Data Privacy Policy – South Africa

Last updated May 2021


Where Milliman is Acting as a Responsible Party

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing the South Africa affiliate ("Milliman (Pty) Limited") use and protection of personal data that individuals and clients share with us (“Personal Information”), hereafter “you”. Milliman is committed to handling Personal Information in accordance with this Privacy Policy, the Protection of Personal Information Act, 2013 ("POPIA") and other data protection and privacy laws, as applicable.

Milliman, Inc. and Milliman (Pty) Limited are joint-responsible parties with respect to the processing of Personal Information described in this Privacy Policy. This means that Milliman, Inc. and Milliman (Pty) Limited are both responsible for the compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Information is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt out of such cookies, including information about third party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Information

The Personal Information we collect varies depending upon the nature of the services provided and our interactions with individuals. In the context of the collection of data through this website, Milliman’s marketing activities and contract administration, we may collect, store and otherwise process Personal Information of:

  • visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request and message given) who request information about products or services from Milliman, for the purpose of the management of the relationship with visitors and the administration of the website. The legal basis for the processing of Personal Information is Milliman’s legitimate interest (Section 11(1)(d) and (f) of POPIA).
  • clients’ representatives, officers, agents and employees, business partners, providers, parties to a contract (name, professional address, title, email and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees and business partners are also used to activate and maintain client accounts, to fulfill requests or respond to inquiries about Milliman products or services and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. The legal basis for the processing of Personal Information is Milliman’s legitimate interest (Section 11(1) d and (f) of POPIA). Milliman may rely on your consent (Section 11(1)(a) of POPIA) for the sending of marketing communications when so required by data protection and privacy laws, in which case we will ask your consent prior to the sending of the communication. Milliman (Pty) Limited may also use professional contact details of its clients’ employees for the purpose of sending surveys, questionnaires or for the purpose of organising contests. For those activities, the legal basis for the processing of Personal Information is Milliman (Pty) Limited’s legitimate interest (Section 11(1)(f) of POPIA), unless data protection and privacy law require your prior consent. We may also collect and process limited Personal Information about you from public resources (such as LinkedIn) including your name/surname, email address, telephone number, organisation, title/position, profession, professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us data.protection@milliman.com requesting the same. We will cease using your Personal Information for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Information of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the processing of their Personal Information by Milliman.

You should also ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.

No automated decision-making is undertaken based on the Personal Information collected from you.

Affiliates and Authorised Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Information may be shared between Milliman (Pty) Limited and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralisation of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events. We may also share Personal Information with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Information to a country that does not have the same data protection laws as your home country. However, Milliman ensures that itself and its affiliates will process Personal Information in compliance with this Privacy Policy.

Milliman also may share Personal Information with authorised third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Information with a third party, Milliman requires that those third parties agree to process Personal Information based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Information are subject to appropriate safeguards that are compliant with POPIA.

Other Disclosures

Milliman may also disclose Personal Information and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Information in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Information on a secure server that is password protected and shielded from unauthorised access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Information. Milliman has appropriate technical and organisational measures in place to protect against unauthorised or unlawful processing of Personal Information and against accidental loss or destruction of, or damage to, Personal Information held or processed by Milliman. If Milliman forwards Personal Information to any third party, Milliman requires that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Information once the purpose of the collection and processing of such Personal Information has been fulfilled and the adequate duration for documentation and backup storage of such Personal Information has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Information for any other purpose for which we still have legal grounds for processing such Personal Information (such as for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Information (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Information from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Information without their consent, the parent or legal guardian should contact Milliman at data.protection@milliman.com and Milliman will take steps to delete any such Personal Information.

Third-party Links

Milliman’ website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Information.

We do not disclose your Personal Information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third Party Websites is no longer under our control and no longer subject to Milliman Personal Information Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Information should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Information that you choose to provide to such a Third-Party Website and use of Third Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

You have a number of rights under POPIA in relation to your Personal Information, namely:

  1. the right of access pursuant to section 23(1) of POPIA: you have the right to obtain from us confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Information and the manner in which, and the purposes for which we process your Personal Information, so that you can verify its accuracy and the lawfulness of the processing.
  2. the right to rectification pursuant to section 24 of POPIA: you have the right to obtain from us the rectification of inaccurate Personal Information concerning you, and the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
  3. the right to erasure pursuant to section 24 of POPIA: you have the right to obtain from us the erasure of your Personal Information delay where (a) your Personal Information is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Information has been unlawfully processed;
  4. the right to restriction of processing pursuant to section 11(2)(b) of POPIA: you have the right to obtain from us the restriction of processing of your Personal Information where (a) the accuracy of such Personal Information is contested by you (for such period as will enable us to verify the accuracy of your Personal Information); (b) the processing of your Personal Information is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Information for the purposes of the processing, but require such Personal Information for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Information on grounds of “legitimate interest” as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
  5. the right to objection pursuant to section 11(3) of POPIA: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Information, which is based on point our legitimate interests, including profiling based on those provisions. We shall no longer process the Personal Information unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Information or direct marketing purposes at any time, without giving reason.
  6. the right to institute civil proceedings regarding any alleged interference with the protection of your Personal Information as provided in section 99 POPIA.
  7. the right to complain to the Information Regulator in terms of section 74 of POPIA: you have the right to complain to the competent data protection supervisory authority - in South Africa such authority is the Information Regulator.

Please note that any processing of your Personal Information prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to data.protection@milliman.com. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

For any question related to this Privacy Policy, please contact us at data.protection@milliman.com.