Skip to main content
search icon white search icon

Data Privacy Policy – Hong Kong

Last updated December 2024

Milliman, Inc. and its affiliates (“Milliman” or “we”) take data privacy very seriously. This Privacy Policy sets out the principles governing Milliman’s and the Hong Kong affiliate’s (Milliman Hong Kong) collection, use, disclosure, transfer (“Processing”) and protection of Personal Data (as defined below) that website visitors, prospective clients, and clients residing within Hong Kong (“you”) share with us. Milliman is committed to handling Personal Data in accordance with this Privacy Policy, the Personal Data (Privacy) Ordinance (Cap. 486) as amended in 2021 (PDPO), and other applicable data protection and privacy laws.

Milliman, Inc., USA and Milliman Limited, Hong Kong, are acting as Data Users in accordance with the PDPO with respect to the processing of Personal Data described in this Privacy Policy. This means that Milliman, Inc. and Milliman Limited are both responsible for compliance with applicable data protection laws.

Collection of Data

Aggregate Data

Like many companies, Milliman monitors the use of its websites by collecting aggregate data. No Personal Data is collected in this process. Typically, Milliman collects data about the number of visitors to the website, to each web page, and the originating domain name of the visitor's Internet Service Provider. This data is used to improve the usability, performance, and effectiveness of Milliman’s website.

Cookies, Third-Party Embedded Content, and Do Not Track

For more detailed information describing how Milliman uses cookies and your choices surrounding the use and opt-out of such cookies, including information about third-party embedded content on Milliman’s website and how Milliman responds to Do Not Track signals in browsers, please review our Cookie Policy which can be found here.

Processing of Personal Data

In this Privacy Policy, "Personal Data" means any data regarding individuals who are identified or can be identified, either separately or in combination with other information, directly or indirectly, using an electronic and/or non-electronic system. 

The Personal Data we collect varies depending upon the nature of the services provided and our interactions with you. In the context of the collection of Personal Data through this website, Milliman’s marketing activities, and contract administration, we may, to the extent permitted by law or with your consent, collect, use, disclose, store, and otherwise process Personal Data of:

  • Visitors to our websites (first name, last name, title, company, phone number, location, email address, subject of the request, and message given) who request information about products or services from Milliman, for the purpose of managing the relationship with clients and administering the website. The link to this Privacy Policy is available on our website and in the “Contact us” section.
  • Clients’ representatives, officers, agents, employees, business partners, providers, and parties to a contract (name, professional address, title, email, and other professional contact details) for contract administration purposes. The professional contact details of clients’ representatives, their employees, and business partners are also used to activate and maintain client accounts, fulfill requests or respond to inquiries about Milliman products or services, and to provide offers and information (as permitted by law) about products, services, or events offered by Milliman or that Milliman thinks may be of interest. Milliman will process your Personal Data to fulfil the contractual obligations with you, or in absence of contractual obligations we will seek your consent as a legal basis to process professional contact details. Furthermore, where permitted by applicable data protection and privacy laws, Milliman may also collect, use, disclose, store, or otherwise process (i) your Personal Data for sending marketing communications; and (ii) professional contact details of its clients’ employees for sending surveys, questionnaires, or organizing contests.  For the abovementioned activities, Milliman will rely on your consent as the legal basis for the Processing of your Personal Data.  

We may also collect, and process limited Personal Data about you from public resources (such as LinkedIn), including your name/surname, email address, telephone number, organization, title/position, profession, and professional interests, to allow us to assess a potential interest in our services and to contact you for marketing purposes.

When we communicate with you regarding the products and services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. If you do not want us to collect your Personal Data for our marketing emails or if you wish to unsubscribe from direct marketing communications from us, you may reach out to us by filling out the data subject request form as available under the section “Rights”. We will cease using your Personal Data for direct marketing purposes once you have requested us to do so.

If you provide us with Personal Data of another individual, it is your duty to make sure that these individuals have consented to or are appropriately informed about the Processing of their Personal Data by Milliman.

You should also ensure that all Personal Data submitted to us is complete, accurate, true, and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.

No automated decision-making is undertaken based on the Personal Data collected from you.

Affiliates and Authorised Third-Party Agents

All Milliman websites, products, and services are provided in cooperation with Milliman, Inc., located in the U.S. Any Personal Data may be shared between Milliman’s Affiliates and Milliman, Inc. or other entities controlled by or under common control with Milliman, Inc., for purposes of centralization of Milliman’s administrative, contract management, Client Relationship Management (CRM), IT maintenance, marketing, and IT security practices, for the purpose of the website’s management and security, and to provide information about Milliman products, services, or events.

