Copyright © 2021 Marsh. All rights reserved.
For purposes of this Privacy Notice, all references to “Marsh” includes the following entities:
Marsh (Pty) Ltd (Company Registration Number 1999/000348/07) – FSP 8414
Marsh Africa (Pty) Ltd (Company Registration Number 1993/005898/07) - FSP 7784
Marsh Marine (Pty) Ltd (Company Registration Number 1999/005271/07) – FSP 481
MMC Management Services (Pty) Ltd (Company Registration Number 2007/018284/07)
Effective Date: July 1, 2021
Marsh strives to protect the privacy and the confidentiality of Personal Information and Special Personal Information that the company processes in connection with the services it provides to clients and individuals’ use of the Marsh websites. Marsh’s services consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of, and making of claims on, insurance.
To arrange insurance cover and handle insurance claims, Marsh and other participants in the insurance industry are required to use and share Personal Information and Special Personal Information. This notice sets out how Marsh collects, use, share and protect your Personal and Special Information, as required by the Protection of Personal Information Act 4 of 2013 (“POPIA”).
During the insurance lifecycle Marsh will receive Personal Information and Special Personal Information relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. This notice sets out Marsh’s use of this Personal and Special Personal Information and the disclosures it makes to other insurance market participants and other third parties.
Personal Information and Special Personal Information That We Process
We process the following Personal Information and Special Personal Information from individuals and/or juristic persons as set out below:
- Individual / Juristic Person details: name, address (and proof of address), other contact details (e.g. email and telephone details), gender, sex, pregnancy, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant, images;
- Identification details: identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s licence number);
- Financial information: payment card number, bank account number and account details, income and other financial information;
- Insured risk: information about the insured risk, which may contain Personal Information and Special Personal Information, but only to the extent relevant to the risk being insured:
- Health data: current or former physical or mental medicalinformation, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
- Criminal records data: criminal convictions, including driving offences;
- Other special categories of Personal Information: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation;
- Policy information: information about the quotes individuals receive and the policies they obtain;
- Credit and anti-fraud data: credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, regulators or law enforcement agencies;
- Previous claims: information about previous claims, which may include health data, criminal records data and other special categories of Personal Information and Special Personal Information (as described in the Insured Risk definition above);
- Current claims: information about current claims, which may include health data, criminal records data and other special categories of Personal Information and Special Personal Information (as described in the Insured Risk definition above);
- Marketing data: whether or not the individual has consented to receive marketing from us and/or from third parties and/or their marketing preferences; and
- Website and communication usage: details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
Where we collect such information directly from individuals and/or juristic persons, we will inform them of whether the information is required and the consequences of not providing it on the relevant form.
Sources of Personal Information and Special Personal Information
We collect and receive Personal Information and Special Personal Information from various sources, including (depending on the service we are seeking to or are providing and country you are in) but not limited to:
- Individuals and/or juristic persons and their family members, online, face to face, or by telephone, or in written correspondence;
- Individuals’ and/or juristic persons’ employers or trade or professional associations of which they are a member;
- In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
- Other insurance market participants, such as insurers, reinsurers and other intermediaries;
- Credit reference agencies
- Anti-fraud databases and other third party databases, including sanctions lists;
- Government agencies, such as vehicle registration authorities and tax authorities;
- Claim forms;
- Open electoral registers and other publicly available information;
- Business information and research tools;
- Selected third parties who provide us with details of potential customers
- Third parties who introduce business to us; and
- Forms on our website and your interactions with our website (please also see our Cookie Notice).
How We Use and Disclose Your Personal Information and Special Personal Information
In this section, we set out the purposes for which we use Personal Information and Special Personal Information, and explain how we share the information
- Establishing a client relationship, including fraud, anti-money laundering and sanctions checks
- Checking credit where we are taking any credit risk
- Evaluating the risks to be covered and matching to appropriate insurer, policy and premium
- General client care, including communicating with clients
- Collection or refunding of premiums, paying on claims, processing and facilitating other payments
- Facilitating premium finance arrangements
- Managing insurance claims
- Defending or prosecuting legal claims
- Investigating and prosecuting fraud or possible criminal offences
- Contacting you in order to arrange the renewal of the insurance policy throughout the insurance lifecycle
- Marketing analytics, sending marketing materials and communications including data de-identification and/or aggregation
- Carrying out customer satisfaction surveys and market research
- Transferring books of business, company sales and reorganisations
- General risk modelling
- Analytics include the de-identification of personal data for the purposes of analytics
- Complying with our legal or regulatory obligations
- General client care, including communications with clients
- General risk modelling in the context of our consultancy services in order to evaluate risks and provide advice
- Analysis as part of the specific consultancy advice
- Complying with our legal or regulatory obligations in the context of our consultancy business.
- To communicate with you regarding any queries you raise via the website
- To monitor your interaction with the website to ensure service quality, compliance with procedures and to combat fraud
- To ensure the website content is relevant and presented in the most effective manner for you and your device
Sharing Of Personal Information, Including Special Personal Information
In order for us to provide our services to you, we may disclose your Personal Information and/or Special Personal Information to insurers, reinsurers, intermediaries, industry bodies, credit agencies and service providers. We will disclose this information if we are required to do so by legislation or any legal process, to protect and defend our rights and property, including intellectual property and when you have given us permission to do so.
