Mercer Limited ("we", “our” or “us”) take the security of your personal data very seriously and are committed to protecting and respecting the privacy of the users (“you” or your”), of the Destination Retirement Platform (the “Platform”) provided by HUB Financial Solutions Limited.
We may handle your personal data in connection with your use of the Platform. This privacy policy sets out, for the Platform, our collection and sharing practices, the uses to which personal data is put, the ways in which we protect it in accordance with the General Data Protection Regulation (EU 2016/679) and the Data Protection Act 2018 (“Data Protection Laws”) and your privacy rights. Please read it carefully.
Further notices highlighting certain uses we wish to make of your personal data together with the ability to opt in or out of selected uses may also be provided from time to time when we collect personal data from you.
This privacy policy covers our processing of your personal data.
1. WHAT DATA DO WE COLLECT?
We collect information from you, which may include:
We also collect information through the administrators of the Mercer Master Trust, which may include:
We also collect information from Hub Financial Solutions Limited, which may include:
The above lists are non-exhaustive and may change from time to time.
For members of the Mercer Master Trust, your information is provided to us by Aviva or Scottish Widows, on behalf of the Trustees of the Master Trust, as necessary for us to be able to provide the Platform to you (and these providers may change). If you have any queries or if you would like more information about how the Trustees handle your information, you can contact Mercer on behalf of the Trustees by email at [email protected] or by calling 0330 808 9430.
The types of personal data we will typically hold and use in connection with your use of the Platform include:
If you supply us with personal data about other people, you represent that you have the authority to provide this information on their behalf and you should direct them to this privacy policy. In these instances, you further represent that the individuals to whom this information relates have been informed of and understand the reason(s) for obtaining the information and the manner in which this information will be used and disclosed, and have consented to such use and disclosure.
2. HOW DO WE USE THE DATA WE COLLECT?
The personal data we collect enables Hub Financial Solutions Limited to provide you with access to the Platform and its features and enable you to interact with the Platform.
In particular, we use your personal data to:
3. DISCLOSURE OF YOUR INFORMATION
We may share your personal data to assist with managing and running the Platform and undertaking the activities set out in Section 2 above, with the following:
The third parties to whom we disclose information are required by law and/or contractual requirements to keep your personal data confidential and secure. These parties may not use or disclose it except as reasonably necessary to provide their services, or to comply with, or as permitted by, applicable law.
We may disclose your personal data without your prior permission, as permitted by law, including instances when we believe it is necessary to: (a) prevent physical or financial harm; (b) enforce the Terms of Use; (c) respond to claims of suspected or actual illegal activity or violation of third party rights; (d) respond to an audit or investigate a complaint or security threat; and/or (e) comply with law or legal process.
In the event we sell some or all of our assets, it is possible your personal data could be one of the assets transferred to the purchaser. We may disclose and/or transfer your personal data to a third party purchaser in these circumstances.
4. USING YOUR INFORMATION IN ACCORDANCE WITH DATA PROTECTION LAW
Data Protection Law requires that we meet certain conditions before we are allowed to use your personal data in the manner described in this privacy policy. To use your personal data, we will rely on one of the following conditions, depending on the activities we are carrying out:
Consent
We may provide you with marketing information about our services or products where you have indicated your consent for us to do so (to the extent that we are required to collect consent under Data Protection Laws). We may contact you by email or phone (where you have agreed to those methods of communication) to provide you with the information on your requested service or product. We may also provide you with information, special offers, research, promotions, and similar products and services. Where you have indicated your consent to us doing so, we may also pass your details to our group companies so that they can provide you with information on the products they provide.
You may change your marketing preferences at any time by visiting our Marketing Preference page or by contacting us as set out in section 11 below.
Legitimate interests
It is in our legitimate interests to collect your personal data as it provides us with information that we need to provide our services to you and to make the Platform available.
This requires us to carry out a balancing test of our interests in using your personal data (for example, in order to provide you with access to the Platform and to satisfy the contractual obligations we owe to your employer), against the interests you have as a citizen and the rights you have under Data Protection Law (for example, to not have your personal data sold to third party marketing companies without your knowledge).
The outcome of this balancing test will determine whether we may use your personal data in the ways described in this privacy policy. We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.
