providing us with information about yourself, you are consenting to our use of that data in the manner described in this policy.
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
If we collect personal information from you via our website, we may use digital cookies to remember your preferences and collect online traffic data and browsing characteristics. Internet cookies are small strings of text placed on a user’s hard drive during the data exchange that happens when a browser points to a website. The browser stores the message in a text file which is sent back to the server each time the browser requests a page from the server. Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information which is already known to the website such as your IP address. You can choose to adjust your browser to reject cookies or to notify you when they are being used, bearing in mind that rejecting cookies can result in a loss of some website functionality. For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.
5. Aggregate information
Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No personal information is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet service provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.
6. Purpose of collection
We collect personal information for the purpose of managing the relationship with our clients, administering our website, authentication of website visitors and for contract administration. To the extent permitted by law, we may also use professional contact details of our clients’ employees for the purpose of sending surveys and questionnaires or for the purpose of organizing games, and we may source personal information from public resources (such as LinkedIn) to allow us to assess a potential interest in our services and to contact you for marketing purposes.
If we obtain any personal information about you, we may share it with other Milliman entities, wherever located, for the purposes of data processing or storage.
We may have cause to disclose personal information to our service providers who assist us in operating our computer systems. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. In the event that we outsource part of our infrastructure, it is possible that the entity we engage for this purpose may also have access to your personal information.
In addition, we may share your personal information with authorised third-party agents or contractors in order to provide a requested service or transaction. We only provide third-party agents with the minimum amount of personal information necessary to complete the requested service or transaction.
Subject to the foregoing, we only use your personal information in a manner consistent with the original purposes of collection or as otherwise permitted by the Australian Privacy Principles.
7. Legal obligation to disclose
We may disclose your personal information to a third party if required or authorised to do so under an Australian law or by a court or tribunal order, or where disclosure is reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body, or as otherwise required or permitted by law (such as the investigation of suspicious or unlawful behavior, the defence of a legal claim or for use in connection with a confidential alternative dispute resolution process).
8. Security
We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure. We store your personal information on a secure server that is password protected and shielded from the outside world by a firewall. We have in place security policies that are intended to ensure, as far as possible, the security and integrity of all our information, including your personal information. If we forward personal information to any third party, we require that those third parties have appropriate technical and organisational measures in place to comply with this privacy policy and applicable laws.
9. Data Retention
Milliman retains personal information only as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or not prohibited by law. Milliman will delete or de-identify your personal information once the purpose of the collection and processing of such personal information has been fulfilled. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your personal information for any other purpose for which we still have legal grounds for holding such information. In certain cases, if no other legal grounds exist, we will maintain limited personal information (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.
10. Children
Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect personal information from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with personal information without their consent, the parent or legal guardian should contact Milliman at [email protected], and Milliman will take steps to delete any such personal information.
11. Rights
Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct inaccurate personal information subject to certain exceptions. You can exercise any of your rights as stated above, by filling out the data subject request form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. We will endeavour to respond to any such request as soon as possible, and in any event within 30 days or as prescribed under the applicable laws. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.
There is no charge for requesting access. If access is subsequently provided, a small fee may be charged.
12. Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us at [email protected]. All complaints will be considered by our privacy office and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.
13. Overseas transfer, Affiliates and Authorised Third Party Agents
All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any personal information may be shared between Milliman Australia Pty Ltd and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events.
We may also share personal information with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your personal information to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process personal information in compliance with this Privacy Policy.
Milliman also may share personal information with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares personal information with a third party, Milliman requires that those third parties agree to process personal information based on Milliman’s instructions and in compliance with this Privacy Policy.
Any transfers of personal information are subject to appropriate safeguards using contractual or other means to provide similarly adequate level of protection in compliance with the Act.
14. Third-party links
Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your personal information.
We do not disclose your personal information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this privacy policy.
You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your personal information should you have decided to disclose your personal information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any personal information that you choose to provide to such a Third-Party Website and use of Third Party Websites is strictly at your own risk.
15. Amendments to this policy
We reserve the right to change and modify this privacy policy at any time without prior notice. Your continued use of our services following the posting on our website of changes to these terms means you accept these changes. You will always have access to the most recent policy on https://au.milliman.com.
16. How to contact us about privacy
If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us on: [email protected].