Privacy Policy

At Milliman, we take data privacy very seriously. This policy applies to all personal information collected by Milliman, Inc. and its affiliates in the course of their normal business activities involving an Australian link. The purpose of this policy is to set out the principles governing Milliman’s use of such information. If you give us personal information, we will treat it according to this policy.

1. What is an “Australian link”?

Milliman Australia Pty Ltd is deemed to have an “Australian link” by virtue of the fact that it is incorporated in Australia. Other members of the Milliman Group of companies will be deemed to have an Australian link, and will therefore be bound by this policy, if and to the extent that they carry on business in Australia, or collect or hold any personal information in Australia.

2. What is "personal information"?

The Privacy Act 1988 (Cth) (Act) defines "personal information" as information or an opinion about an identified individual or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

If information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this privacy policy.

You should be aware that the Privacy Act contains certain exemptions which may impact upon our privacy obligations. For example, employee records are generally exempt from an organisation's obligations under the Act. This exemption does not, however, permit us to use personal information contained in employee records for purposes not connected with the employment relationship. Employee records remain confidential.

3. What information do we collect?

The personal information we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through our website, Milliman’s marketing activities and contract administration:

(a) we may collect, store and process the personal information of visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with clients and the administration of the website;

(b) we may also collect, store and process the personal information of clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes;

(c) we may collect, store and process the personal information of the professional contact details of clients’ representatives, their employees and business partners in order to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services, and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest;

(d) we may also use professional contact details of clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organizing contests, unless there is a legal requirement to obtain prior consent; and

(e) we may also collect and process limited personal information about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organization, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes;

(f) without limiting sub-paragraph (e) above, we assume that if you use our services, you consent to the receipt of direct marketing material regarding the products and services we offer or develop. We will only use your personal information in this regard if we have collected such information directly from you, and if it is material of a type which you would reasonably expect to receive from us. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature. An alternative means of opting out is to contact us as set out below and simply request that you receive no further such communications.

In each case, however, this information will only be subject to this policy, and to protection under the Privacy Act, if it is in fact possible to identify you from that information.

4. How we collect your personal information

By voluntarily providing us with information about yourself, you are consenting to our use of that data in the manner described in this policy.

Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

If we collect personal information from you via our website, we may use digital cookies to remember your preferences and collect online traffic data and browsing characteristics. Internet cookies are small strings of text placed on a user’s hard drive during the data exchange that happens when a browser points to a website. The browser stores the message in a text file which is sent back to the server each time the browser requests a page from the server. Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information which is already known to the website such as your IP address. You can choose to adjust your browser to reject cookies or to notify you when they are being used, bearing in mind that rejecting cookies can result in a loss of some website functionality.

5. Aggregate information

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No personal information is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet service provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

6. Purpose of collection

We collect personal information for the purpose of managing the relationship with our clients, administering our website, authentication of website visitors and for contract administration. To the extent permitted by law, we may also use professional contact details of our clients’ employees for the purpose of sending surveys and questionnaires or for the purpose of organizing games, and we may source personal information from public resources (such as LinkedIn) to allow us to assess a potential interest in our services and to contact you for marketing purposes.

If we obtain any personal information about you, we may share it with other Milliman entities, wherever located, for the purposes of data processing or storage.

We may have cause to disclose personal information to our service providers who assist us in operating our computer systems. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. In the event that we outsource part of our infrastructure, it is possible that the entity we engage for this purpose may also have access to your personal information.

In addition, we may share your personal information with authorised third-party agents or contractors in order to provide a requested service or transaction. We only provide third-party agents with the minimum amount of personal information necessary to complete the requested service or transaction.

Subject to the foregoing, we only use your personal information in a manner consistent with the original purposes of collection or as otherwise permitted by the Australian Privacy Principles.

7. Legal obligation to disclose

We may disclose your personal information to a third party if required or authorised to do so under an Australian law or by a court or tribunal order, or where disclosure is reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body, or as otherwise required or permitted by law (such as the investigation of suspicious or unlawful behavior, the defence of a legal claim or for use in connection with a confidential alternative dispute resolution process).

8. Security

We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure. We store your personal data on a secure server that is password protected and shielded from the outside world by a firewall. We have in place security policies that are intended to ensure, as far as possible, the security and integrity of all our information, including your personal information. If we forward personal information to any third party, we require that those third parties have appropriate technical and organisational measures in place to comply with this privacy policy and applicable laws.

9. Data Retention

Milliman retains personal information only as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or not prohibited by law. Milliman will delete or de-identify your personal information once the purpose of the collection and processing of such personal information has been fulfilled. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your personal information for any other purpose for which we still have legal grounds for holding such information. In certain cases, if no other legal grounds exist, we will maintain limited personal information (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

10. Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect personal information from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with personal information without their consent, the parent or legal guardian should contact Milliman at data.privacy@milliman.com, and Milliman will take steps to delete any such Personal Data.

11. Access and correction

Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct inaccurate personal information subject to certain exceptions. If you wish to seek access for this purpose, please contact our Chief Compliance Officer at data.privacy@milliman.com.

There is no charge for requesting access. If access is subsequently provided, a small fee may be charged.

12. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered by our Chief Compliance Officer at data.privacy@milliman.com and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

13. Overseas transfer

The United Kingdom and the European Union

Your personal information may be transferred from Australia to recipients located in the United Kingdom or the European Union. The United Kingdom, and countries which are members of the European Union, have data protection laws which protect personal information in a way which is at least substantially similar to the Australian Privacy Principles, and there will be mechanisms available to you to enforce protection of your personal information under that overseas law. In the circumstances, we do not require the overseas recipients to comply with the Australian Privacy Principles and we will not be liable for a breach of the Australian Privacy Principles if your personal information is mishandled.

The United States of America

Your personal information may be transferred from Australia to recipients located in the United States of America. The United States of America does not have data protection laws as comprehensive as Australia’s, and we will accordingly take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Australian Privacy Principles.

14. Third-party links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your personal information.

We do not disclose your personal information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this privacy policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your personal information should you have decided to disclose your personal information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any personal information that you choose to provide to such a Third-Party Website and use of Third Party Websites is strictly at your own risk.

15. Amendments to this policy

We reserve the right to change and modify this privacy policy at any time without prior notice. Your continued use of our services following the posting on our website of changes to these terms means you accept these changes. You will always have access to the most recent policy on https://au.milliman.com.

16. How to contact us about privacy

If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us on: data.privacy@milliman.com.