Skip to main content

Data Privacy Framework Notice

Milliman is committed to handling Personal Data in accordance with its Privacy Policy, the jurisdiction-specific privacy policies and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF), as administered by the U.S. Department of Commerce. Milliman has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Milliman has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms of the Privacy Policy, the jurisdiction-specific privacy policies and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Milliman’s certification, please visit https://www.dataprivacyframework.gov/.

Milliman’s accountability for Personal Data that it receives under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Milliman remains responsible and liable under the DPF Principles if third parties engaged by Milliman process the Personal Data in a manner inconsistent with the Principles, unless Milliman proves that it is not responsible for the event giving rise to any damage. Additionally, Milliman, Inc. has put in place data protection agreements with its affiliates where required.

Personal Data may be shared within Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., including all affiliated entities using the MILLIMAN® mark, for the purposes of the centralization of Milliman’s Global Corporate Services, including IT-security, legal, compliance, finance and marketing services. We may also share Personal Data with authorized third-party agents or contractors who provide services on behalf of Milliman (e.g., Agiloft Inc., Microsoft Corporations). We may collect and share Personal Data in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

You have certain rights to your Personal Data, including the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the processing or choose to limit the use and disclosure of your Personal Data.

In compliance with the DPF Principles, Milliman commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact Milliman’s European Data Protection Officer at [email protected].

If you live in the European Union, European Economic Area, or Switzerland and you have a complaint regarding the handling of your Personal Data in accordance with the DPF Principles and your efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the American Arbitration Association (https://www.adr.org/ ), which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating in the European Union, European Economic Area, or Switzerland and transferred to the U.S. under this Privacy Policy. The services of the American Arbitration Association are provided at no cost to you. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Milliman is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

As further explained in the "How to Contact Us" section in the Privacy Policy and the jurisdiction-specific privacy policies, Milliman encourages any individual to contact us should they have a DPF-related (or general privacy-related) complaint.

popup image