Mercer is subject to the Australian Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (APPs) as an APP entity (organisation). The APPs aim to ensure that organisations that hold personal information about people, handle that information responsibly.
Mercer respects an individual’s right to privacy and we comply with the requirements of the Act and the APPs in respect of the collection, management, use and disclosure of personal information.
In accordance with the Act, Mercer will only collect personal information that we require, to offer and administer our products and services or manage the employment of our staff.
Mercer manages all potential breaches of privacy in accordance with the Notifiable Data Breach requirements under Part 3C of the Act.
When used in this policy, the term ‘personal information’ has the meaning given to it in the Act. In general terms, personal information is information or an opinion that can be used to reasonably identify you, whether the information or opinion is true or not.
This includes any information we collect from you directly, or from a third party such as your employer, in order to offer you a service or product. It may include, but is not limited to, your name, address, date of birth, contact details including email address, Tax File Number, occupation, financial information and/or any additional information you provide to us directly or indirectly through a website or via a representative.
Personal information may also include ‘sensitive information’.
Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional trade or association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information or biometric information.
Mercer will not collect sensitive information about you without your consent unless it is required by Australian law, or other limited exemptions apply. Mercer may collect health information about you if the information is reasonably necessary for the provision of a related service (e.g. health insurance).
Generally, we are required to collect personal or sensitive information directly from you in the course of offering and administering our products and services and managing the employment and engagement of our staff and contractors. The information we may collect includes:
Where relevant, your personal information may also be provided to us via a third party such as your employer, other superannuation or investment fund, recruitment company, financial adviser or other representative authorised by you, as well as publicly available sources.
We will only collect personal information about you where it is reasonably necessary for one or more of the activities or functions that we undertake for you, your employer or the trustee of a superannuation fund. Where it is reasonable and practicable to do so, we will collect the personal information from you directly.
We collect your information in order to provide the following services and products and to manage the employment and engagement of our staff and contractors and to give you information about these matters:
If you do not provide the personal information requested, we may not be able to provide you with these services and products or continue with your recruitment or employment.
The information that we collect from you may be shared or aggregated with information our related companies may collect from you. We may also use it to supply you with information about the other products and services offered by us and our related companies.
Mercer understands that anonymity and pseudonymity are important elements of privacy and that an individual may wish to have the option of not identifying themselves, or of using a pseudonym when dealing with an organisation. Where it is possible, Mercer will allow an individual the opportunity to remain anonymous or to use a pseudonym when dealing with us unless we are required or authorised by or under an Australian law, court or tribunal order to require individuals to identify themselves or it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym.
It is important to note that many of Mercer’s products or services require us to either obtain personal information or to identify the individuals that we are dealing with. If you decide not to provide us with the information required we may not be able to provide the service or product. Where the information not provided is health information, the non-provision of this information may limit or preclude the death or disability benefits available to you through a superannuation fund or other insurance arrangement. In the case of advice or consulting services, you may not be able to receive accurate or appropriate advice.
Mercer collects, uses and discloses personal information about individuals for the primary purpose of providing a product or service and the recruitment and employment of staff and contractors as a part of conducting our business operations.
Our business model includes the provision of:
We use and disclose personal information to:
We may disclose your information to:
Mercer is required to collect and use certain government related identifiers such as Tax File Numbers when providing certain services to our employees, members and clients. Mercer is not permitted to and does not adopt government identifiers as identifier of the individual. Mercer does not use or disclose government related identifiers in any way that is inconsistent with the purpose for which they were originally issued other than where it is required or authorised by or under an Australian law or a court/tribunal order.
Mercer places a high priority on the security of personal information, and we are committed to protecting the personal information that you provide to us. We take reasonable steps to ensure that your personal information is secure and we use and maintain appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data that we use and hold.
Where practical, your personal information is de- identified or destroyed when it is no longer required.
Where Mercer becomes aware of an actual or potential unauthorised access or disclosure of your personal information, we will ensure that the potential breach is managed by Mercer in accordance with the Notifiable Data Breach requirements under Part 3C of the Act. This may include notifying both you and the Privacy Commissioner where that breach is likely to result in serious harm as defined by the Australian Privacy Act 1988 (Privacy Act).
We take care to ensure that the information you give us via our websites is protected. Mercer uses and maintains appropriate safeguards to prevent the unauthorised access to or use of your personal information and data. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data which may be transmitted via the internet.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
The security of information transmitted on the internet will also require you to take specific measures to protect against unauthorised access or use. These include:
Mercer aims to ensure that the personal information we hold about individuals is accurate, up-to-date and complete. We will take reasonable steps to ensure the quality of your personal information at two distinct points in the information handling process: collection and use or disclosure.
If you advise us that the information that we hold about you is not accurate, up-to-date or complete, we will take reasonable steps to correct your information. Where Mercer is the administrator for your superannuation fund, you can access or correct your personal information by contacting the Fund Administrator directly via the Helpline. Otherwise you may request access to your personal information by contacting Mercer’s Privacy Officer (see the ‘Contacting Us’ section below). The Mercer Privacy Officer will need to establish the identity of the individual requesting the information prior to providing it.
There are a number of situations where Mercer may deny an individual access to personal information. These can include circumstances where it would have an unreasonable impact on the privacy of other individuals, the information relates to existing or anticipated legal proceedings, we have reason to suspect that unlawful activity or misconduct of a serious nature is being or may be engaged in, where Mercer’s Privacy Officer reasonably considers the request to be frivolous or vexatious or where the law requires or authorises such access to be denied. Mercer’s Privacy Officer will advise you if any of these or other circumstances apply.
In some instances where information is being supplied, Mercer may apply a charge for the production and supply of that information in accordance with the Privacy Act. You will be notified of any such charge or fee prior to its application.
Mercer outsources some of its activities and may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above.
This includes Mercer’s ultimate shareholder, Marsh McLennan Companies, a public company listed on the New York Stock Exchange. We take reasonable steps to ensure that the overseas recipients of your information do not breach the privacy obligations relating to your personal information. At the end of this policy is a list of countries where we may disclose your personal information in the course of providing products or services to you.
Mercer may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms including mail, fax and electronic media such as email and SMS and social media such as Twitter and Facebook, in accordance with applicable marketing laws such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from Mercer by using the opt-out facilities provided within the marketing communications.
We treat any concerns or complaints that you may have with respect and confidentially. A privacy representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
You can contact the Mercer Privacy Officer by:
If your concerns are not resolved to your satisfaction or you would like further information in regards to the Act, the matter can be referred to the Office of the Australian Information Commissioner on 1300 363 992.
Mercer reserves the right to change this policy from time-to-time as necessary. We encourage you to check our website for any updates to this policy.
Below is a list of countries outside Australia where in the course of providing our products and services, we may disclose personal information.