We may also share Personal Data with affiliated entities using the MILLIMAN® mark, in which case we will require those affiliates to comply with this Privacy Policy. Please note that we may be transferring your Personal Data to a country that does not have the same data protection laws as your home country. However, Milliman ensures that Milliman and its affiliates will process Personal Data in compliance with this Privacy Policy.

Milliman also may share Personal Data with authorized third-party agents or contractors that perform services for Milliman. If Milliman shares Personal Data with a third party, Milliman requires that those third parties agree to process Personal Data based on Milliman’s instructions and in compliance with this Privacy Policy.

Any transfers of Personal Data are subject to appropriate safeguards using contractual or other means to provide a similarly adequate level of protection in compliance with PDPO.

Other Disclosures

Milliman may also disclose Personal Data and other related information in response to subpoenas, court orders, or other lawful requests by public authorities, and to meet national security or law enforcement requirements. Milliman may collect and share Personal Data in order to investigate or take action regarding illegal activities, suspected fraud, violations of Milliman's Terms of Use, or as otherwise required by law or regulation.

Security

Milliman stores Personal Data on a secure server that is password protected and shielded from unauthorized access by a firewall. Milliman has in place security policies that are intended to ensure the security and integrity of all Personal Data. Milliman has appropriate technical and organizational measures in place to protect against unauthorized or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by Milliman. If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organizational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

Milliman retains Personal Data only as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by law. Milliman will delete your Personal Data once the purpose of the collection and Processing of such Personal Data has been fulfilled and the adequate duration for documentation and backup storage of such Personal Data has lapsed. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for Processing such Personal Data (such as for the purposes of complying with a legal obligation or when the Processing is necessary for the purpose of our legitimate interest). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record, so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Children

Milliman’s websites, products, and services are not directed to children, and Milliman does not knowingly collect Personal Data from children. If a parent or legal guardian becomes aware that his or her child has provided Milliman with Personal Data without their consent, the parent or legal guardian should contact us by filling out the data subject request form as available under the section “Rights”, and we will take steps to delete any such Personal Data.

Third-party Links

Milliman’s website may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Data.

We do not disclose your Personal Data to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third-Party Websites is no longer under our control and no longer subject to this Data Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Data should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Data that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

Policy Updates

Milliman may change its Privacy Policy from time to time. Milliman therefore asks all persons concerned to check it occasionally to ensure that they are aware of the most recent version.

Rights

Depending on the applicable law, you have a number of rights under the PDPO or such other applicable data protection and privacy laws in relation to your Personal Data, including:

  1. The right of access (DDP 6 , Section 18 and 19 of PDPO): You have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Data and the manner in which, and the purposes for which we process your Personal Data, so that you can verify its accuracy and the lawfulness of the Processing.
  2. The right to correction (DPP 6, Section 22 of PDPO): You have the right to obtain from us the rectification of inaccurate Personal Data concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  3. The right to erasure (Section 26 of PDPO) : You have the right to request deletion or erasure of your Personal Data without undue delay where (a) your Personal Data is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to Processing (except where we have another legal ground for the Processing that we may rely on); (d) where your Personal Data has been unlawfully processed or handled in violation of PDPO.
  4. The right to withdraw your consent (DPP 3 of the PDPO): The consent that you provide for the collection, use, and disclosure of your Personal Data will remain valid until such time it is withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, Milliman may not be in a position to continue to provide its products and services to you, or administer any contractual relationship in place, which in turn may also result in the termination of any agreements with Milliman, and your being in breach of your contractual obligations or undertakings. Milliman's legal rights and remedies in such event are expressly reserved.

Please note that withdrawing consent does not affect our right to continue to collect, use, and disclose Personal Data where such collection, use, and disclosure without consent is permitted or required under applicable laws, and any Processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by filling out the data subject request form available here. For such requests, Milliman uses the Data Subject Access Request platform of the service provider One Trust. One Trust acts as Milliman’s data processor. We will endeavour to respond to any such request as soon as possible, and in any event within 40 days or as otherwise prescribed under the applicable laws. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.

How to Contact Us

If you have any questions, complaints, or feedback relating to your Personal Data or about this Privacy Policy, please contact us at [email protected].

Please note that if your Personal Data has been provided to us by a third party (e.g., your employer), you should contact that organization or individual to make such queries, complaints, and access and correction requests to Milliman on your behalf.

This Privacy Policy shall be governed in all respects by the laws of Hong Kong.

popup image