To provide you with the services that we have agreed to provide to you
We are permitted to hold and process some of your personal data because it is necessary to do so in order to provide you access to, and to enable you to make use of, the Platform. Without this personal data, we could not provide you with access to the Platform.
Compliance with a legal obligation
We are permitted to process your personal data where it is necessary for compliance with our legal obligations.
For legal claims
We are permitted to process your personal data where it is necessary to establish, pursue or defend a legal claim.
Substantial Public Interest
We are permitted to process your personal data where it is necessary for reasons of substantial public interest, on the basis of Data Protection Laws.
If we look to use your personal data for any other purpose not covered in this privacy policy, we will let you know about any proposed new purposes before using your personal data in this way.
5. HOW LONG WE KEEP YOUR INFORMATION FOR
Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose.
We usually keep your information for as long as required:
We will also keep your information for as long as it is needed for legal, regulatory or technical reasons (such as to enable your log in access). We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
6. SENDING DATA OUTSIDE OF THE EEA
We may transfer or disclose personal data we collect to a destination outside the European Economic Area (“EEA”). We will typically do this:
If we do transfer personal data outside of the EEA we will make sure that it is protected in the same way as if it was being used in the EEA and may be required to take specific additional measures to safeguard the relevant personal data. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to the Data Protection Laws (see the full list here) and therefore no additional safeguards are required to export personal data to these jurisdictions. In countries which have not had these approvals, we will establish legal grounds justifying such transfer, such as European Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
You can contact us as set out in section 11 below to find out more about safeguards we have in place for any transfers of your personal data outside of the EEA or if you would like to see a copy of the specific safeguards applied to the export of your personal data.
7. WHAT STEPS DO WE TAKE TO PROTECT YOUR INFORMATION?
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone and may suspend or terminate your access to the Platform if you do so.
We restrict access to your personal data to those employees of ours, our affiliates, and third party service providers who reasonably need it to provide products or services. We have implemented commercially reasonable physical, electronic, procedural, administrative, and technical safeguards in a way that complies with the security requirements of the Data Protection Laws to protect your personal data, located in the countries where we are based (which may be outside the EEA), from unauthorised access. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of these systems, nor can we guarantee that information supplied by you or on your behalf cannot be intercepted while being transmitted over the Internet.
8. WHAT RIGHTS AND OBLIGATIONS DO YOU HAVE WITH RESPECT TO YOUR DATA?
You have a number of rights under Data Protection Laws in relation to the way we process your personal data. These are set out below. You may contact us using the details in section 11 below to exercise any of these rights. We will respond to any request received from you within one month from the date of the request.
Description of Rights:
These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege), and may not all be available in the country in which you are based.
Updating information
Keeping your information accurate and up-to-date is very important. Inaccurate or incomplete information could impair our ability to deliver relevant services to you. We will use reasonable endeavours to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to your personal data by updating your profile on the Platform or by contacting us as set out in section 11 below.
Intentionally providing false or misleading information or using another person’s email address or personal data for the purposes of falsely obtaining any products or services through the Platform, may lead to termination or forfeiture of the product or services and/or of access to the Platform and may result in legal action.
9. THIRD PARTY WEBSITES
The Platform contains links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third party websites.
10. CHANGES TO THIS PRIVACY POLICY
We may change the content of the Platform and how we use cookies and consequently this privacy policy and our cookies notice and any other document to which they refer are subject to change at any time. If we make material updates to this privacy policy, we will update the date it was last changed and will clearly indicate this via a notification on the Platform and via email. Any changes we make to this privacy policy become effective immediately when we post the revised privacy policy on the Platform. We recommend that you review this privacy policy regularly for changes.
This privacy policy was last updated on 05 August 2022.
12. HOW TO CONTACT US
You can contact us at any time at [email protected] or on 0330 808 9430 if you have any questions about this privacy policy, or our privacy practices in general. You can also contact Mercer’s Data Protection Officer at:
Data Protection Officer
Marsh & McLennan Companies, Inc.
Tower Place West
London
EC3R 5BU
Please let us know if you are unhappy with how we have used your personal data or are not satisfied with our handling of any request by you in relation to your rights. You can contact us using the contact details above. You also have the right to complain to the Information Commissioner’s Office. Their address is:
For the UK:
First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
United Kingdom
SK9 5AF
Find out more information on their website on how to report a concern.
Last updated: 5th August 2022