Automated Decision Making
Insurance premiums are calculated by insurance market participants benchmarking clients’ and beneficiaries’ attributes as against other clients’ and beneficiaries’ attributes and propensities for insured events to occur. This benchmarking requires Marsh and other insurance market participants to analyse and compile information received from all insureds, beneficiaries or claimants to model such propensities. Accordingly, we may use Personal Information and Special Personal Information to both match against the information in the models and to create the models that determine the premium pricing in general and for other insureds. Marsh and other insurance market participants may use special categories of Personal Information and Special Personal Information for such modelling to the extent it is relevant.
Marsh and other insurance market participants use similar predictive techniques to assess information that clients and individuals provide to understand fraud patterns, the probability of future losses actually occurring in claims scenarios, and as set out below.
We use these models only for the purposes listed in this Privacy Notice. In most cases, our staff make decisions based on the models.
We may use your Personal Information to provide you with information about products or services which we think would be of interest to you. We may also share your Personal Information with other companies in the MMC group so that they can provide you with information about their products and services. These may be sent by email or post or, in some circumstances, we may telephone you to explain this information to you.
We take care to ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of sending you marketing materials.
In all cases, you can opt out of receiving marketing communications, at any time. You can do this by contacting us using the details set out at the end of this Privacy Notice.
Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we provide to you.
We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Information and Special Personal Information, and include measures designed to keep Personal Information and Special Information protected from unauthorised access. If appropriate, the safeguards include the encryption of communications, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Information and Special Personal Information to personnel and third parties that require access to such information for legitimate, relevant business purposes.
Limiting Collection and Retention of Personal Information and Special Personal Information
We collect, use, disclose and otherwise process Personal Information and Special Personal Information that is necessary for the purposes identified in this Privacy Notice or as permitted by law. If we require Personal Information or Special Personal Information for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify clients of the new purpose and, where required, seek individuals’ and juristic entities’ consent (or ask other parties to do so on Marsh’s behalf) to process Personal Information and Special Personal Information for the new purposes.
Our retention periods for Personal Information and Special Personal Information are based on business needs and legal requirements. We retain Personal Information and Special Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Information or Special Personal Information is no longer needed, we either de-identify or aggregate the data (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy the data.
Cross-Border Transfer of Personal Information
Marsh transfers Personal Information and Special Personal Information to, or permits access to Personal Information and Special Personal Information from, countries outside the Republic of South Africa. These countries' data protection laws do not always offer the same level of protection for Personal Information and Special Personal Information as offered in the Republic of South Africa. We will, in all circumstances, safeguard Personal Information and Special Personal Information as set out in this Privacy Notice.
If we transfer Personal Information and Special Personal Information to other countries outside the Republic of South Africa, we will establish legal grounds justifying such transfer, such as Binding Corporate Rules, model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements.
Individuals and/or juristic persons can request additional information about the specific safeguards applied to the export of their Personal Information and Special Personal Information.
Accuracy, Accountability, Openness and Your Rights
We strive to maintain Personal Information and Special Personal Information that is accurate, complete and current. Individuals and/or juristic persons should contact us at InformationOfficerSA@marsh.com to update their information.
Questions regarding Marsh’s privacy practices should be directed to the Information Officer using the contact details in the Questions, Requests or Complaints section below.
Under certain conditions, individuals and/or juristic persons have the right to request that Marsh:
- provide further details on how we use and process their Personal Information and Special Personal Information;
- provide a copy of the Personal Information and Special Personal Information we maintain about the individual and/or juristic person;
- update any inaccuracies in the Personal Information and Special Personal Information we hold;
- delete Personal and Special Personal Information that we no longer have a legal ground to process; and
- restrict how we process the Personal Information and Special Personal Information while we consider the individual and/or juristic person’s enquiry.
In addition, under certain conditions, individuals and/or juristic entities have the right to:
- where processing is based on consent, withdraw the consent;
- object to any processing of Personal Information and Special Personal Information that Marsh justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual and/or juristic person’s privacy rights; and
- object to direct marketing (including any profiling for such purposes) at any time.
These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the Information Regulator of South Africa.
The Information Regulator of South Africa can be contacted by email at firstname.lastname@example.org / complaints@IR@justice.gov.za
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Notice or Marsh’s privacy practices, please write to the Information Officer at the following address or submit your questions or requests by accessing the OneTrust Portal link below:
The Information Officer
Marsh (Pty) Ltd / Marsh Africa (Pty) Ltd / Marsh Marine (Pty) Ltd
Corner 5th Street and Fredman Drive Entrance 1, Building 1 Alice Lane Sandton 2196
OneTrust Portal: Privacy Web Form
If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the Information Regulator of South Africa.
Links to Third Party Websites
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Changes to This Privacy Notice
This Privacy Notice is subject to change at any time. It was last changed on 25 June 2021. If we make changes to this Privacy Notice, we will update the date on which it was last changed. Where we have an engagement with you, we will notify you of any changes we make to this Privacy Notice in accordance with the notice provisions in the terms of our engagement. In other circumstances, we will publish the revised Privacy Notice on our website.